Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
https://ift.tt/2usVEKj
Submitted March 29, 2018 at 03:26AM by Moop6535
via reddit https://ift.tt/2GS5AQa
https://ift.tt/2usVEKj
Submitted March 29, 2018 at 03:26AM by Moop6535
via reddit https://ift.tt/2GS5AQa
Cloudflare Blog
Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character.
AWS S3 File Upload Vulnerability in Amazon Go
https://ift.tt/2pNRN4Z
Submitted March 29, 2018 at 03:14AM by hackers_and_builders
via reddit https://ift.tt/2GdDuBE
https://ift.tt/2pNRN4Z
Submitted March 29, 2018 at 03:14AM by hackers_and_builders
via reddit https://ift.tt/2GdDuBE
Rhino Security Labs
Amazon's AWS Misconfiguration:Arbitrary Files Upload in Amazon Go - Rhino Security Labs
Researchers discover a misconfiguration error which makes it possible to upload arbitrary file to Amazon Go's Logging Bucket.
A Solution to Compression Oracles on the Web (via Cloudflare)
https://ift.tt/2pNMDa5
Submitted March 29, 2018 at 03:57AM by volci
via reddit https://ift.tt/2IdfNGr
https://ift.tt/2pNMDa5
Submitted March 29, 2018 at 03:57AM by volci
via reddit https://ift.tt/2IdfNGr
Medium
A Solution to Compression Oracles on the Web
This is a guest post by Blake Loring, a PhD student at Royal Holloway, University of London. Blake worked at Cloudflare as an intern in the
Monitoring and controlling kernel API calls with stealth hook using EPT [Full Sources, Video and PDF Papers - See Comment]
https://ift.tt/22waHaR
Submitted March 29, 2018 at 05:27AM by TechLord2
via reddit https://ift.tt/2GTxuuX
https://ift.tt/22waHaR
Submitted March 29, 2018 at 05:27AM by TechLord2
via reddit https://ift.tt/2GTxuuX
GitHub
tandasat/DdiMon
DdiMon - Monitoring and controlling kernel API calls with stealth hook using EPT
Great red teaming post with amass inside!
https://ift.tt/2pBRVoT
Submitted March 29, 2018 at 05:15AM by jeff_foley
via reddit https://ift.tt/2GRKlOn
https://ift.tt/2pBRVoT
Submitted March 29, 2018 at 05:15AM by jeff_foley
via reddit https://ift.tt/2GRKlOn
Medium
Top Five Ways the Red Team breached the External Perimeter
I have been performing “red team” breach assessments for many years. Often the goal is penetrating an external network, and gaining access…
Report: Criminals loved to target PowerPoint in 2017
https://ift.tt/2I5dapK
Submitted March 29, 2018 at 07:25AM by yourbasicgeek
via reddit https://ift.tt/2E28mPN
https://ift.tt/2I5dapK
Submitted March 29, 2018 at 07:25AM by yourbasicgeek
via reddit https://ift.tt/2E28mPN
Cyberscoop
Report: Criminals loved to target PowerPoint in 2017
The most widely exploited vulnerability in 2017 was a well-known Microsoft Office bug (CVE-2017-0199), according to new research. Recorded Future released a report Tuesday detailing the top 10 vulnerabilities used by cybercriminals in 2017. Microsoft products…
Make Your SIEM Awesome!
https://ift.tt/2IdwJfA
Submitted March 29, 2018 at 07:49AM by Mufassa810
via reddit https://ift.tt/2pNImmR
https://ift.tt/2IdwJfA
Submitted March 29, 2018 at 07:49AM by Mufassa810
via reddit https://ift.tt/2pNImmR
securing IoT devices with data analytics
https://ift.tt/2pPJdCX
Submitted March 29, 2018 at 01:25PM by Iot_Security
via reddit https://ift.tt/2GDO2cM
https://ift.tt/2pPJdCX
Submitted March 29, 2018 at 01:25PM by Iot_Security
via reddit https://ift.tt/2GDO2cM
IoT Hub
Startup can secure IoT devices with data analytics
Even basic devices can be secured, according to Securithings.
Boeing production plant infected with WannaCry ransomware
https://ift.tt/2pQdZvk
Submitted March 29, 2018 at 04:12PM by Horus_Sirius
via reddit https://ift.tt/2J4ftLg
https://ift.tt/2pQdZvk
Submitted March 29, 2018 at 04:12PM by Horus_Sirius
via reddit https://ift.tt/2J4ftLg
TSecurity Portal
Boeing production plant infected with WannaCry ransomware
Microsoft Products Are Hackers’ Favorite — Report.
https://ift.tt/2GojdVW
Submitted March 29, 2018 at 04:41PM by CasperVPN
via reddit https://ift.tt/2uAd4os
https://ift.tt/2GojdVW
Submitted March 29, 2018 at 04:41PM by CasperVPN
via reddit https://ift.tt/2uAd4os
Infosecurity Magazine
Microsoft Products Are Hackers’ Favorite — Report.
Microsoft Products Are Hackers’ Favorite — Report. Recorded Future claims Flash was less popular in 2017
Bypassing of SSL certificate pinning in iOS applications with a jailbroken device
https://ift.tt/2uva90i
Submitted March 29, 2018 at 03:19PM by yawnful
via reddit https://ift.tt/2GlhhOe
https://ift.tt/2uva90i
Submitted March 29, 2018 at 03:19PM by yawnful
via reddit https://ift.tt/2GlhhOe
GuardSquare
Prevent bypassing of SSL certificate pinning in iOS applications
One of the first things an attacker will do when reverse engineering a mobile application is to bypass the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protection to gain a better insight in the application’s functioning and the way it communicates…
VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
https://ift.tt/2Ghkv58
Submitted March 29, 2018 at 05:51PM by speckz
via reddit https://ift.tt/2GivOy7
https://ift.tt/2Ghkv58
Submitted March 29, 2018 at 05:51PM by speckz
via reddit https://ift.tt/2GivOy7
VoidSec
VPN Leak - VoidSec
VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
Startup Security Guide: Minimum Viable Security Checklist for a Cloud-Based Web Application
https://ift.tt/2GE23Y2
Submitted March 29, 2018 at 05:17PM by speckz
via reddit https://ift.tt/2J4OiQj
https://ift.tt/2GE23Y2
Submitted March 29, 2018 at 05:17PM by speckz
via reddit https://ift.tt/2J4OiQj
Hartleybrody
Startup Security Guide: Minimum Viable Security Checklist for a Cloud-Based Web Application
Before you launch your new product to the world, make sure you're following the basic security guidelines in this checklist.
Boeing hit by WannaCry virus, but says attack caused little damage
https://ift.tt/2E2yA4N
Submitted March 29, 2018 at 05:06PM by zexterio
via reddit https://ift.tt/2pORB5j
https://ift.tt/2E2yA4N
Submitted March 29, 2018 at 05:06PM by zexterio
via reddit https://ift.tt/2pORB5j
The Seattle Times
Boeing hit by WannaCry virus, fears it could cripple some jet production
Boeing has been hit by the WannaCry computer virus. Some airplane production may be affected
Microsoft Products Are Hackers’ Favorite — Report.
https://ift.tt/2GojdVW
Submitted March 29, 2018 at 04:41PM by CasperVPN
via reddit https://ift.tt/2uAd4os
https://ift.tt/2GojdVW
Submitted March 29, 2018 at 04:41PM by CasperVPN
via reddit https://ift.tt/2uAd4os
Infosecurity Magazine
Microsoft Products Are Hackers’ Favorite — Report.
Microsoft Products Are Hackers’ Favorite — Report. Recorded Future claims Flash was less popular in 2017
Boeing production plant infected with WannaCry ransomware
https://ift.tt/2pQdZvk
Submitted March 29, 2018 at 04:12PM by Horus_Sirius
via reddit https://ift.tt/2J4ftLg
https://ift.tt/2pQdZvk
Submitted March 29, 2018 at 04:12PM by Horus_Sirius
via reddit https://ift.tt/2J4ftLg
TSecurity Portal
Boeing production plant infected with WannaCry ransomware
Details of 600,000 foreign visitors to UK go up in smoke thanks to shonky border database
https://ift.tt/2Ia7ESM
Submitted March 29, 2018 at 03:58PM by yourSAS
via reddit https://ift.tt/2pNUe8m
https://ift.tt/2Ia7ESM
Submitted March 29, 2018 at 03:58PM by yourSAS
via reddit https://ift.tt/2pNUe8m
www.theregister.co.uk
Details of 600,000 foreign visitors to UK go up in smoke thanks to shonky border database
Er, the Home Office might want to get that fixed before Brexit
Security In 5: Episode 205 - Facebook Fail - How To Break Away From Facebook
https://ift.tt/2pO9ySp
Submitted March 29, 2018 at 06:34PM by BinaryBlog
via reddit https://ift.tt/2IemQyB
https://ift.tt/2pO9ySp
Submitted March 29, 2018 at 06:34PM by BinaryBlog
via reddit https://ift.tt/2IemQyB
Libsyn
Security In Five Podcast: Episode 205 - Facebook Fail - How To Break Away From Facebook
If you are done with the privacy practices of Facebook you can break away from it. The hard part is the social aspect of family members and friends that may not. But you go back to the old methods of socializing by direct texting or actually picking up the…
Facebook Expands Bug Bounty Amid Spiraling Privacy Scandal
https://ift.tt/2IdEzGd
Submitted March 29, 2018 at 06:07PM by CasperVPN
via reddit https://ift.tt/2pNFgPU
https://ift.tt/2IdEzGd
Submitted March 29, 2018 at 06:07PM by CasperVPN
via reddit https://ift.tt/2pNFgPU
Infosecurity Magazine
Facebook Expands Bug Bounty Amid Spiraling Privacy Scandal
The social network will reward people for reporting misuses of data by app developers.
Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script
https://ift.tt/2GU1jvA
Submitted March 29, 2018 at 08:20PM by SymbianSyMoh
via reddit https://ift.tt/2pSTVZ0
https://ift.tt/2GU1jvA
Submitted March 29, 2018 at 08:20PM by SymbianSyMoh
via reddit https://ift.tt/2pSTVZ0
In-depth Formbook malware analysis
https://ift.tt/2GnmNzI
Submitted March 29, 2018 at 09:20PM by _cacao
via reddit https://ift.tt/2E54rl8
https://ift.tt/2GnmNzI
Submitted March 29, 2018 at 09:20PM by _cacao
via reddit https://ift.tt/2E54rl8
This is Security :: by Stormshield
In-depth Formbook malware analysis - Obfuscation and process injection - This is Security :: by Stormshield
Introduction Formbook is a form-grabber and stealer malware written in C and x86 assembly language. It’s a ready to sell malware, that can be used by cyber-criminals who don’t have any skill in malware development. The sample analyzed in this blog-post has…