***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
http://briq.haus/hero
Submitted May 08, 2018 at 06:32AM by robert_brooks
via reddit https://ift.tt/2JXG9Na
briq.haus
***FREE EBOOK*** SECURITY HERO 101: How To Know More About Security Than Your Employers | BRIQ | HAUS LTD. SECURITY & INTELLIGENCE
Want to know more than your boss about security concepts and best practices? Want to quickly rise to the top of your class in business intelligence? Learn like the pros on how to spot and prevent security breaches, and how security is not limited to computer…
Ghera, a repository of Android app vulnerability benchmarks
https://ift.tt/2z2DHnl
Submitted May 08, 2018 at 07:09AM by rvprasad
via reddit https://ift.tt/2HWA2fI
https://ift.tt/2z2DHnl
Submitted May 08, 2018 at 07:09AM by rvprasad
via reddit https://ift.tt/2HWA2fI
bitbucket.org
secure-it-i / android-app-vulnerability-benchmarks
Repository of Android app vulnerability benchmarks
Tracy - Assists with finding all sinks and sources of a web application and displays these results in a digestible manner
https://ift.tt/2wmGx6e
Submitted May 08, 2018 at 09:18AM by TechLord2
via reddit https://ift.tt/2ruhBDQ
https://ift.tt/2wmGx6e
Submitted May 08, 2018 at 09:18AM by TechLord2
via reddit https://ift.tt/2ruhBDQ
GitHub
nccgroup/tracy
tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
StreamingPhish - Uses Supervised Machine Learning to Detect Phishing Domains from the Certificate Transparency Log Network (Full Sources)
https://ift.tt/2rsOhhS
Submitted May 08, 2018 at 09:43AM by TechLord2
via reddit https://ift.tt/2FTUDvk
https://ift.tt/2rsOhhS
Submitted May 08, 2018 at 09:43AM by TechLord2
via reddit https://ift.tt/2FTUDvk
GitHub
wesleyraptor/streamingphish
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network. - wesleyraptor/streamingphish
kids these days
https://ift.tt/2K4RB9X
Submitted May 08, 2018 at 12:12PM by Majortom80
via reddit https://ift.tt/2rsdRE1
https://ift.tt/2K4RB9X
Submitted May 08, 2018 at 12:12PM by Majortom80
via reddit https://ift.tt/2rsdRE1
How secure is CloudFlare "flexible SSL" option
CloudFlare "flexible SSL" puts the TLS termination point into CloudFlare's cloud, under their control. They can inspect any data sent to and from your web-server and the security is as strong as theirs.That means that the web-traffic can be intercepted between the CloudFlare and your own environment. That could happen:at your own servers;at your ISP and any routers between them and CloudFlare; orinside CloudFlare cloud.The security of your data is no longer fully under your own control - it is very much in the hands of CloudFlare. In practical terms, it doesn't have to be significantly less secure, but it creates several new weak points.... and a couple more points about the Flexible SSL, which boil down to a slider between "convenience" and "control".I wonder, which way are people likely to push this slider.How secure is CloudFlare “flexible SSL” option
Submitted May 08, 2018 at 01:20PM by dc352
via reddit https://ift.tt/2KHM8qG
CloudFlare "flexible SSL" puts the TLS termination point into CloudFlare's cloud, under their control. They can inspect any data sent to and from your web-server and the security is as strong as theirs.That means that the web-traffic can be intercepted between the CloudFlare and your own environment. That could happen:at your own servers;at your ISP and any routers between them and CloudFlare; orinside CloudFlare cloud.The security of your data is no longer fully under your own control - it is very much in the hands of CloudFlare. In practical terms, it doesn't have to be significantly less secure, but it creates several new weak points.... and a couple more points about the Flexible SSL, which boil down to a slider between "convenience" and "control".I wonder, which way are people likely to push this slider.How secure is CloudFlare “flexible SSL” option
Submitted May 08, 2018 at 01:20PM by dc352
via reddit https://ift.tt/2KHM8qG
Magic of Security
How secure is CloudFlare “flexible SSL” option
One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly …
GravityRAT: the trojan with a unique trick for evading analysis
https://ift.tt/2rt2Ykh
Submitted May 08, 2018 at 02:06PM by wlscr
via reddit https://ift.tt/2KHdZay
https://ift.tt/2rt2Ykh
Submitted May 08, 2018 at 02:06PM by wlscr
via reddit https://ift.tt/2KHdZay
NS Tech
GravityRAT: the trojan with a unique trick for evading analysis - NS Tech
GravityRAT, a remote access trojan targeting organisations across India, features an unusual trick for evading analysis: taking a reading of the target computer’s temperature. A high reading suggests the device is running a series of virtual machines – digital…
Thousands of companies vulnerable to an 'Equifax-style' hack
https://ift.tt/2I2wbK7
Submitted May 08, 2018 at 02:05PM by wlscr
via reddit https://ift.tt/2rnT2Zo
https://ift.tt/2I2wbK7
Submitted May 08, 2018 at 02:05PM by wlscr
via reddit https://ift.tt/2rnT2Zo
ZDNet
After Equifax breach, major firms still rely on same flawed software
At least seven tech giants still use the vulnerable software that hackers exploited to attack Equifax last year.
NSA sought data on 534 MILLION phone calls in 2017
https://ift.tt/2Io4GOr
Submitted May 08, 2018 at 02:04PM by wlscr
via reddit https://ift.tt/2KHe12a
https://ift.tt/2Io4GOr
Submitted May 08, 2018 at 02:04PM by wlscr
via reddit https://ift.tt/2KHe12a
www.theregister.co.uk
NSA sought data on 534 MILLION phone calls in 2017
Compared to 151 million in 2016, perhaps due to dupes rather than spy boom
RouterSploit 3.0 is out - Exploitation Framework for Embedded Devices
https://ift.tt/2rrxA6A
Submitted May 08, 2018 at 04:02PM by lucyoa
via reddit https://ift.tt/2jEHQ76
https://ift.tt/2rrxA6A
Submitted May 08, 2018 at 04:02PM by lucyoa
via reddit https://ift.tt/2jEHQ76
[x-post /r/javanoscript] MS brings JavaScript to Excel
https://ift.tt/2whh9ys
Submitted May 08, 2018 at 03:32PM by SkyLunat1c
via reddit https://ift.tt/2IlvkY9
https://ift.tt/2whh9ys
Submitted May 08, 2018 at 03:32PM by SkyLunat1c
via reddit https://ift.tt/2IlvkY9
reddit
[x-post /r/javanoscript] MS brings JavaScript to Excel • r/netsec
3 points and 3 comments so far on reddit
Knox County Tennessee Election Site Hit With DDOS Attack During Primary
https://ift.tt/2JXrkKv
Submitted May 08, 2018 at 03:44PM by whitehattracker
via reddit https://ift.tt/2I7F0m0
https://ift.tt/2JXrkKv
Submitted May 08, 2018 at 03:44PM by whitehattracker
via reddit https://ift.tt/2I7F0m0
BleepingComputer
Knox County Tennessee Election Site Hit With DDOS Attack During Primary
On Tuesday the web site used to display the voting results for the Knox County, Tennessee mayoral primary was taken offline by a distributed denial-of-service attack. This prevented voters from being able to access the site and view the results of the primary.
Crypto Me0wing Attacks: Kitty Cashes in on Monero
https://ift.tt/2I0SHa0
Submitted May 08, 2018 at 03:40PM by whitehattracker
via reddit https://ift.tt/2wrewug
https://ift.tt/2I0SHa0
Submitted May 08, 2018 at 03:40PM by whitehattracker
via reddit https://ift.tt/2wrewug
reddit
Crypto Me0wing Attacks: Kitty Cashes in on Monero • r/security
1 points and 0 comments so far on reddit
How to Protect Web Applications From XXE Attacks
https://ift.tt/2jGrmeX
Submitted May 08, 2018 at 05:15PM by hightechbridge
via reddit https://ift.tt/2ItM9jE
https://ift.tt/2jGrmeX
Submitted May 08, 2018 at 05:15PM by hightechbridge
via reddit https://ift.tt/2ItM9jE
Htbridge
How to Protect Your Web Applications From XXE Attacks
XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10.
Security In 5: Episode 233 - Being A Security Professional Means Master A Balance With Flexibility
https://ift.tt/2rt8ALo
Submitted May 08, 2018 at 06:40PM by BinaryBlog
via reddit https://ift.tt/2KKAs6H
https://ift.tt/2rt8ALo
Submitted May 08, 2018 at 06:40PM by BinaryBlog
via reddit https://ift.tt/2KKAs6H
Libsyn
Security In Five Podcast: Episode 233 - Being A Security Professional Means Master A Balance With Flexibility
A security professional is more than the technical and regulatory resource in your company. A security professional needs to know how the business works in order to ensure the security controls are effective but also does not hinder business operations in…
Equifax reveals full horror of its data breach - "146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date). There were also 38,000 US drivers' licenses and 3,200 passport details."
https://ift.tt/2I4hV3t
Submitted May 08, 2018 at 06:40PM by md5sumo
via reddit https://ift.tt/2rsLaWI
https://ift.tt/2I4hV3t
Submitted May 08, 2018 at 06:40PM by md5sumo
via reddit https://ift.tt/2rsLaWI
www.theregister.co.uk
Equifax reveals full horror of its data breach
146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers' licenses and 3,200 passports
How secure is your data when it’s stored in the cloud?
https://ift.tt/2rsV4aC
Submitted May 08, 2018 at 05:16PM by BrRafique1
via reddit https://ift.tt/2KKXBWK
https://ift.tt/2rsV4aC
Submitted May 08, 2018 at 05:16PM by BrRafique1
via reddit https://ift.tt/2KKXBWK
Medium
How secure is your data when it’s stored in the cloud?
