Gilbert Verdian, MasterCard Cyber-security Executive, Leaves Role for Blockchain Start-up Quant Network - Press Release - Digital Journal
https://ift.tt/2I1ypJF
Submitted May 07, 2018 at 08:58PM by fluidchains
via reddit https://ift.tt/2rpy4Kj
https://ift.tt/2I1ypJF
Submitted May 07, 2018 at 08:58PM by fluidchains
via reddit https://ift.tt/2rpy4Kj
Digitaljournal
Gilbert Verdian, MasterCard Cyber-security Executive, Leaves Role for Blockchain Start-up Quant Network
The 2017 CISO of Year will Focus Full Time on Quant Network's cutting-edge blockchain operating system, Overledger
Security In 5: Episode 232 - Change Your Twitter Password Now, Listen To Hear Why
https://ift.tt/2HZVgoN
Submitted May 07, 2018 at 08:52PM by BinaryBlog
via reddit https://ift.tt/2rsydgf
https://ift.tt/2HZVgoN
Submitted May 07, 2018 at 08:52PM by BinaryBlog
via reddit https://ift.tt/2rsydgf
Libsyn
Security In Five Podcast: Episode 232 - Change Your Twitter Password Now, Listen To Hear Why
If you have a Twitter account and you haven't already, change your password. There was a goof from in the inner workings of Twitter recently and to protect your account you should change your password. This episode goes into the details and talks about other…
Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked
https://ift.tt/2HYQPuE
Submitted May 07, 2018 at 09:58PM by LindseyOD123
via reddit https://ift.tt/2KJKoNB
https://ift.tt/2HYQPuE
Submitted May 07, 2018 at 09:58PM by LindseyOD123
via reddit https://ift.tt/2KJKoNB
Threatpost | The first stop for security news
Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked
Hundreds of websites running on the Drupal content management system – including those of the San Diego Zoo and the National Labor Relations Board – have been targeted by a malicious cryptomining
The Decreasing Usefulness of Positive Visual Security Indicators (and the Importance of Negative Ones)
https://ift.tt/2rr1Ai6
Submitted May 07, 2018 at 10:41PM by volci
via reddit https://ift.tt/2HZGLBC
https://ift.tt/2rr1Ai6
Submitted May 07, 2018 at 10:41PM by volci
via reddit https://ift.tt/2HZGLBC
Troy Hunt
The Decreasing Usefulness of Positive Visual Security Indicators (and the Importance of Negative Ones)
Remember when web security was all about looking for padlocks? I mean in terms of the advice we gave your everyday people, that's what it boiled down to - "look for the padlock before entering passwords or credit card info into a website". Back in the day…
3 Facts About the Changing State of Ransomware
https://ift.tt/2w8JpmS
Submitted May 07, 2018 at 10:38PM by volci
via reddit https://ift.tt/2jDgK0f
https://ift.tt/2w8JpmS
Submitted May 07, 2018 at 10:38PM by volci
via reddit https://ift.tt/2jDgK0f
How Security Film Protects Denver Homes Against Smash-and-Grab Robberies
https://ift.tt/2rqBvzL
Submitted May 07, 2018 at 10:29PM by DenverHomeWindowTint
via reddit https://ift.tt/2KID5pB
https://ift.tt/2rqBvzL
Submitted May 07, 2018 at 10:29PM by DenverHomeWindowTint
via reddit https://ift.tt/2KID5pB
Denver Home Window Tinting
How Security Film Protects Denver Homes Against Smash-and-Grab Robberies - Denver Home Window Tinting
Denver has unfortunately been experiencing a higher rate of violent crime alongside property crime. As the population increases, burglaries and robberies tend...
SynAck targeted ransomware uses the Doppelgänging technique
https://ift.tt/2JXA2IO
Submitted May 07, 2018 at 09:49PM by EvanConover
via reddit https://ift.tt/2jDi1EA
https://ift.tt/2JXA2IO
Submitted May 07, 2018 at 09:49PM by EvanConover
via reddit https://ift.tt/2jDi1EA
Securelist - Kaspersky Lab’s cyberthreat research and reports
SynAck targeted ransomware uses the Doppelgänging technique
In April 2018, we spotted the first ransomware employing the Process Doppelgänging technique – SynAck ransomware. It should be noted that SynAck is not new, but a recently discovered sample caught our attention after it was found to be using Process Doppelgänging.…
SubFinder - A new passive subdomain enumeration tool
https://ift.tt/2rsjFMD
Submitted May 06, 2018 at 08:54AM by ice3man543
via reddit https://ift.tt/2HZZih0
https://ift.tt/2rsjFMD
Submitted May 06, 2018 at 08:54AM by ice3man543
via reddit https://ift.tt/2HZZih0
GitHub
Ice3man543/subfinder
subfinder - SubFinder is a subdomain discovery tool that can enumerate massive amounts of valid subdomains for any target. It has a simple modular architecture and has been aimed as a successor to ...
Pr0nbots2: Revenge Of The Pr0nbots
https://ift.tt/2HPw2gU
Submitted May 07, 2018 at 10:57PM by volci
via reddit https://ift.tt/2rrcZ2d
https://ift.tt/2HPw2gU
Submitted May 07, 2018 at 10:57PM by volci
via reddit https://ift.tt/2rrcZ2d
reddit
Pr0nbots2: Revenge Of The Pr0nbots • r/security
3 points and 0 comments so far on reddit
Asset Discovery: Doing Reconnaissance the Hard Way
https://ift.tt/2HXTQ26
Submitted May 07, 2018 at 11:12PM by patrikhudak
via reddit https://ift.tt/2jFmoim
https://ift.tt/2HXTQ26
Submitted May 07, 2018 at 11:12PM by patrikhudak
via reddit https://ift.tt/2jFmoim
How Security Film Protects Oakland Homes Against Smash-and-Grab Burglaries
https://ift.tt/2rso3ez
Submitted May 07, 2018 at 11:36PM by OaklandWindowFilm
via reddit https://ift.tt/2HVs8Dg
https://ift.tt/2rso3ez
Submitted May 07, 2018 at 11:36PM by OaklandWindowFilm
via reddit https://ift.tt/2HVs8Dg
Oakland Window Film
How Security Film Protects Oakland Homes Against Smash-and-Grab Burglaries - Oakland Window Film
Oakland has always been notorious for high violent crime and property crime rates. It has never been so vital for Oakland homeowners to take initiative when it comes to their home’s security. For many, high priced security systems can be out-of-budget and…
sudo_pair 0.9.0 released (a dual control plugin for sudo)
https://ift.tt/2FKslTR
Submitted May 08, 2018 at 12:05AM by stouset
via reddit https://ift.tt/2KFHl98
https://ift.tt/2FKslTR
Submitted May 08, 2018 at 12:05AM by stouset
via reddit https://ift.tt/2KFHl98
GitHub
square/sudo_pair
sudo_pair - Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
Prestashop code exec writeup
https://ift.tt/2HVEo6R
Submitted May 07, 2018 at 11:43PM by websecdev
via reddit https://ift.tt/2rqu10r
https://ift.tt/2HVEo6R
Submitted May 07, 2018 at 11:43PM by websecdev
via reddit https://ift.tt/2rqu10r
XXEinjector – Automatic XXE Injection Tool For Exploitation (With Sources)
https://ift.tt/1TJAWrw
Submitted May 08, 2018 at 12:15AM by TechLord2
via reddit https://ift.tt/2wrMEpA
https://ift.tt/1TJAWrw
Submitted May 08, 2018 at 12:15AM by TechLord2
via reddit https://ift.tt/2wrMEpA
GitHub
enjoiz/XXEinjector
XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
Asset Discovery: Doing Reconnaissance the Hard Way
https://ift.tt/2HXTQ26
Submitted May 08, 2018 at 01:59AM by patrikhudak
via reddit https://ift.tt/2wk6EdP
https://ift.tt/2HXTQ26
Submitted May 08, 2018 at 01:59AM by patrikhudak
via reddit https://ift.tt/2wk6EdP
reddit
r/netsec - Asset Discovery: Doing Reconnaissance the Hard Way
5 votes and 0 so far on reddit
Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K
https://ift.tt/2rrffG2
Submitted May 08, 2018 at 02:06AM by volci
via reddit https://ift.tt/2IjqxXk
https://ift.tt/2rrffG2
Submitted May 08, 2018 at 02:06AM by volci
via reddit https://ift.tt/2IjqxXk
reddit
Study: Attack on KrebsOnSecurity Cost IoT Device... • r/security
1 points and 1 comments so far on reddit
Getting weird access attempts in Nginx logs, should I ban them?
I don't check my logs ofter, which I should, but I saw that I have a lot of weird GET attempts to endpoints that I don't have anywhere on my server. Are these people trying to break into my server? I have auto ban setup that will ban after a certain number of attempts and my server is really locked down, I just wanted to know make sure these are attempts so I can ban their IP'S.And then I have a few access attempts to Php Myadmin as well.Is there any common access points that I can find somewhere that would let me know they're using some type of software or something to break into the server, so I would be able to ban them automatically?
Submitted May 08, 2018 at 02:00AM by Bilal_Tech
via reddit https://ift.tt/2K0OL5K
I don't check my logs ofter, which I should, but I saw that I have a lot of weird GET attempts to endpoints that I don't have anywhere on my server. Are these people trying to break into my server? I have auto ban setup that will ban after a certain number of attempts and my server is really locked down, I just wanted to know make sure these are attempts so I can ban their IP'S.And then I have a few access attempts to Php Myadmin as well.Is there any common access points that I can find somewhere that would let me know they're using some type of software or something to break into the server, so I would be able to ban them automatically?
Submitted May 08, 2018 at 02:00AM by Bilal_Tech
via reddit https://ift.tt/2K0OL5K
reddit
r/security - Getting weird access attempts in Nginx logs, should I ban them?
3 votes and 2 so far on reddit
Azure AD Login correlation false positives when users are traveling
This seems to be a fundamental flaw in how our security is designed but I wanted to see what everyone else is doing.We track user logins to Azure Active Directory, when a log event occurs from within one Country and then from another Country within a certain amount of time, it generates a "Impossible travel time" error and alerts us. The idea is that if you sign into your computer in US and then within 1 hour you sign in from Japan, there is a strong likelihood the account was compromised since it would take another 9+ hours to hop on a plane from the US to Japan. This works really well but recently we’ve had a lot of users traveling and their cell phones seem to undermine the entire system.Users have a mail account on their phone, when they're traveling their phone seem to still communicate to a US datacenter even though their on an international plan/carrier with their US phone (I guess it routes from Europe back to US?). That then constantly triggers the "Impossible travel time" alert as a false positive since they are physically in the other country with their laptop, signing in, but their cell phone still beacons back to a US address.That’s one guess, another guess is there is some sort of token/cache on their phone which is still talking about to the US server. Either way it completely undermines the purpose of this product (except for the users who don’t travel but when they go on vacation the same thing happens)Please let me know your thoughts. This is functionality that is built into Azure Active Directory, so this isn’t anything custom.https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events
Submitted May 08, 2018 at 02:44AM by mactalker
via reddit https://ift.tt/2jCV7Ns
This seems to be a fundamental flaw in how our security is designed but I wanted to see what everyone else is doing.We track user logins to Azure Active Directory, when a log event occurs from within one Country and then from another Country within a certain amount of time, it generates a "Impossible travel time" error and alerts us. The idea is that if you sign into your computer in US and then within 1 hour you sign in from Japan, there is a strong likelihood the account was compromised since it would take another 9+ hours to hop on a plane from the US to Japan. This works really well but recently we’ve had a lot of users traveling and their cell phones seem to undermine the entire system.Users have a mail account on their phone, when they're traveling their phone seem to still communicate to a US datacenter even though their on an international plan/carrier with their US phone (I guess it routes from Europe back to US?). That then constantly triggers the "Impossible travel time" alert as a false positive since they are physically in the other country with their laptop, signing in, but their cell phone still beacons back to a US address.That’s one guess, another guess is there is some sort of token/cache on their phone which is still talking about to the US server. Either way it completely undermines the purpose of this product (except for the users who don’t travel but when they go on vacation the same thing happens)Please let me know your thoughts. This is functionality that is built into Azure Active Directory, so this isn’t anything custom.https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events
Submitted May 08, 2018 at 02:44AM by mactalker
via reddit https://ift.tt/2jCV7Ns
Docs
Azure Active Directory risk events
This topic gives you a detailed overview of what risk events are.
Protectwise cloud based network detection service (bandwidth utilization???)
Does anyone have experience with Protectwise? I got a demo and read the little technical documentation they have publicly available. One component i'm trying to figure out is how bandwidth intensive it is, seeing they claim full pcap to the cloud. Does anyone have experience or knowledge with the product?Any additional thoughts or comments are welcome as well.Thanks in advance!
Submitted May 08, 2018 at 03:41AM by Stevefsmith
via reddit https://ift.tt/2I4vYWI
Does anyone have experience with Protectwise? I got a demo and read the little technical documentation they have publicly available. One component i'm trying to figure out is how bandwidth intensive it is, seeing they claim full pcap to the cloud. Does anyone have experience or knowledge with the product?Any additional thoughts or comments are welcome as well.Thanks in advance!
Submitted May 08, 2018 at 03:41AM by Stevefsmith
via reddit https://ift.tt/2I4vYWI
reddit
r/security - Protectwise cloud based network detection service (bandwidth utilization???)
2 votes and 0 so far on reddit
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers
http://briq.haus/hero
Submitted May 08, 2018 at 06:31AM by robert_brooks
via reddit https://ift.tt/2rxwXrB
http://briq.haus/hero
Submitted May 08, 2018 at 06:31AM by robert_brooks
via reddit https://ift.tt/2rxwXrB
briq.haus
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers | BRIQ | HAUS LTD. SECURITY & INTELLIGENCE
Want to know more than your boss about security concepts and best practices? Want to quickly rise to the top of your class in business intelligence? Learn like the pros on how to spot and prevent security breaches, and how security is not limited to computer…
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
briq.haus
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers | BRIQ | HAUS LTD. SECURITY & INTELLIGENCE
Want to know more than your boss about security concepts and best practices? Want to quickly rise to the top of your class in business intelligence? Learn like the pros on how to spot and prevent security breaches, and how security is not limited to computer…