LinkedIn AutoFill Exposed Visitor Name, Email to Third-Party Websites
https://ift.tt/2JYPrte

Submitted April 20, 2018 at 02:41AM by cablej
via reddit https://ift.tt/2vs7WDl

Who Would Use Windows Defender Browser Extension?
https://mspoweruser.com/microsoft-releases-windows-defender-extension-for-google-chrome-browser/This is an x-post from a couple of subs at this point, but I'm interested what security-minded folks think about it. Always been skeptical of Defender, and browser extensions in general. Thoughts?

Submitted April 20, 2018 at 08:48AM by CyberImbiber
via reddit https://ift.tt/2J94cZ9

Web Application-Specific Pen Testing Certification
I am looking to earn a certification in penetration testing, and my employer has given me the goal of going for web application specific certs.I've looked through a few various certifications (GWAPT from GIAC, OSWE, etc), I've even grinded them through Google Trends to get an idea what is the most "popular" to have.My benchmarks are:Industry acceptance (A great cert from a vendor nobody has heard of isn't going to help out much)The certification is more or less product and platform agnostic (I'm not looking to use Company A's SUPERSCAN product). More about learning and testing skills than competency using a single product.What certifications can help prepare for future certifications within the infosec sector.Any good suggestions or ideas on places to compare these certs? My background is heavy on software engineering, however my security background is probably not as strong.

Submitted April 20, 2018 at 10:31AM by rlerner
via reddit https://ift.tt/2vuVpPf

[Insight] Possible spam flight confirmation leads to questions.
So, a friend of mine received a confirmation email for a flight that they did not book. I got a semi-panicked call asking if I could take a look at it. They forward it to me and the sucker looks legit. I call the (for now) unnamed airline and they tell me it's legit. In fact, they give me the last four of the credit card and the entire associated phone number. Apparently, they tell me, the booking was made through a large travel broker I will for now leave unnamed. I contact them with the information I've received from the airline. After 10 minutes, they verify the information including the fact that in their system, the email on file for the real traveler is one character off from my friends. She explains it must be a system glitch that sent the confirmation to my friend. I ask her why, if they have the proper email in their records, that would occur. I got a garbled answer followed by "if your friend sees any charges on their credit card, we can for sure reverse them." That's not verbatim, but close. I should add, neither the CC info or the phone number match my friend. My question is this: does this sound normal?! It's possible I'm just so unnerved by the day to day news that I'm reading too much into this. Thought I'd turn to you all for a second opinion.

Submitted April 20, 2018 at 09:27AM by WordsThatStartw_Ass
via reddit https://ift.tt/2vCM3RV

Volkswagen Group infotainment systems vulnerable to RCE over 4G
https://ift.tt/2HQQ5bK

Submitted April 20, 2018 at 11:51AM by math1985
via reddit https://ift.tt/2J97Su0

Dedicated IP Hosting – Why is it Beneficial?
https://ift.tt/2qMlS5k

Submitted April 20, 2018 at 03:13PM by IndependentAdd
via reddit https://ift.tt/2HdvxwZ

Week 16 in Information Security, 2018
https://ift.tt/2qMlUKu

Submitted April 20, 2018 at 03:00PM by undercomm
via reddit https://ift.tt/2Hi1zHW

Phish.AI + PhishTank + Google Big Query + Google Data Studio to analyze phishing trends
https://ift.tt/2qLKc7u

Submitted April 20, 2018 at 05:39PM by jekapats
via reddit https://ift.tt/2qNvA7L

Security In 5: Episode 221 - Tools, Tips and Tricks - Shodan.io
https://ift.tt/2F45bYi

Submitted April 20, 2018 at 06:35PM by BinaryBlog
via reddit https://ift.tt/2HMxcGG

SOC at RSA conference has been scanning WiFi traffic all week, watching passwords of "security professionals" flow by unencrypted.
https://ift.tt/2vtHhpv

Submitted April 20, 2018 at 09:14PM by rtphokie
via reddit https://ift.tt/2vAR9hq

FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
https://ift.tt/2K237Ua

Submitted April 20, 2018 at 08:58PM by DJRWolf
via reddit https://ift.tt/2HC9vU6

Unified malware database on blockchain
Previously an idea has been keep hitting my head so I am willing to share here and want to know your views on it....Now these days malwares are getting advanced day by day. New vulnerabilities getting discovered at lightning speed and takes more time to patch them, mean while systems remain vulnerable to unseen malware attacks which are yet to be added in anti virus databases. Let's say firm ABC uses two different anti virus solutions X and Y. Now major vulnerability comes up in market and cyber security researchers starts to upload malware signatures to public databases such as virus total and anti virus vendor for solution X updates thier database instantly and vendor for solution Y does it 1-2 weeks later. Meaning firm ABC's systems using Y anti virus solutions will remain vulnerable to malware attacks for 1-2 weeks.Now let's try to solve this problem with blockchain technology. As we all know blockchain based ledger can store and distribute data globally and make it available to everyone in few seconds. What if we can develop a system which can store malware signatures on block chain uploaded by community trusted cyber security researchers and all anti virus solution utilises this unified system of malware database. So now whenever new malware is discovered by cyber security researchers all anti virus solutions gets updated with new signatures so they can layout detection techniques for them in less time and security researchers gets paid in crypto currency to support them in thier further research work. This way we are enabling malware researchers directly protecting thousands of businesses relying on anti virus solutions.Don't forget to up vote if you liked my idea :)

Submitted April 20, 2018 at 09:36PM by cjhackerz
via reddit https://ift.tt/2HhSET1

Intel SGX - do you trust it for privacy and security?
While theoretically Intel SGX creates a secure enclave on a remote server, preventing the hoster of the service (or hackers, or government) to peek into your code and data, it is based on Intel hardware. Which probably means US government has access to the secure enclave.Signal are reportedly using SGX to hide contacts from government but if Intel has access, what's the point?

Submitted April 20, 2018 at 09:07PM by virprudens
via reddit https://ift.tt/2K4q5dt

CyberSecurity News/Update Services
Hi All,Might I ask if people can share reliable and trustworthy CyberSecurity News/updates globally?As in, a service that can provide updates in changes in CyberSecurity and privacy legislation e.g. "Thailand passes new privacy or CyberSecurity legislation" where I can receive a notification and it can provide me with the legislation and potentially some commentary on it?I am aware of such sites like LexisNexis, Thomson, Reuters and Westlaw.Any recommendations?Many Thanks, StoneofScone

Submitted April 20, 2018 at 09:52PM by StoneofScone17
via reddit https://ift.tt/2HepE2B

Interested in Transitioning to Information Security.
Greeting Redditors. /TLDR @ BottomI am Clone 07 from the 85th batch on Kamino. I am trained as a LEO and I am currently employed doing Physical Security ( at a hospital. )My experience working in these fields as led me to believe that the real treat is in cyber space. I've participated in raids with the FBI and LBI (Louisiana AG office.) Its not really as exciting as it sounds because I was just a boot on the priemeter; However, the Agents did invite us to de brief with them and I got to talk to them a little and it the crimes always happened in cyberspace. It got me to thinking and I liked the Idea of working in cyberspace, So I consulted with another good friend of mine who works for the government in cyberspace and he suggested I get started with N+.My question for the sub is simply... Where do I get started? Should I try and go back to school? Should I just focus on the Certs? Are there any good study materials out the for N+?TLDR = Cop wants to get into cyber security, doesn't know where to start, Help?

Submitted April 20, 2018 at 11:24PM by Clone0785
via reddit https://ift.tt/2Hz2tiK

Confusing Burp's display with fake encoding
https://ift.tt/2J8hm8I

Submitted April 20, 2018 at 11:57PM by jvoisin
via reddit https://ift.tt/2HibCZJ

A CISO's takeaways and thoughts about the new OURSA conference
https://ift.tt/2HzbSXJ

Submitted April 20, 2018 at 11:30PM by ju1i3k
via reddit https://ift.tt/2JcYBBf

Grouper - A PowerShell noscript to find vulnerable settings in AD Group Policy (Full Sources - See Comment)
https://ift.tt/2EdV5VL

Submitted April 21, 2018 at 02:37AM by TechLord2
via reddit https://ift.tt/2HB6UcW

Heartbeat tool - what kind of abuse should I expect?
I'm considering to provide a tool to my users where they can set up a heartbeat to a URL of their choosing. What kind of abuses should I expect and account for?For example if user John Doe would like to use this tool to be notified if his blog website at www. My John Doe blog.com goes down or comes back with a response other than 200. This tool would be like a Cron job that runs a HTTP request every one minute and sends out an alert if the response doesn't match.

Submitted April 21, 2018 at 04:38AM by daw1cked
via reddit https://ift.tt/2K2rrFF

Can someone identify this USB device?
https://ift.tt/2HN6rlv

Submitted April 21, 2018 at 05:32AM by jlongx83
via reddit https://ift.tt/2vwD8kH

Invoke-ATTACKAPI: Invoke-ATTACKAPI A PowerShell noscript to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team.
https://ift.tt/2wG5WT0

Submitted April 21, 2018 at 05:51AM by 0xCory
via reddit https://ift.tt/2F4TFfd