sudo_pair 0.9.0 released (a dual control plugin for sudo)
https://ift.tt/2FKslTR
Submitted May 08, 2018 at 12:05AM by stouset
via reddit https://ift.tt/2KFHl98
https://ift.tt/2FKslTR
Submitted May 08, 2018 at 12:05AM by stouset
via reddit https://ift.tt/2KFHl98
GitHub
square/sudo_pair
sudo_pair - Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
Prestashop code exec writeup
https://ift.tt/2HVEo6R
Submitted May 07, 2018 at 11:43PM by websecdev
via reddit https://ift.tt/2rqu10r
https://ift.tt/2HVEo6R
Submitted May 07, 2018 at 11:43PM by websecdev
via reddit https://ift.tt/2rqu10r
XXEinjector – Automatic XXE Injection Tool For Exploitation (With Sources)
https://ift.tt/1TJAWrw
Submitted May 08, 2018 at 12:15AM by TechLord2
via reddit https://ift.tt/2wrMEpA
https://ift.tt/1TJAWrw
Submitted May 08, 2018 at 12:15AM by TechLord2
via reddit https://ift.tt/2wrMEpA
GitHub
enjoiz/XXEinjector
XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
Asset Discovery: Doing Reconnaissance the Hard Way
https://ift.tt/2HXTQ26
Submitted May 08, 2018 at 01:59AM by patrikhudak
via reddit https://ift.tt/2wk6EdP
https://ift.tt/2HXTQ26
Submitted May 08, 2018 at 01:59AM by patrikhudak
via reddit https://ift.tt/2wk6EdP
reddit
r/netsec - Asset Discovery: Doing Reconnaissance the Hard Way
5 votes and 0 so far on reddit
Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K
https://ift.tt/2rrffG2
Submitted May 08, 2018 at 02:06AM by volci
via reddit https://ift.tt/2IjqxXk
https://ift.tt/2rrffG2
Submitted May 08, 2018 at 02:06AM by volci
via reddit https://ift.tt/2IjqxXk
reddit
Study: Attack on KrebsOnSecurity Cost IoT Device... • r/security
1 points and 1 comments so far on reddit
Getting weird access attempts in Nginx logs, should I ban them?
I don't check my logs ofter, which I should, but I saw that I have a lot of weird GET attempts to endpoints that I don't have anywhere on my server. Are these people trying to break into my server? I have auto ban setup that will ban after a certain number of attempts and my server is really locked down, I just wanted to know make sure these are attempts so I can ban their IP'S.And then I have a few access attempts to Php Myadmin as well.Is there any common access points that I can find somewhere that would let me know they're using some type of software or something to break into the server, so I would be able to ban them automatically?
Submitted May 08, 2018 at 02:00AM by Bilal_Tech
via reddit https://ift.tt/2K0OL5K
I don't check my logs ofter, which I should, but I saw that I have a lot of weird GET attempts to endpoints that I don't have anywhere on my server. Are these people trying to break into my server? I have auto ban setup that will ban after a certain number of attempts and my server is really locked down, I just wanted to know make sure these are attempts so I can ban their IP'S.And then I have a few access attempts to Php Myadmin as well.Is there any common access points that I can find somewhere that would let me know they're using some type of software or something to break into the server, so I would be able to ban them automatically?
Submitted May 08, 2018 at 02:00AM by Bilal_Tech
via reddit https://ift.tt/2K0OL5K
reddit
r/security - Getting weird access attempts in Nginx logs, should I ban them?
3 votes and 2 so far on reddit
Azure AD Login correlation false positives when users are traveling
This seems to be a fundamental flaw in how our security is designed but I wanted to see what everyone else is doing.We track user logins to Azure Active Directory, when a log event occurs from within one Country and then from another Country within a certain amount of time, it generates a "Impossible travel time" error and alerts us. The idea is that if you sign into your computer in US and then within 1 hour you sign in from Japan, there is a strong likelihood the account was compromised since it would take another 9+ hours to hop on a plane from the US to Japan. This works really well but recently we’ve had a lot of users traveling and their cell phones seem to undermine the entire system.Users have a mail account on their phone, when they're traveling their phone seem to still communicate to a US datacenter even though their on an international plan/carrier with their US phone (I guess it routes from Europe back to US?). That then constantly triggers the "Impossible travel time" alert as a false positive since they are physically in the other country with their laptop, signing in, but their cell phone still beacons back to a US address.That’s one guess, another guess is there is some sort of token/cache on their phone which is still talking about to the US server. Either way it completely undermines the purpose of this product (except for the users who don’t travel but when they go on vacation the same thing happens)Please let me know your thoughts. This is functionality that is built into Azure Active Directory, so this isn’t anything custom.https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events
Submitted May 08, 2018 at 02:44AM by mactalker
via reddit https://ift.tt/2jCV7Ns
This seems to be a fundamental flaw in how our security is designed but I wanted to see what everyone else is doing.We track user logins to Azure Active Directory, when a log event occurs from within one Country and then from another Country within a certain amount of time, it generates a "Impossible travel time" error and alerts us. The idea is that if you sign into your computer in US and then within 1 hour you sign in from Japan, there is a strong likelihood the account was compromised since it would take another 9+ hours to hop on a plane from the US to Japan. This works really well but recently we’ve had a lot of users traveling and their cell phones seem to undermine the entire system.Users have a mail account on their phone, when they're traveling their phone seem to still communicate to a US datacenter even though their on an international plan/carrier with their US phone (I guess it routes from Europe back to US?). That then constantly triggers the "Impossible travel time" alert as a false positive since they are physically in the other country with their laptop, signing in, but their cell phone still beacons back to a US address.That’s one guess, another guess is there is some sort of token/cache on their phone which is still talking about to the US server. Either way it completely undermines the purpose of this product (except for the users who don’t travel but when they go on vacation the same thing happens)Please let me know your thoughts. This is functionality that is built into Azure Active Directory, so this isn’t anything custom.https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events
Submitted May 08, 2018 at 02:44AM by mactalker
via reddit https://ift.tt/2jCV7Ns
Docs
Azure Active Directory risk events
This topic gives you a detailed overview of what risk events are.
