Surveying the current IoT threat landscape
http://ift.tt/2FGWbu8
Submitted March 01, 2018 at 03:53PM by Iot_Security
via reddit http://ift.tt/2oHzn5f
http://ift.tt/2FGWbu8
Submitted March 01, 2018 at 03:53PM by Iot_Security
via reddit http://ift.tt/2oHzn5f
Digitaljournal
Surveying the current IoT threat landscape: Interview (Includes interview and first-hand account)
IoT security flaws are hitting the news at a higher rate, but what are the real risks? A leading expert explores the potential ‘worst-case scenario’ IoT attacks and provides best practice tips for enterprises and IoT service providers.
Interesting Phishing Technique Targeting Google G Suite
http://ift.tt/2F3bWub
Submitted March 01, 2018 at 05:46PM by jekapats
via reddit http://ift.tt/2F4uOgF
http://ift.tt/2F3bWub
Submitted March 01, 2018 at 05:46PM by jekapats
via reddit http://ift.tt/2F4uOgF
PhishAI
The Phishing Collage | PhishAI
We recently encountered a wave of attacks targeting Google G Suite using a technique we named the ‘phishing collage’ which evades different traditional solutions that try to detect zero-day phishing attacks by parsing and analysis of HTML payload. Attack…
Security In 5: Episode 185 - How You Can Be Breached Without Detecting It
http://ift.tt/2HU6eN5
Submitted March 01, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2oHti95
http://ift.tt/2HU6eN5
Submitted March 01, 2018 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2oHti95
Libsyn
Security In Five Podcast: Episode 185 - How You Can Be Breached Without Detecting It
Hackers want to remain undetected. The longer they slip under your radar the longer they can steal your data. This episode goes into a few ways you can identify signs that you have something malicious running on your machine that is going undetected by your…
Cyber as a Driver for Business Decisions
http://ift.tt/2GWeFGy
Submitted March 01, 2018 at 07:59PM by Uminekoshi
via reddit http://ift.tt/2owCwFV
http://ift.tt/2GWeFGy
Submitted March 01, 2018 at 07:59PM by Uminekoshi
via reddit http://ift.tt/2owCwFV
SoundCloud
Episode 7 - Cyber as a Driver for Business Decisions with Richard Van Horn
In this CyberTangent episode, we are joined by Richard Van Horn, a Cybersecurity professional and owner of https://www.technologyatrisk.info/ Our podcast host is Landon Johnson.
Today's topic is "Cyb
Today's topic is "Cyb
Selmayr slip discloses phone numbers in photo
http://ift.tt/2FDwP04
Submitted March 01, 2018 at 07:40PM by MilchreisMann412
via reddit http://ift.tt/2F3ftsA
http://ift.tt/2FDwP04
Submitted March 01, 2018 at 07:40PM by MilchreisMann412
via reddit http://ift.tt/2F3ftsA
Euobserver
Selmayr slip discloses phone numbers in photo
The European Commission's most powerful administrator, Martin Selmayr, has revealed the mobile phone numbers of heads of cabinet, including his own, in a vanity shot.
Oracle Server Exploit Opens up for Double Cryptocurrency miner Payload
http://ift.tt/2FdhG7X
Submitted March 01, 2018 at 08:35PM by htbridgedigital
via reddit http://ift.tt/2FceiKv
http://ift.tt/2FdhG7X
Submitted March 01, 2018 at 08:35PM by htbridgedigital
via reddit http://ift.tt/2FceiKv
Htbridge
Oracle Server Exploit Opens up for Double Cryptocurrency miner Payload
Hackers serve up a duo of cryptocurrency miners by exploiting Oracle server vulnerability...
Basics of Web Scraping
http://ift.tt/2t989Km
Submitted March 01, 2018 at 08:31PM by jacob16682
via reddit http://ift.tt/2oAQ0At
http://ift.tt/2t989Km
Submitted March 01, 2018 at 08:31PM by jacob16682
via reddit http://ift.tt/2oAQ0At
Vulsec
Web Scraping for Open Source Intelligence
Web scraping is a way to automate the process of going through a website and picking out the information that you need. This article will detail how to go about scraping the web and what web scraping can be used for.
Trustico self rooted?
https://twitter.com/svblxyz/status/969220402768736258
Submitted March 01, 2018 at 09:20PM by Teknowlogist
via reddit http://ift.tt/2CRtJT4
https://twitter.com/svblxyz/status/969220402768736258
Submitted March 01, 2018 at 09:20PM by Teknowlogist
via reddit http://ift.tt/2CRtJT4
Twitter
svbl
Hmmm... I can't validate my Domain certificate via #Trustico, it just ends up sending weird curl requests to my server. 🤔😏 Anyone got an idea whats wrong?
Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips
http://ift.tt/2CsFmV9
Submitted March 01, 2018 at 08:22PM by volci
via reddit http://ift.tt/2oFOaxe
http://ift.tt/2CsFmV9
Submitted March 01, 2018 at 08:22PM by volci
via reddit http://ift.tt/2oFOaxe
Threatpost | The first stop for security news
Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips
Intel has issued stable microcode to help protect its Broadwell and Haswell chips from the Spectre Variant 2 security exploits.
Demonstrating a VMware guest-to-host escape: ZDI researchers break down a winning Pwn2Own exploit chain that executes code on the hypervisor.
http://ift.tt/2FHY3mq
Submitted March 01, 2018 at 09:27PM by RedmondSecGnome
via reddit http://ift.tt/2F4eW9v
http://ift.tt/2FHY3mq
Submitted March 01, 2018 at 09:27PM by RedmondSecGnome
via reddit http://ift.tt/2F4eW9v
Zero Day Initiative
VMware Exploitation through Uninitialized Buffers
As we approach Pwn2Own 2018, I’m reminded of some of the exploits we saw at last year’s contest. Of course, the most interesting bugs we saw involved guest-to-host escalation in VMware. Recently, we presented “l’art de l’évasion: Modern VMware Exploitation…
Trustico's website was vulnerable to a trivial shell command substitution injection, running as uid=0
http://ift.tt/2ozbcXr
Submitted March 01, 2018 at 09:25PM by jw12321
via reddit http://ift.tt/2owx5qA
http://ift.tt/2ozbcXr
Submitted March 01, 2018 at 09:25PM by jw12321
via reddit http://ift.tt/2owx5qA
Google
Google Groups
Google Groups allows you to create and participate in online forums and email-based groups with a rich experience for community conversations.
GitHub survived the biggest DDoS attack ever recorded
http://ift.tt/2FeA7ZW
Submitted March 01, 2018 at 10:10PM by ShinjoB
via reddit http://ift.tt/2F6SEEa
http://ift.tt/2FeA7ZW
Submitted March 01, 2018 at 10:10PM by ShinjoB
via reddit http://ift.tt/2F6SEEa
WIRED
GitHub Survived the Biggest DDoS Attack Ever Recorded
On Wednesday, a 1.3Tbps DDoS attack pummeled GitHub for 15-20 minutes. Here's how it stayed online.
Equifax discovers another 2.4 million customers hit by data breach
http://ift.tt/2CPnAac
Submitted March 01, 2018 at 09:57PM by EvanConover
via reddit http://ift.tt/2FFWJAg
http://ift.tt/2CPnAac
Submitted March 01, 2018 at 09:57PM by EvanConover
via reddit http://ift.tt/2FFWJAg
AVG AntiVirus Business Edition review
http://ift.tt/2HWksNw
Submitted March 01, 2018 at 10:23PM by tomasstatkus
via reddit http://ift.tt/2FIX858
http://ift.tt/2HWksNw
Submitted March 01, 2018 at 10:23PM by tomasstatkus
via reddit http://ift.tt/2FIX858
Reviewedbypro
AVG AntiVirus Business Edition
In order to successfully run a business, users should not forget that security should come first. That is why the leading security software provider, AVG
First Phishline, then Wombat, then PhishMe, who is next? Battle to the bottom in Phishing Platform Wars
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry.The larger players all want to take the phishing sim vendors and apply them to their email security services - which brings up an interesting debate:What is happening with the security awareness industry now that the phishing platform players are being eaten up by email security providers?I think what we're going to see is the remaining security awareness vendors either make a play to also do phishing simulation in some way, or realize they have to focus on better content.Companies like SANS Securing the Human, MediaPro, KnowBe4, are all well established security awareness training companies. But they all suffer from the quality of their content - something people complain about all the time.Companies like Ninjio and Habitu8 are making interesting efforts to bring more training content variety to the industry which is exciting.But seriously wtf is with the PhishMe rebrand to Cofence?
Submitted March 02, 2018 at 12:09AM by Inkyandthebrain
via reddit http://ift.tt/2GTmfSa
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry.The larger players all want to take the phishing sim vendors and apply them to their email security services - which brings up an interesting debate:What is happening with the security awareness industry now that the phishing platform players are being eaten up by email security providers?I think what we're going to see is the remaining security awareness vendors either make a play to also do phishing simulation in some way, or realize they have to focus on better content.Companies like SANS Securing the Human, MediaPro, KnowBe4, are all well established security awareness training companies. But they all suffer from the quality of their content - something people complain about all the time.Companies like Ninjio and Habitu8 are making interesting efforts to bring more training content variety to the industry which is exciting.But seriously wtf is with the PhishMe rebrand to Cofence?
Submitted March 02, 2018 at 12:09AM by Inkyandthebrain
via reddit http://ift.tt/2GTmfSa
reddit
First Phishline, then Wombat, then PhishMe, who is... • r/security
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry. The larger players all want to take the phishing sim...
Security Awareness video - DIY Password Method | Alt. for using a password manager
https://youtu.be/3JzMEnaPe2U
Submitted March 01, 2018 at 11:57PM by Inkyandthebrain
via reddit http://ift.tt/2ozQKFQ
https://youtu.be/3JzMEnaPe2U
Submitted March 01, 2018 at 11:57PM by Inkyandthebrain
via reddit http://ift.tt/2ozQKFQ
YouTube
DIY Password Method (or creating good passwords) by Habitu8, The Security Awareness Video Company
This DIY Password Method has been tested by the FBI and red-team pentesters and it works. Best thing is that it is super easy for regular folks to use and implement in their daily lives!
Habitu8 creates really great training videos for companies to use to…
Habitu8 creates really great training videos for companies to use to…
Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network
http://ift.tt/2GTCiiH
Submitted March 02, 2018 at 12:25AM by xor_rotate
via reddit http://ift.tt/2ozhoiq
http://ift.tt/2GTCiiH
Submitted March 02, 2018 at 12:25AM by xor_rotate
via reddit http://ift.tt/2ozhoiq
Akamai detecs 13 TBS DDOS attacks through misconfigured memcache servers.
http://ift.tt/2oAfQol
Submitted March 01, 2018 at 11:45PM by Neo-Bubba
via reddit http://ift.tt/2F4qI3Q
http://ift.tt/2oAfQol
Submitted March 01, 2018 at 11:45PM by Neo-Bubba
via reddit http://ift.tt/2F4qI3Q
Akamai
Memcached-fueled 1.3 Tbps attacks
At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the...
Dark Reading Article: The State of Application Penetration Testing
http://ift.tt/2CNoi7T
Submitted March 02, 2018 at 12:32AM by ju1i3k
via reddit http://ift.tt/2CS04cq
http://ift.tt/2CNoi7T
Submitted March 02, 2018 at 12:32AM by ju1i3k
via reddit http://ift.tt/2CS04cq
Dark Reading
The State of Application Penetration Testing
Data from real-world pen tests shows configuration errors and cross-site noscripting are the most commonly found vulnerabilities.
Trustico website goes dark after someone drops critical flaw on Twitter
http://ift.tt/2FfD38Q
Submitted March 02, 2018 at 02:55AM by ermass
via reddit http://ift.tt/2oBSrml
http://ift.tt/2FfD38Q
Submitted March 02, 2018 at 02:55AM by ermass
via reddit http://ift.tt/2oBSrml
Ars Technica
Trustico website goes dark after someone drops critical flaw on Twitter
Outage comes a day after CEO admitted emailing private keys for 23k HTTPS certs.
Cloud flare is starting to see more and more amplification attacks using memcache
http://ift.tt/2GPowxH
Submitted March 02, 2018 at 02:52AM by rfelsburg
via reddit http://ift.tt/2F5g7Kb
http://ift.tt/2GPowxH
Submitted March 02, 2018 at 02:52AM by rfelsburg
via reddit http://ift.tt/2F5g7Kb
Cloudflare Blog
Memcrashed - Major amplification attacks from UDP port 11211
CC BY-SA 2.0 image by David Trawin Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening…