Asterisk RTPbleed vulnerability
http://ift.tt/2wvYrBq
Submitted September 13, 2017 at 02:05AM by agDane
via reddit http://ift.tt/2jmVNJx
http://ift.tt/2wvYrBq
Submitted September 13, 2017 at 02:05AM by agDane
via reddit http://ift.tt/2jmVNJx
GitHub
EnableSecurity/advisories
Security advisories published by Enable Security
Equifax Breach: How To Use 143 Million Stolen Identities
http://ift.tt/2wZgSP5
Submitted September 13, 2017 at 01:57AM by heyitsmikeyv
via reddit http://ift.tt/2f43wec
http://ift.tt/2wZgSP5
Submitted September 13, 2017 at 01:57AM by heyitsmikeyv
via reddit http://ift.tt/2f43wec
Michael Veenstra
Equifax Breach: How To Use 143 Million Stolen Identities
You've heard about the Equifax breach. You probably assume your data is involved. Let's talk about what the attackers are going to do with it.
How to encrypt my hard drive?
http://ift.tt/2xvIBZc
Submitted September 13, 2017 at 02:33AM by the_dark_magic
via reddit http://ift.tt/2fgP27O
http://ift.tt/2xvIBZc
Submitted September 13, 2017 at 02:33AM by the_dark_magic
via reddit http://ift.tt/2fgP27O
Stackexchange
Hard drive encryption
I would like to encrypt the partitions on my hard drive. They're partioned and mounted as follows:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 494,4G 0 disk
├─sda1 8:1 0 ...
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 494,4G 0 disk
├─sda1 8:1 0 ...
Since Apple Face ID processes the data locally, are there other ways law enforcement/hackers can obtain facial data from an iPhone?
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me thinking on other ways our facial information data can get into the wrong hands.Is it possible to obtain this data through other apps? If I give an app like Facebook/Snapchat access to my camera, my face is stored on their servers so wouldn't it be easy to obtain my facial information and hack into my phone?
Submitted September 13, 2017 at 03:16AM by Sucker_for_horns
via reddit http://ift.tt/2jl27Bo
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me thinking on other ways our facial information data can get into the wrong hands.Is it possible to obtain this data through other apps? If I give an app like Facebook/Snapchat access to my camera, my face is stored on their servers so wouldn't it be easy to obtain my facial information and hack into my phone?
Submitted September 13, 2017 at 03:16AM by Sucker_for_horns
via reddit http://ift.tt/2jl27Bo
reddit
Since Apple Face ID processes the data locally, are... • r/security
Apple made a point today to say that the processing for Face ID is done on the phone itself and never sent to an Apple server. This got me...
Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs
http://ift.tt/2f46gbI
Submitted September 13, 2017 at 02:58AM by CybersecurityHelp
via reddit http://ift.tt/2jokHc6
http://ift.tt/2f46gbI
Submitted September 13, 2017 at 02:58AM by CybersecurityHelp
via reddit http://ift.tt/2jokHc6
www.cybersecurity-help.cz
Patch Tuesday review: zero-day vulnerability in .NET Framework and 82 other bugs
Microsoft patched 83 vulnerabilities in total.
Microsoft Patches .NET Zero Day Vulnerability in September Update
http://ift.tt/2xiYGjZ
Submitted September 13, 2017 at 04:40AM by majorllama
via reddit http://ift.tt/2xjfXtC
http://ift.tt/2xiYGjZ
Submitted September 13, 2017 at 04:40AM by majorllama
via reddit http://ift.tt/2xjfXtC
Threatpost | The first stop for security news
Microsoft Patches .NET Zero Day Vulnerability in September Update
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
http://ift.tt/2xXJIgi
Submitted September 13, 2017 at 01:40AM by majorllama
via reddit http://ift.tt/2wYfISr
http://ift.tt/2xXJIgi
Submitted September 13, 2017 at 01:40AM by majorllama
via reddit http://ift.tt/2wYfISr
FireEye
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY « Threat Research Blog
FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability.
2017 Collegiate Penetration Testing Competition Registration Open!
http://ift.tt/2wXvoFp
Submitted September 13, 2017 at 04:49AM by gen0cide_
via reddit http://ift.tt/2f3fDsc
http://ift.tt/2wXvoFp
Submitted September 13, 2017 at 04:49AM by gen0cide_
via reddit http://ift.tt/2f3fDsc
nationalcptc.org
Collegiate Penetration Testing Competition - Register
A denoscription of the Collegiate Penetration Testing Competition that includes information for teams, volunteers, and other information about the competition both current and prior.
Best Phone for Security?
Now that Apple has revealed their new iPhone starting at a ridiculous price, I began to think of alternatives. I would like to know what you all think is the best phone in terms of security. Maybe a good lower costing phone up to a higher costing phone with the pros and cons.
