Object Linking and Embedding for Process Control Unified Automation (OPC UA) security analysis
https://ift.tt/2wrTgEL
Submitted May 11, 2018 at 12:58AM by TheUglyStranger
via reddit https://ift.tt/2wxkdqn
https://ift.tt/2wrTgEL
Submitted May 11, 2018 at 12:58AM by TheUglyStranger
via reddit https://ift.tt/2wxkdqn
Securelist - Kaspersky Lab’s cyberthreat research and reports
OPC UA security analysis
This article discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. We hope to draw the attention of vendors that develop software for industrial automation systems and the industrial IoT to problems associated…
Censys.io Guide: Discover SCADA and Phishing Sites
https://ift.tt/2G4puFj
Submitted May 10, 2018 at 08:57PM by patrikhudak
via reddit https://ift.tt/2IwDop7
https://ift.tt/2G4puFj
Submitted May 10, 2018 at 08:57PM by patrikhudak
via reddit https://ift.tt/2IwDop7
reddit
Censys.io Guide: Discover SCADA and Phishing Sites • r/netsec
1 points and 0 comments so far on reddit
Malware Abuses Chrome Extensions to Cryptomine and Steal Data
https://ift.tt/2jNQH6N
Submitted May 11, 2018 at 08:12AM by Prav123
via reddit https://ift.tt/2KQ0K7w
https://ift.tt/2jNQH6N
Submitted May 11, 2018 at 08:12AM by Prav123
via reddit https://ift.tt/2KQ0K7w
Radware Blog
Nigelthorn Malware Abuses Chrome Extensions to Cryptomine and Steal Data | Radware Blog
Individual research contributed by Adi Raff and Yuval Shapira. On May 3, 2018, Radware’s malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware…
Iranian Hackers Expected to React to U.S. Exit of Nuclear Deal
https://ift.tt/2I6G7q5
Submitted May 11, 2018 at 06:30AM by Iot_Security
via reddit https://ift.tt/2IcVNDW
https://ift.tt/2I6G7q5
Submitted May 11, 2018 at 06:30AM by Iot_Security
via reddit https://ift.tt/2IcVNDW
IoT Institute
Iranian Hackers Expected to React to U.S. Exit of Nuclear Deal
The 2010 Stuxnet attack against Iran has become a prime example of an IoT attack. Now that the U.S. has exited the Iranian nuclear deal, retaliation is likely.
Week 19 in Information Security, 2018
https://ift.tt/2ryXpkz
Submitted May 11, 2018 at 11:42AM by undercomm
via reddit https://ift.tt/2KSZ513
https://ift.tt/2ryXpkz
Submitted May 11, 2018 at 11:42AM by undercomm
via reddit https://ift.tt/2KSZ513
Malgregator
InfoSec Week 19, 2018
There is a first ransomware which is taking advantage of a new Process Doppelgänging fileless code injection technique. Working on all...
British spies linked up with CIA WikiLeaks reveals
https://ift.tt/2lXO94z
Submitted May 11, 2018 at 01:41PM by dengorilla1
via reddit https://ift.tt/2I4TuH4
https://ift.tt/2lXO94z
Submitted May 11, 2018 at 01:41PM by dengorilla1
via reddit https://ift.tt/2I4TuH4
Mail Online
British spies linked up with CIA WikiLeaks reveals
MI5 worked with their US counterparts to develop software that convinced people their sets were switched off when in fact they were on and recording every word they say.
