Analysis of a hacked WordPress site
https://ift.tt/2qoSguv

Submitted April 11, 2018 at 04:14PM by glen_scott
via reddit https://ift.tt/2v6TeRO

RSA Conference 2018 – Unofficial list of RSA Conference and Vendor Parties
https://ift.tt/2v469El

Submitted April 11, 2018 at 04:45PM by Iot_Security
via reddit https://ift.tt/2HiR1Yi

Here's how to avoid being tracked online
https://ift.tt/2GRi0Xu

Submitted April 11, 2018 at 05:14PM by GustavOliv
via reddit https://ift.tt/2Hu6iTK

Breaking CFI: Exploiting CVE-2015-5122 using COOP
https://ift.tt/2IHmC3e

Submitted April 11, 2018 at 05:00PM by shleimeleh
via reddit https://ift.tt/2v1GGeB

Remote Hash Extraction On Demand Via Host Security Denoscriptor Modification
https://ift.tt/2JBJ92n

Submitted April 11, 2018 at 05:55PM by ProvadysOffsec
via reddit https://ift.tt/2Hb1l4R

Security In 5: Episode 214 - Protecting Your Business From A Ransomware Attack
https://ift.tt/2GQeDUT

Submitted April 11, 2018 at 06:31PM by BinaryBlog
via reddit https://ift.tt/2qpj1iK

Filtering out top 1 million domains from corporate network traffic
https://ift.tt/2GPSa6e

Submitted April 11, 2018 at 07:02PM by daanraman
via reddit https://ift.tt/2v7QtzM

A few weeks ago my computer got hacked and 7500$ worth of Bitcoin were stolen. Here are few things I learned:
I'm writing this post with a hope that it might help other people to start thinking about their security & also to understand that it can happen to anyone.Here are few things I wish I knew before:Don't download a torrent from risky websites (I tried to download a software from a website I never saw before, a few weeks ago and I think that's where I got the malware)If you hold any Bitcoin, Ethereum or any other cryptocurrency, Buy Nano ledger, Don't be cheap with your self, It doesn't worth the risk.https://www.ledgerwallet.com/products/ledger-nano-sUse MetaMask, It's a must for every crypto trader.In few minutes you can educate your self and prevent things like that from happening. I learned few useful stuff at this article, I believe it might be useful for youhttps://medium.com/swarmdotmarket/5-ways-to-prevent-your-crypto-wallet-from-being-hacked-981acd86bc43

Submitted April 11, 2018 at 07:48PM by chanfle
via reddit https://ift.tt/2GOAmfL

Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers
https://ift.tt/2JCkrzd

Submitted April 11, 2018 at 08:01PM by speckz
via reddit https://ift.tt/2GQ7JLb

Experienced first ransomware episode - need advice on go forward business strategy
Hello all,Long time lurker to this subreddit, first time poster :)I manage IT and marketing for a company that acquires smaller companies that align with our overall strategy. The companies that we acquire are much smaller than us (usually 15-40 employees) and are kind of "mom and pop" owned and operated.From an IT perspective, we have tried to create somewhat of an "in the cloud" technology approach that we can plug these smaller companies into so that we can get everyone on the same basic systems and speed up the process of overall integration.We use Google for business for our email and "file server" solution. Each "division" (company we acquire) has their own folder in the drive that contains all of their related files and folders.WELL - 2 weeks ago one of our divisions that we recently purchased (2 months ago) was victim of a brute force attack which resulted in all files on the file server, the ERP server, and the CRM server to be encrypted with ransomware. Being that we just bought the company 2 months ago, we had not moved their files from their file server to our Google Drive just yet (we don't like to just go in guns a' blazin and make the employees feel like we are changing EVERYTHING at once lol). A backup solution was in place both locally (which was deleted via the hack) and in the cloud - so everything was ok.Being that it was my first experience with ransomware it got me thinking about how we are currently do things and what we should be doing on a go forward. IF that division had been on our Google Drive...that ransomware could have spread to the rest of the company...So I am really just trying to understand what "best practice" is for utilizing/structuring/securing Google Drive for business as a "file server" solution on a go forward, AND best practice for backing the Google Drive up for the entire company so that we can be as full proof as we can be for a potential ransomware situation.Our users currently use Google File Stream on their local PC's. We are running a daily backup to a local PC at our corporate location, and a weekly backup to an external hard drive that is then disconnected and moved off-site.I definitely see the need for a completely restructured approach - I just need some direction :) I appreciate any advice in advance!Thanks guys,-R

