Is your VPN running the Facebook pixel, thus putting a dent in your privacy? We tested almost 300 — check out the results and see if it’s time you had a word with your provider.

Kubernetes Security - Best Practice Guide. Contribute to freach/kubernetes-security-best-practice development by creating an account on GitHub.

Big rewards are available for hackers who can spot when websites have got their coding wrong.

This week's Tools, Tips and Tricks episode is the one you should use starting today. Cloudflare released a new, private and public DNS that anyone can use. In the growing concern around privacy and the rest of the Internet users waking up to how companies…

The enforcement of GDPR is imminent (25 May 2018). Companies have already spent millions of dollars, euros and pounds reinforcing their security and adapting their processes to ensure compliance.

Users told smartphone’s software has been updated with monthly patches when it hasn’t, new research claims

Update: Linux Deepin removed CNZZ tracking as of 20 July 2018: https://youtu.be/WSr6iwVd2RE
As of version 15.5 Linux Deepin carries out spying, with the App store making unencrypted connections to known Chinese tracker CNZZ.

Deepin 15.3 and 15.4 which I…

Follow up video: https://youtu.be/kv8gvXPwWjY

Does Google and Facebook listen in and record conversations and audio even when they're not open? I perform a live test using Google chrome on a Windows 10 PC to discover whether my microphone appears to be recording…

Digital Forensics. Hacking. Home Labs.

A quick way to ship Volatility JSON files to Graylog.

PowerHammer: Researchers demonstrate how hackers can steal data from an air-gapped computer using power lines.

This post was co-authored by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal. In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet…

Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002.

7 points and 0 comments so far on reddit

TLDR: Vultr does not verify domain ownership when adding new domains. This allows the hijack of abandoned domains by pretty much anyone with an account and verified payment method Disclosure Timeline 2018/04/09: Reported to Vultr to see if they will fix and…

Verifying consumer data is the cornerstone of electronic commerce. Blockchain’s transparency and accountability could straighten out a convoluted process pocked with weak points. But aligning blockchain applications with ongoing verification processes is…