More millennials reported losing money to scams in 2017 than senior citizens
http://ift.tt/2FWOY9m
Submitted March 06, 2018 at 03:01PM by GemmaJ123
via reddit http://ift.tt/2D2QWlF
http://ift.tt/2FWOY9m
Submitted March 06, 2018 at 03:01PM by GemmaJ123
via reddit http://ift.tt/2D2QWlF
MarketWatch
More millennials reported losing money to scam in 2017 than senior citizens
The amount of money lost to fraud increased 7% last year.
Application-level security audits of Wire's iOS, Android, webapp and call signaling
http://ift.tt/2FXC8Yt
Submitted March 06, 2018 at 03:22PM by tellersiim
via reddit http://ift.tt/2FYNNX8
http://ift.tt/2FXC8Yt
Submitted March 06, 2018 at 03:22PM by tellersiim
via reddit http://ift.tt/2FYNNX8
Medium
Wire application-level security audits
Kudelski Security and X-41 D-Sec have published application-level security audits of Wire’s iOS, Android, web application, and calling…
Database leak in one of the biggest swiss hosting provider
http://ift.tt/2D4o4Jz
Submitted March 06, 2018 at 03:36PM by redsecdev
via reddit http://ift.tt/2FjVk1n
http://ift.tt/2D4o4Jz
Submitted March 06, 2018 at 03:36PM by redsecdev
via reddit http://ift.tt/2FjVk1n
security.infoteam.ch
How we discovered a database leak in one of the biggest Swiss hosting provider
During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to…
How to secure an API endpoint with a publishable API Key?
http://ift.tt/2I87jkj
Submitted March 06, 2018 at 04:52PM by random_scribling
via reddit http://ift.tt/2FY1yoW
http://ift.tt/2I87jkj
Submitted March 06, 2018 at 04:52PM by random_scribling
via reddit http://ift.tt/2FY1yoW
Stackoverflow
How to secure an API endpoint with a publishable API Key?
I have a weird requirement. The API endpoint will be accessed by the embedded javanoscript widget. Anything that is part of the embedded javanoscript is public. So, just using an API key (like JWT) is ...
Facebook improves link security infrastructure by implementing HSTS Preloading
http://ift.tt/2I61KTD
Submitted March 06, 2018 at 06:32PM by CasperVPN
via reddit http://ift.tt/2H7wySL
http://ift.tt/2I61KTD
Submitted March 06, 2018 at 06:32PM by CasperVPN
via reddit http://ift.tt/2H7wySL
Security Affairs
Facebook improves link security infrastructure by implementing HSTS Preloading
Facebook has implemented HSTS preloading that instructs a browser to always use SSL/TLS to communicate with eligible websites.
Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats!
http://ift.tt/2oKZ2Lb
Submitted March 06, 2018 at 06:06PM by alessiodelv
via reddit http://ift.tt/2I468Cu
http://ift.tt/2oKZ2Lb
Submitted March 06, 2018 at 06:06PM by alessiodelv
via reddit http://ift.tt/2I468Cu
BleepingComputer
Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats!
The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used in the Windows Subsystem for Linux. The problem is someone forgot one little thing. Some of its most…
1.7 Tbps DDoS Attack — Memcached UDP Reflections Set New Record
http://ift.tt/2tjG5UH
Submitted March 06, 2018 at 06:04PM by alessiodelv
via reddit http://ift.tt/2oT0ESh
http://ift.tt/2tjG5UH
Submitted March 06, 2018 at 06:04PM by alessiodelv
via reddit http://ift.tt/2oT0ESh
The Hacker News
1.7 Tbps DDoS Attack — Memcached UDP Reflections Set New Record
Hackers hit more websites with record-breaking largest amplification DDoS attack of 1.7 Tbps using misconfigured Memcached UDP servers.