Submitted April 11, 2018 at 07:59PM by Machinegamer
via reddit https://ift.tt/2Hfbq0w

New techniques for adding data to Alternate Data Streams and executing it
https://ift.tt/2qniGO3

Submitted April 11, 2018 at 07:57PM by oddvarmoe
via reddit https://ift.tt/2EGInOg

Anyone at ISC West 2018?
I'm here in Las Vegas from Los Angeles. Would love to connect with any redditors that happen to be here! I'm here just for the day. (April 11th 2018)

Submitted April 11, 2018 at 10:36PM by bugnuker
via reddit https://ift.tt/2GQfTDo

News Flash: Great Western Railway, Sears and Delta, Despacito Video Deleted in Hack
https://youtu.be/G97ihMBUKj8

Submitted April 11, 2018 at 10:31PM by GlassHouseSystems
via reddit https://ift.tt/2HuVGEw

I found this in my banking app's username field. Security hole or random keyboard presses?
I have Chase save my username for faster logins. Today when I open the app, where the username would be I find this:

v6YDPBiQ+Y1wHZ+boAkMypifMD3KCHTZz6105o/3bUTrS5+CjJiyP9a9MS5gcgYMZcJvQ4MnDbin GmEEAg12z1WXXQ1gGCAFw4077l1lHeBgBRwJfTmbdDL4AEFN6CAPUSKbLQ0xRiEktedBgAdHvXb7 gyv/v8BkvIw5fSrixh0IRIzeS3ppO5pm+ugfOoDaLLajrc1uCRvCOtbWqsH8l5ydvRJ4RuxbwRAz45ptbpTGHm9wqH6+BPscOpXQpbI088o4heNTL3fviEXmwFaJMWZDwyitiJL1aRfidpk3Wbnd+HNo9VsPBy7yWsgbPEvkKLwnJw5d13oamcPbXDKpg== 

I doubt my phone turned on in my pocket. It seems too randomized for that. Maybe it did, but I thought I'd get y'all's opinion. Does this resemble anything concerning? Or should I just learn to turn my screen off?

Submitted April 11, 2018 at 11:13PM by alextheracer
via reddit https://ift.tt/2INFnBX

An OWASP-like top 10 for smart contract vulnerabilities
https://www.dasp.co

Submitted April 11, 2018 at 11:38PM by davidw_-
via reddit https://ift.tt/2EEyW1D

Breaking RSA OAEP with Manger’s attack
https://ift.tt/2GBcXyF

Submitted April 11, 2018 at 04:46AM by dgryski
via reddit https://ift.tt/2qqmYDM

Highlights of the Verizon 2018 Data Breach Investigations Report
https://ift.tt/2GStZIE

Submitted April 12, 2018 at 12:08AM by zinsi-
via reddit https://ift.tt/2qs1rua

USB Detective - USB Device Forensics
https://ift.tt/2H62CHQ

Submitted April 11, 2018 at 11:58PM by 13Cubed
via reddit https://ift.tt/2HhGUDk

An OWASP-like top 10 for smart contract vulnerabilities
https://www.dasp.co

Submitted April 11, 2018 at 11:38PM by davidw_-
via reddit https://ift.tt/2EEyW1D

Thousands of hacked websites are infecting visitors with malware
https://ift.tt/2Jy6XUV

Submitted April 12, 2018 at 01:29AM by DJRWolf
via reddit https://ift.tt/2JBA21M

I found a nice tool that lets you extract and view the source code of Chrome, Firefox and Opera extensions .. for those of you who want to know what your extensions are doing in the background.
Long story short.. I just went through a little ordeal where I wanted to install a very basic Firefox extension, but the extension requires full access to all websites I visit, including access to usernames and passwords that I input. I couldn't understand why, and didn't trust it. It was MPL v2 licensed, but no source code was provided.So... I went search for ways to extract the source and ran across this tool:https://robwu.nl/crxviewer/It's meant to be the demo site for an open source browser extension which has the same functionality (here), but I thought it works just as well as a standalone tool. And it turned out it's able to extract source from not only Firefox, but also Chrome and Opera extensions too.For those of you who are as paranoid as I am about what the extensions may or may not be doing without your knowledge, this is a great little tool. Has a built in JS beautifier as well, which is really nice.

Submitted April 12, 2018 at 01:00AM by NessInOnett
via reddit https://ift.tt/2HxK97r