CVEs are dead
http://ift.tt/2C36pWT
Submitted February 21, 2018 at 04:50PM by Iot_Security
via reddit http://ift.tt/2FiejKw
http://ift.tt/2C36pWT
Submitted February 21, 2018 at 04:50PM by Iot_Security
via reddit http://ift.tt/2FiejKw
Help Net Security
Still relying solely on CVE and NVD for vulnerability tracking? Bad idea - Help Net Security
Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year.
Bogus Linux vulnerability gets publicity
http://ift.tt/2sHE3xk
Submitted February 21, 2018 at 05:53PM by Iot_Security
via reddit http://ift.tt/2EIo9Vb
http://ift.tt/2sHE3xk
Submitted February 21, 2018 at 05:53PM by Iot_Security
via reddit http://ift.tt/2EIo9Vb
ZDNet
Bogus Linux vulnerability gets publicity | ZDNet
No, there's not a new security hole that gives attackers complete control over Linux servers. But, if you use a poor password, yes, you can still get hacked. Imagine!
Internet of Baby Monitors: 56.000 Baby Monitors Can Be Spied On With Ease
http://ift.tt/2GxaD7a
Submitted February 21, 2018 at 06:16PM by kafbas
via reddit http://ift.tt/2ogAKZg
http://ift.tt/2GxaD7a
Submitted February 21, 2018 at 06:16PM by kafbas
via reddit http://ift.tt/2ogAKZg
Sec-Consult
Internet of Babies – When baby monitors fail to be smart | SEC Consult
Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a
Disabling Docker ICC Still Allows Raw Ethernet Communications Between Containers
http://ift.tt/2Gwe5ie
Submitted February 21, 2018 at 08:02PM by The_Giant_Panda
via reddit http://ift.tt/2BHVBMP
http://ift.tt/2Gwe5ie
Submitted February 21, 2018 at 08:02PM by The_Giant_Panda
via reddit http://ift.tt/2BHVBMP
GitHub
brthor/docker-layer2-icc
docker-layer2-icc - Demonstrating that disabling ICC in docker does not block raw packets between containers.
Security In 5: Episode 179 - Facebook Offering A Free VPN - DO NOT USE IT!!!
http://ift.tt/2EIzBQF
Submitted February 21, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2FiZAix
http://ift.tt/2EIzBQF
Submitted February 21, 2018 at 07:31PM by BinaryBlog
via reddit http://ift.tt/2FiZAix
Libsyn
Security In Five Podcast: Episode 179 - Facebook Offering A Free VPN - DO NOT USE IT!!!
I am 100% pro-VPN for personal use. It protects you, your privacy, keeps your Internet use away from prying eyes. Facebook is getting on board and not offering a VPN for iOS users. DO NOT USE IT! PERIOD! RUN AWAY!!! This episode goes into why you should never…
CSS keylogging exploit
http://ift.tt/2odMpYQ
Submitted February 21, 2018 at 09:09PM by julian88888888
via reddit http://ift.tt/2oeuy42
http://ift.tt/2odMpYQ
Submitted February 21, 2018 at 09:09PM by julian88888888
via reddit http://ift.tt/2oeuy42
GitHub
maxchehab/CSS-Keylogging
CSS-Keylogging - Chrome extension and Express server that exploits keylogging abilities of CSS.
Homographs, Attack!
http://ift.tt/2HkwEaF
Submitted February 21, 2018 at 08:51PM by speckz
via reddit http://ift.tt/2EWkW7q
http://ift.tt/2HkwEaF
Submitted February 21, 2018 at 08:51PM by speckz
via reddit http://ift.tt/2EWkW7q
The Practical Dev
Homographs, Attack!
Background on a decades-old hack that just keeps coming back.
Cisco Elastic Services Controller Service Portal Auth Bypass Vuln
http://ift.tt/2or51nJ
Submitted February 21, 2018 at 10:35PM by ghost-train
via reddit http://ift.tt/2FjfABd
http://ift.tt/2or51nJ
Submitted February 21, 2018 at 10:35PM by ghost-train
via reddit http://ift.tt/2FjfABd
Cisco
Cisco Security Threat and Vulnerability Intelligence
The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.
