GLitch - Accelerating Microarchitectural Attacks with the GPU - VUSec
https://ift.tt/2KxWvND
Submitted May 03, 2018 at 06:43PM by danielkza
via reddit https://ift.tt/2KzweyM
https://ift.tt/2KxWvND
Submitted May 03, 2018 at 06:43PM by danielkza
via reddit https://ift.tt/2KzweyM
VUSec
GLitch - VUSec
What is GLitch? GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones…
Automated Security Testing For REST API's (With Full Sources) - See Comment
https://ift.tt/2KxejZr
Submitted May 03, 2018 at 08:54PM by TechLord2
via reddit https://ift.tt/2wdAPU8
https://ift.tt/2KxejZr
Submitted May 03, 2018 at 08:54PM by TechLord2
via reddit https://ift.tt/2wdAPU8
GitHub
flipkart-incubator/Astra
Astra - Automated Security Testing For REST API's
A great CISO guide on managing vendors.
https://ift.tt/2I8IEz8
Submitted May 03, 2018 at 08:50PM by Chouma
via reddit https://ift.tt/2JPCcdC
https://ift.tt/2I8IEz8
Submitted May 03, 2018 at 08:50PM by Chouma
via reddit https://ift.tt/2JPCcdC
Peerlyst
Vendor Cybersecurity Governance: 10 Must Haves - Part 1
We are all increasingly dependent on third parties for our security, and most folk are doing a shockingly bad job of managing related risks.
Link to the Bloomberg article
Target and their air conditioning supplier, OPM and just about all their ke
Link to the Bloomberg article
Target and their air conditioning supplier, OPM and just about all their ke
Authenticated File Read Vulnerability in JasperReports
https://ift.tt/2rkUGef
Submitted May 03, 2018 at 09:33PM by hackers_and_builders
via reddit https://ift.tt/2HNbBBp
https://ift.tt/2rkUGef
Submitted May 03, 2018 at 09:33PM by hackers_and_builders
via reddit https://ift.tt/2HNbBBp
Rhino Security Labs
Authenticated File Read Vulnerability in JasperReports | (CVE-2018-5430) - Rhino Security Labs
Details of a JasperReports vulnerability (CVE-2018-5430) which allows an attacker to access or include files from the filesystem hosting the application.
Silently turn off Active Directory Auditing using DCShadow
https://ift.tt/2FENbnI
Submitted May 03, 2018 at 10:22PM by SamratAsh0k
via reddit https://ift.tt/2w8xhT4
https://ift.tt/2FENbnI
Submitted May 03, 2018 at 10:22PM by SamratAsh0k
via reddit https://ift.tt/2w8xhT4
Labofapenetrationtester
Silently turn off Active Directory Auditing using DCShadow
Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.
Eight new Spectre variants affecting Intel chips discovered, four are "high risk"
https://ift.tt/2FDOC5K
Submitted May 03, 2018 at 11:28PM by Syonyk
via reddit https://ift.tt/2JSWEdI
https://ift.tt/2FDOC5K
Submitted May 03, 2018 at 11:28PM by Syonyk
via reddit https://ift.tt/2JSWEdI
TechSpot
Eight new Spectre variants affecting Intel chips discovered, four are "high risk"
Spectre and Meltdown may not be getting as many headlines as they were a few months ago, but that could soon all change following the discovery of eight Spectre-style security issues in Intel’s CPUs.
Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU (Rowhammer on Nexus 5 through WebGL/Javanoscript)
https://ift.tt/2JPhIBE
Submitted May 03, 2018 at 11:27PM by Syonyk
via reddit https://ift.tt/2rirHst
https://ift.tt/2JPhIBE
Submitted May 03, 2018 at 11:27PM by Syonyk
via reddit https://ift.tt/2rirHst
Asylo Framework - Build Portable Enclave Applications for Confidential Computing
https://ift.tt/2w5aO9x
Submitted May 03, 2018 at 11:12PM by Serpent_Guard
via reddit https://ift.tt/2w4GbAS
https://ift.tt/2w5aO9x
Submitted May 03, 2018 at 11:12PM by Serpent_Guard
via reddit https://ift.tt/2w4GbAS
GitHub
google/asylo
asylo - Asylo Framework
Basic Steps for API and Microservices Security
https://ift.tt/2rdDiYS
Submitted May 04, 2018 at 12:32AM by hightechbridge
via reddit https://ift.tt/2KyEFdn
https://ift.tt/2rdDiYS
Submitted May 04, 2018 at 12:32AM by hightechbridge
via reddit https://ift.tt/2KyEFdn
Htbridge
Basic Steps for API Security
Security of microservices and APIs: the Achilles' heel of modern web applications.
Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
https://ift.tt/2HKkMT0
Submitted May 04, 2018 at 01:13AM by Morlaix
via reddit https://ift.tt/2HSIo3M
https://ift.tt/2HKkMT0
Submitted May 04, 2018 at 01:13AM by Morlaix
via reddit https://ift.tt/2HSIo3M
c't
Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.
Week 18 in Information Security, 2018
https://ift.tt/2jpFXes
Submitted May 04, 2018 at 12:40AM by undercomm
via reddit https://ift.tt/2w8vM7c
https://ift.tt/2jpFXes
Submitted May 04, 2018 at 12:40AM by undercomm
via reddit https://ift.tt/2w8vM7c
Malgregator
InfoSec Week 18, 2018
Multiple tech giants like Apple, Microsoft, Google and others formed an industry coalition and have joined security experts in...
Twitter apologizes for logging plain text passwords
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
Submitted May 04, 2018 at 01:52AM by korrosivo
via reddit https://ift.tt/2KyBYZm
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
Submitted May 04, 2018 at 01:52AM by korrosivo
via reddit https://ift.tt/2KyBYZm
Twitter
Keeping your account secure
An update on your account security.
Is it a no-win for this email user?
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked. Because this user has a nice strong password, the only outcome is that the user's account gets locked for X min numerous times per day.The attacker has already shifted IP enough that blocking offending IPs and ranges would be a full time job.The user has a public profile, so changing their email address wouldn't help (the attacker would likely get the new address before the user had a chance to share it.)Any thoughts? Anyone know of a technique or tool which might be useful?
Submitted May 04, 2018 at 01:40AM by DocSharpe
via reddit https://ift.tt/2FGhFWm
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked. Because this user has a nice strong password, the only outcome is that the user's account gets locked for X min numerous times per day.The attacker has already shifted IP enough that blocking offending IPs and ranges would be a full time job.The user has a public profile, so changing their email address wouldn't help (the attacker would likely get the new address before the user had a chance to share it.)Any thoughts? Anyone know of a technique or tool which might be useful?
Submitted May 04, 2018 at 01:40AM by DocSharpe
via reddit https://ift.tt/2FGhFWm
reddit
Is it a no-win for this email user? • r/security
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked....
Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters
Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters
Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK
Twitter
Reuters Top News
BREAKING: Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext https://t.co/FGbw7IvBQ9
Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters
Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters
Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK
Twitter
Reuters Top News
BREAKING: Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext https://t.co/FGbw7IvBQ9
Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!
https://ift.tt/2HYKcJt
Submitted May 04, 2018 at 02:46AM by EvanConover
via reddit https://ift.tt/2ria240
https://ift.tt/2HYKcJt
Submitted May 04, 2018 at 02:46AM by EvanConover
via reddit https://ift.tt/2ria240
www.theregister.co.uk
Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!
Now, who wants to take a look at the revamped Yahoo Mail?
Does anyone have the Table of Contents for Eran Hammer's “Beginner's Guide to OAuth”?
It looks like Eran Hammer's "Beginner's Guide to OAuth" was moved to medium and it doesn't contain links to each of the parts (https://hueniverse.com/the-oauth-1-0-guide-32503205267e).A Google search returns 3 parts:Part 1: https://hueniverse.com/beginners-guide-to-oauth-part-i-overview-e164ab2c662fPart 2: https://hueniverse.com/beginners-guide-to-oauth-part-ii-protocol-workflow-200dbcfac627Part 3: https://hueniverse.com/beginners-guide-to-oauth-part-iii-security-architecture-e9394f5263b5However, I would like to confirm there isn't more
Submitted May 04, 2018 at 04:15AM by johnnyodonnell
via reddit https://ift.tt/2IeHT7A
It looks like Eran Hammer's "Beginner's Guide to OAuth" was moved to medium and it doesn't contain links to each of the parts (https://hueniverse.com/the-oauth-1-0-guide-32503205267e).A Google search returns 3 parts:Part 1: https://hueniverse.com/beginners-guide-to-oauth-part-i-overview-e164ab2c662fPart 2: https://hueniverse.com/beginners-guide-to-oauth-part-ii-protocol-workflow-200dbcfac627Part 3: https://hueniverse.com/beginners-guide-to-oauth-part-iii-security-architecture-e9394f5263b5However, I would like to confirm there isn't more
Submitted May 04, 2018 at 04:15AM by johnnyodonnell
via reddit https://ift.tt/2IeHT7A
Medium
The OAuth 1.0 Guide
OAuth Core 1.0 (also known as RFC 5849), the community-based specification published on December 4th, 2007, revised June 24th, 2009, and…
Twitter tells all 330M users to change passwords after ‘bug’ discovered
https://ift.tt/2HPyoME
Submitted May 04, 2018 at 04:02AM by mynameis_neo
via reddit https://ift.tt/2wap0Or
https://ift.tt/2HPyoME
Submitted May 04, 2018 at 04:02AM by mynameis_neo
via reddit https://ift.tt/2wap0Or
TheHill
Twitter tells all 330M users to change passwords after ‘bug’ discovered
Twitter is recommending that its users change their passwords after the company discovered a bug that exposed the passwords on an internal system.
Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
https://ift.tt/2jso7rn
Submitted May 04, 2018 at 05:14AM by kmball11
via reddit https://ift.tt/2HNUwmD
https://ift.tt/2jso7rn
Submitted May 04, 2018 at 05:14AM by kmball11
via reddit https://ift.tt/2HNUwmD
InfoQ
Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
On May 3 Twitter announced that they had uncovered and fixed a bug that had resulted in user’s passwords being stored in plaintext. No information has been released on how many users were affected, and all users are being recommended to change their passwords.…
Twitter password exposure. Asks all users to reset passwords
https://ift.tt/2JN6n59
Submitted May 04, 2018 at 06:08AM by aldoreddit
via reddit https://ift.tt/2riuEsS
https://ift.tt/2JN6n59
Submitted May 04, 2018 at 06:08AM by aldoreddit
via reddit https://ift.tt/2riuEsS
IGN
Twitter Warns Users To Change Passwords Following Internal Glitch - IGN
Twitter is recommending users change their passwords everywhere they use the social network.
Spectre NG
https://ift.tt/2waZbOm
Submitted May 04, 2018 at 08:34AM by Tlaurion
via reddit https://ift.tt/2Id5ply
https://ift.tt/2waZbOm
Submitted May 04, 2018 at 08:34AM by Tlaurion
via reddit https://ift.tt/2Id5ply