FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
https://ift.tt/2K237Ua
Submitted April 20, 2018 at 08:58PM by DJRWolf
via reddit https://ift.tt/2HC9vU6
https://ift.tt/2K237Ua
Submitted April 20, 2018 at 08:58PM by DJRWolf
via reddit https://ift.tt/2HC9vU6
BleepingComputer
FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms
The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front.
Unified malware database on blockchain
Previously an idea has been keep hitting my head so I am willing to share here and want to know your views on it....Now these days malwares are getting advanced day by day. New vulnerabilities getting discovered at lightning speed and takes more time to patch them, mean while systems remain vulnerable to unseen malware attacks which are yet to be added in anti virus databases. Let's say firm ABC uses two different anti virus solutions X and Y. Now major vulnerability comes up in market and cyber security researchers starts to upload malware signatures to public databases such as virus total and anti virus vendor for solution X updates thier database instantly and vendor for solution Y does it 1-2 weeks later. Meaning firm ABC's systems using Y anti virus solutions will remain vulnerable to malware attacks for 1-2 weeks.Now let's try to solve this problem with blockchain technology. As we all know blockchain based ledger can store and distribute data globally and make it available to everyone in few seconds. What if we can develop a system which can store malware signatures on block chain uploaded by community trusted cyber security researchers and all anti virus solution utilises this unified system of malware database. So now whenever new malware is discovered by cyber security researchers all anti virus solutions gets updated with new signatures so they can layout detection techniques for them in less time and security researchers gets paid in crypto currency to support them in thier further research work. This way we are enabling malware researchers directly protecting thousands of businesses relying on anti virus solutions.Don't forget to up vote if you liked my idea :)
Submitted April 20, 2018 at 09:36PM by cjhackerz
via reddit https://ift.tt/2HhSET1
Previously an idea has been keep hitting my head so I am willing to share here and want to know your views on it....Now these days malwares are getting advanced day by day. New vulnerabilities getting discovered at lightning speed and takes more time to patch them, mean while systems remain vulnerable to unseen malware attacks which are yet to be added in anti virus databases. Let's say firm ABC uses two different anti virus solutions X and Y. Now major vulnerability comes up in market and cyber security researchers starts to upload malware signatures to public databases such as virus total and anti virus vendor for solution X updates thier database instantly and vendor for solution Y does it 1-2 weeks later. Meaning firm ABC's systems using Y anti virus solutions will remain vulnerable to malware attacks for 1-2 weeks.Now let's try to solve this problem with blockchain technology. As we all know blockchain based ledger can store and distribute data globally and make it available to everyone in few seconds. What if we can develop a system which can store malware signatures on block chain uploaded by community trusted cyber security researchers and all anti virus solution utilises this unified system of malware database. So now whenever new malware is discovered by cyber security researchers all anti virus solutions gets updated with new signatures so they can layout detection techniques for them in less time and security researchers gets paid in crypto currency to support them in thier further research work. This way we are enabling malware researchers directly protecting thousands of businesses relying on anti virus solutions.Don't forget to up vote if you liked my idea :)
Submitted April 20, 2018 at 09:36PM by cjhackerz
via reddit https://ift.tt/2HhSET1
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
Intel SGX - do you trust it for privacy and security?
While theoretically Intel SGX creates a secure enclave on a remote server, preventing the hoster of the service (or hackers, or government) to peek into your code and data, it is based on Intel hardware. Which probably means US government has access to the secure enclave.Signal are reportedly using SGX to hide contacts from government but if Intel has access, what's the point?
Submitted April 20, 2018 at 09:07PM by virprudens
via reddit https://ift.tt/2K4q5dt
While theoretically Intel SGX creates a secure enclave on a remote server, preventing the hoster of the service (or hackers, or government) to peek into your code and data, it is based on Intel hardware. Which probably means US government has access to the secure enclave.Signal are reportedly using SGX to hide contacts from government but if Intel has access, what's the point?
