Phishing tops IRS' 2018 list of Dirty Dozen tax scams
http://ift.tt/2FhMwxa

Submitted March 06, 2018 at 08:04PM by volci
via reddit http://ift.tt/2HaLpfa

Security Vulnerabilities in Smart Contracts
http://ift.tt/2Fk5MWA

Submitted March 06, 2018 at 08:02PM by volci
via reddit http://ift.tt/2FunLgg

How Meltdown and Spectre bugs will impact processor designs. Future CPUs will need security front-of-mind: performance may take a back seat.
http://ift.tt/2t0KlbI

Submitted March 06, 2018 at 07:59PM by AA_2011
via reddit http://ift.tt/2I6Zco8

Are memcached attacks going to be more common?
Are memcached attacks, like the recent DDoS on GitHub, going to be more popular in the coming year?Where are their resources on memcached vulnerabilities and attacks?

Submitted March 06, 2018 at 07:56PM by whitehattracker
via reddit http://ift.tt/2FrBDYS

Security In 5: Episode 188 - What Is A SOC And Does Your Company Need One, Yet?
http://ift.tt/2oTXayY

Submitted March 06, 2018 at 07:33PM by BinaryBlog
via reddit http://ift.tt/2I7Aswe

‘No Logging’ Policies and VPNs
When they say ‘No Logging’, do they really keep nothing?Would their upstream providers/IP transit keep logs as a way around this?How does this all work?

Submitted March 06, 2018 at 08:39PM by mscaff
via reddit http://ift.tt/2oS1VtZ

Coinminer Comes with a Process "Kill List" to Keep Competitors at Bay
http://ift.tt/2FiVjei

Submitted March 06, 2018 at 08:21PM by DJRWolf
via reddit http://ift.tt/2thm5Sy

Introducing parsedmarc: An open source Python module and CLI tool for parsing DMARC reports
http://ift.tt/2thqDs6

Submitted March 06, 2018 at 09:01PM by seanthegeek
via reddit http://ift.tt/2I6e1aH

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing
http://ift.tt/2D4XUGK

Submitted March 06, 2018 at 08:41PM by DiscombobulatedGood
via reddit http://ift.tt/2FdP8w1

Perfecting email template about moving the website to HTTPS
From time to time I email websites asking them to switch to HTTPS and mentioning all its advantages. I have a template and figured that perhaps there's something to improve/fix so it's more convincing. I want it to be top-notch. Even if not, perhaps other people can use it to further spread HTTPS adoption.So I'm pasting it below and waiting for your thoughts/suggestions in the comments. Please be aware that I send plaintext emails and remove text in [brackets] in some cases.Hello.I wanted to ask you to consider fully moving your website to HTTPS. [Or, if that's too much trouble, at least forcing HTTPS on pages with forms (e.g. login or register pages).Here are the reasons why HTTPS is important.On HTTP pages everyone can see my traffic[, including login details]. ISPs, governments and network administrators have access to these information by design, but every person can steal my data conducting Man In The Middle Attack (MITM). So for any pages with forms (like login or register pages) forcing HTTPS is a MUST HAVE. [Even if users don't complain that their login data is sent unencrypted, they shouldn't have to be aware of that and it should be up to the website's administration to protect its visitors' data.If that's not enough, malicious noscripts can be injected on non-secure pages. So someone can e.g. inject a porn ad on your page in my browser. Or worse...Switching to HTTPS can be free if you use tools like Let's Encrypt.It doesn't make the site much slower and might even make it run faster if you use HTTP/2 which is only available for encrypted sites (as opposed to HTTP/1.1 which you're using and can check here: https://tools.keycdn.com/http2-test).If security is not your main concern, you might want to know that Google and probably other search engines take HTTPS into account when displaying search results. HTTPS pages get a better rating (e.g. PageRank) and are displayed higher.Furthermore, browsers are in the process of deprecating HTTP websites. For now users are prompted with warnings when filling forms on HTTP pages and in the future all HTTP pages will be displayed as not secure which will discourage some users from visiting such pages. Google already does that for pages in incognito mode and from July it will be like that for every site. Firefox will do the same but has not yet set a deadline. Please, check out the following links for more information:https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-httphttps://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdfhttps://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.htmlBest regards,<me>

Submitted March 06, 2018 at 09:13PM by mr__jigsaw
via reddit http://ift.tt/2Fm7jeL

Malware “TSCookie” (With Github Sources to decode and extract TSCookie’s configuration info - See Comment)
http://ift.tt/2D3COIO

Submitted March 06, 2018 at 10:03PM by TechLord2
via reddit http://ift.tt/2FZRPhJ

Its Time to Think Differently About Segmentation
http://ift.tt/2FfKtcP

Submitted March 06, 2018 at 09:48PM by SecurityTrust
via reddit http://ift.tt/2FvX6zW

