A POC to Monitoring Windows Console Activity
http://ift.tt/2woRSgL
Submitted September 13, 2017 at 12:45PM by eyeofrateam
via reddit http://ift.tt/2x08L4Q
http://ift.tt/2woRSgL
Submitted September 13, 2017 at 12:45PM by eyeofrateam
via reddit http://ift.tt/2x08L4Q
Eye of Ra
Windows Console Monitoring
This is a demonstration version of how to monitoring Windows console (starting from Windows 8). The concept was based on the 2-part articles of fireeye blog but source code wasn’t revealed, s…
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
http://ift.tt/2h3o5o3
Submitted September 13, 2017 at 12:40PM by majorllama
via reddit http://ift.tt/2w7ec3b
http://ift.tt/2h3o5o3
Submitted September 13, 2017 at 12:40PM by majorllama
via reddit http://ift.tt/2w7ec3b
BleepingComputer
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.
Why Face ID won’t give you the legal protection of a passcode
http://ift.tt/2jmZ7V9
Submitted September 13, 2017 at 02:14PM by Benjaminsen
via reddit http://ift.tt/2joCcZK
http://ift.tt/2jmZ7V9
Submitted September 13, 2017 at 02:14PM by Benjaminsen
via reddit http://ift.tt/2joCcZK
The Verge
Why Face ID won’t give you the legal protection of a passcode
In the short time since Apple announced its Face ID feature for the iPhone X, we’ve seen a lot of questions about its security compared to a fingerprint or passcode. For example, if you’re...
SSRF (Server Side Request Forgery) testing resources
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
http://ift.tt/2wp6zR3
Submitted September 13, 2017 at 03:52PM by cujanovic
via reddit http://ift.tt/2xy3BhU
Cujanovic
SSRF (Server Side Request Forgery) testing resources - Predrag Cujanović
How to test for SSRF (Server Side Request Forgery) vulnerabilities - github repo
Handy Collaborator: a Burp Suite extension that lets you use the Collaborator tool for manual testing
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
http://ift.tt/2h3hD0u
Submitted September 13, 2017 at 03:35PM by 0xdea
via reddit http://ift.tt/2x0XRvU
CVE-2017-9805: Analysis of the Vulnerability in the Apache Struts RCE REST Plugin
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
http://ift.tt/2jo5aJ2
Submitted September 13, 2017 at 04:27PM by whitehattracker
via reddit http://ift.tt/2f4pRZs
Newbie question
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer.I have my work email forwarded into my personal Gmail account, bad practice but my institution allows it as I was previously a contractor with a staff account that was not always active, and that was often activated without any notification to myself.I send email from my personal account but via an email alias of my staff account. The emails appear to be sent from my staff account but only show up in the sent folder of my personal account.I've recently mistakenly sent some personal emails this way (from personal account but via the alias of my staff account).Can anyone tell me if it is common practice to store and archive all emails passing through the mail server or if this is typically done only at mailbox level? I work for a large organisation that is subject to the usual data retention policies.
Submitted September 13, 2017 at 04:26PM by bilalqayum
via reddit http://ift.tt/2jozdAn
reddit
Newbie question • r/security
Hi all, normally a lurker on Reddit but have a question I'm hoping someone will be able to answer. I have my work email forwarded into my...
Equifax blames open-source software for its record-breaking security breach
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
http://ift.tt/2wUuoBS
Submitted September 13, 2017 at 05:30PM by stjohns1
via reddit http://ift.tt/2w7GeLL
ZDNet
Equifax blames open-source software for its record-breaking security breach: Report | ZDNet
The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records. ZDNet examines the claim.
Security In 5: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
http://ift.tt/2x16NBo
Submitted September 13, 2017 at 06:43PM by BinaryBlog
via reddit http://ift.tt/2wpjemO
Libsyn
Security In Five Podcast: Episode 67 - Passing A Compliance Audit Doesn't Mean You're Secure
Compliance audits are checkbox reviews of itemized lists of things you should be doing. If you pass a compliance audit, so what? Compliant to a list doesn't mean you are any more secure nor does it mean you can stop. Compliance audits are only checking the…
Heap Exploitation :: Abusing Use-After-Free - Exploit Development
http://ift.tt/2h221Ku
Submitted September 13, 2017 at 06:37PM by Evil1337
via reddit http://ift.tt/2w8M0Nf
http://ift.tt/2h221Ku
Submitted September 13, 2017 at 06:37PM by Evil1337
via reddit http://ift.tt/2w8M0Nf
Intro To Writing Win32 Shellcode #misec for June 2017
http://ift.tt/2jmQTwl
Submitted September 13, 2017 at 07:41PM by iamhabibone
via reddit http://ift.tt/2x0Fsiy
http://ift.tt/2jmQTwl
Submitted September 13, 2017 at 07:41PM by iamhabibone
via reddit http://ift.tt/2x0Fsiy
IAMHABIB.NET
[Video] Intro To Writing Win32 Shellcode #misec for June 2017 - IAMHABIB.NET
IAMHABIB.NET is the videos tube site on Hacking, Security, Reverse Engineering and Social Engineeering
LetsEncrypt and email servers
Hi all. I wonder if you can help identify whether my colleague at work is being bullshitted by our IT contractor...The bottom line question is - is it possible to use a free LetsEncrypt SSL certificate with my company's Kerio email server or will we need to pay for an annual certificate?I have used LetsEncrypt with an automatic renewal on a linux webserver, but I don't know if it would be different in this case - a Kerio based email server, sitting on a Mac. If this is possible on this setup too, why are people in the world still paying for premium SSL certificates? I understand that one certificate is as good as the next, so what is the deal?Many thanks!
Submitted September 13, 2017 at 08:04PM by bhison
via reddit http://ift.tt/2wWNIkG
Hi all. I wonder if you can help identify whether my colleague at work is being bullshitted by our IT contractor...The bottom line question is - is it possible to use a free LetsEncrypt SSL certificate with my company's Kerio email server or will we need to pay for an annual certificate?I have used LetsEncrypt with an automatic renewal on a linux webserver, but I don't know if it would be different in this case - a Kerio based email server, sitting on a Mac. If this is possible on this setup too, why are people in the world still paying for premium SSL certificates? I understand that one certificate is as good as the next, so what is the deal?Many thanks!
Submitted September 13, 2017 at 08:04PM by bhison
via reddit http://ift.tt/2wWNIkG
letsencrypt.org
Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 07:43PM by Hamm3rH3ad
via reddit http://ift.tt/2f69hbv
http://ift.tt/2jjIolw
Submitted September 13, 2017 at 07:43PM by Hamm3rH3ad
via reddit http://ift.tt/2f69hbv
armis
Blueborne • armis
The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device General Overview Affected Devices Technical Overview General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android…
Ransomware "Your Windows is Banned" Muncul Dan Minta Tebusan $50 Bitcoin
http://ift.tt/2h3kqqf
Submitted September 13, 2017 at 07:35PM by khanjadi
via reddit http://ift.tt/2wppOdc
http://ift.tt/2h3kqqf
Submitted September 13, 2017 at 07:35PM by khanjadi
via reddit http://ift.tt/2wppOdc
Mejapraktek
Ransomware "Your Windows is Banned" Muncul Dan Minta Tebusan $50 Bitcoin
Tips, Trik Dan Software Android
Yubikey NFC platform
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
Submitted September 13, 2017 at 08:24PM by cancerous_176
via reddit http://ift.tt/2wpzlkB
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
Submitted September 13, 2017 at 08:24PM by cancerous_176
via reddit http://ift.tt/2wpzlkB
reddit
Yubikey NFC platform • r/security
Is they Yubikey a safe platform, specifically the one with integrated NFC? Is it possible to have the codes on the key taken because of NFC?
SECUMAIL là gì mà có thể bảo mật email cho bạn?
http://ift.tt/2x1yhXk
Submitted September 13, 2017 at 08:18PM by hangcho123
via reddit http://ift.tt/2wpxa00
http://ift.tt/2x1yhXk
Submitted September 13, 2017 at 08:18PM by hangcho123
via reddit http://ift.tt/2wpxa00
Email Security: Hệ thống email bảo mật đầu tiên tại Việt Nam
SECUMAIL là gì mà có thể bảo mật email cho bạn?
Sự chủ quan của doanh nghiệp Việt Nam trong thời đại bảo mật email đã mở lối cho tin tặc tấn công vào email rất dễ dàng và gây tổn thất vô cùng to lớn
Equifax breach, what about employment verification data?
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost in this breach that could make this much worse than originally thought. Imagine the number of employers that have used them for employment verification and I hope they (or anyone else) doesn't have any persistent hooks into Equifax systems or networks.
Submitted September 13, 2017 at 08:54PM by Hamm3rH3ad
via reddit http://ift.tt/2y5H1u4
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost in this breach that could make this much worse than originally thought. Imagine the number of employers that have used them for employment verification and I hope they (or anyone else) doesn't have any persistent hooks into Equifax systems or networks.
Submitted September 13, 2017 at 08:54PM by Hamm3rH3ad
via reddit http://ift.tt/2y5H1u4
reddit
Equifax breach, what about employment verification data? • r/security
I haven't read anything concrete regarding the data that belongs to Equifax's employment verification division. If this data was potentially lost...
Email của bạn sẽ được bảo mật toàn diện với SECUMAIL
http://ift.tt/2xy11IL
Submitted September 13, 2017 at 08:46PM by hangcho123
via reddit http://ift.tt/2y5H4WM
http://ift.tt/2xy11IL
Submitted September 13, 2017 at 08:46PM by hangcho123
via reddit http://ift.tt/2y5H4WM
Email Security: Hệ thống email bảo mật đầu tiên tại Việt Nam
Email của bạn sẽ được bảo mật toàn diện với SECUMAIL
Sự phổ biến của email, hàng loạt các vấn đề liên quan đến bảo mật cũng xuất hiện. Theo đó, SECUMAIL ra đời như là giải pháp để giải quyết các vấn đề trên.
CDNs are starting to become a new way of spreading Malware in Brazil
http://ift.tt/2f6veXP
Submitted September 13, 2017 at 08:32PM by majorllama
via reddit http://ift.tt/2eVKZNE
http://ift.tt/2f6veXP
Submitted September 13, 2017 at 08:32PM by majorllama
via reddit http://ift.tt/2eVKZNE
WeLiveSecurity
CDNs are starting to become a new way of spreading Malware in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be finding a new way of spreading malware.
Backdoor found in WordPress plugin with 200K installs
http://ift.tt/2jiM6Mj
Submitted September 13, 2017 at 05:45PM by campuscodi
via reddit http://ift.tt/2jo2fjE
http://ift.tt/2jiM6Mj
Submitted September 13, 2017 at 05:45PM by campuscodi
via reddit http://ift.tt/2jo2fjE
They're Trying to Hack Your PayPal Account: Analyzing a Real Phishing Email
http://ift.tt/2xxMj4t
Submitted September 13, 2017 at 10:54PM by sh_tomer
via reddit http://ift.tt/2y6mFkw
http://ift.tt/2xxMj4t
Submitted September 13, 2017 at 10:54PM by sh_tomer
via reddit http://ift.tt/2y6mFkw
dzone.com
They're Trying to Hack Your Account: Analyzing a Real Phishing Email - DZone Security
A DZone MVB breaks down a suspicious email he received to demonstrate how phishing attempts work, and certain key elements of phishing attempts to look out for.