A Complete Beginner Guide to Learn Ethical Hacking
https://twitter.com/gainfromhere/status/970730975880732672
Submitted March 06, 2018 at 05:53PM by hydandsik
via reddit http://ift.tt/2I87Lzo
https://twitter.com/gainfromhere/status/970730975880732672
Submitted March 06, 2018 at 05:53PM by hydandsik
via reddit http://ift.tt/2I87Lzo
Twitter
Gain From Here
A Complete Beginner Guide to Learn Ethical Hacking ! #ethicalhacking #cybersecurity #sponsored https://t.co/S7i6Xwwjw4
Phishing tops IRS' 2018 list of Dirty Dozen tax scams
http://ift.tt/2FhMwxa
Submitted March 06, 2018 at 08:04PM by volci
via reddit http://ift.tt/2HaLpfa
http://ift.tt/2FhMwxa
Submitted March 06, 2018 at 08:04PM by volci
via reddit http://ift.tt/2HaLpfa
Don't Mess With Taxes
Phishing tops IRS' 2018 list of Dirty Dozen tax scams
Phishing once again makes the Internal Revenue Service's annual list of Dirty Dozen Tax Scams. When it comes to tax scams, the late and loquacious MLB Hall-of-Famer Yogi Berra nailed it: "It's like déjà vu all over again." The Internal Revenue Service's 2018…
Security Vulnerabilities in Smart Contracts
http://ift.tt/2Fk5MWA
Submitted March 06, 2018 at 08:02PM by volci
via reddit http://ift.tt/2FunLgg
http://ift.tt/2Fk5MWA
Submitted March 06, 2018 at 08:02PM by volci
via reddit http://ift.tt/2FunLgg
reddit
Security Vulnerabilities in Smart Contracts • r/security
1 points and 0 comments so far on reddit
How Meltdown and Spectre bugs will impact processor designs. Future CPUs will need security front-of-mind: performance may take a back seat.
http://ift.tt/2t0KlbI
Submitted March 06, 2018 at 07:59PM by AA_2011
via reddit http://ift.tt/2I6Zco8
http://ift.tt/2t0KlbI
Submitted March 06, 2018 at 07:59PM by AA_2011
via reddit http://ift.tt/2I6Zco8
Scientific-Computing
How Meltdown and Spectre will impact future processor designs | Scientific Computing World
Adrian Giordani reports on recent vulnerabilities found in many modern CPUs
Are memcached attacks going to be more common?
Are memcached attacks, like the recent DDoS on GitHub, going to be more popular in the coming year?Where are their resources on memcached vulnerabilities and attacks?
Submitted March 06, 2018 at 07:56PM by whitehattracker
via reddit http://ift.tt/2FrBDYS
Are memcached attacks, like the recent DDoS on GitHub, going to be more popular in the coming year?Where are their resources on memcached vulnerabilities and attacks?
Submitted March 06, 2018 at 07:56PM by whitehattracker
via reddit http://ift.tt/2FrBDYS
reddit
Are memcached attacks going to be more common? • r/security
Are memcached attacks, like the recent DDoS on GitHub, going to be more popular in the coming year? Where are their resources on memcached...
Security In 5: Episode 188 - What Is A SOC And Does Your Company Need One, Yet?
http://ift.tt/2oTXayY
Submitted March 06, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2I7Aswe
http://ift.tt/2oTXayY
Submitted March 06, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2I7Aswe
Libsyn
Security In Five Podcast: Episode 188 - What Is A SOC And Does Your Company Need One, Yet?
If you are IT or near the security world you probably have heard the term SOC (pronounced SOCK). SOC stands for Security Operations Center. What is a SOC and how does it differ from your security team? This episode goes into what a SOC is for, responsibilities…
‘No Logging’ Policies and VPNs
When they say ‘No Logging’, do they really keep nothing?Would their upstream providers/IP transit keep logs as a way around this?How does this all work?
Submitted March 06, 2018 at 08:39PM by mscaff
via reddit http://ift.tt/2oS1VtZ
When they say ‘No Logging’, do they really keep nothing?Would their upstream providers/IP transit keep logs as a way around this?How does this all work?
Submitted March 06, 2018 at 08:39PM by mscaff
via reddit http://ift.tt/2oS1VtZ
reddit
‘No Logging’ Policies and VPNs • r/security
When they say ‘No Logging’, do they really keep nothing? Would their upstream providers/IP transit keep logs as a way around this? How does this...
Coinminer Comes with a Process "Kill List" to Keep Competitors at Bay
http://ift.tt/2FiVjei
Submitted March 06, 2018 at 08:21PM by DJRWolf
via reddit http://ift.tt/2thm5Sy
http://ift.tt/2FiVjei
Submitted March 06, 2018 at 08:21PM by DJRWolf
via reddit http://ift.tt/2thm5Sy
BleepingComputer
Coinminer Comes with a Process "Kill List" to Keep Competitors at Bay
Security researchers have spotted the first cryptocurrency miner that includes a "kill list" feature that shuts down the processes of other coinminers in an attempt to hog the infected computer's mining power only for itself.
Introducing parsedmarc: An open source Python module and CLI tool for parsing DMARC reports
http://ift.tt/2thqDs6
Submitted March 06, 2018 at 09:01PM by seanthegeek
via reddit http://ift.tt/2I6e1aH
http://ift.tt/2thqDs6
Submitted March 06, 2018 at 09:01PM by seanthegeek
via reddit http://ift.tt/2I6e1aH
Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing
http://ift.tt/2D4XUGK
Submitted March 06, 2018 at 08:41PM by DiscombobulatedGood
via reddit http://ift.tt/2FdP8w1
http://ift.tt/2D4XUGK
Submitted March 06, 2018 at 08:41PM by DiscombobulatedGood
via reddit http://ift.tt/2FdP8w1
DEVCORE 戴夫寇爾
Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing | DEVCORE 戴夫寇爾
We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to…
Perfecting email template about moving the website to HTTPS
From time to time I email websites asking them to switch to HTTPS and mentioning all its advantages. I have a template and figured that perhaps there's something to improve/fix so it's more convincing. I want it to be top-notch. Even if not, perhaps other people can use it to further spread HTTPS adoption.So I'm pasting it below and waiting for your thoughts/suggestions in the comments. Please be aware that I send plaintext emails and remove text in [brackets] in some cases.Hello.I wanted to ask you to consider fully moving your website to HTTPS. [Or, if that's too much trouble, at least forcing HTTPS on pages with forms (e.g. login or register pages).Here are the reasons why HTTPS is important.On HTTP pages everyone can see my traffic[, including login details]. ISPs, governments and network administrators have access to these information by design, but every person can steal my data conducting Man In The Middle Attack (MITM). So for any pages with forms (like login or register pages) forcing HTTPS is a MUST HAVE. [Even if users don't complain that their login data is sent unencrypted, they shouldn't have to be aware of that and it should be up to the website's administration to protect its visitors' data.If that's not enough, malicious noscripts can be injected on non-secure pages. So someone can e.g. inject a porn ad on your page in my browser. Or worse...Switching to HTTPS can be free if you use tools like Let's Encrypt.It doesn't make the site much slower and might even make it run faster if you use HTTP/2 which is only available for encrypted sites (as opposed to HTTP/1.1 which you're using and can check here: https://tools.keycdn.com/http2-test).If security is not your main concern, you might want to know that Google and probably other search engines take HTTPS into account when displaying search results. HTTPS pages get a better rating (e.g. PageRank) and are displayed higher.Furthermore, browsers are in the process of deprecating HTTP websites. For now users are prompted with warnings when filling forms on HTTP pages and in the future all HTTP pages will be displayed as not secure which will discourage some users from visiting such pages. Google already does that for pages in incognito mode and from July it will be like that for every site. Firefox will do the same but has not yet set a deadline. Please, check out the following links for more information:https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-httphttps://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdfhttps://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.htmlBest regards,<me>
Submitted March 06, 2018 at 09:13PM by mr__jigsaw
via reddit http://ift.tt/2Fm7jeL
