AES Wireless Keyboard - Template Attack for Eavesdropping [Blackhat Asia 2018]
https://ift.tt/2pA9nKp

Submitted March 23, 2018 at 11:20PM by TechLord2
via reddit https://ift.tt/2ueLrRx

DoJ indicts Iranian hackers for stealing data from 144 US universities
https://ift.tt/2GhzYFz

Submitted March 23, 2018 at 11:55PM by Temptunes48
via reddit https://ift.tt/2pCnBtn

Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM [BlackHat Asia 2018 - with Github Sources]
https://ift.tt/2pyV4pg

Submitted March 23, 2018 at 11:48PM by TechLord2
via reddit https://ift.tt/2HZWVum

DNC “lone hacker” Guccifer 2.0 pegged as Russian spy after opsec fail – Ars Technica
http://ift.tt/2pzRI5z

Submitted March 24, 2018 at 12:05AM by nmgreddit
via reddit https://ift.tt/2G6aUOx

Use our suite of Ethereum security tools
http://ift.tt/2pAq4Vl

Submitted March 24, 2018 at 12:19AM by AwesomeJosh
via reddit https://ift.tt/2pzRXNV

Public-Private Cybersecurity Center Opens for Business in Sydney
http://ift.tt/2DMA0Af

Submitted March 24, 2018 at 12:47AM by techie_programmer
via reddit https://ift.tt/2pzWzUf

Ransomware Attack Cripples Several Atlanta City Systems
http://ift.tt/2G4PYYp

Submitted March 24, 2018 at 01:20AM by volci
via reddit https://ift.tt/2G75OSf

The bug that made free money
http://ift.tt/2udiYLQ

Submitted March 24, 2018 at 01:19AM by volci
via reddit https://ift.tt/2GlZCcg

A new data leak hits Aadhaar, India's national ID database with 1.1 billion enrolled
https://ift.tt/2INDWV8

Submitted March 24, 2018 at 02:55AM by almostfamous
via reddit https://ift.tt/2INqpNl

Public record of usernames linked to state-sponsored disinformation campaigns
http://ift.tt/2ufTNsc

Submitted March 24, 2018 at 03:14AM by EvanConover
via reddit https://ift.tt/2I1Zj3N

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques [Whitepaper]
http://ift.tt/2HXEvtY

Submitted March 23, 2018 at 10:46PM by TechLord2
via reddit https://ift.tt/2pBWMWj

Revoke Obfuscation: PowerShell Obfuscation Detection Using Science [Whitepaper]
https://ift.tt/2vPmvwW

Submitted March 23, 2018 at 11:02PM by TechLord2
via reddit https://ift.tt/2pAi4Er

APT Attacks Targetting Financial Institutions [Blackhat Asia 2018 Study Presentation]
https://ift.tt/2Gg3ThD

Submitted March 23, 2018 at 11:37PM by TechLord2
via reddit https://ift.tt/2pCzpvE

What to do if you can't delete Facebook because of work?
If your job requires you to use Facebook, what options do you have to help limit the social behemoth's intrusion into your personal details?I'm not an expert but here's what I've come up with so far:Use a separate browser (or at least a separate profile) for anything Facebook-related.For your primary, non-Facebook browser, log out of Facebook, delete all cookies, and use an extension that allows you to customize hosts entries. Here's one for Chrome. I've also heard about people setting up Ublock Origin for this purpose, although I haven't tried it.From within Facebook, delete absolutely everything that's not directly related to work.Unfriend everybody.Mark your profile as private.Go through your privacy settings and make sure only friends of friends can send you friend requests. Since you don't have any friends that takes care of that.What do you think? Am I missing anything?

Submitted March 24, 2018 at 05:54AM by njbair
via reddit https://ift.tt/2pFAHX4

Atlanta ransomware attack locks down city computers
https://ift.tt/2GfStua

Submitted March 24, 2018 at 07:43AM by chull2058
via reddit https://ift.tt/2IJnF3f

Hackers leave ransom note after wiping out MongoDB in 13 seconds
https://ift.tt/2IJEw67

Submitted March 24, 2018 at 07:42AM by chull2058
via reddit https://ift.tt/2ILyKAS

Who Am I Mail Bot
https://ift.tt/2INYE7l

Submitted March 24, 2018 at 08:22AM by mthbernardes
via reddit https://ift.tt/2pB0tMC

Web Application Penetration Testing Cheat Sheet
https://ift.tt/2Gizuzg

Submitted March 24, 2018 at 09:07AM by 0xJDow
via reddit https://ift.tt/2udSjif

Why do so many websites allow poor authentication? (and how it drives me to light social hacking for spam avoidance)
It seems like a lot of websites are at the mercy of users who type in an incorrect email address.tldr; I feel justified resetting users passwords if they give my email address by mistake. Is there a better way to deal with this? What security best practices are these websites failing at?My email address is like this: flast at gmail.comf is the first character of my first namelast is my last name.It seems that I become the unintended the target of lazy / absentminded / forgetful people about once a month that write or type their email address for some login or membership form.So I get an email saying please click here to confirm your email address.Whereupon, I click to confirm, go to a login page, click on forgot password, get emailed a reset link, then set the password to something like abcd123, login and change the name to first name:invalid login, last name: invalid login, username: invalidlogin, email invalidlogin@example.com. Basically hacking my way in the most low tech way possible to get my email address removed from the website.The funny recent example was xfinity comcast, which asked me an extra security question: "what's your favorite beverage?" It took me six tries to guess. This has to be one of the weakest security questions in the world, assuming the average person isn't paranoid enough to intentionally obfuscate their answer.Another example, someone must have bought a new jeep or at least shown interest and wrote my email on the form, by mistake or by lack of thought and consideration; giving a "dummy" email address.So, in part I guess I understand the problem. If someone's buying a new jeep and have to write their email on a form, they don't bother to give their real email address, the website doesn't feel any obligation to verify the email address correctly.Or in the previous above example, I think it was some trial free web usage, so they also don't feel obliged to check the email address thoroughly.But can someone comment on the best way these things should be done?, from the website's perspective. Perhaps the website should require you to remember your email address for the first login before any reset password requests or otherwise time out the verification links after a few hours and make the user recreate their login?I guess there's the time-old balance between ease of use for customers and (businesses that have a top priority of making it easy for customers to spend money) versus security.I feel somewhat justified logging in to reset the email address, so that my email address is no longer in a big database somewhere and I'm not going to get endless marketing spam in the future.Of course, I'm referring to big companies that have no-reply email address don't have a one-two click way of dealing with these mistakes. If I think it's going to take me more than a couple of minutes to deal with this issue, I'll do it the grey-hat hacker instead of jumping through hoops.To summarize, I thought I'd share my story because I'm sure some of you will find it funny (and I'm sure some of you will chide me too). And I wondered what people think. Any stories to tell? Better ways to do this?

Submitted March 24, 2018 at 10:59AM by johnnyjohnsmith
via reddit https://ift.tt/2G1bQIb

Responsibility Deflected, the CLOUD Act Passes
https://ift.tt/2FW9ji9

Submitted March 24, 2018 at 05:59PM by _Steamed_Hams
via reddit https://ift.tt/2IR8NQE

Coinbase glitch is another case for moving towards a decentralized exchange
https://ift.tt/2I0GZb8

Submitted March 24, 2018 at 06:29PM by bucketsofskill
via reddit https://ift.tt/2HXWtgc