Your own employees are the weakest link in your defenses
https://ift.tt/2EYIyVh
Submitted April 19, 2018 at 10:01PM by vcruz911
via reddit https://ift.tt/2HzDLio
https://ift.tt/2EYIyVh
Submitted April 19, 2018 at 10:01PM by vcruz911
via reddit https://ift.tt/2HzDLio
Forbes
Your Own Employees Are The Weakest Link In Your Defenses
Follow these tips for tightening cybersecurity through employee training, smarter policy and the right tools.
Do most team password managers allow export?
We're trying to select a team password manager and we're having a lot of problems figuring out which ones allow exporting the data. If the password company goes out of business or if, for whatever reason, we need to stop using the product then we want to be able to get our passwords out.We've had a hard time finding companies that advertise export capability on their web site or sales materials. Do we assume that no advertising == no capability or is this such a common feature that nobody bothers to advertise it but everyone has it?
Submitted April 19, 2018 at 11:32PM by CorrectCite
via reddit https://ift.tt/2K1qBsU
We're trying to select a team password manager and we're having a lot of problems figuring out which ones allow exporting the data. If the password company goes out of business or if, for whatever reason, we need to stop using the product then we want to be able to get our passwords out.We've had a hard time finding companies that advertise export capability on their web site or sales materials. Do we assume that no advertising == no capability or is this such a common feature that nobody bothers to advertise it but everyone has it?
Submitted April 19, 2018 at 11:32PM by CorrectCite
via reddit https://ift.tt/2K1qBsU
reddit
Do most team password managers allow export? • r/security
We're trying to select a team password manager and we're having a lot of problems figuring out which ones allow exporting the data. If the...
Crash Course to Blacklists
https://ift.tt/2Ja8XSu
Submitted April 19, 2018 at 11:21PM by ded1cated
via reddit https://ift.tt/2JX6c82
https://ift.tt/2Ja8XSu
Submitted April 19, 2018 at 11:21PM by ded1cated
via reddit https://ift.tt/2JX6c82
WebARX
What is Google blacklist and how to check if your website is there?
What is blacklist? Website blacklisting is when a search engine is expelling a site from their list. When a website is blacklisted, it loses almost 95% of its organic traffic, which can rapidly affect revenue. Read more, why you should secure your site...
A guide for amateurs pen testers to practice ethical hacking!
https://ift.tt/2qH2PKt
Submitted April 19, 2018 at 11:33PM by 6lowpan
via reddit https://ift.tt/2Hd2o50
https://ift.tt/2qH2PKt
Submitted April 19, 2018 at 11:33PM by 6lowpan
via reddit https://ift.tt/2Hd2o50
GitHub
SundownDEV/hacker-roadmap
hacker-roadmap - :pushpin: A guide for amateurs pen testers and a summary of hacking tools to practice ethical hacking, pen testing and web security.
Living Off The Land Binaries and Scripts documentation - #LOLBins and #LOLScripts
https://ift.tt/2HdTBj4
Submitted April 19, 2018 at 11:09PM by oddvarmoe
via reddit https://ift.tt/2qJyNFY
https://ift.tt/2HdTBj4
Submitted April 19, 2018 at 11:09PM by oddvarmoe
via reddit https://ift.tt/2qJyNFY
GitHub
api0cradle/LOLBAS
LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Smart Contract Security CTF (Capture the Flag) on the Ropsten Testnet
https://ift.tt/2J5JsBu
Submitted April 20, 2018 at 12:48AM by mickayz
via reddit https://ift.tt/2qNHAWD
https://ift.tt/2J5JsBu
Submitted April 20, 2018 at 12:48AM by mickayz
via reddit https://ift.tt/2qNHAWD
LinkedIn AutoFill Exposes Visitor Name, Email to Third-Party Websites
https://ift.tt/2JYPrte
Submitted April 20, 2018 at 02:24AM by cablej
via reddit https://ift.tt/2HhfjyD
https://ift.tt/2JYPrte
Submitted April 20, 2018 at 02:24AM by cablej
via reddit https://ift.tt/2HhfjyD
lightningsecurity.io
LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites
What is the main difference between CEH and OSCP?
I'm trying to find a good certification that allows me to specialize in Security, I'm asking for the difference between this two because they're very recognized and complete, but maybe there are better options (and maybe cheaper(?)) that would allow me to do the same. Thank you in advance!.