As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of…
Podcast: The Evolving Role of the CTO
https://ift.tt/2K3fTB9
Submitted May 08, 2018 at 05:10PM by Uminekoshi
via reddit https://ift.tt/2rtlqt3
https://ift.tt/2K3fTB9
Submitted May 08, 2018 at 05:10PM by Uminekoshi
via reddit https://ift.tt/2rtlqt3
SoundCloud
Episode 9 - The Evolving Role of the CTO with Jason Morris
In this CyberTangent episode, we are joined by Jason Morris, CTO at Next Rev Technologies. Our podcast host is Landon Johnson. Today's topic is "The Evolving Role of the CTO." Let's jump in! Learn mor
Are your IoT devices are mining cryptocurrencies in their spare time?
https://ift.tt/2FXM8zu
Submitted May 08, 2018 at 04:59PM by Iot_Security
via reddit https://ift.tt/2KLI6NZ
https://ift.tt/2FXM8zu
Submitted May 08, 2018 at 04:59PM by Iot_Security
via reddit https://ift.tt/2KLI6NZ
SecuriThings
Are your IoT devices are mining cryptocurrencies in their spare time?
When the masses start to use industry terminology, things have clearly gone mainstream. IoT is now mainstream, and there is no turning back. But, is security ready to move ahead at the speed of [...]
Running yara rules on malware app
I have bunch of yara rules (https://yara.readthedocs.io/en/v3.7.0/) which help me match certain patterns inside an APK. I have local installation of androguard with yara to help me with this regard. My question is, is there a service that I can use that can replace this task?I have seen https://koodous.com/. You can submit your own yara rules and they will attempt to run them whenever a new app is submitted to their system. I attempted to create my own rules but its not working. Moreover, I don't think koodous will run all rule set submitted by all users.Is there an alternative solution?Am also wondering how one might approach such problem?
Submitted May 08, 2018 at 07:44PM by sirackh
via reddit https://ift.tt/2rvfxvt
I have bunch of yara rules (https://yara.readthedocs.io/en/v3.7.0/) which help me match certain patterns inside an APK. I have local installation of androguard with yara to help me with this regard. My question is, is there a service that I can use that can replace this task?I have seen https://koodous.com/. You can submit your own yara rules and they will attempt to run them whenever a new app is submitted to their system. I attempted to create my own rules but its not working. Moreover, I don't think koodous will run all rule set submitted by all users.Is there an alternative solution?Am also wondering how one might approach such problem?
Submitted May 08, 2018 at 07:44PM by sirackh
via reddit https://ift.tt/2rvfxvt
Koodous — Collaborative Platform for Android Malware Analysts
Koodous is a collaborative platform for researching on Android malware that combines online analysis tools with social interactions between the analysts.
Making and Impact in InfoSec
Hello!I wanted to reach out and see if other people are feeling the way I do and/or get some advice.I have been working in the security community for half a decade now. Lately I have been dealing with this dreadful feeling that the work I am doing is useless. I still like my field. I study new things almost every night and am constantly learning. My company is pretty great to me, but I work for a single customer on a daily basis, and the work feels worthless (for various reasons that I am not going to get into). Like if I disappeared right now, there would be know negative impact to the projects we work on. My mgrs know I want something different, but it may be some time before I sneak out.I know not every job is like this and, when I do make the switch, this may not be a problem anymore. But I'm curious, do others feel this way? Or have felt this way? How do you stay motivated? Or do you not care? Is it worth risking giving up a job at a company that I fit in at and enjoy for someplace that might have more interesting work? Interested in hearing your thoughts.Thanks!
Submitted May 08, 2018 at 08:17PM by wheatless12
via reddit https://ift.tt/2I5NmKL
Hello!I wanted to reach out and see if other people are feeling the way I do and/or get some advice.I have been working in the security community for half a decade now. Lately I have been dealing with this dreadful feeling that the work I am doing is useless. I still like my field. I study new things almost every night and am constantly learning. My company is pretty great to me, but I work for a single customer on a daily basis, and the work feels worthless (for various reasons that I am not going to get into). Like if I disappeared right now, there would be know negative impact to the projects we work on. My mgrs know I want something different, but it may be some time before I sneak out.I know not every job is like this and, when I do make the switch, this may not be a problem anymore. But I'm curious, do others feel this way? Or have felt this way? How do you stay motivated? Or do you not care? Is it worth risking giving up a job at a company that I fit in at and enjoy for someplace that might have more interesting work? Interested in hearing your thoughts.Thanks!
Submitted May 08, 2018 at 08:17PM by wheatless12
via reddit https://ift.tt/2I5NmKL
reddit
r/security - Making and Impact in InfoSec
1 votes and 0 so far on reddit