100k active installs preauth POI due unpatched flaw in Wordpress core
http://ift.tt/2Fxhdi9
Submitted March 12, 2018 at 04:11PM by mslavco
via reddit http://ift.tt/2FuKxFL
http://ift.tt/2Fxhdi9
Submitted March 12, 2018 at 04:11PM by mslavco
via reddit http://ift.tt/2FuKxFL
Medium
wp-job-manager ≤ 1.29.2 preauth POI / unserialize of user supplied data
Wordpress has gone trough interesting period of time. They have tried to fix critical vulnerabilities:
Reversing an Aigo (Chinese encrypted HDD) − Part 2: Dumping a Cypress PSoC 1 microcontroller
http://ift.tt/2IkoFuz
Submitted March 12, 2018 at 08:50PM by trou_fr
via reddit http://ift.tt/2FBfOD0
http://ift.tt/2IkoFuz
Submitted March 12, 2018 at 08:50PM by trou_fr
via reddit http://ift.tt/2FBfOD0
Default Stored XSS Laravel framework (fixed, sorta)
http://ift.tt/2Fz6pf3
Submitted March 12, 2018 at 04:58PM by X1M_
via reddit http://ift.tt/2Go2Hq4
http://ift.tt/2Fz6pf3
Submitted March 12, 2018 at 04:58PM by X1M_
via reddit http://ift.tt/2Go2Hq4
x1m.nl
Laravel Stored XSS Vulnerability
I have been using the Laravel framework for quite a while now and discovered something odd.
Reversing an Aigo (Chinese encrypted HDD) − Part 1: taking it apart
http://ift.tt/2IkoTlp
Submitted March 12, 2018 at 08:36PM by trou_fr
via reddit http://ift.tt/2FvGbOJ
http://ift.tt/2IkoTlp
Submitted March 12, 2018 at 08:36PM by trou_fr
via reddit http://ift.tt/2FvGbOJ
Memcached DDoS Attacks Slow Down as Patching Ramps Up
http://ift.tt/2G9JTdU
Submitted March 12, 2018 at 11:27PM by campuscodi
via reddit http://ift.tt/2GiMxOx
http://ift.tt/2G9JTdU
Submitted March 12, 2018 at 11:27PM by campuscodi
via reddit http://ift.tt/2GiMxOx
eWEEK
Memcached DDoS Attacks Slow Down as Patching Ramps Up
Patching efforts appear to be working as the attack bandwidth size of memcached DDoS attacks are now on the decline.
The Secret Life of Your Login Credentials; TLS, Password Hashing, and Rainbow Tables
http://ift.tt/2Hswqxt
Submitted March 12, 2018 at 11:24PM by teb311
via reddit http://ift.tt/2p4uNit
http://ift.tt/2Hswqxt
Submitted March 12, 2018 at 11:24PM by teb311
via reddit http://ift.tt/2p4uNit
Bradfield
The Secret Life Of Your Login Credentials
Have you ever typed your social security number into a form on the Internet and wondered, “should I really click submit?” Most of us place…
yescrypt 1.0.0 KDF and password hashing scheme (algorithm finalized, code released)
http://ift.tt/2Ih3sl5
Submitted March 12, 2018 at 11:29PM by solardiz
via reddit http://ift.tt/2Fx6KmA
http://ift.tt/2Ih3sl5
Submitted March 12, 2018 at 11:29PM by solardiz
via reddit http://ift.tt/2Fx6KmA
reddit
yescrypt 1.0.0 KDF and password hashing scheme... • r/netsec
2 points and 0 comments so far on reddit
Do you know how to hack into servers?
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect to it and get the appropriate rights, you can safely download or upload any files... on the first 1024 ports you can find many standard services, each of them is a kind of door. And the more there are, the easier it will be to find that one or more of them are not closed…In fact, there are many websites on the Internet that publish information about new weaknesses. And given, that many of servers don't renew its security due to negligence or unqualified administrators, then many of them can be cracked because of "old" problems. But what if the project does not have a server? What to crack then? It is due to the lack of a single server and decentralised storage that a high level of security is achieved!