Code Exection in IDA via Strings
http://ift.tt/2FhIjWU
Submitted February 21, 2018 at 10:11PM by MalwareSeattle
via reddit http://ift.tt/2FnGyaZ
http://ift.tt/2FhIjWU
Submitted February 21, 2018 at 10:11PM by MalwareSeattle
via reddit http://ift.tt/2FnGyaZ
reddit
Code Exection in IDA via Strings • r/netsec
2 points and 0 comments so far on reddit
Trend Micro Email Encryption Gateway Multiple Vulnerabilities
http://ift.tt/2CAKUYU
Submitted February 21, 2018 at 11:18PM by pepit0r
via reddit http://ift.tt/2sL686P
http://ift.tt/2CAKUYU
Submitted February 21, 2018 at 11:18PM by pepit0r
via reddit http://ift.tt/2sL686P
Core Security
Trend Micro Email Encryption Gateway Multiple Vulnerabilities
1. Advisory InformationTitle: Trend Micro Email Encryption Gateway Multiple VulnerabilitiesAdvisory ID: CORE-2017-0006Advisory URL: http://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilitiesDate published: 2018-02…
Need help to solve the problew with record in the sudoers file Linux
Hi folks! Can someone pls help me with this record in the /etc/sudoers file:
Submitted February 21, 2018 at 10:44PM by Brain2life
via reddit http://ift.tt/2GAnpSt
Hi folks! Can someone pls help me with this record in the /etc/sudoers file:
non_root_user ALL=(ALL) NOPASSWD: /usr/sbin/lessDoes it safe to write like this?I think that this record will allow non root users launch less text editor and view documents that they are not authorized to do so.What do you think? Do I need to erase this record or rewrite it in a more safe way?
Submitted February 21, 2018 at 10:44PM by Brain2life
via reddit http://ift.tt/2GAnpSt
reddit
Need help to solve the problew with record in the... • r/security
Hi folks! Can someone pls help me with this record in the /etc/sudoers file: non_root_user ALL=(ALL) NOPASSWD: /usr/sbin/less Does it...
IBM X-Force IRIS Uncovers Active Business Email Compromise Campaign Targeting Fortune 500 Companies
http://ift.tt/2EY2ueG
Submitted February 21, 2018 at 10:16PM by cloudster314
via reddit http://ift.tt/2sJrb9P
http://ift.tt/2EY2ueG
Submitted February 21, 2018 at 10:16PM by cloudster314
via reddit http://ift.tt/2sJrb9P
Security Intelligence
IBM X-Force IRIS Uncovers Active Business Email Compromise Campaign Targeting Fortune 500 Companies
IBM X-Force IRIS observed a widespread business email compromise (BEC) campaign targeting many Fortune 500 companies that exploits flaws in common accounts payable processes.
Validating Leaked Passwords with k-Anonymity
http://ift.tt/2ogpOLf
Submitted February 22, 2018 at 12:38AM by civicode
via reddit http://ift.tt/2ELED2D
http://ift.tt/2ogpOLf
Submitted February 22, 2018 at 12:38AM by civicode
via reddit http://ift.tt/2ELED2D
The Cloudflare Blog
Validating Leaked Passwords with k-Anonymity
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats…
How Developers got Password Security so Wrong
http://ift.tt/2CdawQ3
Submitted February 22, 2018 at 12:38AM by civicode
via reddit http://ift.tt/2CzjTW1
http://ift.tt/2CdawQ3
Submitted February 22, 2018 at 12:38AM by civicode
via reddit http://ift.tt/2CzjTW1
Cloudflare Blog
How Developers got Password Security so Wrong
Both in our real lives, and online, there are times where we need to authenticate ourselves - where we need to confirm we are who we say we are. This can be done using three things: Something you know Something you have Something you are Passwords are an…
FOSS slides for explaining Meltdown and Spectre
http://ift.tt/2Fofqsp
Submitted February 22, 2018 at 02:16AM by xux-xux
via reddit http://ift.tt/2GxEnRi
http://ift.tt/2Fofqsp
Submitted February 22, 2018 at 02:16AM by xux-xux
via reddit http://ift.tt/2GxEnRi
GitHub
neuhalje/presentation_meltdown_spectre
presentation_meltdown_spectre - Meltdown and spectre explained -- for normal people
Cybersecurity professionals in the San Francisco Bay area needed for a Paid Research Study - $250 for a 45 min. phone/web interview
We are a company that locates people for various market research studies nationwide. Our current study is happening this week and next and we are short a half dozen security analysts. If interested please fill out the survey located here: https://survey.zohopublic.com/zs/nCCuSYMore information can be found on our website blog here: http://www.focusinsite.com/250-45-minutes-cybersecurity-professionals-needed-san-francisco-bay-area/Not in the S.F. area, but want to be notified of upcoming studies? Please fill in this survey with your best contact information: http://www.focusinsite.com/survey
Submitted February 22, 2018 at 01:58AM by FocusInsite
via reddit http://ift.tt/2HCWdE0
We are a company that locates people for various market research studies nationwide. Our current study is happening this week and next and we are short a half dozen security analysts. If interested please fill out the survey located here: https://survey.zohopublic.com/zs/nCCuSYMore information can be found on our website blog here: http://www.focusinsite.com/250-45-minutes-cybersecurity-professionals-needed-san-francisco-bay-area/Not in the S.F. area, but want to be notified of upcoming studies? Please fill in this survey with your best contact information: http://www.focusinsite.com/survey
Submitted February 22, 2018 at 01:58AM by FocusInsite
via reddit http://ift.tt/2HCWdE0
Zohopublic
18-119 Cybersecurity
Please take this survey. Your response is important!
Hacking Tinder Accounts using Facebook Accountkit
http://ift.tt/2odMax4
Submitted February 20, 2018 at 09:53PM by bugbountydude
via reddit http://ift.tt/2ogAd9J
http://ift.tt/2odMax4
Submitted February 20, 2018 at 09:53PM by bugbountydude
via reddit http://ift.tt/2ogAd9J
Medium
Hacking Tinder Accounts using Facebook Accountkit
Note: This is being published with the permission of Facebook under the responsible disclosure policy.
Phishing on Twitter Automatically
http://ift.tt/2BHoSao
Submitted February 22, 2018 at 01:49AM by gunmr
via reddit http://ift.tt/2CdhuEH
http://ift.tt/2BHoSao
Submitted February 22, 2018 at 01:49AM by gunmr
via reddit http://ift.tt/2CdhuEH
GitHub
omergunal/PoT
PoT - Phishing on Twitter
The Many Hats Club: An InfoSec Group For All Skill Levels
http://ift.tt/2BK726K
Submitted February 22, 2018 at 02:48AM by DJRWolf
via reddit http://ift.tt/2HAsrPX
http://ift.tt/2BK726K
Submitted February 22, 2018 at 02:48AM by DJRWolf
via reddit http://ift.tt/2HAsrPX
BleepingComputer
The Many Hats Club: An InfoSec Group For All Skill Levels
The Many Hats Club is a group where members of the InfoSec community can share information, build connections, and get to know each other. This group caters to all experience levels and if you are interested in getting into InfoSec or want to have discussions…
[SAD] Garmin is still not using 2FA for their cloud based Garmin Connect service.
It's 2018 and Garmin has no option to enable 2FA for their Garmin Connect service. If you are not familiar with the Garmin Connect service, it's a service where all the Garmin fitness tracker upload all the data. The data is highly sensitive, which includes GPS tracks, steps, heart ratio, sleep time and so on. I've asked Garmin if they could provide the service with 2FA but without any response until today.
Submitted February 22, 2018 at 02:43AM by Radi1229
via reddit http://ift.tt/2GxN5Ps
It's 2018 and Garmin has no option to enable 2FA for their Garmin Connect service. If you are not familiar with the Garmin Connect service, it's a service where all the Garmin fitness tracker upload all the data. The data is highly sensitive, which includes GPS tracks, steps, heart ratio, sleep time and so on. I've asked Garmin if they could provide the service with 2FA but without any response until today.
Submitted February 22, 2018 at 02:43AM by Radi1229
via reddit http://ift.tt/2GxN5Ps
reddit
[SAD] Garmin is still not using 2FA for their cloud... • r/security
It's 2018 and Garmin has no option to enable 2FA for their Garmin Connect service. If you are not familiar with the Garmin Connect service, it's a...
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
http://ift.tt/2Cedgwo
Submitted February 22, 2018 at 04:22AM by rmddos
via reddit http://ift.tt/2EEv9Cb
http://ift.tt/2Cedgwo
Submitted February 22, 2018 at 04:22AM by rmddos
via reddit http://ift.tt/2EEv9Cb
Troy Hunt
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST…