Security In 5: Episode 215 - Ways To Detect A Hacker In Your Environment
https://ift.tt/2GX8mmb
Submitted April 12, 2018 at 06:37PM by BinaryBlog
via reddit https://ift.tt/2Hu5Yod
https://ift.tt/2GX8mmb
Submitted April 12, 2018 at 06:37PM by BinaryBlog
via reddit https://ift.tt/2Hu5Yod
Libsyn
Security In Five Podcast: Episode 215 - Ways To Detect A Hacker In Your Environment
On average it takes a business 180 days to detect a breach. Six months of a hacker walking around your systems, stealing data, planting malware and anything else they can. There are things you can look out for, abnormalities in your environment's behavior…
Security In 5: Episode 215 - Ways To Detect A Hacker In Your Environment
https://ift.tt/2GX8mmb
Submitted April 12, 2018 at 06:37PM by BinaryBlog
via reddit https://ift.tt/2Hu5Yod
https://ift.tt/2GX8mmb
Submitted April 12, 2018 at 06:37PM by BinaryBlog
via reddit https://ift.tt/2Hu5Yod
Libsyn
Security In Five Podcast: Episode 215 - Ways To Detect A Hacker In Your Environment
On average it takes a business 180 days to detect a breach. Six months of a hacker walking around your systems, stealing data, planting malware and anything else they can. There are things you can look out for, abnormalities in your environment's behavior…
Analyze VPC flow logs
https://ift.tt/2FSZ1P5
Submitted April 12, 2018 at 07:57PM by tech-tramp
via reddit https://ift.tt/2qqjz8z
https://ift.tt/2FSZ1P5
Submitted April 12, 2018 at 07:57PM by tech-tramp
via reddit https://ift.tt/2qqjz8z
TotalCloud Blog
Analyze VPC flow logs | Security | Performance - TotalCloud Blog
The VPC flow logs capture important information about the IP traffic to and from network interfaces, subnets and VPCs in the AWS infrastructure. They are used to monitor security by tracking traffic reaching and leaving the resources(instance, databases,…
Smashing Ethereum smart contracts for fun and real profit (conference paper)
https://ift.tt/2qqeLjB
Submitted April 12, 2018 at 07:49PM by berndtzl
via reddit https://ift.tt/2INNWgc
https://ift.tt/2qqeLjB
Submitted April 12, 2018 at 07:49PM by berndtzl
via reddit https://ift.tt/2INNWgc
Medium
HITB2018AMS: Smashing Smart Contracts for Fun and Real Profit
During my first year in university, I discovered Phrack magazine and the 1,746 infamous lines of ASCII text noscriptd “Smashing the Stack for…
GDPR Explained in under 4 Minutes | Training Video for Employees
https://ift.tt/2JDrmYK
Submitted April 12, 2018 at 08:17PM by Inkyandthebrain
via reddit https://ift.tt/2GSf1SQ
https://ift.tt/2JDrmYK
Submitted April 12, 2018 at 08:17PM by Inkyandthebrain
via reddit https://ift.tt/2GSf1SQ
Wistia
Habitu8 GDPR Animated Video
3 min 50 sec video
GDPR Explained in under 4 Minutes | Training Video for Employees
https://ift.tt/2JDrmYK
Submitted April 12, 2018 at 08:17PM by Inkyandthebrain
via reddit https://ift.tt/2GSf1SQ
https://ift.tt/2JDrmYK
Submitted April 12, 2018 at 08:17PM by Inkyandthebrain
via reddit https://ift.tt/2GSf1SQ
Wistia
Habitu8 GDPR Animated Video
3 min 50 sec video
Releasing Free Beta API for Zero-Day Phishing Detection based on Computer Vision.
https://app.phish.ai
Submitted April 12, 2018 at 08:32PM by jekapats
via reddit https://ift.tt/2GVG4bZ
https://app.phish.ai
Submitted April 12, 2018 at 08:32PM by jekapats
via reddit https://ift.tt/2GVG4bZ
reddit
Releasing Free Beta API for Zero-Day Phishing Detection... • r/netsec
1 points and 0 comments so far on reddit
What We Know And Don’t Know About Election Hacking
https://ift.tt/2Ez4shu
Submitted April 12, 2018 at 08:18PM by BS_Is_Annoying
via reddit https://ift.tt/2v4gmQQ
https://ift.tt/2Ez4shu
Submitted April 12, 2018 at 08:18PM by BS_Is_Annoying
via reddit https://ift.tt/2v4gmQQ
FiveThirtyEight
What We Know And Don’t Know About Election Hacking
Also, what we don't know we don't know.
A quick guide to JIT comparisons: answering if it is ever possible that (a== 1 && a ==2 && a==3) could evaluate to true in JavaScript.
https://ift.tt/2IOAhW3
Submitted April 12, 2018 at 09:13PM by RedmondSecGnome
via reddit https://ift.tt/2qqHnJH
https://ift.tt/2IOAhW3
Submitted April 12, 2018 at 09:13PM by RedmondSecGnome
via reddit https://ift.tt/2qqHnJH
Zero Day Initiative
Inverting Your Assumptions: A Guide to JIT Comparisons
Similar to many others that have spent an unhealthy amount of their life staring at a computer screen, I have back issues. Having an office setup with proper ergonomics is an obvious first step towards avoiding back pain, but I've also found that getting…
Separating app containers and DB networks
Security-wise, does it make sense to separate the application k8s containers VPC OR subnet from the infrastructure (mysql, etc) network?The infra network can be isolated from the internet and have strict ACL (container network is probably more relaxed)
Submitted April 12, 2018 at 10:11PM by yonatannn
via reddit https://ift.tt/2qrhYzD
Security-wise, does it make sense to separate the application k8s containers VPC OR subnet from the infrastructure (mysql, etc) network?The infra network can be isolated from the internet and have strict ACL (container network is probably more relaxed)
Submitted April 12, 2018 at 10:11PM by yonatannn
via reddit https://ift.tt/2qrhYzD
reddit
Separating app containers and DB networks • r/security
Security-wise, does it make sense to separate the application k8s containers VPC OR subnet from the infrastructure (mysql, etc) network? The...
Week 15 in Information Security, 2018
https://ift.tt/2qtf10F
Submitted April 12, 2018 at 09:57PM by undercomm
via reddit https://ift.tt/2IR609h
https://ift.tt/2qtf10F
Submitted April 12, 2018 at 09:57PM by undercomm
via reddit https://ift.tt/2IR609h
Malgregator
InfoSec Week 15, 2018
The U.S. Secret Service is warning about a new scam scheme where the crooks are intercepting new debit cards in the mail and replace the...
My Brief Career as a Facebook Bug Bounty Hunter | Issues with white hat programs
https://ift.tt/2JFb1mz
Submitted April 12, 2018 at 10:36PM by nkrva
via reddit https://ift.tt/2qpM32q
https://ift.tt/2JFb1mz
Submitted April 12, 2018 at 10:36PM by nkrva
via reddit https://ift.tt/2qpM32q
The Tyee
My Brief Career as a Facebook Bug Bounty Hunter | The Tyee
You, too, can poke holes in the social media giant's platform while giving up yet even more of your personal information.
XSS via unsanitized markdown output in pastebin.com
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:11PM by Nhoya
via reddit https://ift.tt/2GSvIJW
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:11PM by Nhoya
via reddit https://ift.tt/2GSvIJW
GitHub
Nhoya/PastebinMarkdownXSS
PastebinMarkdownXSS - pastebin.com XSS via unsanitized markdown function
Cops Around the Country Can Now Unlock iPhones
https://ift.tt/2EGJVrl
Submitted April 13, 2018 at 01:11AM by StevenTheBirdSeagull
via reddit https://ift.tt/2GSaFeh
https://ift.tt/2EGJVrl
Submitted April 13, 2018 at 01:11AM by StevenTheBirdSeagull
via reddit https://ift.tt/2GSaFeh
Motherboard
Cops Around the Country Can Now Unlock iPhones, Records Show
A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
Isolate containers in Google cloud
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while other can't. To my understanding, I can't place them in different VPCs/subnets (k8s limit), which another mechanism can I use to restrict specific containers/pods access to network resources? For example, what if I wish to restrict a single pod from approaching the DB IP address
Submitted April 13, 2018 at 12:54AM by yonatannn
via reddit https://ift.tt/2GWYH39
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while other can't. To my understanding, I can't place them in different VPCs/subnets (k8s limit), which another mechanism can I use to restrict specific containers/pods access to network resources? For example, what if I wish to restrict a single pod from approaching the DB IP address
Submitted April 13, 2018 at 12:54AM by yonatannn
via reddit https://ift.tt/2GWYH39
reddit
Isolate containers in Google cloud • r/security
Have multiple Kubernetes pods (docker containers) where each should have different network access rights - some may access some resources while...