Protectwise cloud based network detection service (bandwidth utilization???)
Does anyone have experience with Protectwise? I got a demo and read the little technical documentation they have publicly available. One component i'm trying to figure out is how bandwidth intensive it is, seeing they claim full pcap to the cloud. Does anyone have experience or knowledge with the product?Any additional thoughts or comments are welcome as well.Thanks in advance!
Submitted May 08, 2018 at 03:41AM by Stevefsmith
via reddit https://ift.tt/2I4vYWI
Does anyone have experience with Protectwise? I got a demo and read the little technical documentation they have publicly available. One component i'm trying to figure out is how bandwidth intensive it is, seeing they claim full pcap to the cloud. Does anyone have experience or knowledge with the product?Any additional thoughts or comments are welcome as well.Thanks in advance!
Submitted May 08, 2018 at 03:41AM by Stevefsmith
via reddit https://ift.tt/2I4vYWI
reddit
r/security - Protectwise cloud based network detection service (bandwidth utilization???)
2 votes and 0 so far on reddit
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers
http://briq.haus/hero
Submitted May 08, 2018 at 06:31AM by robert_brooks
via reddit https://ift.tt/2rxwXrB
http://briq.haus/hero
Submitted May 08, 2018 at 06:31AM by robert_brooks
via reddit https://ift.tt/2rxwXrB
briq.haus
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers | BRIQ | HAUS LTD. SECURITY & INTELLIGENCE
Want to know more than your boss about security concepts and best practices? Want to quickly rise to the top of your class in business intelligence? Learn like the pros on how to spot and prevent security breaches, and how security is not limited to computer…
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
briq.haus
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers | BRIQ | HAUS LTD. SECURITY & INTELLIGENCE
Want to know more than your boss about security concepts and best practices? Want to quickly rise to the top of your class in business intelligence? Learn like the pros on how to spot and prevent security breaches, and how security is not limited to computer…
Ghera, a repository of Android app vulnerability benchmarks
https://ift.tt/2z2DHnl
Submitted May 08, 2018 at 07:09AM by rvprasad
via reddit https://ift.tt/2HWA2fI
https://ift.tt/2z2DHnl
Submitted May 08, 2018 at 07:09AM by rvprasad
via reddit https://ift.tt/2HWA2fI
bitbucket.org
secure-it-i / android-app-vulnerability-benchmarks
Repository of Android app vulnerability benchmarks
Tracy - Assists with finding all sinks and sources of a web application and displays these results in a digestible manner
https://ift.tt/2wmGx6e
Submitted May 08, 2018 at 09:18AM by TechLord2
via reddit https://ift.tt/2ruhBDQ
https://ift.tt/2wmGx6e
Submitted May 08, 2018 at 09:18AM by TechLord2
via reddit https://ift.tt/2ruhBDQ
GitHub
nccgroup/tracy
tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
StreamingPhish - Uses Supervised Machine Learning to Detect Phishing Domains from the Certificate Transparency Log Network (Full Sources)
https://ift.tt/2rsOhhS
Submitted May 08, 2018 at 09:43AM by TechLord2
via reddit https://ift.tt/2FTUDvk
https://ift.tt/2rsOhhS
Submitted May 08, 2018 at 09:43AM by TechLord2
via reddit https://ift.tt/2FTUDvk
GitHub
wesleyraptor/streamingphish
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network. - wesleyraptor/streamingphish
kids these days
https://ift.tt/2K4RB9X
Submitted May 08, 2018 at 12:12PM by Majortom80
via reddit https://ift.tt/2rsdRE1
https://ift.tt/2K4RB9X
Submitted May 08, 2018 at 12:12PM by Majortom80
via reddit https://ift.tt/2rsdRE1
How secure is CloudFlare "flexible SSL" option
CloudFlare "flexible SSL" puts the TLS termination point into CloudFlare's cloud, under their control. They can inspect any data sent to and from your web-server and the security is as strong as theirs.That means that the web-traffic can be intercepted between the CloudFlare and your own environment. That could happen:at your own servers;at your ISP and any routers between them and CloudFlare; orinside CloudFlare cloud.The security of your data is no longer fully under your own control - it is very much in the hands of CloudFlare. In practical terms, it doesn't have to be significantly less secure, but it creates several new weak points.... and a couple more points about the Flexible SSL, which boil down to a slider between "convenience" and "control".I wonder, which way are people likely to push this slider.How secure is CloudFlare “flexible SSL” option
