CVE-2017-12712 etc. - Pacemaker with multiple vulnerabilities recalled
http://ift.tt/2x4vON1
Submitted September 04, 2017 at 05:22PM by cryptogeeky
via reddit http://ift.tt/2xIRag4
http://ift.tt/2x4vON1
Submitted September 04, 2017 at 05:22PM by cryptogeeky
via reddit http://ift.tt/2xIRag4
Security Taco
Pacemaker? Check your firmware! Recall Alert
If you or a loved one has a pacemaker, you need to read this. On August 29, 2017, the FDA issued a recall for Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers. Th…
[PDF] GDB PEDA exploit development
http://ift.tt/2wyJbDX
Submitted September 04, 2017 at 05:59PM by _____WINTERMUTE_____
via reddit http://ift.tt/2gDGjzU
http://ift.tt/2wyJbDX
Submitted September 04, 2017 at 05:59PM by _____WINTERMUTE_____
via reddit http://ift.tt/2gDGjzU
Taringa: Over 28 Millions User’s Account Leaked In The Massive Data Breach
http://ift.tt/2vFkarQ
Submitted September 04, 2017 at 10:01PM by abhihpes
via reddit http://ift.tt/2iXtQI3
http://ift.tt/2vFkarQ
Submitted September 04, 2017 at 10:01PM by abhihpes
via reddit http://ift.tt/2iXtQI3
www.techposts.net
Taringa: Over 28 Millions User's Account Leaked In The Massive Data Breach |
Taringa, also called as "The Latin American Reddit", have been breached and over 28 Million users login details are exposed in the massive data breach
SharknAT&To: Vulnerabilities in AT&T U-verse modems
http://ift.tt/2wpIfQl
Submitted September 04, 2017 at 10:52PM by 300BLK_Lives_Matter
via reddit http://ift.tt/2wBE6cn
http://ift.tt/2wpIfQl
Submitted September 04, 2017 at 10:52PM by 300BLK_Lives_Matter
via reddit http://ift.tt/2wBE6cn
Nomotion Blog
SharknAT&To - Nomotion Blog
Introduction When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products…
Kioptrix: Level 1 Walkthrough - VulnHub Boot2Root/CTF - Samba 2.2.x RCE
http://ift.tt/2ez3APz
Submitted September 05, 2017 at 05:21AM by InfoSecJim
via reddit http://ift.tt/2iZdE9B
http://ift.tt/2ez3APz
Submitted September 05, 2017 at 05:21AM by InfoSecJim
via reddit http://ift.tt/2iZdE9B
Jim Wilbur's Blog
Kioptrix: Level 1 Walkthrough - VulnHub - Jim Wilbur's Blog
A walkthrough of Kioptrix: Level 1 from VulnHub. This is the first vm in the Kioptrix series. More to come!
Exploiting React CSS-in-JS
http://ift.tt/2xAv938
Submitted September 05, 2017 at 02:42PM by albinowax
via reddit http://ift.tt/2x6V31q
http://ift.tt/2xAv938
Submitted September 05, 2017 at 02:42PM by albinowax
via reddit http://ift.tt/2x6V31q
React Armory
How can I securely use CSS-in-JS with React? — React Armory
CSS-in-JS is a bit like eval for CSS. It is incredibly powerful, but it also makes it easy to shoot yourself in the foot.
Mastercard Internet Gateway Service: Hashing Design Flaw
http://ift.tt/2eGK9YH
Submitted September 05, 2017 at 06:29PM by yohanes
via reddit http://ift.tt/2wC4UL9
http://ift.tt/2eGK9YH
Submitted September 05, 2017 at 06:29PM by yohanes
via reddit http://ift.tt/2wC4UL9
Worms Caught In Brambuls (xpost)
http://ift.tt/2iYUq3H
Submitted September 05, 2017 at 07:13PM by majorllama
via reddit http://ift.tt/2w2xCRQ
http://ift.tt/2iYUq3H
Submitted September 05, 2017 at 07:13PM by majorllama
via reddit http://ift.tt/2w2xCRQ
Ringzerolabs
Worms Caught In Brambuls
Today we analyze an SMB worm that uses GMAIL for C&C checkins and drops a backdoor on infected machines.
High Sierra's 'Secure Kernel Extension Loading' is Broken
http://ift.tt/2w3Dmuz
Submitted September 05, 2017 at 10:16PM by ya4
via reddit http://ift.tt/2wEqOf5
http://ift.tt/2w3Dmuz
Submitted September 05, 2017 at 10:16PM by ya4
via reddit http://ift.tt/2wEqOf5
Objective-See
High Sierra's 'Secure Kernel Extension Loading' is Broken
a new 'security' feature in macOS 10.13, is trivial to bypass
ToorCon 19 (2017) playlist
ToorCon 19 - 2017: http://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp
Submitted September 05, 2017 at 07:05PM by reidhoch
via reddit http://ift.tt/2f14QeR
ToorCon 19 - 2017: http://www.youtube.com/playlist?list=PLR6Acteg0QHE0Yjs3jK2zzWjmGhUgsYUp
Submitted September 05, 2017 at 07:05PM by reidhoch
via reddit http://ift.tt/2f14QeR
YouTube
ToorCon 19 - 2017 - YouTube
DIY Spy Program: Abusing Apple's Call Relay Protocol (CVEs 2016-4635, 2016-4721, 2016-4722, 2016-7577)
http://ift.tt/2x88ZYZ
Submitted September 05, 2017 at 09:05PM by _yowie_
via reddit http://ift.tt/2gJL6QF
http://ift.tt/2x88ZYZ
Submitted September 05, 2017 at 09:05PM by _yowie_
via reddit http://ift.tt/2gJL6QF
Martin Vigo
DIY Spy Program: Abusing Apple's Call Relay Protocol - Martin Vigo
Finding, exploiting and leveraging vulnerabilities in Apple's Call Relay protocol to build a spy program. CVE: 2016-4635, 2016-4721, 2016-4722, 2016-7577
Using QL to find a remote code execution vulnerability in Apache Struts (CVE-2017-9805)
http://ift.tt/2vIYZ8j
Submitted September 06, 2017 at 01:03AM by moviuro
via reddit http://ift.tt/2eCk4X1
http://ift.tt/2vIYZ8j
Submitted September 06, 2017 at 01:03AM by moviuro
via reddit http://ift.tt/2eCk4X1
Lgtm
Using QL to find a remote code execution vulnerability in Apache Struts (CVE-2017-9805) - Blog - lgtm
Deserialization of untrusted user data caused a remote code execution vulnerability in Apache Struts. This post explained how QL, lgtm's query language, was used to find this vulnerability.