Submitted April 20, 2018 at 09:07PM by virprudens
via reddit https://ift.tt/2K4q5dt
www.theregister.co.uk
Signal taps up Intel's SGX to (hopefully) stop contacts falling into hackers, cops' hands
In Moxie we trust
CyberSecurity News/Update Services
Hi All,Might I ask if people can share reliable and trustworthy CyberSecurity News/updates globally?As in, a service that can provide updates in changes in CyberSecurity and privacy legislation e.g. "Thailand passes new privacy or CyberSecurity legislation" where I can receive a notification and it can provide me with the legislation and potentially some commentary on it?I am aware of such sites like LexisNexis, Thomson, Reuters and Westlaw.Any recommendations?Many Thanks, StoneofScone
Submitted April 20, 2018 at 09:52PM by StoneofScone17
via reddit https://ift.tt/2HepE2B
Hi All,Might I ask if people can share reliable and trustworthy CyberSecurity News/updates globally?As in, a service that can provide updates in changes in CyberSecurity and privacy legislation e.g. "Thailand passes new privacy or CyberSecurity legislation" where I can receive a notification and it can provide me with the legislation and potentially some commentary on it?I am aware of such sites like LexisNexis, Thomson, Reuters and Westlaw.Any recommendations?Many Thanks, StoneofScone
Submitted April 20, 2018 at 09:52PM by StoneofScone17
via reddit https://ift.tt/2HepE2B
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
Interested in Transitioning to Information Security.
Greeting Redditors. /TLDR @ BottomI am Clone 07 from the 85th batch on Kamino. I am trained as a LEO and I am currently employed doing Physical Security ( at a hospital. )My experience working in these fields as led me to believe that the real treat is in cyber space. I've participated in raids with the FBI and LBI (Louisiana AG office.) Its not really as exciting as it sounds because I was just a boot on the priemeter; However, the Agents did invite us to de brief with them and I got to talk to them a little and it the crimes always happened in cyberspace. It got me to thinking and I liked the Idea of working in cyberspace, So I consulted with another good friend of mine who works for the government in cyberspace and he suggested I get started with N+.My question for the sub is simply... Where do I get started? Should I try and go back to school? Should I just focus on the Certs? Are there any good study materials out the for N+?TLDR = Cop wants to get into cyber security, doesn't know where to start, Help?
Submitted April 20, 2018 at 11:24PM by Clone0785
via reddit https://ift.tt/2Hz2tiK
Greeting Redditors. /TLDR @ BottomI am Clone 07 from the 85th batch on Kamino. I am trained as a LEO and I am currently employed doing Physical Security ( at a hospital. )My experience working in these fields as led me to believe that the real treat is in cyber space. I've participated in raids with the FBI and LBI (Louisiana AG office.) Its not really as exciting as it sounds because I was just a boot on the priemeter; However, the Agents did invite us to de brief with them and I got to talk to them a little and it the crimes always happened in cyberspace. It got me to thinking and I liked the Idea of working in cyberspace, So I consulted with another good friend of mine who works for the government in cyberspace and he suggested I get started with N+.My question for the sub is simply... Where do I get started? Should I try and go back to school? Should I just focus on the Certs? Are there any good study materials out the for N+?TLDR = Cop wants to get into cyber security, doesn't know where to start, Help?
Submitted April 20, 2018 at 11:24PM by Clone0785
via reddit https://ift.tt/2Hz2tiK
reddit
Interested in Transitioning to Information Security. • r/security
Greeting Redditors. /TLDR @ Bottom I am Clone 07 from the 85th batch on Kamino. I am trained as a LEO and I am currently employed doing...
Confusing Burp's display with fake encoding
https://ift.tt/2J8hm8I
Submitted April 20, 2018 at 11:57PM by jvoisin
via reddit https://ift.tt/2HibCZJ
https://ift.tt/2J8hm8I
Submitted April 20, 2018 at 11:57PM by jvoisin
via reddit https://ift.tt/2HibCZJ
dustri.org
Confusing Burp's display with fake encoding
Personnal blog of Julien (jvoisin) Voisin
A CISO's takeaways and thoughts about the new OURSA conference
https://ift.tt/2HzbSXJ
Submitted April 20, 2018 at 11:30PM by ju1i3k
via reddit https://ift.tt/2JcYBBf
https://ift.tt/2HzbSXJ
Submitted April 20, 2018 at 11:30PM by ju1i3k
via reddit https://ift.tt/2JcYBBf
Cobalt.io
OURSA, Their Presentations, and Your Follow-up
The RSA Conference descended on San Francisco again this year. It attracts hordes of infosec people who wander the jumbled grid of vendor…
Grouper - A PowerShell noscript to find vulnerable settings in AD Group Policy (Full Sources - See Comment)
https://ift.tt/2EdV5VL
Submitted April 21, 2018 at 02:37AM by TechLord2
via reddit https://ift.tt/2HB6UcW
https://ift.tt/2EdV5VL
Submitted April 21, 2018 at 02:37AM by TechLord2
via reddit https://ift.tt/2HB6UcW
GitHub
l0ss/Grouper
Grouper - A PowerShell noscript for helping to find vulnerable settings in AD Group Policy.