Submitted March 13, 2018 at 12:16AM by CasperAPI
via reddit http://ift.tt/2DmmhzC
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect to it and get the appropriate rights, you can safely download or upload any files... on the first 1024 ports you can find many standard services, each of them is a kind of door. And the more there are, the easier it will be to find that one or more of them are not closed…In fact, there are many websites on the Internet that publish information about new weaknesses. And given, that many of servers don't renew its security due to negligence or unqualified administrators, then many of them can be cracked because of "old" problems. But what if the project does not have a server? What to crack then? It is due to the lack of a single server and decentralised storage that a high level of security is achieved!
Submitted March 13, 2018 at 12:16AM by CasperAPI
via reddit http://ift.tt/2DmmhzC
reddit
Do you know how to hack into servers? • r/security
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect...
Somebody's watching! When cameras are more than just 'smart'
http://ift.tt/2FKtiQ8
Submitted March 13, 2018 at 12:26AM by EvanConover
via reddit http://ift.tt/2FB6oYh
http://ift.tt/2FKtiQ8
Submitted March 13, 2018 at 12:26AM by EvanConover
via reddit http://ift.tt/2FB6oYh
Securelist - Kaspersky Lab’s cyberthreat research and reports
Somebody's watching! When cameras are more than just 'smart'
The researchers at Kaspersky Lab ICS CERT decided to check the popular smart camera to see how well protected it is against cyber abuses. This model has a rich feature list, compares favorably to regular webcams and can be used as a baby monitor, a component…
Process Injection with GDB
http://ift.tt/2tGeGMN
Submitted March 13, 2018 at 12:06AM by TechLord2
via reddit http://ift.tt/2DmKhCW
http://ift.tt/2tGeGMN
Submitted March 13, 2018 at 12:06AM by TechLord2
via reddit http://ift.tt/2DmKhCW
Mrs Quis Will Think of a Better Title
Process Injection with GDB
Inspired byexcellent CobaltStrike training,I set out to work out an easy way to inject into processes in Linux. There’sbeen quite a lot of experimentation with this already, usually using ptrace(2) orLD_PRELOAD,but I wanted something a little simpler and…
The Slingshot APT FAQ
http://ift.tt/2DdpAJx
Submitted March 13, 2018 at 12:31AM by EvanConover
via reddit http://ift.tt/2Fv7QiJ
http://ift.tt/2DdpAJx
Submitted March 13, 2018 at 12:31AM by EvanConover
via reddit http://ift.tt/2Fv7QiJ
Securelist - Kaspersky Lab’s cyberthreat research and reports
The Slingshot APT FAQ
While analyzing some memory dumps suspicious of being infected with a keylogger, we identified a library containing strings to interact with a virtual file system. This turned out to be a malicious loader internally named “Slingshot”.
WPA3: Technical Details and Discussion
http://ift.tt/2FwrQl9
Submitted March 13, 2018 at 01:07AM by omegga
via reddit http://ift.tt/2p5gOsW
http://ift.tt/2FwrQl9
Submitted March 13, 2018 at 01:07AM by omegga
via reddit http://ift.tt/2p5gOsW
Mathyvanhoef
WPA3: Technical Details and Discussion
The Wi-Fi Alliance made a press release where it announced WPA3. Unfortunately, this did not include many technical details. Nevertheless...
Spooked by election hacking, states are moving to paper ballots
http://ift.tt/2tE3CzV
Submitted March 13, 2018 at 01:10AM by WaitingPore
via reddit http://ift.tt/2p3FmSO
http://ift.tt/2tE3CzV
Submitted March 13, 2018 at 01:10AM by WaitingPore
via reddit http://ift.tt/2p3FmSO
Cyberscoop
Spooked by election hacking, states are moving to paper ballots
Hacking fears are now pushing an increasing number of states toward a return to the basics, finding ways to implement paper ballots.
Calendar app in Mac App Store mines cryptocurrency in the background
http://ift.tt/2DkWWWY
Submitted March 13, 2018 at 02:36AM by MiasmalDab
via reddit http://ift.tt/2Gkha67
http://ift.tt/2DkWWWY
Submitted March 13, 2018 at 02:36AM by MiasmalDab
via reddit http://ift.tt/2Gkha67
The Verge
Calendar app in Mac App Store mines cryptocurrency in the background
The app "ate 200% CPU until I found it and killed it. I didn’t expect a miner infection from an App Store vendor. Wow."