Huawei smartphone shipments grow in Europe, says Canalys - Video | ZDNet
https://ift.tt/2IbrCNr
Submitted May 11, 2018 at 02:22PM by wlscr
via reddit https://ift.tt/2I9yzTi
https://ift.tt/2IbrCNr
Submitted May 11, 2018 at 02:22PM by wlscr
via reddit https://ift.tt/2I9yzTi
ZDNet
Huawei smartphone shipments grow in Europe, says Canalys - Video | ZDNet
Huawei and its compatriot Xiaomi further narrowed the gap in smartphone sales over market leaders Samsung and Apple in the region. Read more: https://zd.net/2I9fWe2
UK cell giant EE left a critical code system exposed with a default password
https://ift.tt/2Kc0D52
Submitted May 11, 2018 at 02:20PM by wlscr
via reddit https://ift.tt/2IdyYAa
https://ift.tt/2Kc0D52
Submitted May 11, 2018 at 02:20PM by wlscr
via reddit https://ift.tt/2IdyYAa
ZDNet
UK cell giant EE left a critical code system exposed with a default password
The code repository contained two million lines of code across EE's website and customer portal.
Google has wild new technology that sounds like a real human on the phone
https://ift.tt/2G4bStP
Submitted May 11, 2018 at 02:15PM by wlscr
via reddit https://ift.tt/2I9yAGQ
https://ift.tt/2G4bStP
Submitted May 11, 2018 at 02:15PM by wlscr
via reddit https://ift.tt/2I9yAGQ
Business Insider
Google has wild new technology that sounds like a real human on the phone, and people already have really strong opinions about…
Google Duplex was the talk of Google I/O, the company's annual developer conference that kicked off this week.
USB Security Software at Edukrypt
https://ift.tt/2wx2Hmf
Submitted May 11, 2018 at 04:06PM by edukrypt1
via reddit https://ift.tt/2rAFzym
https://ift.tt/2wx2Hmf
Submitted May 11, 2018 at 04:06PM by edukrypt1
via reddit https://ift.tt/2rAFzym
www.edukrypt.in
DVD, USB, Hard Disk & Lecture Security Software | Edukrypt
EDUKRYPT is India’s leading DVD, USB, Hard Disk Security Software providers for Offline Lecture Playback. You can find here DVD security software, USB security software, Hard Disk Security Software, encrypted video player, Video Security Android App & Lecture…
Question about MAC addresses
Here's something I don't fully understand. So please just tell me if I'm missing something or get something wrong. I get that a MAC address uniquely identifies your computer's hardware and it can be used to identify you. When you visit a website, they have your IP address which you can hide with a VPN. This obviously isn't foolproof since I've seen webRTC being able to get your actual IP if you have JavaScript enabled but for the average person, it'd be fine. But when you look at all of these guides for being more secure online, they always talk about IPs but never mention MAC addresses and if they do, it's only in passing and is something like "Kali Linux comes with a tool called MACchanger if that interests you". What I don't get is, people make a point of spoofing their MAC address but this only seems to be when they're going to commit a cyber crime of some sort and I really don't see many people doing it just to be more secure like when they use VPNs to mask their actual IP. So is it pointless to try and coverup your MAC address, as someone not looking to do anything illegal? Do websites not have access to it even though you're using a VPN? I mean, if you were to use a VPN but did nothing to hide your MAC address, would that be a security flaw? Who can see your MAC address? The same who can see your IP? I remember Snowden saying that the government can track us using our MAC addresses but I guess it's pointless to try and hide yourself from the NSA since you'd probably lose unless you've got a 400 IQ.
Submitted May 11, 2018 at 04:56PM by deeptoot2332
via reddit https://ift.tt/2G4pMw8
Here's something I don't fully understand. So please just tell me if I'm missing something or get something wrong. I get that a MAC address uniquely identifies your computer's hardware and it can be used to identify you. When you visit a website, they have your IP address which you can hide with a VPN. This obviously isn't foolproof since I've seen webRTC being able to get your actual IP if you have JavaScript enabled but for the average person, it'd be fine. But when you look at all of these guides for being more secure online, they always talk about IPs but never mention MAC addresses and if they do, it's only in passing and is something like "Kali Linux comes with a tool called MACchanger if that interests you". What I don't get is, people make a point of spoofing their MAC address but this only seems to be when they're going to commit a cyber crime of some sort and I really don't see many people doing it just to be more secure like when they use VPNs to mask their actual IP. So is it pointless to try and coverup your MAC address, as someone not looking to do anything illegal? Do websites not have access to it even though you're using a VPN? I mean, if you were to use a VPN but did nothing to hide your MAC address, would that be a security flaw? Who can see your MAC address? The same who can see your IP? I remember Snowden saying that the government can track us using our MAC addresses but I guess it's pointless to try and hide yourself from the NSA since you'd probably lose unless you've got a 400 IQ.
