Shhlack, message encryption for Slack
https://ift.tt/2I3eQDX
Submitted May 03, 2018 at 02:11PM by wisecwisec
via reddit https://ift.tt/2reRou2
https://ift.tt/2I3eQDX
Submitted May 03, 2018 at 02:11PM by wisecwisec
via reddit https://ift.tt/2reRou2
Mindedsecurity
Shhlack, message encryption for Slack
A common problem about centralized messaging solutions is the sharing of sensitive information during day by day use, preserving, at the...
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
https://ift.tt/2HKtvEL
Submitted May 03, 2018 at 03:10PM by w1ntrmute
via reddit https://ift.tt/2wdVXK2
https://ift.tt/2HKtvEL
Submitted May 03, 2018 at 03:10PM by w1ntrmute
via reddit https://ift.tt/2wdVXK2
Guru3D.com
Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical
News has just started spreading that researchers have sighted another eight Spectre like vulnerabilities in Intel processors, all resemble Spectre, four of them are critical. The new vulnerabilities ...
6 Tips for Keeping Iot Devices Safe
https://ift.tt/2riB9ei
Submitted May 03, 2018 at 03:13PM by Iot_Security
via reddit https://ift.tt/2IeeRVX
https://ift.tt/2riB9ei
Submitted May 03, 2018 at 03:13PM by Iot_Security
via reddit https://ift.tt/2IeeRVX
Security Sales & Integration
6 Tips for Keeping Iot Devices Safe
Today’s security equipment is IP-enabled and connected to larger networks, which enables greater flexibility, but also makes the security system the weakest link in the organization IT-security chain.
Drive-by Rowhammer attack uses GPU to compromise an Android phone
https://ift.tt/2Kz97UW
Submitted May 03, 2018 at 04:18PM by sirmc
via reddit https://ift.tt/2KxV55J
https://ift.tt/2Kz97UW
Submitted May 03, 2018 at 04:18PM by sirmc
via reddit https://ift.tt/2KxV55J
Ars Technica
Drive-by Rowhammer attack uses GPU to compromise an Android phone
JavaScript based GLitch pwns browsers by flipping bits inside memory chips.
Yubikey/Smartcard backed TLS servers
https://ift.tt/2wejpXA
Submitted May 03, 2018 at 05:17PM by Benjojo
via reddit https://ift.tt/2JL7Ngv
https://ift.tt/2wejpXA
Submitted May 03, 2018 at 05:17PM by Benjojo
via reddit https://ift.tt/2JL7Ngv
What website are you really on? Edge zero-day leaves users with no clue
https://ift.tt/2jnkT8y
Submitted May 03, 2018 at 05:55PM by albinowax
via reddit https://ift.tt/2HOjQsI
https://ift.tt/2jnkT8y
Submitted May 03, 2018 at 05:55PM by albinowax
via reddit https://ift.tt/2HOjQsI
The Daily Swig | Web security digest
What website are you really on? Edge zero-day leaves users with no clue
‘Beautifully simple’ flaw allows attackers to impersonate trusted sites.
Security In 5: Episode 230 - What Is Cryptomining And Why You Need To Know What It Is
https://ift.tt/2I6U3PU
Submitted May 03, 2018 at 06:38PM by BinaryBlog
via reddit https://ift.tt/2w4R3i4
https://ift.tt/2I6U3PU
Submitted May 03, 2018 at 06:38PM by BinaryBlog
via reddit https://ift.tt/2w4R3i4
Libsyn
Security In Five Podcast: Episode 230 - What Is Cryptomining And Why You Need To Know What It Is
Cryptomining is the new word seen more and more in reports and stories of upcoming risks to companies. What is it? Why do I care? This episode goes into what cryptomining is, how it works and why your business needs to be concerned and protect against it. …
Basic Steps for API Security | High-Tech Bridge Security Blog
https://ift.tt/2rdDiYS
Submitted May 03, 2018 at 07:08PM by hightechbridge
via reddit https://ift.tt/2IdunRQ
https://ift.tt/2rdDiYS
Submitted May 03, 2018 at 07:08PM by hightechbridge
via reddit https://ift.tt/2IdunRQ
Htbridge
Basic Steps for API Security
Security of microservices and APIs: the Achilles' heel of modern web applications.
GLitch - Accelerating Microarchitectural Attacks with the GPU - VUSec
https://ift.tt/2KxWvND
Submitted May 03, 2018 at 06:43PM by danielkza
via reddit https://ift.tt/2KzweyM
https://ift.tt/2KxWvND
Submitted May 03, 2018 at 06:43PM by danielkza
via reddit https://ift.tt/2KzweyM
VUSec
GLitch - VUSec
What is GLitch? GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones…
Automated Security Testing For REST API's (With Full Sources) - See Comment
https://ift.tt/2KxejZr
Submitted May 03, 2018 at 08:54PM by TechLord2
via reddit https://ift.tt/2wdAPU8
https://ift.tt/2KxejZr
Submitted May 03, 2018 at 08:54PM by TechLord2
via reddit https://ift.tt/2wdAPU8
GitHub
flipkart-incubator/Astra
Astra - Automated Security Testing For REST API's
A great CISO guide on managing vendors.
https://ift.tt/2I8IEz8
Submitted May 03, 2018 at 08:50PM by Chouma
via reddit https://ift.tt/2JPCcdC
https://ift.tt/2I8IEz8
Submitted May 03, 2018 at 08:50PM by Chouma
via reddit https://ift.tt/2JPCcdC
Peerlyst
Vendor Cybersecurity Governance: 10 Must Haves - Part 1
We are all increasingly dependent on third parties for our security, and most folk are doing a shockingly bad job of managing related risks.
Link to the Bloomberg article
Target and their air conditioning supplier, OPM and just about all their ke
Link to the Bloomberg article
Target and their air conditioning supplier, OPM and just about all their ke
Authenticated File Read Vulnerability in JasperReports
https://ift.tt/2rkUGef
Submitted May 03, 2018 at 09:33PM by hackers_and_builders
via reddit https://ift.tt/2HNbBBp
https://ift.tt/2rkUGef
Submitted May 03, 2018 at 09:33PM by hackers_and_builders
via reddit https://ift.tt/2HNbBBp
Rhino Security Labs
Authenticated File Read Vulnerability in JasperReports | (CVE-2018-5430) - Rhino Security Labs
Details of a JasperReports vulnerability (CVE-2018-5430) which allows an attacker to access or include files from the filesystem hosting the application.
Silently turn off Active Directory Auditing using DCShadow
https://ift.tt/2FENbnI
Submitted May 03, 2018 at 10:22PM by SamratAsh0k
via reddit https://ift.tt/2w8xhT4
https://ift.tt/2FENbnI
Submitted May 03, 2018 at 10:22PM by SamratAsh0k
via reddit https://ift.tt/2w8xhT4
Labofapenetrationtester
Silently turn off Active Directory Auditing using DCShadow
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Eight new Spectre variants affecting Intel chips discovered, four are "high risk"
https://ift.tt/2FDOC5K
Submitted May 03, 2018 at 11:28PM by Syonyk
via reddit https://ift.tt/2JSWEdI
https://ift.tt/2FDOC5K
Submitted May 03, 2018 at 11:28PM by Syonyk
via reddit https://ift.tt/2JSWEdI
TechSpot
Eight new Spectre variants affecting Intel chips discovered, four are "high risk"
Spectre and Meltdown may not be getting as many headlines as they were a few months ago, but that could soon all change following the discovery of eight Spectre-style security issues in Intel’s CPUs.
Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU (Rowhammer on Nexus 5 through WebGL/Javanoscript)
https://ift.tt/2JPhIBE
Submitted May 03, 2018 at 11:27PM by Syonyk
via reddit https://ift.tt/2rirHst
https://ift.tt/2JPhIBE
Submitted May 03, 2018 at 11:27PM by Syonyk
via reddit https://ift.tt/2rirHst
Asylo Framework - Build Portable Enclave Applications for Confidential Computing
https://ift.tt/2w5aO9x
Submitted May 03, 2018 at 11:12PM by Serpent_Guard
via reddit https://ift.tt/2w4GbAS
https://ift.tt/2w5aO9x
Submitted May 03, 2018 at 11:12PM by Serpent_Guard
via reddit https://ift.tt/2w4GbAS
GitHub
google/asylo
asylo - Asylo Framework
Basic Steps for API and Microservices Security
https://ift.tt/2rdDiYS
Submitted May 04, 2018 at 12:32AM by hightechbridge
via reddit https://ift.tt/2KyEFdn
https://ift.tt/2rdDiYS
Submitted May 04, 2018 at 12:32AM by hightechbridge
via reddit https://ift.tt/2KyEFdn
Htbridge
Basic Steps for API Security
Security of microservices and APIs: the Achilles' heel of modern web applications.
Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
https://ift.tt/2HKkMT0
Submitted May 04, 2018 at 01:13AM by Morlaix
via reddit https://ift.tt/2HSIo3M
https://ift.tt/2HKkMT0
Submitted May 04, 2018 at 01:13AM by Morlaix
via reddit https://ift.tt/2HSIo3M
c't
Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.
Week 18 in Information Security, 2018
https://ift.tt/2jpFXes
Submitted May 04, 2018 at 12:40AM by undercomm
via reddit https://ift.tt/2w8vM7c
https://ift.tt/2jpFXes
Submitted May 04, 2018 at 12:40AM by undercomm
via reddit https://ift.tt/2w8vM7c
Malgregator
InfoSec Week 18, 2018
Multiple tech giants like Apple, Microsoft, Google and others formed an industry coalition and have joined security experts in...
Twitter apologizes for logging plain text passwords
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
Submitted May 04, 2018 at 01:52AM by korrosivo
via reddit https://ift.tt/2KyBYZm
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
Submitted May 04, 2018 at 01:52AM by korrosivo
via reddit https://ift.tt/2KyBYZm
Twitter
Keeping your account secure
An update on your account security.
Is it a no-win for this email user?
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked. Because this user has a nice strong password, the only outcome is that the user's account gets locked for X min numerous times per day.The attacker has already shifted IP enough that blocking offending IPs and ranges would be a full time job.The user has a public profile, so changing their email address wouldn't help (the attacker would likely get the new address before the user had a chance to share it.)Any thoughts? Anyone know of a technique or tool which might be useful?
Submitted May 04, 2018 at 01:40AM by DocSharpe
via reddit https://ift.tt/2FGhFWm
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked. Because this user has a nice strong password, the only outcome is that the user's account gets locked for X min numerous times per day.The attacker has already shifted IP enough that blocking offending IPs and ranges would be a full time job.The user has a public profile, so changing their email address wouldn't help (the attacker would likely get the new address before the user had a chance to share it.)Any thoughts? Anyone know of a technique or tool which might be useful?
Submitted May 04, 2018 at 01:40AM by DocSharpe
via reddit https://ift.tt/2FGhFWm
reddit
Is it a no-win for this email user? • r/security
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked....