Black-box vs White-box Testing: It's about what you can see.
https://ift.tt/2HffSKp

Submitted April 06, 2018 at 10:44PM by robert_brooks
via reddit https://ift.tt/2uRirjd

macOS High Sierra Kernel Heap Overflow
https://ift.tt/2Eqj9Dt

Submitted April 06, 2018 at 11:57PM by pocorgtfoftw
via reddit https://ift.tt/2H26ls9

Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation.
https://ift.tt/2IyKYfq

Submitted April 07, 2018 at 12:43AM by malweisse
via reddit https://ift.tt/2q9b8hY

Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB
https://ift.tt/2IAdPjd

Submitted April 07, 2018 at 01:23AM by alessiodelv
via reddit https://ift.tt/2Jr1uzt

Microsoft Adds Anti-Ransomware Features in Office 365
https://ift.tt/2qbn1mz

Submitted April 07, 2018 at 01:22AM by alessiodelv
via reddit https://ift.tt/2EqGh4P

Reaper Group's Updated Mobile Arsenal
https://ift.tt/2IvpaRQ

Submitted April 07, 2018 at 01:49AM by intelot
via reddit https://ift.tt/2JsaBj0

Secret Service Warns of Chip Card Scheme
https://ift.tt/2q77vJd

Submitted April 07, 2018 at 02:57AM by volci
via reddit https://ift.tt/2GJ2JrT

A new Mirai-style botnet is targeting the financial sector
https://ift.tt/2qbbiV4

Submitted April 07, 2018 at 02:41AM by Iot_Security
via reddit https://ift.tt/2GETcC8

T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security | A T-Mobile Austria customer representative made a shocking admission in a Twitter thread
https://ift.tt/2qc6BdM

Submitted April 07, 2018 at 04:07AM by Ebadd
via reddit https://ift.tt/2qbH04Q

T-Mobile Austria stores passwords in plaintext and defends this practice on Twitter.
https://twitter.com/tmobileat/status/981418339653300224

Submitted April 07, 2018 at 03:55AM by xatrixx
via reddit https://ift.tt/2GFm1Tb

Where to find Security Services In Hammersmith
https://ift.tt/2Jq5S1v

Submitted April 07, 2018 at 04:35AM by alarmpro42
via reddit https://ift.tt/2Iy6XmG

Keys for ESET NOD32, Kaspersky, Avast, Dr.Web, Avira
https://ift.tt/2JsKqZS

Submitted April 07, 2018 at 04:31AM by brastagi
via reddit https://ift.tt/2IzA2ya

Exploiting Bluetooth Low Energy using Gattacker for IoT
https://ift.tt/2ErzsQt

Submitted April 07, 2018 at 04:45AM by adi0x90
via reddit https://ift.tt/2uRYgSf

BRACE YOURSELF - Cisco Vulnerabilities are Coming (Read: Reminder to Check Cisco CVEs for recent announcements, hardcoded passwords, etc)
https://ift.tt/20R8XZ4

Submitted April 07, 2018 at 03:53AM by russellvt
via reddit https://ift.tt/2q8JUHs

T-Mobile digs their own grave
https://ift.tt/2qe2ldV

Submitted April 07, 2018 at 11:38AM by fr34k83
via reddit https://ift.tt/2GFkxIn

CVE-2017-17405: Identifying a Vulnerability in Ruby’s FTP Implementation
https://ift.tt/2GDzYkb

Submitted April 07, 2018 at 04:37PM by cji
via reddit https://ift.tt/2H0dDg7

130,000 Finnish user data exposed in third largest data breach ever happened in the country
https://ift.tt/2qeEbkf

Submitted April 07, 2018 at 08:12PM by Horus_Sirius
via reddit https://ift.tt/2GGx0rd

New variant of the Mirai Botnet targets the financial industry
https://ift.tt/2GJeVwQ

Submitted April 07, 2018 at 08:17PM by Horus_Sirius
via reddit https://ift.tt/2qhElqq

the beep command can be used to probe for existence of files owned by other users including root
https://ift.tt/2IAAADS

Submitted April 07, 2018 at 10:09PM by rain5
via reddit https://ift.tt/2GKsurP

LineageOS 14.1 Blueborne Remote Code Execution
https://ift.tt/2qcF8bW

Submitted April 07, 2018 at 10:48PM by Horus_Sirius
via reddit https://ift.tt/2GELJam

Phishing emails: how to fight back?
Hello, Typically when I receive phishing emails I try and do a few things for the greater good. What else does everyone else do when they receive phishing emails?I block the email domain. They usually spoof the domain and almost never re use but it's a good best practice. If they actually legitimately used someone's email, sometimes based on the SPF/DKIM records, I'll try and email the company to let them know they've been compromised.I click the link in a sandboxed environment to inspect the attack. If it's a password phishing type email, I'll fill it up with a bunch of junk data. This is for fun and usually futile, I just like to see what they are attempting. Like, have they updated their scam to include the new Office365 page finally? I'll also block that URL on the firewall.I'll look up the domain registration and IP address of the server and then reach out to both hosting companies with the information. That usually is pretty effective in having the site shut down. Sometimes when I click the link, the page is already offline meaning either someone else reported it or the hosting company figured it out.I send out some reminders to staff with some examples periodically.note: I am not interested in prevention strategies such as Email filters, Multifactor, Simulated campaigns, etc.

Submitted April 08, 2018 at 02:38AM by mactalker
via reddit https://ift.tt/2ErgMAo