From time to time I email websites asking them to switch to HTTPS and mentioning all its advantages. I have a template and figured that perhaps there's something to improve/fix so it's more convincing. I want it to be top-notch. Even if not, perhaps other people can use it to further spread HTTPS adoption.So I'm pasting it below and waiting for your thoughts/suggestions in the comments. Please be aware that I send plaintext emails and remove text in [brackets] in some cases.Hello.I wanted to ask you to consider fully moving your website to HTTPS. [Or, if that's too much trouble, at least forcing HTTPS on pages with forms (e.g. login or register pages).Here are the reasons why HTTPS is important.On HTTP pages everyone can see my traffic[, including login details]. ISPs, governments and network administrators have access to these information by design, but every person can steal my data conducting Man In The Middle Attack (MITM). So for any pages with forms (like login or register pages) forcing HTTPS is a MUST HAVE. [Even if users don't complain that their login data is sent unencrypted, they shouldn't have to be aware of that and it should be up to the website's administration to protect its visitors' data.If that's not enough, malicious noscripts can be injected on non-secure pages. So someone can e.g. inject a porn ad on your page in my browser. Or worse...Switching to HTTPS can be free if you use tools like Let's Encrypt.It doesn't make the site much slower and might even make it run faster if you use HTTP/2 which is only available for encrypted sites (as opposed to HTTP/1.1 which you're using and can check here: https://tools.keycdn.com/http2-test).If security is not your main concern, you might want to know that Google and probably other search engines take HTTPS into account when displaying search results. HTTPS pages get a better rating (e.g. PageRank) and are displayed higher.Furthermore, browsers are in the process of deprecating HTTP websites. For now users are prompted with warnings when filling forms on HTTP pages and in the future all HTTP pages will be displayed as not secure which will discourage some users from visiting such pages. Google already does that for pages in incognito mode and from July it will be like that for every site. Firefox will do the same but has not yet set a deadline. Please, check out the following links for more information:https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-httphttps://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdfhttps://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.htmlBest regards,<me>
Submitted March 06, 2018 at 09:13PM by mr__jigsaw
via reddit http://ift.tt/2Fm7jeL
KeyCDN
HTTP/2 Test - Verify HTTP/2 Support | KeyCDN Tools
Verify if a URL is delivered through the HTTP/2 network protocol.
Malware “TSCookie” (With Github Sources to decode and extract TSCookie’s configuration info - See Comment)
http://ift.tt/2D3COIO
Submitted March 06, 2018 at 10:03PM by TechLord2
via reddit http://ift.tt/2FZRPhJ
http://ift.tt/2D3COIO
Submitted March 06, 2018 at 10:03PM by TechLord2
via reddit http://ift.tt/2FZRPhJ
JPCERT/CC Blog
Malware “TSCookie”
Around 17 January 2018, there were some reports on the social media about malicious emails purporting to be from Ministry of Education, Culture, Sports, Science and Technology of Japan [1]. This email contains a URL leading to a malware called...
Its Time to Think Differently About Segmentation
http://ift.tt/2FfKtcP
Submitted March 06, 2018 at 09:48PM by SecurityTrust
via reddit http://ift.tt/2FvX6zW
http://ift.tt/2FfKtcP
Submitted March 06, 2018 at 09:48PM by SecurityTrust
via reddit http://ift.tt/2FvX6zW
IT SECURITY GURU
It’s Time to Think Differently About Segmentation - IT SECURITY GURU
As data breaches continue to significantly multiply, so security becomes an even bigger priority for organisations dealing with sensitive data. The network perimeter, which is the boundary for both the private and the public sides of the network, used to…
AppBandit (Proxy) Public Beta
http://ift.tt/2FtyIik
Submitted March 07, 2018 at 12:20AM by Hardbeattt
via reddit http://ift.tt/2D4Bcyw
http://ift.tt/2FtyIik
Submitted March 07, 2018 at 12:20AM by Hardbeattt
via reddit http://ift.tt/2D4Bcyw
Websecurify
Landing AppBandit Public BETA
We are very excited to announce the public beta release of our latest tool we fondly call AppBandit, or AB (as in AB Proxy) for short. AppBandit is an intercepting security-enhanced proxy built on top of our existing technology stack you are already familiar…