The Art of Restricting Personal Data
http://ift.tt/2BGcG9W
Submitted March 13, 2018 at 02:31AM by BengaliKyd
via reddit http://ift.tt/2Dn8d9g
http://ift.tt/2BGcG9W
Submitted March 13, 2018 at 02:31AM by BengaliKyd
via reddit http://ift.tt/2Dn8d9g
Medium
Classified: The Art of Restricting Personal Data – The Firewall – Medium
How to “classify” your personal data and share it on a need-to-know basis.
Georgia bill might limit efforts to find internet security problems
http://ift.tt/2DkB91F
Submitted March 13, 2018 at 02:26AM by AstuteJudo
via reddit http://ift.tt/2GllzpE
http://ift.tt/2DkB91F
Submitted March 13, 2018 at 02:26AM by AstuteJudo
via reddit http://ift.tt/2GllzpE
reddit
Georgia bill might limit efforts to find internet... • r/security
1 points and 0 comments so far on reddit
Building Security Checklist
http://ift.tt/2p5f7vB
Submitted March 13, 2018 at 01:52AM by bestbrothersgroup
via reddit http://ift.tt/2Dmcl9e
http://ift.tt/2p5f7vB
Submitted March 13, 2018 at 01:52AM by bestbrothersgroup
via reddit http://ift.tt/2Dmcl9e
Bestbrothersgroup
Building Security Checklist | Best Brothers Group
Building security is something most people consider at some point in their lives, whether they're looking at the property from a business perspective or just as the home they want to keep safe and secure. It's an important aspect of everyday life, and yet…
Release 2.0 of Top 2 Billion Probable Passwords, Probability Sorted - GitHub Repo
http://ift.tt/2FO7D9C
Submitted March 13, 2018 at 02:45AM by berzerk0
via reddit http://ift.tt/2tKwOW6
http://ift.tt/2FO7D9C
Submitted March 13, 2018 at 02:45AM by berzerk0
via reddit http://ift.tt/2tKwOW6
GitHub
berzerk0/Probable-Wordlists
Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
Go phishing: Extending the proxy
http://ift.tt/2Hv7fKD
Submitted March 13, 2018 at 02:06AM by jamaican420guy
via reddit http://ift.tt/2tEa3TF
http://ift.tt/2Hv7fKD
Submitted March 13, 2018 at 02:06AM by jamaican420guy
via reddit http://ift.tt/2tEa3TF
Medium
Go phishing: Extending the proxy
In the last post, Judas got SOCKS proxy and SSL support to make the proxy sneakier, but all the proxy can do is dump the requests and…
How Creative DDOS Attacks Still Slip Past Defenses
http://ift.tt/2Dly7do
Submitted March 13, 2018 at 03:13AM by ThinBlolly
via reddit http://ift.tt/2ImEUY6
http://ift.tt/2Dly7do
Submitted March 13, 2018 at 03:13AM by ThinBlolly
via reddit http://ift.tt/2ImEUY6
WIRED
How Creative DDOS Attacks Still Slip Past Defenses
While some major distributed-denial-of-service attacks have been thwarted this month, the threat remains as critical as ever.
Spectrum has no clue about KRACK wpa2 wi-fi vulnerability?
Just spoke to them on the phone and got the response "I haven't heard anything about that."Anyone here deal with Spectrum or another internet provider about this issue and get a reasonable response?
Submitted March 13, 2018 at 04:37AM by NoMuddyFeet
via reddit http://ift.tt/2Hq14aI
Just spoke to them on the phone and got the response "I haven't heard anything about that."Anyone here deal with Spectrum or another internet provider about this issue and get a reasonable response?
Submitted March 13, 2018 at 04:37AM by NoMuddyFeet
via reddit http://ift.tt/2Hq14aI
reddit
Spectrum has no clue about KRACK wpa2 wi-fi... • r/security
Just spoke to them on the phone and got the response "I haven't heard anything about that." Anyone here deal with Spectrum or another internet...