Submitted May 11, 2018 at 04:56PM by deeptoot2332
via reddit https://ift.tt/2G4pMw8
Comment Installer Tor sur Kali Linux 4.14.x How to Install Tor on Kali Linux 4.14.x
https://ift.tt/2jNSOHC
Submitted May 11, 2018 at 04:49PM by espion7
via reddit https://ift.tt/2G61UZ8
https://ift.tt/2jNSOHC
Submitted May 11, 2018 at 04:49PM by espion7
via reddit https://ift.tt/2G61UZ8
ntic974.blogspot.co.uk
Installer Tor sur Kali Linux 4.14
Pour connaître la version de Kali Linux, lancer la commande suivante dans une fenêtre terminal : uname --all Un exemple de version est : ...
Evolution of 3GPP over-the-air security
https://ift.tt/2IdVCbE
Submitted May 11, 2018 at 05:50PM by nikolax99
via reddit https://ift.tt/2wxdDQT
https://ift.tt/2IdVCbE
Submitted May 11, 2018 at 05:50PM by nikolax99
via reddit https://ift.tt/2wxdDQT
gdelugre.github.io
Evolution of 3GPP over-the-air security
An overview of the security of the 3GPP radio interfaces, from 2G to 5G
Not Your Server, But Still Your Code (serverless security LA)
https://sprky.co/talks/
Submitted May 11, 2018 at 06:43PM by sprkyco
via reddit https://ift.tt/2IekRuz
https://sprky.co/talks/
Submitted May 11, 2018 at 06:43PM by sprkyco
via reddit https://ift.tt/2IekRuz
reddit
r/netsec - Not Your Server, But Still Your Code (serverless security LA)
0 votes and 1 so far on reddit
Security In 5: Episode 236 - Tools, Tips and Tricks - OpenVAS
https://ift.tt/2G5fOL5
Submitted May 11, 2018 at 06:39PM by BinaryBlog
via reddit https://ift.tt/2jQBd1S
https://ift.tt/2G5fOL5
Submitted May 11, 2018 at 06:39PM by BinaryBlog
via reddit https://ift.tt/2jQBd1S
Libsyn
Security In Five Podcast: Episode 236 - Tools, Tips and Tricks - OpenVAS
Vulnerability scanning should be a regular security function for your environment. However, that requires some investment but there are open source alternatives. This week's tools, tips and tricks episode talks about OpenVAS, the open source vulnerability…
How to install Tor on Kali Linux 4.14.x (and other Linux versions)
https://ift.tt/2G7FBSK
Submitted May 11, 2018 at 07:26PM by espion7
via reddit https://ift.tt/2jNBZfX
https://ift.tt/2G7FBSK
Submitted May 11, 2018 at 07:26PM by espion7
via reddit https://ift.tt/2jNBZfX
ntic974.blogspot.co.uk
How to install Tor on Kali Linux 4.14.x
Here is the easiest way to install tor on Kali Linux (or any other Linux system), without having to configure sources for apt-get : To vie...
SMB hash hijacking & user tracking in MS Outlook (CVE-2017-11927 and CVE-2017-8572)
https://ift.tt/2KbJ6tF
Submitted May 11, 2018 at 09:43PM by digicat
via reddit https://ift.tt/2rCBokP
https://ift.tt/2KbJ6tF
Submitted May 11, 2018 at 09:43PM by digicat
via reddit https://ift.tt/2rCBokP
Google may share your email address with malicious websites
https://ift.tt/2KUYtrU
Submitted May 11, 2018 at 10:47PM by albinowax
via reddit https://ift.tt/2G5WAF9
https://ift.tt/2KUYtrU
Submitted May 11, 2018 at 10:47PM by albinowax
via reddit https://ift.tt/2G5WAF9
The Daily Swig | Web security digest
Google may share your email address with malicious websites
It can happen with just one click.
Launching a Public HackerOne Vulnerability Disclosure Program
https://ift.tt/2wy5mw3
Submitted May 11, 2018 at 11:02PM by jamieweb
via reddit https://ift.tt/2KbbFHN
https://ift.tt/2wy5mw3
Submitted May 11, 2018 at 11:02PM by jamieweb
via reddit https://ift.tt/2KbbFHN
www.jamieweb.net
Launching a Public HackerOne Security Vulnerability Disclosure Program
A write-up of launching the public HackerOne security vulnerability disclosure program for JamieWeb. hackerone.com/jamieweb
Federal government claims DCNS data leak has 'no bearing' on Australia
https://ift.tt/2bC0tHN
Submitted May 12, 2018 at 12:58AM by dengorilla1
via reddit https://ift.tt/2KbwjaP
https://ift.tt/2bC0tHN
Submitted May 12, 2018 at 12:58AM by dengorilla1
via reddit https://ift.tt/2KbwjaP
ZDNet
Federal government claims DCNS data leak has 'no bearing' on Australia
Australia has not been affected by leaked documents revealing details around the combat capability of submarines that French company DCNS built for the Indian Navy, the government has said.
The private key of an SSL certificate that belongs to a brazilian bank has been leaked. What are the risks?
Some background first: last week, some data from a Brazilian bank named Inter was rumored to have been leaked. That included personal data, documents, transaction logs, credit card passwords, everything a bank could possibly have, including the certificate's private key. The bank denied everything.Two days ago some guy showed up on r/brasil claiming he obtained the private key from somewhere public, which he did not disclose. Someone suggested that he signed a message to prove he had it, which he successfully did and can be verified here. It's worth noting that the certificate in question had been replaced on the website in march but did not expire and was still valid.The obvious reaction to this would be for the bank to ask for the revocation to the Certificate Authority, in this case, Go Daddy. The surprising thing is: it's been more than 48 hours since this went public and the certificate has not been revoked yet. The bank is dead silent about this.Considering the keys have fallen in malicious hands which intends to do man-in-the-middle attacks, what are the possible attack vectors from which this is possible? I know DNS spoofing is a possibility. Are there other types of attacks which can originate from this? Some relatives have bank accounts there and are worried. Thanks in advance.
Submitted May 12, 2018 at 12:40AM by Capable_Professional
via reddit https://ift.tt/2rADnGT
Some background first: last week, some data from a Brazilian bank named Inter was rumored to have been leaked. That included personal data, documents, transaction logs, credit card passwords, everything a bank could possibly have, including the certificate's private key. The bank denied everything.Two days ago some guy showed up on r/brasil claiming he obtained the private key from somewhere public, which he did not disclose. Someone suggested that he signed a message to prove he had it, which he successfully did and can be verified here. It's worth noting that the certificate in question had been replaced on the website in march but did not expire and was still valid.The obvious reaction to this would be for the bank to ask for the revocation to the Certificate Authority, in this case, Go Daddy. The surprising thing is: it's been more than 48 hours since this went public and the certificate has not been revoked yet. The bank is dead silent about this.Considering the keys have fallen in malicious hands which intends to do man-in-the-middle attacks, what are the possible attack vectors from which this is possible? I know DNS spoofing is a possibility. Are there other types of attacks which can originate from this? Some relatives have bank accounts there and are worried. Thanks in advance.
Submitted May 12, 2018 at 12:40AM by Capable_Professional
via reddit https://ift.tt/2rADnGT
Gist
Verifying Banco Intermedium's private key leak
Verifying Banco Intermedium's private key leak. GitHub Gist: instantly share code, notes, and snippets.