GitHub survived the biggest DDoS attack ever recorded
http://ift.tt/2FeA7ZW
Submitted March 01, 2018 at 10:10PM by ShinjoB
via reddit http://ift.tt/2F6SEEa
http://ift.tt/2FeA7ZW
Submitted March 01, 2018 at 10:10PM by ShinjoB
via reddit http://ift.tt/2F6SEEa
WIRED
GitHub Survived the Biggest DDoS Attack Ever Recorded
On Wednesday, a 1.3Tbps DDoS attack pummeled GitHub for 15-20 minutes. Here's how it stayed online.
Equifax discovers another 2.4 million customers hit by data breach
http://ift.tt/2CPnAac
Submitted March 01, 2018 at 09:57PM by EvanConover
via reddit http://ift.tt/2FFWJAg
http://ift.tt/2CPnAac
Submitted March 01, 2018 at 09:57PM by EvanConover
via reddit http://ift.tt/2FFWJAg
AVG AntiVirus Business Edition review
http://ift.tt/2HWksNw
Submitted March 01, 2018 at 10:23PM by tomasstatkus
via reddit http://ift.tt/2FIX858
http://ift.tt/2HWksNw
Submitted March 01, 2018 at 10:23PM by tomasstatkus
via reddit http://ift.tt/2FIX858
Reviewedbypro
AVG AntiVirus Business Edition
In order to successfully run a business, users should not forget that security should come first. That is why the leading security software provider, AVG
First Phishline, then Wombat, then PhishMe, who is next? Battle to the bottom in Phishing Platform Wars
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry.The larger players all want to take the phishing sim vendors and apply them to their email security services - which brings up an interesting debate:What is happening with the security awareness industry now that the phishing platform players are being eaten up by email security providers?I think what we're going to see is the remaining security awareness vendors either make a play to also do phishing simulation in some way, or realize they have to focus on better content.Companies like SANS Securing the Human, MediaPro, KnowBe4, are all well established security awareness training companies. But they all suffer from the quality of their content - something people complain about all the time.Companies like Ninjio and Habitu8 are making interesting efforts to bring more training content variety to the industry which is exciting.But seriously wtf is with the PhishMe rebrand to Cofence?
Submitted March 02, 2018 at 12:09AM by Inkyandthebrain
via reddit http://ift.tt/2GTmfSa
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry.The larger players all want to take the phishing sim vendors and apply them to their email security services - which brings up an interesting debate:What is happening with the security awareness industry now that the phishing platform players are being eaten up by email security providers?I think what we're going to see is the remaining security awareness vendors either make a play to also do phishing simulation in some way, or realize they have to focus on better content.Companies like SANS Securing the Human, MediaPro, KnowBe4, are all well established security awareness training companies. But they all suffer from the quality of their content - something people complain about all the time.Companies like Ninjio and Habitu8 are making interesting efforts to bring more training content variety to the industry which is exciting.But seriously wtf is with the PhishMe rebrand to Cofence?
Submitted March 02, 2018 at 12:09AM by Inkyandthebrain
via reddit http://ift.tt/2GTmfSa
reddit
First Phishline, then Wombat, then PhishMe, who is... • r/security
2018 has seen some huge acquisitions in the Phishing Platform \ Security Awareness industry. The larger players all want to take the phishing sim...
Security Awareness video - DIY Password Method | Alt. for using a password manager
https://youtu.be/3JzMEnaPe2U
Submitted March 01, 2018 at 11:57PM by Inkyandthebrain
via reddit http://ift.tt/2ozQKFQ
https://youtu.be/3JzMEnaPe2U
Submitted March 01, 2018 at 11:57PM by Inkyandthebrain
via reddit http://ift.tt/2ozQKFQ
YouTube
DIY Password Method (or creating good passwords) by Habitu8, The Security Awareness Video Company
This DIY Password Method has been tested by the FBI and red-team pentesters and it works. Best thing is that it is super easy for regular folks to use and implement in their daily lives!
Habitu8 creates really great training videos for companies to use to…
Habitu8 creates really great training videos for companies to use to…
Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network
http://ift.tt/2GTCiiH
Submitted March 02, 2018 at 12:25AM by xor_rotate
via reddit http://ift.tt/2ozhoiq
http://ift.tt/2GTCiiH
Submitted March 02, 2018 at 12:25AM by xor_rotate
via reddit http://ift.tt/2ozhoiq
Akamai detecs 13 TBS DDOS attacks through misconfigured memcache servers.
http://ift.tt/2oAfQol
Submitted March 01, 2018 at 11:45PM by Neo-Bubba
via reddit http://ift.tt/2F4qI3Q
http://ift.tt/2oAfQol
Submitted March 01, 2018 at 11:45PM by Neo-Bubba
via reddit http://ift.tt/2F4qI3Q
Akamai
Memcached-fueled 1.3 Tbps attacks
At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the...
Dark Reading Article: The State of Application Penetration Testing
http://ift.tt/2CNoi7T
Submitted March 02, 2018 at 12:32AM by ju1i3k
via reddit http://ift.tt/2CS04cq
http://ift.tt/2CNoi7T
Submitted March 02, 2018 at 12:32AM by ju1i3k
via reddit http://ift.tt/2CS04cq
Dark Reading
The State of Application Penetration Testing
Data from real-world pen tests shows configuration errors and cross-site noscripting are the most commonly found vulnerabilities.
Trustico website goes dark after someone drops critical flaw on Twitter
http://ift.tt/2FfD38Q
Submitted March 02, 2018 at 02:55AM by ermass
via reddit http://ift.tt/2oBSrml
http://ift.tt/2FfD38Q
Submitted March 02, 2018 at 02:55AM by ermass
via reddit http://ift.tt/2oBSrml
Ars Technica
Trustico website goes dark after someone drops critical flaw on Twitter
Outage comes a day after CEO admitted emailing private keys for 23k HTTPS certs.
Cloud flare is starting to see more and more amplification attacks using memcache
http://ift.tt/2GPowxH
Submitted March 02, 2018 at 02:52AM by rfelsburg
via reddit http://ift.tt/2F5g7Kb
http://ift.tt/2GPowxH
Submitted March 02, 2018 at 02:52AM by rfelsburg
via reddit http://ift.tt/2F5g7Kb
Cloudflare Blog
Memcrashed - Major amplification attacks from UDP port 11211
CC BY-SA 2.0 image by David Trawin Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening…
Phishing with a reverse proxy in Go
http://ift.tt/2HTR4r8
Submitted March 02, 2018 at 07:36AM by jamaican420guy
via reddit http://ift.tt/2FKdhHz
http://ift.tt/2HTR4r8
Submitted March 02, 2018 at 07:36AM by jamaican420guy
via reddit http://ift.tt/2FKdhHz
Medium
Phishing with a reverse proxy in Go
DISCLAIMER: This post is for educational purposes only. Cybercrime is stupid and will probably have you wasting your talents in prison.
Let's Encrypt ACMEv2 implementation supporting wildcard certificates is completed
http://ift.tt/2HUlSIa
Submitted March 02, 2018 at 08:52AM by mebrahim
via reddit http://ift.tt/2F4wfHz
http://ift.tt/2HUlSIa
Submitted March 02, 2018 at 08:52AM by mebrahim
via reddit http://ift.tt/2F4wfHz
GitHub
Comprehensive support for ACMEv2 (tracking issue) #5365
Get ACMEv2 support in acme module Get ACMEv2 support in Certbot Get DNS plugins installable Change the default ACME server to the v2 endpoint
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
http://ift.tt/2GY141f
Submitted March 02, 2018 at 08:25AM by TechLord2
via reddit http://ift.tt/2oNlDGq
http://ift.tt/2GY141f
Submitted March 02, 2018 at 08:25AM by TechLord2
via reddit http://ift.tt/2oNlDGq
Microsoft
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons: Its access to sophisticated zero-day exploits…
Help I accidentally tried to hack someone’s account?
So For fun me and my girlfriends were seeing if we could hack someone’s account (I’m aware this is dumb. Please don’t talk about it). We did the forgot password option and it said how they sent a code to their Microsoft authentication app. That means she would get a notification that someone tried to access her account. Does this mean that she will know it came from me? Does it show any backtracking of where the request came from?
Submitted March 02, 2018 at 02:08PM by helpmepls1120
via reddit http://ift.tt/2Fiyzy0
So For fun me and my girlfriends were seeing if we could hack someone’s account (I’m aware this is dumb. Please don’t talk about it). We did the forgot password option and it said how they sent a code to their Microsoft authentication app. That means she would get a notification that someone tried to access her account. Does this mean that she will know it came from me? Does it show any backtracking of where the request came from?
Submitted March 02, 2018 at 02:08PM by helpmepls1120
via reddit http://ift.tt/2Fiyzy0
reddit
Help I accidentally tried to hack someone’s account? • r/security
So For fun me and my girlfriends were seeing if we could hack someone’s account (I’m aware this is dumb. Please don’t talk about it). We did the...
The OWASP Top 10: 2013 vs. 2017
http://ift.tt/2CRQpTw
Submitted March 02, 2018 at 01:44PM by zinsi-
via reddit http://ift.tt/2Fe9ch4
http://ift.tt/2CRQpTw
Submitted March 02, 2018 at 01:44PM by zinsi-
via reddit http://ift.tt/2Fe9ch4
Templarbit Inc.
The OWASP Top 10: 2013 vs. 2017
Every few years, the Open Web Application Security Project...
A Medium publication just for InfoSec writeups.
http://ift.tt/2iII67Q
Submitted March 02, 2018 at 02:35PM by Eta-Meson
via reddit http://ift.tt/2oCx3x9
http://ift.tt/2iII67Q
Submitted March 02, 2018 at 02:35PM by Eta-Meson
via reddit http://ift.tt/2oCx3x9
Medium
InfoSec Writeups – Medium
A collection of awesome write ups from best hackers in topics ranging from bug bounties, CTFs, vulnhub machines, hardware challenges, real life encounters and everything else which can help other enthusiasts to learn. #sharingiscaring.
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
http://ift.tt/2oIybi9
Submitted March 02, 2018 at 03:23PM by Chumstick
via reddit http://ift.tt/2oKPA9P
http://ift.tt/2oIybi9
Submitted March 02, 2018 at 03:23PM by Chumstick
via reddit http://ift.tt/2oKPA9P
Dark Reading
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren.
Emotet Malware URLs
http://ift.tt/2HY7XRA
Submitted March 02, 2018 at 03:21PM by Chumstick
via reddit http://ift.tt/2oKAPDR
http://ift.tt/2HY7XRA
Submitted March 02, 2018 at 03:21PM by Chumstick
via reddit http://ift.tt/2oKAPDR
Pastebin
Emotet Malware URLs 03/01/18 - Pastebin.com
New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers
http://ift.tt/2F6HkYM
Submitted March 02, 2018 at 03:20PM by Chumstick
via reddit http://ift.tt/2HXpJ7r
http://ift.tt/2F6HkYM
Submitted March 02, 2018 at 03:20PM by Chumstick
via reddit http://ift.tt/2HXpJ7r
BleepingComputer
New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers
We have a new record for the largest DDoS attack ever detected. The new high mark is 1.3 Tbps (Terabits-per-second).
CannibalRAT, a RAT entirely written in Python observed in targeted attacks
http://ift.tt/2oAuP1c
Submitted March 02, 2018 at 04:03PM by CasperVPN
via reddit http://ift.tt/2tai1n3
http://ift.tt/2oAuP1c
Submitted March 02, 2018 at 04:03PM by CasperVPN
via reddit http://ift.tt/2tai1n3
Security Affairs
CannibalRAT, a RAT entirely written in Python observed in targeted attacks
Security researchers from Cisco Talos discovered a new remote access Trojan (RAT) dubbed CannibalRAT that has been written entirely in Python.
The infamous vulnerability of target _blank code. Do you validate under "best coding practice" to prevent phishing.
http://ift.tt/2oKv89j
Submitted March 02, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2HVKh02
http://ift.tt/2oKv89j
Submitted March 02, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2HVKh02
Cyber Sins
The infamous issue of target _blank code
This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and…