Severe security vulnerability found in Apache Struts CVE-2017-9805 allowing RCE
http://ift.tt/2w2VkO0
Submitted September 06, 2017 at 12:27AM by pr4jwal
via reddit http://ift.tt/2gEwmif
http://ift.tt/2w2VkO0
Submitted September 06, 2017 at 12:27AM by pr4jwal
via reddit http://ift.tt/2gEwmif
reddit
Severe security vulnerability found in Apache Struts... • r/netsec
3 points and 2 comments so far on reddit
C# dll injection tutorial
http://ift.tt/2f0Pg2O
Submitted September 06, 2017 at 03:14AM by _____WINTERMUTE_____
via reddit http://ift.tt/2gKKqKK
http://ift.tt/2f0Pg2O
Submitted September 06, 2017 at 03:14AM by _____WINTERMUTE_____
via reddit http://ift.tt/2gKKqKK
coding.vision
C# Inject a Dll into a Process (w/ CreateRemoteThread) | coding.vision
Since I’ve been asked if this is possible - well…you can do Dll Injection using C# but the injected Dll must be written in a language that doesn’t depend on a CLR (C/C++ would be a good option here, but...
Graftor - But I Never Asked for This…
http://ift.tt/2wEidsQ
Submitted September 06, 2017 at 02:17AM by majorllama
via reddit http://ift.tt/2vJfCR2
http://ift.tt/2wEidsQ
Submitted September 06, 2017 at 02:17AM by majorllama
via reddit http://ift.tt/2vJfCR2
Talosintelligence
Graftor - But I Never Asked for This…
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Flattened Version of MITRE ATT&CK Matrix
http://ift.tt/2w4P5ce
Submitted September 06, 2017 at 05:58AM by huntoperator
via reddit http://ift.tt/2vKbuR1
http://ift.tt/2w4P5ce
Submitted September 06, 2017 at 05:58AM by huntoperator
via reddit http://ift.tt/2vKbuR1
Flattened MITRE ATT&CK Matrix
http://ift.tt/2gKNSVP
Submitted September 06, 2017 at 06:26AM by huntoperator
via reddit http://ift.tt/2xMzXT9
http://ift.tt/2gKNSVP
Submitted September 06, 2017 at 06:26AM by huntoperator
via reddit http://ift.tt/2xMzXT9
Austin Taylor
Flattened MITRE ATT&CK Matrix
MITRE ATT&CK Matrix flattened and mapped by category to threat actor groups and software examples of each attack.
A look at the Boeing 787's web based In Flight Entertainment System
http://ift.tt/2eJUtPq
Submitted September 06, 2017 at 10:39AM by x8BitRain
via reddit http://ift.tt/2gKbDgo
http://ift.tt/2eJUtPq
Submitted September 06, 2017 at 10:39AM by x8BitRain
via reddit http://ift.tt/2gKbDgo
Struts 2.5.x RCE Proof of Concept
http://ift.tt/2x9Pnnf
Submitted September 06, 2017 at 12:26PM by stbernardy
via reddit http://ift.tt/2vKGmk8
http://ift.tt/2x9Pnnf
Submitted September 06, 2017 at 12:26PM by stbernardy
via reddit http://ift.tt/2vKGmk8
GitHub
Add Apache Struts 2 REST Plugin XStream RCE by wvu-r7 · Pull Request #8924 · rapid7/metasploit-framework
WIP
Linux
Windows
CmdStager
ARCH_CMD
check
Linux
Windows
CmdStager
ARCH_CMD
check
A security analyst’s guide to NSAppTransportSecurity on Apple iOS
http://ift.tt/2eJPvSV
Submitted September 06, 2017 at 12:06PM by 0xdea
via reddit http://ift.tt/2wEYXNH
http://ift.tt/2eJPvSV
Submitted September 06, 2017 at 12:06PM by 0xdea
via reddit http://ift.tt/2wEYXNH
Nowsecure
Guide to iOS App Transport Security (ATS) | NowSecure
I’ve recently noticed a spike in questions from our customers -- and specifically security analysts -- about App Transport Security (ATS), or
Phishy Basic Authentication prompts
http://ift.tt/2j3gn1F
Submitted September 06, 2017 at 07:53PM by Matasareanu13
via reddit http://ift.tt/2wGisFk
http://ift.tt/2j3gn1F
Submitted September 06, 2017 at 07:53PM by Matasareanu13
via reddit http://ift.tt/2wGisFk
Security Café
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they accidentally enter invalid domains in we…