The infamous vulnerability of target _blank code. Do you validate under "best coding practice" to prevent phishing.
http://ift.tt/2oKv89j

Submitted March 02, 2018 at 04:22PM by xrna
via reddit http://ift.tt/2HVKh02

Reflected Cross Site Scripting when "Referer" header value renders on web page
http://ift.tt/2F5HWSw

Submitted March 02, 2018 at 05:10PM by indishell1046
via reddit http://ift.tt/2HXDrqM

TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution
http://ift.tt/2t7E5Pp

Submitted March 02, 2018 at 06:40PM by indishell1046
via reddit http://ift.tt/2oJwQYd

Security In 5: Episode 186 - Tools, Tips and Tricks - Pwned Passwords
http://ift.tt/2oKHnlY

Submitted March 02, 2018 at 07:37PM by BinaryBlog
via reddit http://ift.tt/2HU9RCB

Easy-Scan: Terminal based minimal web application scanner built on Python
http://ift.tt/2sAqDz1

Submitted March 02, 2018 at 06:57PM by lazykid07
via reddit http://ift.tt/2oOuzLJ

Jailbreak for iOS 10.x 64bit devices without KTRR
http://ift.tt/2HY69be

Submitted March 02, 2018 at 09:37PM by TechLord2
via reddit http://ift.tt/2CQYc3H

Scrape the Twitter Frontend API without authentication
http://ift.tt/2ELHSar

Submitted March 02, 2018 at 09:35PM by TechLord2
via reddit http://ift.tt/2FLb12P

Bug in HP Remote Management Tool Leaves Servers Open to Attack
http://ift.tt/2CP4qkB

Submitted March 02, 2018 at 09:50PM by volci
via reddit http://ift.tt/2F94ldJ

Shellen - Interactive shellcoding environment to easily craft shellcodes
http://ift.tt/2F4VcqH

Submitted March 02, 2018 at 10:17PM by pacotes
via reddit http://ift.tt/2FjekAr

Week 9 in Information Security, 2018
http://ift.tt/2GUkeoA

Submitted March 02, 2018 at 11:01PM by undercomm
via reddit http://ift.tt/2oEQW6M

New SMBv3 DoS exploit for Windows 8.1 & Windows Server 2012
http://ift.tt/2FeHuka

Submitted March 02, 2018 at 10:38PM by Neo-Bubba
via reddit http://ift.tt/2FjXaCO

Red Team Laptop & Infrastructure (pt 1: Architecture)
http://ift.tt/2CT9xR4

Submitted March 02, 2018 at 11:28PM by thugl0r
via reddit http://ift.tt/2Fatbd0

Is it allowed to send (and collect on the bounty) a Responsible Disclosure statement to my own employer?
I have seen multiple security issues within my own company and normally I disclose them to the one responsible via the channels within the company. However, I am sick of the irresponsibility and lack of precaution taken when deploying new features. Just yesterday they deployed some code that makes it possible to see a lot of customer information, and also provides a loophole to inject SQL and see the results of the query executed (as well as the errors you might produce).I am a Software Developer, not a Security Engineer...PS: I work don't work with the team that is deploying this code (I don't even have access to it, so I do not have any advantage over a malicious person)

Submitted March 03, 2018 at 12:31AM by xoorl
via reddit http://ift.tt/2FKUV9l

Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
http://ift.tt/2oCnlLf

Submitted March 03, 2018 at 02:12AM by alessiodelv
via reddit http://ift.tt/2oCmudM

Join a growing a Pentesting/Hacking Community.
Hello World!PentestSec is a community of Pentesters, Infosec professionals, and Students. We have the idea that information should be free to those want to learn and master their skills. There are ton of places on the internet to learn hacking, it can be a bit overwhelming, and so this community has everything in one. We have a private section for newbie’s to learn and ask questions with professionals, as well as daily lesson to try out. We have partnership with other servers who have Professional talk in their server via voice chat with industry Pros!!! We do CTFs, such as Vulnhub, Hackthebox, and more to practice. If you are going for a cert we have a section with material as well. Of course we don’t spoil anything or hold anyone’s hand, but if you are willing to work hard, you can gain a lot of knowledge. So join us! The only thing missing in the community is …..You!Hack The Planet!https://twitter.com/pentestsechttps://discord.gg/4hqkRgZ

Submitted March 03, 2018 at 03:09AM by grimessec
via reddit http://ift.tt/2FLElWQ

Israel Sent a Letter to American Hackers Asking for Zero-Days
http://ift.tt/2CV7ZWs

Submitted March 03, 2018 at 04:37AM by bluefish009
via reddit http://ift.tt/2FaH5fv

Public disclosure in the public interest?
I have discovered a security bug related to authentication on a major US based website (estimated 10M monthly users). The bug allows anyone with local physical access to a computer to access the last logged-in users full account - even after that victim believes they've signed out. This includes after the browser is closed, quit, and the computer has been restarted. This bug exposes personal identity information, financial information, and financial account access - including the ability to withdraw funds (some accounts may have additional security protecting against funds withdrawn, but not all).I have responsibly disclosed this bug through the company's bug bounty program on January 26th. I have made at least four attempts to be aggressive in helping the company support/security team recognize the severity of this bug. But their responses have all been a form of "working as designed" and "it's not great, but that's the way it works". (Unbelievable I know, but those are the facts for this case).I attempted to report this bug to the relevant US government regulators. The regulators responded, but did not request any details about the specifics of the bug. They had no follow up after a simple "who are you" call. I have informed the company that I contacted the US regulators.I believe this bug is likely one of the worst kind of bugs - because while it is not a remote access vulnerability, it is a very high impact vulnerability. It is very likely to cause a lot of damage to a few users. To those users, and perhaps even to the company, it will be completely inexplicable. Victims of un-authorized funds transfers will know they are victims, but to the company it will appear as a "one off case of user-error". Because there are so many users on this site, the exploit could occur many times before the company, regulators, or users identify the access vulnerability.Questions:1) Are there any resources or experts that I could consult on whether public disclosure, for the purposes of applying pressure to the company, would be appropriate? (My hypothesis is that public disclosure is appropriate, based on the severity of the impact, the disinterest of the company, and the elusiveness of the cause)2) Are there any other paths for disclosure that I should attempt before public disclosure?3) If I were to publicly disclose, I would inform the company of a date of pending public disclosure. How many days of pre-disclosure time should I provide the company? (It has already been 30 days).

Submitted March 03, 2018 at 05:23AM by dreamingwell
via reddit http://ift.tt/2F7VAV7

Issues installing Kaspersky on Windows 10.
Anybody here every seen issues with this? I only use Kaspersky cause it's the one I pay for and it works. Just got Windows 10 installed and it gets 10% then says error can't connect to server, check your internet connection. My connection is perfect. My friend thinks it's the firewall.

Submitted March 03, 2018 at 07:33AM by ChampionDreamerMusic
via reddit http://ift.tt/2I13OvZ

Turning your web traffic into a Super Computer
http://ift.tt/2FN16JP

Submitted March 03, 2018 at 08:57AM by eloquinees_husband
via reddit http://ift.tt/2CVjP2M

Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users
http://ift.tt/2oyV1cM

Submitted March 03, 2018 at 10:19AM by adriankoshcha
via reddit http://ift.tt/2FlmBnC

EclecticIQ Fusion Center Report: Report DDoS Attack Stemming from Memcached Servers Hits GitHub
http://ift.tt/2oJmJnp

Submitted March 03, 2018 at 01:30PM by EclecticIQ
via reddit http://ift.tt/2F7CCdj