reCAPTCHA bypass via HTTP Parameter Pollution
https://ift.tt/2sizVjX
Submitted May 29, 2018 at 02:17AM by albinowax
via reddit https://ift.tt/2JfosvZ
https://ift.tt/2sizVjX
Submitted May 29, 2018 at 02:17AM by albinowax
via reddit https://ift.tt/2JfosvZ
reddit
r/netsec - reCAPTCHA bypass via HTTP Parameter Pollution
3 votes and 0 so far on reddit
LevelUp 0x02 - Bug Bounty Hunter conference, full video
On May 26th, Bugcrowd hosted a live conference via Twitch. All of the presentations have been uploaded to YouTube: https://www.youtube.com/playlist?list=PLIK9nm3mu-S6gCKmlC5CDFhWvbEX9fNW6
Submitted May 29, 2018 at 11:36AM by QforQ
via reddit https://ift.tt/2L2R2hh
On May 26th, Bugcrowd hosted a live conference via Twitch. All of the presentations have been uploaded to YouTube: https://www.youtube.com/playlist?list=PLIK9nm3mu-S6gCKmlC5CDFhWvbEX9fNW6
Submitted May 29, 2018 at 11:36AM by QforQ
via reddit https://ift.tt/2L2R2hh
YouTube
LevelUp 0x02 2018
On May 26th 2018, Bugcrowd held the LevelUp 0x02 conference! Watch this playlist for all of the videos from the conference.
Data Exfiltration via Formula Injection #Part1
https://ift.tt/2LExbGt
Submitted May 29, 2018 at 09:08PM by TechLord2
via reddit https://ift.tt/2xnL34T
https://ift.tt/2LExbGt
Submitted May 29, 2018 at 09:08PM by TechLord2
via reddit https://ift.tt/2xnL34T
NotSoSecure
Data Exfiltration via Formula Injection #Part1
We have been investigating methods to find and document ways to extract data from spreadsheets using out of band methods. This blog focuses on Google Sheets & LibreOffice on Linux. Using built-in functions & formula we were able to extract data from within…
ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users)
https://ift.tt/2J9xZVx
Submitted May 30, 2018 at 12:50AM by mandatoryprogrammer
via reddit https://ift.tt/2LH2lgd
https://ift.tt/2J9xZVx
Submitted May 30, 2018 at 12:50AM by mandatoryprogrammer
via reddit https://ift.tt/2LH2lgd
Thehackerblog
ZenMate VPN Browser Extension Hijacking Vulnerability for Chrome & Firefox (3.5 Million Affected Users) | The Hacker Blog
ZenMate, a VPN provider with over 43 million users, offers multiple browser extensions to use their VPN with. As of the time of this writing the browser
CVE-2018-4910: Analyzing an RCE in Adobe Acrobat and the patch that almost fixed it.
https://ift.tt/2sreSvM
Submitted May 30, 2018 at 04:00AM by RedmondSecGnome
via reddit https://ift.tt/2GYSdvL
https://ift.tt/2sreSvM
Submitted May 30, 2018 at 04:00AM by RedmondSecGnome
via reddit https://ift.tt/2GYSdvL
Blue Note: How Intentional Acoustic Interference Damages Availability and Integrity in Hard Disk Drives and Operating Systems
https://ift.tt/2IY36zL
Submitted May 30, 2018 at 06:55AM by Syonyk
via reddit https://ift.tt/2IXP8Oo
https://ift.tt/2IY36zL
Submitted May 30, 2018 at 06:55AM by Syonyk
via reddit https://ift.tt/2IXP8Oo
CVE 2018-11235 - Announcing the May 2018 Git security vulnerability
https://ift.tt/2IVzqHw
Submitted May 30, 2018 at 06:24AM by xtreak
via reddit https://ift.tt/2spmv5x
https://ift.tt/2IVzqHw
Submitted May 30, 2018 at 06:24AM by xtreak
via reddit https://ift.tt/2spmv5x
reddit
r/netsec - CVE 2018-11235 - Announcing the May 2018 Git security vulnerability
1 votes and 0 so far on reddit
CVE-2018-11235 : Security vulnerability in Git
https://ift.tt/2H3pKVM
Submitted May 30, 2018 at 02:36PM by xtreak
via reddit https://ift.tt/2kyXrWn
https://ift.tt/2H3pKVM
Submitted May 30, 2018 at 02:36PM by xtreak
via reddit https://ift.tt/2kyXrWn
Post-Spectre Threat Model Re-Think (Chromium)
https://ift.tt/2ky7LxS
Submitted May 30, 2018 at 02:24PM by albinowax
via reddit https://ift.tt/2siVYYH
https://ift.tt/2ky7LxS
Submitted May 30, 2018 at 02:24PM by albinowax
via reddit https://ift.tt/2siVYYH
0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557)
https://ift.tt/2IXl5dV
Submitted May 30, 2018 at 06:02PM by dielel
via reddit https://ift.tt/2H4fTPk
https://ift.tt/2IXl5dV
Submitted May 30, 2018 at 06:02PM by dielel
via reddit https://ift.tt/2H4fTPk
0Patch
0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557)
by Luka Treiber, 0patch Team In April, Steven Seeley of Source Incite published a report of a vulnerability in Foxit Reader and P...