Submitted April 20, 2018 at 02:48AM by candikan
via reddit https://ift.tt/2qLTKiI
I'm trying to find a good certification that allows me to specialize in Security, I'm asking for the difference between this two because they're very recognized and complete, but maybe there are better options (and maybe cheaper(?)) that would allow me to do the same. Thank you in advance!.
Submitted April 20, 2018 at 02:48AM by candikan
via reddit https://ift.tt/2qLTKiI
reddit
What is the main difference between CEH and OSCP? • r/security
I'm trying to find a good certification that allows me to specialize in Security, I'm asking for the difference between this two because they're...
LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites
https://ift.tt/2JYPrte
Submitted April 20, 2018 at 02:41AM by cablej
via reddit https://ift.tt/2vs7WDl
https://ift.tt/2JYPrte
Submitted April 20, 2018 at 02:41AM by cablej
via reddit https://ift.tt/2vs7WDl
lightningsecurity.io
LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites
Who Would Use Windows Defender Browser Extension?
https://mspoweruser.com/microsoft-releases-windows-defender-extension-for-google-chrome-browser/This is an x-post from a couple of subs at this point, but I'm interested what security-minded folks think about it. Always been skeptical of Defender, and browser extensions in general. Thoughts?
Submitted April 20, 2018 at 08:48AM by CyberImbiber
via reddit https://ift.tt/2J94cZ9
https://mspoweruser.com/microsoft-releases-windows-defender-extension-for-google-chrome-browser/This is an x-post from a couple of subs at this point, but I'm interested what security-minded folks think about it. Always been skeptical of Defender, and browser extensions in general. Thoughts?
Submitted April 20, 2018 at 08:48AM by CyberImbiber
via reddit https://ift.tt/2J94cZ9
MSPoweruser
Microsoft releases Windows Defender extension for Google Chrome browser - MSPoweruser
Microsoft has recently released a new browser extension for Google Chrome. This new extension named Windows Defender Browser Protection will protect you against online threats, like phishing and malicious websites, with real-time protection from Microsoft.…
Web Application-Specific Pen Testing Certification
I am looking to earn a certification in penetration testing, and my employer has given me the goal of going for web application specific certs.I've looked through a few various certifications (GWAPT from GIAC, OSWE, etc), I've even grinded them through Google Trends to get an idea what is the most "popular" to have.My benchmarks are:Industry acceptance (A great cert from a vendor nobody has heard of isn't going to help out much)The certification is more or less product and platform agnostic (I'm not looking to use Company A's SUPERSCAN product). More about learning and testing skills than competency using a single product.What certifications can help prepare for future certifications within the infosec sector.Any good suggestions or ideas on places to compare these certs? My background is heavy on software engineering, however my security background is probably not as strong.
Submitted April 20, 2018 at 10:31AM by rlerner
via reddit https://ift.tt/2vuVpPf
I am looking to earn a certification in penetration testing, and my employer has given me the goal of going for web application specific certs.I've looked through a few various certifications (GWAPT from GIAC, OSWE, etc), I've even grinded them through Google Trends to get an idea what is the most "popular" to have.My benchmarks are:Industry acceptance (A great cert from a vendor nobody has heard of isn't going to help out much)The certification is more or less product and platform agnostic (I'm not looking to use Company A's SUPERSCAN product). More about learning and testing skills than competency using a single product.What certifications can help prepare for future certifications within the infosec sector.Any good suggestions or ideas on places to compare these certs? My background is heavy on software engineering, however my security background is probably not as strong.
Submitted April 20, 2018 at 10:31AM by rlerner
via reddit https://ift.tt/2vuVpPf
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
[Insight] Possible spam flight confirmation leads to questions.
So, a friend of mine received a confirmation email for a flight that they did not book. I got a semi-panicked call asking if I could take a look at it. They forward it to me and the sucker looks legit. I call the (for now) unnamed airline and they tell me it's legit. In fact, they give me the last four of the credit card and the entire associated phone number. Apparently, they tell me, the booking was made through a large travel broker I will for now leave unnamed. I contact them with the information I've received from the airline. After 10 minutes, they verify the information including the fact that in their system, the email on file for the real traveler is one character off from my friends. She explains it must be a system glitch that sent the confirmation to my friend. I ask her why, if they have the proper email in their records, that would occur. I got a garbled answer followed by "if your friend sees any charges on their credit card, we can for sure reverse them." That's not verbatim, but close. I should add, neither the CC info or the phone number match my friend. My question is this: does this sound normal?! It's possible I'm just so unnerved by the day to day news that I'm reading too much into this. Thought I'd turn to you all for a second opinion.