Submitted May 08, 2018 at 01:20PM by dc352
via reddit https://ift.tt/2KHM8qG
CloudFlare "flexible SSL" puts the TLS termination point into CloudFlare's cloud, under their control. They can inspect any data sent to and from your web-server and the security is as strong as theirs.That means that the web-traffic can be intercepted between the CloudFlare and your own environment. That could happen:at your own servers;at your ISP and any routers between them and CloudFlare; orinside CloudFlare cloud.The security of your data is no longer fully under your own control - it is very much in the hands of CloudFlare. In practical terms, it doesn't have to be significantly less secure, but it creates several new weak points.... and a couple more points about the Flexible SSL, which boil down to a slider between "convenience" and "control".I wonder, which way are people likely to push this slider.How secure is CloudFlare “flexible SSL” option
Submitted May 08, 2018 at 01:20PM by dc352
via reddit https://ift.tt/2KHM8qG
Magic of Security
How secure is CloudFlare “flexible SSL” option
One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly …
GravityRAT: the trojan with a unique trick for evading analysis
https://ift.tt/2rt2Ykh
Submitted May 08, 2018 at 02:06PM by wlscr
via reddit https://ift.tt/2KHdZay
https://ift.tt/2rt2Ykh
Submitted May 08, 2018 at 02:06PM by wlscr
via reddit https://ift.tt/2KHdZay
NS Tech
GravityRAT: the trojan with a unique trick for evading analysis - NS Tech
GravityRAT, a remote access trojan targeting organisations across India, features an unusual trick for evading analysis: taking a reading of the target computer’s temperature. A high reading suggests the device is running a series of virtual machines – digital…
Thousands of companies vulnerable to an 'Equifax-style' hack
https://ift.tt/2I2wbK7
Submitted May 08, 2018 at 02:05PM by wlscr
via reddit https://ift.tt/2rnT2Zo
https://ift.tt/2I2wbK7
Submitted May 08, 2018 at 02:05PM by wlscr
via reddit https://ift.tt/2rnT2Zo
ZDNet
After Equifax breach, major firms still rely on same flawed software
At least seven tech giants still use the vulnerable software that hackers exploited to attack Equifax last year.
NSA sought data on 534 MILLION phone calls in 2017
https://ift.tt/2Io4GOr
Submitted May 08, 2018 at 02:04PM by wlscr
via reddit https://ift.tt/2KHe12a
https://ift.tt/2Io4GOr
Submitted May 08, 2018 at 02:04PM by wlscr
via reddit https://ift.tt/2KHe12a
www.theregister.co.uk
NSA sought data on 534 MILLION phone calls in 2017
Compared to 151 million in 2016, perhaps due to dupes rather than spy boom
RouterSploit 3.0 is out - Exploitation Framework for Embedded Devices
https://ift.tt/2rrxA6A
Submitted May 08, 2018 at 04:02PM by lucyoa
via reddit https://ift.tt/2jEHQ76
https://ift.tt/2rrxA6A
Submitted May 08, 2018 at 04:02PM by lucyoa
via reddit https://ift.tt/2jEHQ76
[x-post /r/javanoscript] MS brings JavaScript to Excel
https://ift.tt/2whh9ys
Submitted May 08, 2018 at 03:32PM by SkyLunat1c
via reddit https://ift.tt/2IlvkY9
https://ift.tt/2whh9ys
Submitted May 08, 2018 at 03:32PM by SkyLunat1c
via reddit https://ift.tt/2IlvkY9
reddit
[x-post /r/javanoscript] MS brings JavaScript to Excel • r/netsec
3 points and 3 comments so far on reddit
Knox County Tennessee Election Site Hit With DDOS Attack During Primary
https://ift.tt/2JXrkKv
Submitted May 08, 2018 at 03:44PM by whitehattracker
via reddit https://ift.tt/2I7F0m0
https://ift.tt/2JXrkKv
Submitted May 08, 2018 at 03:44PM by whitehattracker
via reddit https://ift.tt/2I7F0m0
BleepingComputer
Knox County Tennessee Election Site Hit With DDOS Attack During Primary
On Tuesday the web site used to display the voting results for the Knox County, Tennessee mayoral primary was taken offline by a distributed denial-of-service attack. This prevented voters from being able to access the site and view the results of the primary.