Submitted September 13, 2017 at 05:53AM by Deaf_Priest
via reddit http://ift.tt/2xw3m7b
Now that Apple has revealed their new iPhone starting at a ridiculous price, I began to think of alternatives. I would like to know what you all think is the best phone in terms of security. Maybe a good lower costing phone up to a higher costing phone with the pros and cons.
Submitted September 13, 2017 at 05:53AM by Deaf_Priest
via reddit http://ift.tt/2xw3m7b
reddit
Best Phone for Security? • r/security
Now that Apple has revealed their new iPhone starting at a ridiculous price, I began to think of alternatives. I would like to know what you all...
BlueBorn - Wide Spread Bluetooth Vulnerabilities
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 05:59AM by dij-8al
via reddit http://ift.tt/2wZSbCo
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 05:59AM by dij-8al
via reddit http://ift.tt/2wZSbCo
armis
Blueborne • armis
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device General Overview Affected Devices Technical Overview General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android…
5 Easy Ways to Improve the Protection of Your Home
http://ift.tt/2h1iAdg
Submitted September 13, 2017 at 11:17AM by martinsztein
via reddit http://ift.tt/2xkfYxl
http://ift.tt/2h1iAdg
Submitted September 13, 2017 at 11:17AM by martinsztein
via reddit http://ift.tt/2xkfYxl
24 Hour Emergency Locksmith in Tampa, FL | Any Car Key Made
5 Easy Ways to Improve the Protection of Your Home | 24 Hour Emergency Locksmith in Tampa, FL | Any Car Key Made
Enjoy better time outdoors while these 5 easy ways help you improve the protection of your home and keep the burglars away from your property.
How to Protect Your Company From Botnet Attacks
http://ift.tt/2jkDZPl
Submitted September 13, 2017 at 12:13PM by InfoSecCrazy
via reddit http://ift.tt/2w6uqtb
http://ift.tt/2jkDZPl
Submitted September 13, 2017 at 12:13PM by InfoSecCrazy
via reddit http://ift.tt/2w6uqtb
itsecuritycentral.teramind.co
How to Protect Your Company From Botnet Attacks | IT Security Central
As you plan your defenses against botnet attacks on your organization's computers and mobile devices, don't forget to protect your IoT devices as well.
A POC to Monitoring Windows Console Activity
http://ift.tt/2woRSgL
Submitted September 13, 2017 at 12:45PM by eyeofrateam
via reddit http://ift.tt/2x08L4Q
http://ift.tt/2woRSgL
Submitted September 13, 2017 at 12:45PM by eyeofrateam
via reddit http://ift.tt/2x08L4Q
Eye of Ra
Windows Console Monitoring
This is a demonstration version of how to monitoring Windows console (starting from Windows 8). The concept was based on the 2-part articles of fireeye blog but source code wasn’t revealed, s…
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
http://ift.tt/2h3o5o3
Submitted September 13, 2017 at 12:40PM by majorllama
via reddit http://ift.tt/2w7ec3b
http://ift.tt/2h3o5o3
Submitted September 13, 2017 at 12:40PM by majorllama
via reddit http://ift.tt/2w7ec3b
BleepingComputer
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.
Why Face ID won’t give you the legal protection of a passcode
http://ift.tt/2jmZ7V9
Submitted September 13, 2017 at 02:14PM by Benjaminsen
via reddit http://ift.tt/2joCcZK
http://ift.tt/2jmZ7V9
Submitted September 13, 2017 at 02:14PM by Benjaminsen
via reddit http://ift.tt/2joCcZK
The Verge
Why Face ID won’t give you the legal protection of a passcode
In the short time since Apple announced its Face ID feature for the iPhone X, we’ve seen a lot of questions about its security compared to a fingerprint or passcode. For example, if you’re...
SSRF (Server Side Request Forgery) testing resources
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
Cujanovic
SSRF (Server Side Request Forgery) testing resources - Predrag Cujanović
How to test for SSRF (Server Side Request Forgery) vulnerabilities - github repo
Handy Collaborator: a Burp Suite extension that lets you use the Collaborator tool for manual testing
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
CVE-2017-9805: Analysis of the Vulnerability in the Apache Struts RCE REST Plugin
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
Newbie question
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
reddit
Newbie question • r/security
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer. I have my work email forwarded into my...
Equifax blames open-source software for its record-breaking security breach
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
ZDNet
Equifax blames open-source software for its record-breaking security breach: Report | ZDNet
The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records. ZDNet examines the claim.
Security In 5: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
Libsyn
Security In Five Podcast: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
Compliance audits are checkbox reviews of itemized lists of things you should be doing. If you pass a compliance audit, so what? Compliant to a list doesn't mean you are any more secure nor does it mean you can stop. Compliance audits are only checking the…