Submitted April 20, 2018 at 09:27AM by WordsThatStartw_Ass
via reddit https://ift.tt/2vCM3RV
So, a friend of mine received a confirmation email for a flight that they did not book. I got a semi-panicked call asking if I could take a look at it. They forward it to me and the sucker looks legit. I call the (for now) unnamed airline and they tell me it's legit. In fact, they give me the last four of the credit card and the entire associated phone number. Apparently, they tell me, the booking was made through a large travel broker I will for now leave unnamed. I contact them with the information I've received from the airline. After 10 minutes, they verify the information including the fact that in their system, the email on file for the real traveler is one character off from my friends. She explains it must be a system glitch that sent the confirmation to my friend. I ask her why, if they have the proper email in their records, that would occur. I got a garbled answer followed by "if your friend sees any charges on their credit card, we can for sure reverse them." That's not verbatim, but close. I should add, neither the CC info or the phone number match my friend. My question is this: does this sound normal?! It's possible I'm just so unnerved by the day to day news that I'm reading too much into this. Thought I'd turn to you all for a second opinion.
Submitted April 20, 2018 at 09:27AM by WordsThatStartw_Ass
via reddit https://ift.tt/2vCM3RV
reddit
[Insight] Possible spam flight confirmation leads to... • r/security
So, a friend of mine received a confirmation email for a flight that they did not book. I got a semi-panicked call asking if I could take a look...
Volkswagen Group infotainment systems vulnerable to RCE over 4G
https://ift.tt/2HQQ5bK
Submitted April 20, 2018 at 11:51AM by math1985
via reddit https://ift.tt/2J97Su0
https://ift.tt/2HQQ5bK
Submitted April 20, 2018 at 11:51AM by math1985
via reddit https://ift.tt/2J97Su0
Dedicated IP Hosting – Why is it Beneficial?
https://ift.tt/2qMlS5k
Submitted April 20, 2018 at 03:13PM by IndependentAdd
via reddit https://ift.tt/2HdvxwZ
https://ift.tt/2qMlS5k
Submitted April 20, 2018 at 03:13PM by IndependentAdd
via reddit https://ift.tt/2HdvxwZ
Week 16 in Information Security, 2018
https://ift.tt/2qMlUKu
Submitted April 20, 2018 at 03:00PM by undercomm
via reddit https://ift.tt/2Hi1zHW
https://ift.tt/2qMlUKu
Submitted April 20, 2018 at 03:00PM by undercomm
via reddit https://ift.tt/2Hi1zHW
Malgregator
InfoSec Week 16, 2018
Google disables domain fronting capability in their App Engine, which was used to evade censorship. What a fortunate timing....
Phish.AI + PhishTank + Google Big Query + Google Data Studio to analyze phishing trends
https://ift.tt/2qLKc7u
Submitted April 20, 2018 at 05:39PM by jekapats
via reddit https://ift.tt/2qNvA7L
https://ift.tt/2qLKc7u
Submitted April 20, 2018 at 05:39PM by jekapats
via reddit https://ift.tt/2qNvA7L
PhishAI
Harnessing the power of Phish.AI, PhishTank, Google Big Query and Google Data Studio to analyze Phishing Trends | PhishAI
Overview PhishTank is a free community website where users and security vendors submit and share phishing data. PhishTank is doing a great job of collecting phishing data from the community around the world. However, some shortcomings of PhishTank are the…
Security In 5: Episode 221 - Tools, Tips and Tricks - Shodan.io
https://ift.tt/2F45bYi
Submitted April 20, 2018 at 06:35PM by BinaryBlog
via reddit https://ift.tt/2HMxcGG
https://ift.tt/2F45bYi
Submitted April 20, 2018 at 06:35PM by BinaryBlog
via reddit https://ift.tt/2HMxcGG
Libsyn
Security In Five Podcast: Episode 221 - Tools, Tips and Tricks - Shodan.io
This week's tools, tips and tricks episode goes over Shodan.io. A website search engine for Internet connected devices. THis website is a powerful security research tools to help you find and understand how awful the security practice around Internet of Things…
SOC at RSA conference has been scanning WiFi traffic all week, watching passwords of "security professionals" flow by unencrypted.
https://ift.tt/2vtHhpv
Submitted April 20, 2018 at 09:14PM by rtphokie
via reddit https://ift.tt/2vAR9hq
https://ift.tt/2vtHhpv
Submitted April 20, 2018 at 09:14PM by rtphokie
via reddit https://ift.tt/2vAR9hq
Dark Reading
At RSAC, SOC 'Sees' User Behaviors
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
https://ift.tt/2K237Ua
Submitted April 20, 2018 at 08:58PM by DJRWolf
via reddit https://ift.tt/2HC9vU6
https://ift.tt/2K237Ua
Submitted April 20, 2018 at 08:58PM by DJRWolf
via reddit https://ift.tt/2HC9vU6
BleepingComputer
FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front.