Eternal RCE on RichFaces
https://ift.tt/2H2Y17P
Submitted May 30, 2018 at 10:33PM by albinowax
via reddit https://ift.tt/2L8mQBt
https://ift.tt/2H2Y17P
Submitted May 30, 2018 at 10:33PM by albinowax
via reddit https://ift.tt/2L8mQBt
Blogspot
Poor RichFaces
RichFaces is one of the most popular component libraries for JavaServer Faces (JSF). In the past, two vulnerabilities (CVE-2013-2165 and CVE...
Practical DMA attack on Windows 10
https://ift.tt/2LaaokT
Submitted May 31, 2018 at 01:06AM by tfairane
via reddit https://ift.tt/2LIFZv2
https://ift.tt/2LaaokT
Submitted May 31, 2018 at 01:06AM by tfairane
via reddit https://ift.tt/2LIFZv2
New Hampshire CitySec Meetup on June 6th
https://ift.tt/2kzb5ZI
Submitted May 31, 2018 at 02:45AM by Kv603
via reddit https://ift.tt/2H4nHAA
https://ift.tt/2kzb5ZI
Submitted May 31, 2018 at 02:45AM by Kv603
via reddit https://ift.tt/2H4nHAA
Eventbrite
June PineSec: A Meetup for InfoSec, Data Security, Hackers, Programmers
PineSec is a"CitySec" Information Security Meetup in Manchester, New Hampshire
Our topic for June is the Internet of Insecure Things. Bring your favorite IoT gadget to be torn apart (literally or figuratively) for our amusement.
PineSec is an informal monthly…
Our topic for June is the Internet of Insecure Things. Bring your favorite IoT gadget to be torn apart (literally or figuratively) for our amusement.
PineSec is an informal monthly…
Understanding Java deserialization
https://ift.tt/2J2nuzR
Submitted May 31, 2018 at 03:50AM by nytrorst
via reddit https://ift.tt/2IVZfr7
https://ift.tt/2J2nuzR
Submitted May 31, 2018 at 03:50AM by nytrorst
via reddit https://ift.tt/2IVZfr7
Nytro Security
Understanding Java deserialization
Some time ago I detailed PHP Object Injection vulnerabilities and this post will get into details of Java deserialization vulnerabilities. The concept is simple: developers use a feature of the pro…
Side-channel attacking browsers through CSS3 features
https://ift.tt/2J3CI7V
Submitted May 31, 2018 at 11:19AM by mandatoryprogrammer
via reddit https://ift.tt/2stzumO
https://ift.tt/2J3CI7V
Submitted May 31, 2018 at 11:19AM by mandatoryprogrammer
via reddit https://ift.tt/2stzumO
ForgotDoor: Routers in Singapore accidentally give complete access to potential IoT attackers
https://ift.tt/2kBSs7f
Submitted May 31, 2018 at 12:59PM by polar
via reddit https://ift.tt/2IZyja7
https://ift.tt/2kBSs7f
Submitted May 31, 2018 at 12:59PM by polar
via reddit https://ift.tt/2IZyja7
NewSky Security
ForgotDoor: Routers in Singapore accidentally give complete access to potential IoT attackers
IoT attacks can be classified into three levels: Level 0 (attacking device with no authentication), Level 1 (guessing a weak/default…
US Cert Alert : HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
https://ift.tt/2GZyD2I
Submitted May 31, 2018 at 01:32PM by RookieJoey
via reddit https://ift.tt/2H8SufJ
https://ift.tt/2GZyD2I
Submitted May 31, 2018 at 01:32PM by RookieJoey
via reddit https://ift.tt/2H8SufJ
www.us-cert.gov
HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm | US-CERT
According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical…
Analysis of a Steam client RCE vulnerability
https://ift.tt/2H88tuB
Submitted May 31, 2018 at 02:10PM by teesee23
via reddit https://ift.tt/2kBgPC8
https://ift.tt/2H88tuB
Submitted May 31, 2018 at 02:10PM by teesee23
via reddit https://ift.tt/2kBgPC8
Context Information Security
Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client | Context Information Security
This blog post explains the story behind a bug which had existed in the Steam client for at least the last ten years, and until last July would have resulted in remote code execution (RCE) in all 15 million active clients.
Rewriting History: A Brief Introduction to Long Range Attacks
https://ift.tt/2sm0wNI
Submitted May 31, 2018 at 05:25PM by alexlash
via reddit https://ift.tt/2noscript4xW
https://ift.tt/2sm0wNI
Submitted May 31, 2018 at 05:25PM by alexlash
via reddit https://ift.tt/2noscript4xW
ICO Security
Rewriting History: A Brief Introduction to Long Range Attacks
Proof of Stake protocols are in the spotlight as more and more high-profile blockchains attempt to switch over from Proof of Work…
Firebird fbudf Module Authenticated Remote Code Execution : CVE-2017-11509
https://ift.tt/2xrUVdG
Submitted May 31, 2018 at 04:47PM by mariuz
via reddit https://ift.tt/2slpjS6
https://ift.tt/2xrUVdG
Submitted May 31, 2018 at 04:47PM by mariuz
via reddit https://ift.tt/2slpjS6
APT28 Rollercoaster: The Lowdown on Hijacked LoJack
https://ift.tt/2H7Ldgd
Submitted June 01, 2018 at 01:43AM by teksquisite
via reddit https://ift.tt/2syL6oW
https://ift.tt/2H7Ldgd
Submitted June 01, 2018 at 01:43AM by teksquisite
via reddit https://ift.tt/2syL6oW
Lastline
APT28 Rollercoaster: The Lowdown on Hijacked LoJack
Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known