XSS in pastebin.com via unsanitized markdown output
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:29PM by Nhoya
via reddit https://ift.tt/2EHtfA1
https://ift.tt/2HvNlAb
Submitted April 12, 2018 at 11:29PM by Nhoya
via reddit https://ift.tt/2EHtfA1
GitHub
Nhoya/PastebinMarkdownXSS
PastebinMarkdownXSS - pastebin.com XSS via unsanitized markdown function
Abusing Linux's firewall: the hack that allowed us to build Spectrum
https://ift.tt/2HujVT2
Submitted April 13, 2018 at 01:25AM by rmddos
via reddit https://ift.tt/2Huemnx
https://ift.tt/2HujVT2
Submitted April 13, 2018 at 01:25AM by rmddos
via reddit https://ift.tt/2Huemnx
Cloudflare Blog
Abusing Linux's firewall: the hack that allowed us to build Spectrum
Introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.Today we are releasing Spectrum.
HITB2018AMS: Smashing smart contracts for fun and real profit (a tribute to Aleph One)
https://ift.tt/2GTOaBH
Submitted April 13, 2018 at 03:37AM by berndtzl
via reddit https://ift.tt/2qtKUpH
https://ift.tt/2GTOaBH
Submitted April 13, 2018 at 03:37AM by berndtzl
via reddit https://ift.tt/2qtKUpH
Polyverse Readhook Simulator: an open source buffer overflow exploit tool
https://www.youtube.com/watch?v=ok8Pe2RuM30
Submitted April 13, 2018 at 04:03AM by Polyverse_Security
via reddit https://ift.tt/2EHtkUj
https://www.youtube.com/watch?v=ok8Pe2RuM30
Submitted April 13, 2018 at 04:03AM by Polyverse_Security
via reddit https://ift.tt/2EHtkUj
YouTube
Polyverse Readhook Zero-Day Simulator
This video demonstrates the Polyverse ReadHook Zero Day Simulator tool. More details on this tool can be found here: blog.polyverse.io/an-intentional-buffer-...
Username/Password emailed for account creation
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the "temp" account for me and send me the credentials to log in the first time.This is nothing new, I've seen this many times before. What confused me was the fact that the username and password were sent as two separate emails back to back. The emails said that they were doing this for security.Could someone explain how this is more secure than sending this information in one email?
Submitted April 13, 2018 at 04:34AM by CreativeTechGuyGames
via reddit https://ift.tt/2JIDHef
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the "temp" account for me and send me the credentials to log in the first time.This is nothing new, I've seen this many times before. What confused me was the fact that the username and password were sent as two separate emails back to back. The emails said that they were doing this for security.Could someone explain how this is more secure than sending this information in one email?
Submitted April 13, 2018 at 04:34AM by CreativeTechGuyGames
via reddit https://ift.tt/2JIDHef
reddit
Username/Password emailed for account creation • r/security
I recently received an email from a service that I needed to create an account on. It's not a publicly available service, so they had to setup the...
Windows 10 Spring Creators Update adds "delete" button for all data collected by Microsoft from your device
https://ift.tt/2JzTPic
Submitted April 13, 2018 at 04:44AM by AzoWei
via reddit https://ift.tt/2EHOKAJ
https://ift.tt/2JzTPic
Submitted April 13, 2018 at 04:44AM by AzoWei
via reddit https://ift.tt/2EHOKAJ
PCWorld
Windows 10 Spring Creators Update: The best hidden features
Microsoft’s Windows 10 upgrade, code-named Redstone 4 and informally known as the Spring Creators Update and possibly Windows 10 Version Next, offers many smaller additions and changes you might miss. We've highlighted them here.