Justifying Security Spend, a Response from Nehemiah Security: Part 7
https://www.youtube.com/watch?v=mPESrN8dlUE
Submitted April 26, 2018 at 05:38PM by Uminekoshi
via reddit https://ift.tt/2HyCfd3
https://www.youtube.com/watch?v=mPESrN8dlUE
Submitted April 26, 2018 at 05:38PM by Uminekoshi
via reddit https://ift.tt/2HyCfd3
YouTube
Justifying Security Spend, a Response from Nehemiah Security: Part 7
In this video, Jerry Caponera responds to an entry in our eBook about "7 Experts on Justifying Security Spend" written by Kevin McLaughlin. If your friend wa...
PVR Cinema Theaters API explosed!! You Can get access to any Tickets you want just change bookingId:- https://ift.tt/2KiNsAi They much take care of such scenario!!!
https://ift.tt/2KiNsAi
Submitted April 26, 2018 at 04:40PM by worldwide__master
via reddit https://ift.tt/2KiNMz0
https://ift.tt/2KiNsAi
Submitted April 26, 2018 at 04:40PM by worldwide__master
via reddit https://ift.tt/2KiNMz0
Reports of widespread cyberattacks targeting Cisco networking devices
https://ift.tt/2HvwEs0
Submitted April 26, 2018 at 06:14PM by Mr_CyberFish
via reddit https://ift.tt/2r3Co0O
https://ift.tt/2HvwEs0
Submitted April 26, 2018 at 06:14PM by Mr_CyberFish
via reddit https://ift.tt/2r3Co0O
Cyberint
Cisco Smart Install (SMI)
Over the past forty-eight hours, since 5 April 2018, there have been numerous open source reports of wide spread cyberattacks targeting Cisco networking devices, specifically switches using the Cisco Smart Install Client, primarily within Iran and Russia.
JingWang - Chinese government surveillance app is vulnerable to MITM attacks
https://ift.tt/2HvwEIw
Submitted April 26, 2018 at 06:08PM by rafudu
via reddit https://ift.tt/2r3Cp4S
https://ift.tt/2HvwEIw
Submitted April 26, 2018 at 06:08PM by rafudu
via reddit https://ift.tt/2r3Cp4S
SideChannel
Chinese government surveillance app is vulnerable to MITM attacks
By Leandro Rocha
Ski Lift in Austria Left Control Panel Open on the Internet
https://ift.tt/2r22zVK
Submitted April 26, 2018 at 06:02PM by Iot_Security
via reddit https://ift.tt/2JscrQg
https://ift.tt/2r22zVK
Submitted April 26, 2018 at 06:02PM by Iot_Security
via reddit https://ift.tt/2JscrQg
BleepingComputer
Ski Lift in Austria Left Control Panel Open on the Internet
Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift's operational settings.
Security In 5: Episode 225 - The GDPR Will Show You How Your Data Is Used - PayPal Example
https://ift.tt/2I3jlw4
Submitted April 26, 2018 at 06:32PM by BinaryBlog
via reddit https://ift.tt/2Hw7Mwe
https://ift.tt/2I3jlw4
Submitted April 26, 2018 at 06:32PM by BinaryBlog
via reddit https://ift.tt/2Hw7Mwe
Libsyn
Security In Five Podcast: Episode 225 - The GDPR Will Show You How Your Data Is Used - PayPal Example
The GDPR will open the eyes to all of us when it comes to what data is collected by companies, how it's used and who it's shared with. THis episode goes into the detail of the GDPR but also the PayPal example of how many companies they share your data with.…
Test and enhance the security of your Meteor applications
https://ift.tt/2HuwOvG
Submitted April 26, 2018 at 07:46PM by rmsisme
via reddit https://ift.tt/2r2eTpf
https://ift.tt/2HuwOvG
Submitted April 26, 2018 at 07:46PM by rmsisme
via reddit https://ift.tt/2r2eTpf
Medium
Hacking Meteor Applications
This article is intended to help you test and enhance the security of your Meteor applications
Azucar: an open source Azure security configuration analysis tool
https://ift.tt/2HnV7zj
Submitted April 26, 2018 at 08:03PM by digicat
via reddit https://ift.tt/2KchB41
https://ift.tt/2HnV7zj
Submitted April 26, 2018 at 08:03PM by digicat
via reddit https://ift.tt/2KchB41
Drupal remote execution vulnerability widely exploited
https://ift.tt/2vIEc54
Submitted April 26, 2018 at 08:02PM by jormaggio
via reddit https://ift.tt/2I2hNT0
https://ift.tt/2vIEc54
Submitted April 26, 2018 at 08:02PM by jormaggio
via reddit https://ift.tt/2I2hNT0
reddit
r/security - Drupal remote execution vulnerability widely exploited
1 votes and 1 so far on reddit
A guide for amateurs pen testers to practice ethical hacking!
https://ift.tt/2qH2PKt
Submitted April 26, 2018 at 08:50PM by 6lowpan
via reddit https://ift.tt/2KewJho
https://ift.tt/2qH2PKt
Submitted April 26, 2018 at 08:50PM by 6lowpan
via reddit https://ift.tt/2KewJho
GitHub
SundownDEV/hacker-roadmap
hacker-roadmap - :pushpin: A guide for amateurs pen testers and a summary of hacking tools to practice ethical hacking, pen testing and web security.
Which type of password is more secure and should be used? Example inside.
Password 1: '~sCTko&wa2^!C(^mM,5$&(Ue*Je?KOHPassword 2: suit fifth sister attach alice slowly trade sets town blue nearby switchFor those who might think I've messed up, none of these passwords are being used. Unless some random person actually has these passwords which would be quite funny but highly improbable.
Submitted April 26, 2018 at 09:54PM by L-blom
via reddit https://ift.tt/2HwH0DP
Password 1: '~sCTko&wa2^!C(^mM,5$&(Ue*Je?KOHPassword 2: suit fifth sister attach alice slowly trade sets town blue nearby switchFor those who might think I've messed up, none of these passwords are being used. Unless some random person actually has these passwords which would be quite funny but highly improbable.
Submitted April 26, 2018 at 09:54PM by L-blom
via reddit https://ift.tt/2HwH0DP
reddit
r/security - Which type of password is more secure and should be used? Example inside.
2 votes and 0 so far on reddit
Gitmails: information gathering tool to collect git commit emails in Github, Gitlab and Bitbucket
https://ift.tt/2HxCskD
Submitted April 26, 2018 at 11:50PM by giovanifss
via reddit https://ift.tt/2JwTZGd
https://ift.tt/2HxCskD
Submitted April 26, 2018 at 11:50PM by giovanifss
via reddit https://ift.tt/2JwTZGd
GitHub
giovanifss/Gitmails
Gitmails - An information gathering tool to colect git commit emails in version control host services.
Escalating privileges with ACLs in Active Directory
https://ift.tt/2r21Nbn
Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T
https://ift.tt/2r21Nbn
Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T
Fox-IT International blog
Escalating privileges with ACLs in Active Directory
Researched and written by Rindert Kramer and Dirk-jan Mollema Introduction During internal penetration tests, it happens quite often that we manage to obtain Domain Administrative access within a f…
Escalating privileges with ACLs in Active Directory
https://ift.tt/2r21Nbn
Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T
https://ift.tt/2r21Nbn
Submitted April 27, 2018 at 01:49AM by TechLord2
via reddit https://ift.tt/2r3hj6T
Fox-IT International blog
Escalating privileges with ACLs in Active Directory
Researched and written by Rindert Kramer and Dirk-jan Mollema Introduction During internal penetration tests, it happens quite often that we manage to obtain Domain Administrative access within a f…
Snallygaster - Tool to scan for secret files on HTTP servers (With Sources)
https://ift.tt/2JCmWBg
Submitted April 27, 2018 at 01:29AM by TechLord2
via reddit https://ift.tt/2vOW0vw
https://ift.tt/2JCmWBg
Submitted April 27, 2018 at 01:29AM by TechLord2
via reddit https://ift.tt/2vOW0vw
GitHub
hannob/snallygaster
snallygaster - Tool to scan for secret files on HTTP servers
New NSA/Cyber Command Head Confirmed by Senate
https://ift.tt/2HRFTlr
Submitted April 27, 2018 at 04:31AM by gregbaugues
via reddit https://ift.tt/2HyRKSm
https://ift.tt/2HRFTlr
Submitted April 27, 2018 at 04:31AM by gregbaugues
via reddit https://ift.tt/2HyRKSm
reddit
r/security - New NSA/Cyber Command Head Confirmed by Senate
1 votes and 0 so far on reddit
Software Legend Ray Ozzie Thinks He Can Safely Backdoor Encryption Safely; He's Very Wrong
https://ift.tt/2FjUxNb
Submitted April 27, 2018 at 04:24AM by volci
via reddit https://ift.tt/2FkKQhq
https://ift.tt/2FjUxNb
Submitted April 27, 2018 at 04:24AM by volci
via reddit https://ift.tt/2FkKQhq
Techdirt.
Software Legend Ray Ozzie Thinks He Can Safely Backdoor Encryption Safely; He's Very Wrong
There have been ongoing debates for a while now about the stupidity of backdooring encryption, with plenty of experts explaining why...
Dangers of using an outdated OS
I am using OS X 10.9.5 which stopped receiving security updates a while ago, and recently read some people suggesting that I am at a huge risk in terms of security due to unpatched vulnerabilities. While I understand that there do exist many vulnerabilities, I am using an up-to-date browser, and the rest of the software I use on the OS are all as recent as possible. My question is: how much of a risk is there, really (taking into account the fact that I am quite careful, if you don't count sticking to an EOL version of the OS)? What is the worst that could happen?
Submitted April 27, 2018 at 06:03AM by flying-teapot
via reddit https://ift.tt/2I3c3by
I am using OS X 10.9.5 which stopped receiving security updates a while ago, and recently read some people suggesting that I am at a huge risk in terms of security due to unpatched vulnerabilities. While I understand that there do exist many vulnerabilities, I am using an up-to-date browser, and the rest of the software I use on the OS are all as recent as possible. My question is: how much of a risk is there, really (taking into account the fact that I am quite careful, if you don't count sticking to an EOL version of the OS)? What is the worst that could happen?
Submitted April 27, 2018 at 06:03AM by flying-teapot
via reddit https://ift.tt/2I3c3by
reddit
Dangers of using an outdated OS • r/security
I am using OS X 10.9.5 which stopped receiving security updates a while ago, and recently read some people suggesting that I am at a huge risk in...
How is SSL encryption maintained between AWS CloudFront and EC2?
So I recently set up an API on an AWS EC2 instance. To be able to serve responses over HTTPS I used Route 53 to redirect my custom domain to a CloudFront distribution which points to the EC2 instance. My CloudFront distribution is served over HTTPS with a custom certificate. I am not restricting traffic at all to the API.So my question is, is this actually a secure setup or does it give the illusion of security (I would assume the former since Amazon knows what they're doing, but I'm just wondering how)? From my understanding, serving secure content over HTTP is bad because attackers could potentially intercept requests and decode them. HTTPS prevents this by encrypting requests so that only the sender and intended receiver can understand them.So if I make a request over HTTPS from my frontend, here's the path of the request (in my head): from the frontend, to the CF distribution, then to the EC2 instance. Now I know that sending from the frontend to the CloudFront distribution is secure because both of these are secured with SSL. However, as far as I know the connection between the CF distribution and my EC2 instance is insecure, as the EC2 serves content over HTTP.Wouldn't an attacker (theoretically) be able to execute a man-in-the-middle attack between the CF distribution and EC2? But when I connect to my API directly from my browser, I don't get any security warnings and it shows up as SSL encrypted.
Submitted April 27, 2018 at 08:13AM by theasianpianist
via reddit https://ift.tt/2r3WNmD
So I recently set up an API on an AWS EC2 instance. To be able to serve responses over HTTPS I used Route 53 to redirect my custom domain to a CloudFront distribution which points to the EC2 instance. My CloudFront distribution is served over HTTPS with a custom certificate. I am not restricting traffic at all to the API.So my question is, is this actually a secure setup or does it give the illusion of security (I would assume the former since Amazon knows what they're doing, but I'm just wondering how)? From my understanding, serving secure content over HTTP is bad because attackers could potentially intercept requests and decode them. HTTPS prevents this by encrypting requests so that only the sender and intended receiver can understand them.So if I make a request over HTTPS from my frontend, here's the path of the request (in my head): from the frontend, to the CF distribution, then to the EC2 instance. Now I know that sending from the frontend to the CloudFront distribution is secure because both of these are secured with SSL. However, as far as I know the connection between the CF distribution and my EC2 instance is insecure, as the EC2 serves content over HTTP.Wouldn't an attacker (theoretically) be able to execute a man-in-the-middle attack between the CF distribution and EC2? But when I connect to my API directly from my browser, I don't get any security warnings and it shows up as SSL encrypted.
Submitted April 27, 2018 at 08:13AM by theasianpianist
via reddit https://ift.tt/2r3WNmD
reddit
r/security - How is SSL encryption maintained between AWS CloudFront and EC2?
1 votes and 0 so far on reddit
Can an ISP detect that you're using a VPN?
I'm using a VPN. Can my ISP detect the endpoint for my data and throttle me/lock me out because all or a majority of my transactions are bound for the same (potentially known) endpoint?I have noticed when I use a VPN my internet gets extra spotty and drops out within 20 minutes. Issue is immediately fixed when I close the VPN, reconnect and then restart the VPN--but it eventually happens again.FYI: I use Comcast XFINITY.Are my fears unfounded? Or am I potentially being throttled for real?
Submitted April 27, 2018 at 11:53AM by djarnexus
via reddit https://ift.tt/2FkyDtn
I'm using a VPN. Can my ISP detect the endpoint for my data and throttle me/lock me out because all or a majority of my transactions are bound for the same (potentially known) endpoint?I have noticed when I use a VPN my internet gets extra spotty and drops out within 20 minutes. Issue is immediately fixed when I close the VPN, reconnect and then restart the VPN--but it eventually happens again.FYI: I use Comcast XFINITY.Are my fears unfounded? Or am I potentially being throttled for real?
Submitted April 27, 2018 at 11:53AM by djarnexus
via reddit https://ift.tt/2FkyDtn
reddit
r/security - Can an ISP detect that you're using a VPN?
2 votes and 0 so far on reddit
PowerUpSQL: A PowerShell Toolkit for SQL Server discovery, Auditing Config, Privilege Escalation on scale, and Post-Exploitation actions incl OS command execution
https://ift.tt/2cJD2ZD
Submitted April 27, 2018 at 11:52AM by TechLord2
via reddit https://ift.tt/2r2tDEt
https://ift.tt/2cJD2ZD
Submitted April 27, 2018 at 11:52AM by TechLord2
via reddit https://ift.tt/2r2tDEt
GitHub
NetSPI/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server