Unified malware database on blockchain
Previously an idea has been keep hitting my head so I am willing to share here and want to know your views on it....Now these days malwares are getting advanced day by day. New vulnerabilities getting discovered at lightning speed and takes more time to patch them, mean while systems remain vulnerable to unseen malware attacks which are yet to be added in anti virus databases. Let's say firm ABC uses two different anti virus solutions X and Y. Now major vulnerability comes up in market and cyber security researchers starts to upload malware signatures to public databases such as virus total and anti virus vendor for solution X updates thier database instantly and vendor for solution Y does it 1-2 weeks later. Meaning firm ABC's systems using Y anti virus solutions will remain vulnerable to malware attacks for 1-2 weeks.Now let's try to solve this problem with blockchain technology. As we all know blockchain based ledger can store and distribute data globally and make it available to everyone in few seconds. What if we can develop a system which can store malware signatures on block chain uploaded by community trusted cyber security researchers and all anti virus solution utilises this unified system of malware database. So now whenever new malware is discovered by cyber security researchers all anti virus solutions gets updated with new signatures so they can layout detection techniques for them in less time and security researchers gets paid in crypto currency to support them in thier further research work. This way we are enabling malware researchers directly protecting thousands of businesses relying on anti virus solutions.Don't forget to up vote if you liked my idea :)
Submitted April 20, 2018 at 09:36PM by cjhackerz
via reddit https://ift.tt/2HhSET1
Previously an idea has been keep hitting my head so I am willing to share here and want to know your views on it....Now these days malwares are getting advanced day by day. New vulnerabilities getting discovered at lightning speed and takes more time to patch them, mean while systems remain vulnerable to unseen malware attacks which are yet to be added in anti virus databases. Let's say firm ABC uses two different anti virus solutions X and Y. Now major vulnerability comes up in market and cyber security researchers starts to upload malware signatures to public databases such as virus total and anti virus vendor for solution X updates thier database instantly and vendor for solution Y does it 1-2 weeks later. Meaning firm ABC's systems using Y anti virus solutions will remain vulnerable to malware attacks for 1-2 weeks.Now let's try to solve this problem with blockchain technology. As we all know blockchain based ledger can store and distribute data globally and make it available to everyone in few seconds. What if we can develop a system which can store malware signatures on block chain uploaded by community trusted cyber security researchers and all anti virus solution utilises this unified system of malware database. So now whenever new malware is discovered by cyber security researchers all anti virus solutions gets updated with new signatures so they can layout detection techniques for them in less time and security researchers gets paid in crypto currency to support them in thier further research work. This way we are enabling malware researchers directly protecting thousands of businesses relying on anti virus solutions.Don't forget to up vote if you liked my idea :)
Submitted April 20, 2018 at 09:36PM by cjhackerz
via reddit https://ift.tt/2HhSET1
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
Intel SGX - do you trust it for privacy and security?
While theoretically Intel SGX creates a secure enclave on a remote server, preventing the hoster of the service (or hackers, or government) to peek into your code and data, it is based on Intel hardware. Which probably means US government has access to the secure enclave.Signal are reportedly using SGX to hide contacts from government but if Intel has access, what's the point?
Submitted April 20, 2018 at 09:07PM by virprudens
via reddit https://ift.tt/2K4q5dt
While theoretically Intel SGX creates a secure enclave on a remote server, preventing the hoster of the service (or hackers, or government) to peek into your code and data, it is based on Intel hardware. Which probably means US government has access to the secure enclave.Signal are reportedly using SGX to hide contacts from government but if Intel has access, what's the point?
Submitted April 20, 2018 at 09:07PM by virprudens
via reddit https://ift.tt/2K4q5dt
www.theregister.co.uk
Signal taps up Intel's SGX to (hopefully) stop contacts falling into hackers, cops' hands
In Moxie we trust