Heartbeat tool - what kind of abuse should I expect?
I'm considering to provide a tool to my users where they can set up a heartbeat to a URL of their choosing. What kind of abuses should I expect and account for?For example if user John Doe would like to use this tool to be notified if his blog website at www. My John Doe blog.com goes down or comes back with a response other than 200. This tool would be like a Cron job that runs a HTTP request every one minute and sends out an alert if the response doesn't match.
Submitted April 21, 2018 at 04:38AM by daw1cked
via reddit https://ift.tt/2K2rrFF
I'm considering to provide a tool to my users where they can set up a heartbeat to a URL of their choosing. What kind of abuses should I expect and account for?For example if user John Doe would like to use this tool to be notified if his blog website at www. My John Doe blog.com goes down or comes back with a response other than 200. This tool would be like a Cron job that runs a HTTP request every one minute and sends out an alert if the response doesn't match.
Submitted April 21, 2018 at 04:38AM by daw1cked
via reddit https://ift.tt/2K2rrFF
reddit
Heartbeat tool - what kind of abuse should I expect? • r/security
I'm considering to provide a tool to my users where they can set up a heartbeat to a URL of their choosing. What kind of abuses should I expect...
Can someone identify this USB device?
https://ift.tt/2HN6rlv
Submitted April 21, 2018 at 05:32AM by jlongx83
via reddit https://ift.tt/2vwD8kH
https://ift.tt/2HN6rlv
Submitted April 21, 2018 at 05:32AM by jlongx83
via reddit https://ift.tt/2vwD8kH
Imgur
Can someone identify this USB device?
Invoke-ATTACKAPI: Invoke-ATTACKAPI A PowerShell noscript to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team.
https://ift.tt/2wG5WT0
Submitted April 21, 2018 at 05:51AM by 0xCory
via reddit https://ift.tt/2F4TFfd
https://ift.tt/2wG5WT0
Submitted April 21, 2018 at 05:51AM by 0xCory
via reddit https://ift.tt/2F4TFfd
GitHub
Cyb3rWard0g/Invoke-ATTACKAPI
Invoke-ATTACKAPI - A PowerShell noscript to interact with the MITRE ATT&CK Framework via its own API
McAfee purchased TunnelBear VPN last month, with plans to integrate it in to McAfee’s Safe Connect software. This now makes TunnelBear a US-based entity which could change the log policies as it must comply with US laws (it was Canadian prior to the acquisition).
https://ift.tt/2Gcmg4E
Submitted April 21, 2018 at 08:02AM by Erik_Stcroix
via reddit https://ift.tt/2vC9qeg
https://ift.tt/2Gcmg4E
Submitted April 21, 2018 at 08:02AM by Erik_Stcroix
via reddit https://ift.tt/2vC9qeg
TechRadar
Antivirus giant McAfee buys VPN provider TunnelBear
TunnelBear's tech will be incorporated into McAfee Safe Connect, but what will happen to its free service?
Any way to keep "ALL" contents backup?
Hey all, hope you all are having an awesome day :DNow, I want to keep daily works as backup into the cloud and that includes my business and personal things on daily basis. But I want a good trustable cloud service who won't look into my personal as well as business files because face it no one would like anyone to look at their personal and business stuff. I think there was an article where one drive's stuff accessed some contents or it was Evernote? I don't remember exactly.The thing is I want to keep the daily backup of all my business files as well as personal things into the cloud. The reason is I fear that my lappy may stop working one morning and I lose all data and I already have 2 external HDDs but we don't know when external HDDs can stop working. Electronics these days...haha! Another major reason is that my friend's laptop was stolen from a public place and there was no one to blame. Actually, it was his foolishness to keep his lappy like that on the table without staying alert. So, I fear that same can happen to me and I lose my crucial data and files. Robberies are so pathetic. Hard earned money and things go away in an instant. :(So, which is a good trustable cloud service that will securely keep my biz as well as personal data?What will you recommend and what do you use yourself to back up your important work files and personal things?Thanks in advance!
