[Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens
https://ift.tt/2F0oz8C

Submitted April 19, 2018 at 08:43PM by sarciszewski
via reddit https://ift.tt/2JYv67r

Cisco WebEx Clients Remote Code Execution Vulnerability
https://ift.tt/2HdefQA

Submitted April 19, 2018 at 09:40PM by EvanConover
via reddit https://ift.tt/2HhPL4o

No boundaries for Facebook data: third-party trackers abuse Facebook Login
https://ift.tt/2J5VFpP

Submitted April 19, 2018 at 09:43PM by EvanConover
via reddit https://ift.tt/2HdK7jS

Critical Webex vulnerability patched today.
https://ift.tt/2HdefQA

Submitted April 19, 2018 at 10:03PM by modernmonkeyy
via reddit https://ift.tt/2HftcxB

No boundaries for Facebook data: third-party trackers abuse Facebook Login
https://ift.tt/2J5VFpP

Submitted April 19, 2018 at 09:43PM by EvanConover
via reddit https://ift.tt/2HdK7jS

Your own employees are the weakest link in your defenses
https://ift.tt/2EYIyVh

Submitted April 19, 2018 at 10:01PM by vcruz911
via reddit https://ift.tt/2HzDLio

Do most team password managers allow export?
We're trying to select a team password manager and we're having a lot of problems figuring out which ones allow exporting the data. If the password company goes out of business or if, for whatever reason, we need to stop using the product then we want to be able to get our passwords out.We've had a hard time finding companies that advertise export capability on their web site or sales materials. Do we assume that no advertising == no capability or is this such a common feature that nobody bothers to advertise it but everyone has it?

Submitted April 19, 2018 at 11:32PM by CorrectCite
via reddit https://ift.tt/2K1qBsU

Crash Course to Blacklists
https://ift.tt/2Ja8XSu

Submitted April 19, 2018 at 11:21PM by ded1cated
via reddit https://ift.tt/2JX6c82

A guide for amateurs pen testers to practice ethical hacking!
https://ift.tt/2qH2PKt

Submitted April 19, 2018 at 11:33PM by 6lowpan
via reddit https://ift.tt/2Hd2o50

Living Off The Land Binaries and Scripts documentation - #LOLBins and #LOLScripts
https://ift.tt/2HdTBj4

Submitted April 19, 2018 at 11:09PM by oddvarmoe
via reddit https://ift.tt/2qJyNFY

Smart Contract Security CTF (Capture the Flag) on the Ropsten Testnet
https://ift.tt/2J5JsBu

Submitted April 20, 2018 at 12:48AM by mickayz
via reddit https://ift.tt/2qNHAWD

LinkedIn AutoFill Exposes Visitor Name, Email to Third-Party Websites
https://ift.tt/2JYPrte

Submitted April 20, 2018 at 02:24AM by cablej
via reddit https://ift.tt/2HhfjyD

What is the main difference between CEH and OSCP?
I'm trying to find a good certification that allows me to specialize in Security, I'm asking for the difference between this two because they're very recognized and complete, but maybe there are better options (and maybe cheaper(?)) that would allow me to do the same. Thank you in advance!.

Submitted April 20, 2018 at 02:48AM by candikan
via reddit https://ift.tt/2qLTKiI

LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites
https://ift.tt/2JYPrte

Submitted April 20, 2018 at 02:41AM by cablej
via reddit https://ift.tt/2vs7WDl

Who Would Use Windows Defender Browser Extension?
https://mspoweruser.com/microsoft-releases-windows-defender-extension-for-google-chrome-browser/This is an x-post from a couple of subs at this point, but I'm interested what security-minded folks think about it. Always been skeptical of Defender, and browser extensions in general. Thoughts?

Submitted April 20, 2018 at 08:48AM by CyberImbiber
via reddit https://ift.tt/2J94cZ9

Web Application-Specific Pen Testing Certification
I am looking to earn a certification in penetration testing, and my employer has given me the goal of going for web application specific certs.I've looked through a few various certifications (GWAPT from GIAC, OSWE, etc), I've even grinded them through Google Trends to get an idea what is the most "popular" to have.My benchmarks are:Industry acceptance (A great cert from a vendor nobody has heard of isn't going to help out much)The certification is more or less product and platform agnostic (I'm not looking to use Company A's SUPERSCAN product). More about learning and testing skills than competency using a single product.What certifications can help prepare for future certifications within the infosec sector.Any good suggestions or ideas on places to compare these certs? My background is heavy on software engineering, however my security background is probably not as strong.

Submitted April 20, 2018 at 10:31AM by rlerner
via reddit https://ift.tt/2vuVpPf

[Insight] Possible spam flight confirmation leads to questions.
So, a friend of mine received a confirmation email for a flight that they did not book. I got a semi-panicked call asking if I could take a look at it. They forward it to me and the sucker looks legit. I call the (for now) unnamed airline and they tell me it's legit. In fact, they give me the last four of the credit card and the entire associated phone number. Apparently, they tell me, the booking was made through a large travel broker I will for now leave unnamed. I contact them with the information I've received from the airline. After 10 minutes, they verify the information including the fact that in their system, the email on file for the real traveler is one character off from my friends. She explains it must be a system glitch that sent the confirmation to my friend. I ask her why, if they have the proper email in their records, that would occur. I got a garbled answer followed by "if your friend sees any charges on their credit card, we can for sure reverse them." That's not verbatim, but close. I should add, neither the CC info or the phone number match my friend. My question is this: does this sound normal?! It's possible I'm just so unnerved by the day to day news that I'm reading too much into this. Thought I'd turn to you all for a second opinion.

Submitted April 20, 2018 at 09:27AM by WordsThatStartw_Ass
via reddit https://ift.tt/2vCM3RV

Volkswagen Group infotainment systems vulnerable to RCE over 4G
https://ift.tt/2HQQ5bK

Submitted April 20, 2018 at 11:51AM by math1985
via reddit https://ift.tt/2J97Su0

Dedicated IP Hosting – Why is it Beneficial?
https://ift.tt/2qMlS5k

Submitted April 20, 2018 at 03:13PM by IndependentAdd
via reddit https://ift.tt/2HdvxwZ

Week 16 in Information Security, 2018
https://ift.tt/2qMlUKu

Submitted April 20, 2018 at 03:00PM by undercomm
via reddit https://ift.tt/2Hi1zHW

Phish.AI + PhishTank + Google Big Query + Google Data Studio to analyze phishing trends
https://ift.tt/2qLKc7u

Submitted April 20, 2018 at 05:39PM by jekapats
via reddit https://ift.tt/2qNvA7L