AppBandit (Proxy) Public Beta
http://ift.tt/2FtyIik

Submitted March 07, 2018 at 12:20AM by Hardbeattt
via reddit http://ift.tt/2D4Bcyw

IoT Security standards and guidelines
Does anyone know sources of open standards regarding IoT security?I could find good information from NIST, OWASP and GSMA.GSMA -> https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/OWASP -> https://www.owasp.org/index.php/OWASP_Internet_of_Things_ProjectNIST -> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-183.pdf

Submitted March 07, 2018 at 12:33AM by neomer22
via reddit http://ift.tt/2D2K4Vj

Clang CFI Bypass Techniques
http://ift.tt/2HaMHXp

Submitted March 06, 2018 at 11:20PM by aohgdao
via reddit http://ift.tt/2Fvk3Dq

Is it possible that scammers hack someone's website and pursue their scam under that person's domain?
Long story short, I received a scam Paypal mail that links to a website where you are asked to update your PayPal information. The website is nearly identical to paypal.com in all aspects but the domain name, and I almost fell for the scam until I saw the url. Upon further investigation, I found the owner of the domain with all his personal information. I messaged him on twitter, and he claims he was hacked, and that he has notified the host. Please note that the scam website has been running for at least a month, probably longer (I received the mail a month ago, only checked it today). But the domain itself has been registered under his name for at least 7 years, possibly much longer. Other than that, the owner of the domain does not respond to my questions. I have recorded everything and I'm willing to expose this douchebag, who is surprisingly an Israeli lecturer at some university by the way. But I'm thinking, what if he really was hacked and had no idea this was happening? I find that unlikely but maybe things like this have happened before. I'm willing to provide any information you guys might need to corroborate my story.

Submitted March 07, 2018 at 02:11AM by mrdexie
via reddit http://ift.tt/2FgwUKr

How many websites have exposed their entire source codes?
https://twitter.com/mixnode/status/969265512680075264

Submitted March 07, 2018 at 01:54AM by mixnode
via reddit http://ift.tt/2Fkhoc5

Point-of-Sale Breach Affects 160+ Applebee's Locations
http://ift.tt/2D4K8UD

Submitted March 07, 2018 at 03:08AM by petermal67
via reddit http://ift.tt/2FZ6pGn

Adapting hashcat for SAP ‘half hashes’
http://ift.tt/2HaJPdk

Submitted March 07, 2018 at 01:40AM by gelim
via reddit http://ift.tt/2G42F6F

Was I legitimately hacked?
I think I might have been legitimately hacked through my iPhone, but I am not sure. I would really appreciate your guys' help.I was watching some explicit content in a private session in Safari on my iPhone running iOS 11.2.6. I accidentally navigated to a website that was clearly malicious -- it was the classic "you have won an Apple device" scam or something. However, this was different. Safari was completely locked up. I couldn't click any buttons in Safari, close the tabs, or anything. I could exit the app, but re-entering didn't allow me to regain control. After exiting the app and reentering multiple times, I was eventually able to close the tab.Just a little bit ago, I got an email to my personal email containing the following:Good day {my full name}. Just got several issues to resolve with you, won't take too long, for you to go through and will definitely get your awareness. Exactly how will you really feel if all ur relatives or friends will witness you taking care of your own self? How would they feel is the correct question here.You see where I am going with this one? I have infected a number of adult porn websites with my malware that steals all info from the machine and obtains an access to it's cams, and a lot more. And so today i have a video clip of u wanking and a film u jerked to, additionally all your contacts.It is your job e-mail, that I have located on your personal ps btw.Oh yeah, I have additionally edited the video to fit on a single screen, so it is going to be more comfortable to enjoy for everybody. Anyway- if u want me to get rid of all ur contact info with the video, this is my BTC wallet address -1CFdsWVuZVMJuk6bQVC16T8992XHBv5MhLjust make sure that you won't copy no spaces or different symbols. U can quickly get the info on the internet on how you can use this payment method if you do not know how to. 630 is the sum in us dollars i will need to leave you alone permanently.This letter has invisible monitoring tool inside and i will know when you will open it, and from that minute on, you will receive 5 days, to make-up ur mind.i promise that every single contact coming from ur list will see this movie, in case for whatever reason i won't see my funds. You are welcome to get in touch with ur nearby cops or anyone, i doubt it will help.I thought it was bs at first, but they got access to my personal email as well as my full name. Once I realized that, I got pretty nervous. Any advice would be extremely appreciated. Thank you.

Submitted March 07, 2018 at 06:21AM by alwsfwd
via reddit http://ift.tt/2Fr9QYH

Is PreyProject safe to use as far as privacy?
Haven't seen any negative reports on them, but I am still giving them a lot of leeway. It's great to have a free app to track my laptop and phone if they are lost/stolen, but at what cost?

Submitted March 07, 2018 at 05:48AM by SteveBozell
via reddit http://ift.tt/2HeNxmf