Submitted April 21, 2018 at 08:54AM by TheRealistDude
via reddit https://ift.tt/2qPf3jH
Hey all, hope you all are having an awesome day :DNow, I want to keep daily works as backup into the cloud and that includes my business and personal things on daily basis. But I want a good trustable cloud service who won't look into my personal as well as business files because face it no one would like anyone to look at their personal and business stuff. I think there was an article where one drive's stuff accessed some contents or it was Evernote? I don't remember exactly.The thing is I want to keep the daily backup of all my business files as well as personal things into the cloud. The reason is I fear that my lappy may stop working one morning and I lose all data and I already have 2 external HDDs but we don't know when external HDDs can stop working. Electronics these days...haha! Another major reason is that my friend's laptop was stolen from a public place and there was no one to blame. Actually, it was his foolishness to keep his lappy like that on the table without staying alert. So, I fear that same can happen to me and I lose my crucial data and files. Robberies are so pathetic. Hard earned money and things go away in an instant. :(So, which is a good trustable cloud service that will securely keep my biz as well as personal data?What will you recommend and what do you use yourself to back up your important work files and personal things?Thanks in advance!
Submitted April 21, 2018 at 08:54AM by TheRealistDude
via reddit https://ift.tt/2qPf3jH
reddit
Any way to keep "ALL" contents backup? • r/security
Hey all, hope you all are having an awesome day :D Now, I want to keep daily works as backup into the cloud and that includes my business and...
Is an anti-virus tool for Linux (ex. Sophos) necessary?
Many Linux users claim they have nothing to fear as hackers primarily create viruses for Windows machines, but is that a good enough reason to not install an anti-virus tool?Sophos came out a few years ago making the claim that no machine was safe. They claimed that Linux was susceptible to viruses/attacks and has been attacked in the past. Many people thought they were BSing and asked Sophos to "put up or shut up" with proof of their claims and I'm unsure if they ever came around to providing that proof.What do you guys think? Is it worth the download?
Submitted April 21, 2018 at 08:10AM by JFKfanboi
via reddit https://ift.tt/2qR7k4r
Many Linux users claim they have nothing to fear as hackers primarily create viruses for Windows machines, but is that a good enough reason to not install an anti-virus tool?Sophos came out a few years ago making the claim that no machine was safe. They claimed that Linux was susceptible to viruses/attacks and has been attacked in the past. Many people thought they were BSing and asked Sophos to "put up or shut up" with proof of their claims and I'm unsure if they ever came around to providing that proof.What do you guys think? Is it worth the download?
Submitted April 21, 2018 at 08:10AM by JFKfanboi
via reddit https://ift.tt/2qR7k4r
reddit
Is an anti-virus tool for Linux (ex. Sophos) necessary? • r/security
Many Linux users claim they have nothing to fear as hackers primarily create viruses for Windows machines, but is that a good enough reason to not...
Malspam pushing ransomware using two layers of password protection to avoid detection
https://ift.tt/2HETfl3
Submitted April 21, 2018 at 09:17AM by TechLord2
via reddit https://ift.tt/2qO2o1f
https://ift.tt/2HETfl3
Submitted April 21, 2018 at 09:17AM by TechLord2
via reddit https://ift.tt/2qO2o1f
Reddit
reddit: the front page of the internet
r/netsec: A community for technical news and discussion of information security and closely related topics.
Anyone seen this? (IE with green border and "Encrypting" keyboard symbol bottom right). Not sure if malware or some keystroke masking software.
https://ift.tt/2Jg05uj
Submitted April 21, 2018 at 09:34AM by comedybill
via reddit https://ift.tt/2qN3lGT
https://ift.tt/2Jg05uj
Submitted April 21, 2018 at 09:34AM by comedybill
via reddit https://ift.tt/2qN3lGT
Secured and unsecured home environments
Hi all,I am leaning toward buying or building a windows machine dedicated strictly to processing sensitive personal transactions. Does anyone else do this?How I would protect:-Dedicated network interface and network -wired connection -Security suite (Bit Defender or Norton, leaning toward Norton) -dedicated printer/scanner -strict firewall rules to lock down egress in addition to the default implicit deny. -Geo IP range blocking -Dedicated e-mail address used only for services to be used on the secured networkAnything obvious I am missing?If you do this, what sort of activity do you classify as sensitive or to be processed on the secured network/device?I am thinking anything that involves obvious PII/HIPPA type Information.Banking, brokerage, health insurance/medical issues. I would consider possibly shopping but part of me is a little hesitant to include it there. There must be a point at which there is a cut off otherwise one could argue everything is important including social media, YouTube searching and general googling. At that point there would be no difference between the unsecured and secured networks since I would generally set them up in almost the same way anyway, aside from strict egress lockdown.
