Researchers Say More Spectre-Related CPU Flaws On Horizon
https://ift.tt/2s0PRIa
Submitted May 23, 2018 at 11:13PM by volci
via reddit https://ift.tt/2khPSmL
https://ift.tt/2s0PRIa
Submitted May 23, 2018 at 11:13PM by volci
via reddit https://ift.tt/2khPSmL
Threatpost | The first stop for security news
Researchers Say More Spectre-Related CPU Flaws On Horizon
After another speculative execution side channel-related flaw has been disclosed in processors, security experts say that more may be on the horizon.Researchers on Monday disclosed Variant 4, a
Can an unattended laptop be bugged without symptoms? Micro-sized exploits?
I have a very shady roommate in my household...she openly talks about cheating others and words it in ways as though it is legitimate.Is it possible for her to bug my laptop in a way where I would never know and that antivirus wouldn't detect it? I mean I visually look at the outside of my computer for obvious *visible* hardware exploits and don't see any, but are nano or micro sized bugs possible?She knows I own digital assets. And I haven't logged in to anything for 3 months now in fear she might have done something to my computer. I wouldn't put it past her to hire a hacker. Shes very sophisticated.I should probably just get a new computer and guard it but would still appreciate input on the matter
Submitted May 23, 2018 at 10:57PM by canyonnight832
via reddit https://ift.tt/2x9CryI
I have a very shady roommate in my household...she openly talks about cheating others and words it in ways as though it is legitimate.Is it possible for her to bug my laptop in a way where I would never know and that antivirus wouldn't detect it? I mean I visually look at the outside of my computer for obvious *visible* hardware exploits and don't see any, but are nano or micro sized bugs possible?She knows I own digital assets. And I haven't logged in to anything for 3 months now in fear she might have done something to my computer. I wouldn't put it past her to hire a hacker. Shes very sophisticated.I should probably just get a new computer and guard it but would still appreciate input on the matter
Submitted May 23, 2018 at 10:57PM by canyonnight832
via reddit https://ift.tt/2x9CryI
reddit
Can an unattended laptop be bugged without symptoms?... • r/security
I have a very shady roommate in my household...she openly talks about cheating others and words it in ways as though it is legitimate. Is it...
How I Hacked Into One of the Most Popular Dating Websites
https://ift.tt/2wxx8sj
Submitted May 23, 2018 at 11:41PM by stevewatson301
via reddit https://ift.tt/2x5ITqh
https://ift.tt/2wxx8sj
Submitted May 23, 2018 at 11:41PM by stevewatson301
via reddit https://ift.tt/2x5ITqh
Medium
How I Hacked Into One of the Most Popular Dating Websites
A story of poor backend security in midst of scandals and new regulations.
OpenMediaVault NAS setup, can internet facing services be hosted on same VM (in docker containers)?
https://ift.tt/2s82Gj9
Submitted May 23, 2018 at 11:45PM by proxfire44
via reddit https://ift.tt/2kiYSrL
https://ift.tt/2s82Gj9
Submitted May 23, 2018 at 11:45PM by proxfire44
via reddit https://ift.tt/2kiYSrL
reddit
OpenMediaVault NAS setup, can internet facing... • r/HomeNetworking
I recently setup an OpenMediaVault VM to use as a NAS and possibly host some services \(personal cloud, media server, music streaming, torrent...
PassProtect - Proactive Web Security
https://ift.tt/2IZVAYG
Submitted May 24, 2018 at 12:40AM by rdegges
via reddit https://ift.tt/2J4u8sK
https://ift.tt/2IZVAYG
Submitted May 24, 2018 at 12:40AM by rdegges
via reddit https://ift.tt/2J4u8sK
Okta
Announcing PassProtect - Proactive Web Security | Okta Developer
A look at our new developer library (and browser extension): PassProtect. PassProtect integrates with haveibeenpwned to check credentials you use against breached data lists, and notifies you when something bad happens.
Can a USB DVD reader/writer get infected once connected to a computer that had many malwares before ? Thanks !
I am reposting this because I did an error in the topic
Submitted May 24, 2018 at 01:39AM by aymanbt
via reddit https://ift.tt/2LpiuXJ
I am reposting this because I did an error in the topic
Submitted May 24, 2018 at 01:39AM by aymanbt
via reddit https://ift.tt/2LpiuXJ
reddit
Can a USB DVD reader/writer get infected once... • r/security
I am reposting this because I did an error in the topic
Exclusive: FBI Seizes Control of Russian Botnet
No text found
Submitted May 24, 2018 at 05:59AM by foucaultyou
via reddit https://ift.tt/2x4nr57
No text found
Submitted May 24, 2018 at 05:59AM by foucaultyou
via reddit https://ift.tt/2x4nr57
reddit
Exclusive: FBI Seizes Control of Russian Botnet • r/security
2 points and 0 comments so far on reddit
Hackers infect 500,000 consumer routers all over the world with malware
https://ift.tt/2IIWOEf
Submitted May 24, 2018 at 04:59AM by fstorino
via reddit https://ift.tt/2IMa62U
https://ift.tt/2IIWOEf
Submitted May 24, 2018 at 04:59AM by fstorino
via reddit https://ift.tt/2IMa62U
Ars Technica
Hackers infect 500,000 consumer routers all over the world with malware
VPNFilter can survive reboots and contains destructive "kill" function.
SSRF in Exchange leads to ROOT access in all instances
https://ift.tt/2KLhEn1
Submitted May 24, 2018 at 09:14AM by 1lastBr3ath
via reddit https://ift.tt/2xaJzLe
https://ift.tt/2KLhEn1
Submitted May 24, 2018 at 09:14AM by 1lastBr3ath
via reddit https://ift.tt/2xaJzLe
HackerOne
Shopify disclosed on HackerOne: SSRF in Exchange leads to ROOT...
Shopify infrastructure is isolated into subsets of infrastructure. @0xacb reported it was possible to gain root access to any container in one particular subset by exploiting a server side request...
Compromising Thousands of Websites Through a CDN
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 06:53AM by justicz
via reddit https://ift.tt/2s2O5q0
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 06:53AM by justicz
via reddit https://ift.tt/2s2O5q0
justi.cz
Compromising Thousands of Websites Through a CDN
tl;dr unpkg.com is a pretty popular CDN for serving up assets from npm packages. I found a vulnerability in a tar implementation that allowed me to write arb...
Ransomeware
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
YouTube
Watch hackers break into the US power grid
A power company in the Midwest hired a group of white hat hackers known as RedTeam Security to test its defenses. We followed them around for 3 days, as they...
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
mksben.l0.cm
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
In this blogpost, I'd like to write about a CSP strict-dynamic bypass vulnerability which is fixed in Firefox 60. https://www.mozilla.org/...
HTTPS Weaknesses
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
Medium
HTTPS Weaknesses
Sometimes not technical people selling IT services or products answer the question “How about the reliability of your system?” as follows…
Compromising Thousands of Websites Through a CDN
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
justi.cz
Compromising Thousands of Websites Through a CDN
tl;dr unpkg.com is a pretty popular CDN for serving up assets from npm packages. I found a vulnerability in a tar implementation that allowed me to write arb...
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
The Advocate
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
A year after a New Orleans plastic surgeon was acquitted on video voyeurism charges for filming patients while nude, lawmakers are advancing a bill to expand the state’s video voyeurism
Keeping your powder coated security screens looking good
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
North
Keeping your powdercoated security screens looking good - North
Like many products that are found outdoors, security doors and screens are powdercoated to protect them from the elements and keep them looking good. Other familiar items that have powdercoating include window joinery, entrance or garage doors, letter boxes…
Security In 5: Episode 245 - Improve Your Organization Security Behaviors
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
Libsyn
Security In Five Podcast: Episode 245 - Improve Your Organization Security Behaviors
Security is about people. Your program's effectiveness comes down to the ability of the people following the policies to behave in a secure way. This episode goes into a few tips on how to help an organization improve the security behaviors of the employees. …
Why is TCPcrypt not widely used?
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
reddit
Why is TCPcrypt not widely used? • r/security
1 points and 0 comments so far on reddit
Z-Shave - a downgrade attack against the latest Z-Wave security standard
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
Pentestpartners
Z-Shave. Exploiting Z-Wave downgrade attacks | Pen Test Partners
TL;DR: Stronger S2 Z-Wave pairing security process can be downgraded to weak S0, exposing smart devices to compromise. Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices ('nodes') when the…
TR-069: IoT before it was cool! Analysis of TR-069 (TCP 7547) exposure and attacks over time
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
Sec-Consult
TR-069: IoT before it was cool! | SEC Consult
TR-069 is the most widespread IoT management protocol. Most likely, you have a few devices in your home that use it on a daily basis. SEC Consult found some interesting vulnerabilities.
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
Doyensec
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.