Totally Pwning the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Who's up for BeanSec next Wednesday 6/20? (NetSec meetup in Cambridge, MA)
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
reddit
r/boston - Who's up for BeanSec next week? (6/20, Free NetSec meetup in Cambridge)
2 votes and 0 so far on reddit
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
Threatfabric
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
New Android banking Trojan and ransomware MysteryBot has been successful in finding a way to log user keystrokes on Android 7 and 8.
Show r/netsec: Reflected Client XSS at Amazon.com
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
Medium
Reflected Client XSS at Amazon.com
Bug that allows to steal cookies from all Amazon domains and redirect visitors to a phishing login screen.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
GitHub
GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered b...
Open Source Plugin for Kubernetes Security
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Microsoft COM for Windows Remote Code Execution Vulnerability (CVE-2018-0824) Analysis and PoC
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
Blogspot
Marshalling to SYSTEM - An analysis of CVE-2018-0824
In May 2018 Microsoft patched an interesting vulnerability ( CVE-2018-0824 ) which was reported by Nicolas Joly of Microsoft's MSRC: A rem...
” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
Blogspot
#BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An…
Hi Guys, One more interesting blog , one more interesting vulnerability that I managed to found out during my bugbounty hunt and it comes...
Another way to pwn the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Taking Over Kubernetes Cluster Without RBAC
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Prevent Kubernetes Cluster Takeover with Kubectl RBAC Plugin
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
reddit
SafeSpec: Banishing the Spectre of a Meltdown with... • r/netsec
5 points and 0 comments so far on reddit
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
reddit
r/netsec - SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
3 votes and 0 so far on reddit
Hacking Amazon's #1 seller Smart Pet Food Dispenser
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
https://ift.tt/2teclFr
Submitted June 17, 2018 at 06:58AM by Expect3
via reddit https://ift.tt/2yf1wsE
Collections of Infosec Tweets
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
https://ift.tt/2liPXH6
Submitted June 17, 2018 at 09:20AM by fireh7nter
via reddit https://ift.tt/2JZAOZm
Infosec Tweets
Tweets are of others
Spectre Attacks: Exploiting Speculative Execution
https://ift.tt/2EORJIX
Submitted June 17, 2018 at 09:09AM by Scene_News
via reddit https://ift.tt/2JQgW7H
https://ift.tt/2EORJIX
Submitted June 17, 2018 at 09:09AM by Scene_News
via reddit https://ift.tt/2JQgW7H
WebUSB Vulnerabilities, actions of YubiCo, and disclosure madness
https://ift.tt/2lf0B1G
Submitted June 17, 2018 at 10:49AM by Kikawala
via reddit https://ift.tt/2yokb5o
https://ift.tt/2lf0B1G
Submitted June 17, 2018 at 10:49AM by Kikawala
via reddit https://ift.tt/2yokb5o
The Complete Beginner Guide to Learn Ethical Hacking
https://ift.tt/2HMRtuq
Submitted June 17, 2018 at 07:42PM by jbvmt
via reddit https://ift.tt/2JXvi6E
https://ift.tt/2HMRtuq
Submitted June 17, 2018 at 07:42PM by jbvmt
via reddit https://ift.tt/2JXvi6E
Medium
The Complete Beginner Guide to Learn Ethical Hacking
If you want to learn ethical hacking so that you can hack computer systems like black hat hackers and secure them like security experts…
BTRSys v2.1 Walkthrough [TR]
https://ift.tt/2JWPzcb
Submitted June 17, 2018 at 08:42PM by rdincel1
via reddit https://ift.tt/2LYv8MM
https://ift.tt/2JWPzcb
Submitted June 17, 2018 at 08:42PM by rdincel1
via reddit https://ift.tt/2LYv8MM
DEAD - An attack vector on web services, due to e-mail's faults due to DNS
https://ift.tt/2tbF2CZ
Submitted June 17, 2018 at 08:30PM by 1g14gw
via reddit https://ift.tt/2MAfMiP
https://ift.tt/2tbF2CZ
Submitted June 17, 2018 at 08:30PM by 1g14gw
via reddit https://ift.tt/2MAfMiP
Private Internet Access Blog
DEAD - An attack vector on web services, due to e-mail's faults due to DNS | Private Internet Access Blog
Domain Emails Are Dead (DEAD) A security reminder that e-mail and DNS should never be a critical component of a secure system architecture. PROBLEM DEAD is a potential vulnerability in the DNS system that exists due to the poor method in which it was implemented…
Bypass macOS rootless by sandboxing
https://ift.tt/2JOhfEc
Submitted June 18, 2018 at 10:55AM by CodeColorist
via reddit https://ift.tt/2LXjstA
https://ift.tt/2JOhfEc
Submitted June 18, 2018 at 10:55AM by CodeColorist
via reddit https://ift.tt/2LXjstA
Medium
Bypass macOS rootless by sandboxing
This bug has been fixed in Mojave Beta, but sill present in latest High Sierra (10.13.5). It’s a logical bug that an ennoscriptd binary tries…