Submitted April 21, 2018 at 12:03PM by NewUsername258
via reddit https://ift.tt/2vxwTgG
Hi all,I am leaning toward buying or building a windows machine dedicated strictly to processing sensitive personal transactions. Does anyone else do this?How I would protect:-Dedicated network interface and network -wired connection -Security suite (Bit Defender or Norton, leaning toward Norton) -dedicated printer/scanner -strict firewall rules to lock down egress in addition to the default implicit deny. -Geo IP range blocking -Dedicated e-mail address used only for services to be used on the secured networkAnything obvious I am missing?If you do this, what sort of activity do you classify as sensitive or to be processed on the secured network/device?I am thinking anything that involves obvious PII/HIPPA type Information.Banking, brokerage, health insurance/medical issues. I would consider possibly shopping but part of me is a little hesitant to include it there. There must be a point at which there is a cut off otherwise one could argue everything is important including social media, YouTube searching and general googling. At that point there would be no difference between the unsecured and secured networks since I would generally set them up in almost the same way anyway, aside from strict egress lockdown.
Submitted April 21, 2018 at 12:03PM by NewUsername258
via reddit https://ift.tt/2vxwTgG
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
Virtual Machine for Adversary Emulation and Threat Hunting
https://ift.tt/2HkMVM6
Submitted April 21, 2018 at 01:37PM by chauh-s
via reddit https://ift.tt/2HgzfSw
https://ift.tt/2HkMVM6
Submitted April 21, 2018 at 01:37PM by chauh-s
via reddit https://ift.tt/2HgzfSw
GitHub
redhuntlabs/RedHunt-OS
RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
Best open source software to crypt folders ?
Thanks !
Submitted April 21, 2018 at 02:07PM by aymanbt
via reddit https://ift.tt/2vxtb6D
Thanks !
Submitted April 21, 2018 at 02:07PM by aymanbt
via reddit https://ift.tt/2vxtb6D
reddit
Best open source software to crypt folders ? • r/security
Thanks !
Why Do We Need Security Network Audit
https://www.youtube.com/watch?v=eMqv2N72wfo
Submitted April 21, 2018 at 02:30PM by primeinfoserv
via reddit https://ift.tt/2HgIwxT
https://www.youtube.com/watch?v=eMqv2N72wfo
Submitted April 21, 2018 at 02:30PM by primeinfoserv
via reddit https://ift.tt/2HgIwxT
YouTube
Why Do We Need Network Audit
Our CEO Mr. Sushobhan Mukherjee discussed that Why do we need Network Audit. If any help needed on this types of issue, our experts can guide you the right r...
JavaScript that detect hosts in my local net
I am fallen in a web page (https://www.cleancss.com/router-default/ZyXEL/P-660H-D1) that "scan" (or try to) my local network looking for devices. Just for curiosity, i take a look to the source code and I found a javanoscript that seems to be able to scan my localnet:https://pastebin.com/7bvHaRwnThat's safe ? Is possibile to write down a JS that scan my localnet and send results to outside server ?A bit afraid.
Submitted April 21, 2018 at 05:25PM by o-zone1978
via reddit https://ift.tt/2vx0Z3L
I am fallen in a web page (https://www.cleancss.com/router-default/ZyXEL/P-660H-D1) that "scan" (or try to) my local network looking for devices. Just for curiosity, i take a look to the source code and I found a javanoscript that seems to be able to scan my localnet:https://pastebin.com/7bvHaRwnThat's safe ? Is possibile to write down a JS that scan my localnet and send results to outside server ?A bit afraid.
Submitted April 21, 2018 at 05:25PM by o-zone1978
via reddit https://ift.tt/2vx0Z3L
Cleancss
ZyXEL P-660H-D1 Default Router Login and Password
Find the default login, username, password, and ip address for your ZyXEL P-660H-D1 router. You will need to know then when you get a new router, or when you reset your router.