Index access of an ABC news server (ABC 11) Thought some of you might enjoy a live one, the ISpy.jpg is hilarious!
https://ift.tt/2t4POuF
Submitted June 13, 2018 at 11:08PM by Olivero
via reddit https://ift.tt/2t45ezq
https://ift.tt/2t4POuF
Submitted June 13, 2018 at 11:08PM by Olivero
via reddit https://ift.tt/2t45ezq
A new Intel CPU bug is revealed - Intel FP security issue
https://ift.tt/2HMfaTr
Submitted June 13, 2018 at 11:01PM by xJRWR
via reddit https://ift.tt/2y7zUpc
https://ift.tt/2HMfaTr
Submitted June 13, 2018 at 11:01PM by xJRWR
via reddit https://ift.tt/2y7zUpc
reddit
r/netsec - A new Intel CPU bug is revealed - Intel FP security issue
1 votes and 1 so far on reddit
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
https://ift.tt/2Jxyyte
Submitted June 14, 2018 at 12:29AM by 0xdea
via reddit https://ift.tt/2HMMI3P
https://ift.tt/2Jxyyte
Submitted June 14, 2018 at 12:29AM by 0xdea
via reddit https://ift.tt/2HMMI3P
McAfee Blogs
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, just be sure not to leave your laptop lying around!
SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
https://ift.tt/2Jz92DQ
Submitted June 14, 2018 at 01:05AM by hannob
via reddit https://ift.tt/2JMSP9W
https://ift.tt/2Jz92DQ
Submitted June 14, 2018 at 01:05AM by hannob
via reddit https://ift.tt/2JMSP9W
reddit
SigSpoof: Spoofing signatures in GnuPG, Enigmail,... • r/netsec
1 points and 0 comments so far on reddit
Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 02:11AM by GH0S1_R33P0R
via reddit https://ift.tt/2Morwon
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 02:11AM by GH0S1_R33P0R
via reddit https://ift.tt/2Morwon
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.
Introducing the Internet Intelligence Map | Dyn Blog
https://ift.tt/2JVmYqW
Submitted June 14, 2018 at 03:50AM by phr3sh_
via reddit https://ift.tt/2LMPGaN
https://ift.tt/2JVmYqW
Submitted June 14, 2018 at 03:50AM by phr3sh_
via reddit https://ift.tt/2LMPGaN
Dyn
Introducing the Internet Intelligence Map | Dyn Blog
Today, we are proud to announce a new website we're calling the Internet Intelligence Map. This free site will help to democratize ...
A Novel Side-Channel Attack gainst ECDSA and DSA - Extract a 256-bit ECDSA Private Key using a Simple Cache Attack by Observing only a Few Thousand Signatures (Whitepaper with Full Poc) - See Comment
https://ift.tt/2l7sJ6V
Submitted June 14, 2018 at 07:57AM by TechLord2
via reddit https://ift.tt/2JPVC5Q
https://ift.tt/2l7sJ6V
Submitted June 14, 2018 at 07:57AM by TechLord2
via reddit https://ift.tt/2JPVC5Q
Polly.JS - A Standalone, Framework-agnostic JavaScript Library that enables Recording, Replaying, and Stubbing HTTP Interactions (Full Sources, API and other Technical Content) - See Comment
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
https://ift.tt/2JgxRjM
Submitted June 14, 2018 at 08:52AM by TechLord2
via reddit https://ift.tt/2HQ2I50
GitHub
Netflix/pollyjs
pollyjs - Record, Replay, and Stub HTTP Interactions.
How to abuse SeLoadDriverPrivilege for privilege escalation
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
https://ift.tt/2lbBWv8
Submitted June 14, 2018 at 02:33PM by gid0rah
via reddit https://ift.tt/2MrNV4j
Tarlogic Security - Cyber Security and Ethical hacking
Abusing SeLoadDriverPrivilege for privilege escalation
0x01 – Preamble
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
In Windows operating systems, it is well known that assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks. Although Microsoft's documentation is quite clear about…
From Secure Messaging to Secure Collaboration
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
https://ift.tt/2yc6d6d
Submitted June 14, 2018 at 06:12PM by sjmurdoch
via reddit https://ift.tt/2LMT05Q
Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
https://ift.tt/2MsW6Np
Submitted June 14, 2018 at 07:05PM by wootock
via reddit https://ift.tt/2ldmLBP
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
https://ift.tt/2lbvp3C
Submitted June 14, 2018 at 09:59PM by 0xbaadf00dsec
via reddit https://ift.tt/2t8rSXu
Intezer
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer
Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we have found evidence of very recent activity by a group referred to as APT15, known for committing cyber espionage which is believed…
How to protect your Django App from the most common hacker attacks
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
https://ift.tt/2ye1PDW
Submitted June 15, 2018 at 12:24AM by isityoupaul
via reddit https://ift.tt/2t8hajz
Templarbit Inc.
Content Security Policy with Django
The best way to protect your Django App from XSS attacks ...
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
https://ift.tt/2HLXTK9
Submitted June 15, 2018 at 01:57AM by Olafhartong
via reddit https://ift.tt/2JK4Xsn
Medium
Endpoint detection Superpowers on the cheap — part 3 — Sysmon Tampering
In part 2, I talked about how to deploy and maintain Sysmon and its configuration.
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
AFTVnews
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
An Android virus, specifically a malware worm variant, has been spreading across Android devices and has started appearing on Amazon Fire TVs and Fire TV Sticks. The worm is not specifically targeting Fire TV devices, but they are vulnerable because of their…
Revised Emotet Downloader - A Technical Analysis
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
0ffset
Post 0x10: A Revised Emotet Downloader
You may remember I wrote a post where I took apart an Emotet Downloader that used Macros and Powershell commands to download Emotet from compromised websites. Well they’ve revised how their d…
Zabbix Threat Control: Transform your monitoring into vulnerability assessment system. "Fix it!" button included. #sorrynessus
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
GitHub
vulnersCom/zabbix-threat-control
zabbix-threat-control - Zabbix vulnerability assessment plugin
Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
reddit
r/netsec - Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
2 votes and 0 so far on reddit
Creating signed and customized backdoored macOS applications
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
Betabot still alive with multi-stage packing
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
Medium
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there securityimpact.net