HTTP Security Headers - How to improve your web application overall security with just a few steps
https://ift.tt/2tFvfoX
Submitted June 26, 2018 at 06:50PM by KeyDutch
via reddit https://ift.tt/2ItV80b
https://ift.tt/2tFvfoX
Submitted June 26, 2018 at 06:50PM by KeyDutch
via reddit https://ift.tt/2ItV80b
Htbridge
HTTP Security Headers - How to improve your web application overall security with just a few steps
HTTP Security Headers were created to protect applications from frequent and common attacks without the need to add or change the code of your applications.
CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities
https://ift.tt/2InOrgl
Submitted June 26, 2018 at 07:24PM by eth_
via reddit https://ift.tt/2KcoJ4b
https://ift.tt/2InOrgl
Submitted June 26, 2018 at 07:24PM by eth_
via reddit https://ift.tt/2KcoJ4b
Nettitude Labs
CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities
We have recently disclosed a list of vulnerabilities to Sophos that allow local attackers to elevate their privileges and execute code in the security context of the SYSTEM user account. Affected P…
SMB version detection in masscan
https://ift.tt/2Kfyydn
Submitted June 26, 2018 at 08:57PM by EvanConover
via reddit https://ift.tt/2N1dycs
https://ift.tt/2Kfyydn
Submitted June 26, 2018 at 08:57PM by EvanConover
via reddit https://ift.tt/2N1dycs
Erratasec
SMB version detection in masscan
My Internet-scale port scanner, masscan , supports "banner checking", grabbing basic information from a service after it connects to a port....
My experience with Google interview for information security engineer
https://ift.tt/2txSPVp
Submitted June 26, 2018 at 08:11PM by InformationSecurity
via reddit https://ift.tt/2yFB3o6
https://ift.tt/2txSPVp
Submitted June 26, 2018 at 08:11PM by InformationSecurity
via reddit https://ift.tt/2yFB3o6
reddit
r/netsec - My experience with Google interview for information security engineer
17 votes and 7 so far on reddit
dref - DNS Rebinding Exploitation Framework
https://ift.tt/2yJBmOZ
Submitted June 26, 2018 at 09:37PM by alexksak
via reddit https://ift.tt/2tBFiv2
https://ift.tt/2yJBmOZ
Submitted June 26, 2018 at 09:37PM by alexksak
via reddit https://ift.tt/2tBFiv2
GitHub
mwrlabs/dref
DNS Rebinding Exploitation Framework . Contribute to mwrlabs/dref development by creating an account on GitHub.
WordPress File Delete to Code Execution
https://ift.tt/2It4Wb0
Submitted June 26, 2018 at 10:52PM by zit-hb
via reddit https://ift.tt/2MsL0HM
https://ift.tt/2It4Wb0
Submitted June 26, 2018 at 10:52PM by zit-hb
via reddit https://ift.tt/2MsL0HM
FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, says an attacker stole personal details including payment card data of users in a data breach which occurred earlier this month.
https://ift.tt/2ItZncc
Submitted June 26, 2018 at 11:50PM by asteriskspace
via reddit https://ift.tt/2yJhdIB
https://ift.tt/2ItZncc
Submitted June 26, 2018 at 11:50PM by asteriskspace
via reddit https://ift.tt/2yJhdIB
BleepingComputer
Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider
The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned.
SAINTCON 2018 CFP is OPEN
https://ift.tt/2lzm2eb
Submitted June 26, 2018 at 11:41PM by supertechguy
via reddit https://ift.tt/2lyCNWK
https://ift.tt/2lzm2eb
Submitted June 26, 2018 at 11:41PM by supertechguy
via reddit https://ift.tt/2lyCNWK
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
https://ift.tt/2yJenTU
Submitted June 27, 2018 at 02:57AM by EvanConover
via reddit https://ift.tt/2lDoOza
https://ift.tt/2yJenTU
Submitted June 27, 2018 at 02:57AM by EvanConover
via reddit https://ift.tt/2lDoOza
Talosintelligence
Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
My experience leading purple teaming in the enterprise
https://ift.tt/2K9gIgp
Submitted June 27, 2018 at 10:42AM by webappsec4lyfe
via reddit https://ift.tt/2KnKIB6
https://ift.tt/2K9gIgp
Submitted June 27, 2018 at 10:42AM by webappsec4lyfe
via reddit https://ift.tt/2KnKIB6
Patching DoublePulsar to Exploit Windows Embedded Machines
https://ift.tt/2N08Mvv
Submitted June 26, 2018 at 04:47PM by CaptMeelo
via reddit https://ift.tt/2IsXM6A
https://ift.tt/2N08Mvv
Submitted June 26, 2018 at 04:47PM by CaptMeelo
via reddit https://ift.tt/2IsXM6A
Hack.Learn.Share
Patching DoublePulsar to Exploit Windows Embedded Machines
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
Another critical remote vulnerability in HP iLO 4 and 5
https://ift.tt/2IvCntn
Submitted June 27, 2018 at 02:18PM by alain_proviste
via reddit https://ift.tt/2KfMUil
https://ift.tt/2IvCntn
Submitted June 27, 2018 at 02:18PM by alain_proviste
via reddit https://ift.tt/2KfMUil
New malware using custom UDP protocol for C2
https://ift.tt/2MpLUEQ
Submitted June 27, 2018 at 04:19PM by MrSnowflake75
via reddit https://ift.tt/2tIf6zf
https://ift.tt/2MpLUEQ
Submitted June 27, 2018 at 04:19PM by MrSnowflake75
via reddit https://ift.tt/2tIf6zf
Palo Alto Networks Blog
RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families
Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia
Cisco ASA and Firepower flaw exploited in the wild - Help Net Security
https://ift.tt/2Kt51AF
Submitted June 27, 2018 at 07:19PM by arcspin
via reddit https://ift.tt/2IvCuVG
https://ift.tt/2Kt51AF
Submitted June 27, 2018 at 07:19PM by arcspin
via reddit https://ift.tt/2IvCuVG
Help Net Security
Cisco ASA and Firepower flaw exploited in the wild - Help Net Security
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been releasedA DoS vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after…
Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit
https://ift.tt/2Kt5aUo
Submitted June 27, 2018 at 07:11PM by Ambulong
via reddit https://ift.tt/2N4AxmQ
https://ift.tt/2Kt5aUo
Submitted June 27, 2018 at 07:11PM by Ambulong
via reddit https://ift.tt/2N4AxmQ
Vulnspy Blog
Wordpress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit
Author: @Ambulong WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber crimin
WordPress File Delete to Code Execution
https://ift.tt/2It4Wb0
Submitted June 27, 2018 at 05:20PM by GiraffeandBear
via reddit https://ift.tt/2tGTlj7
https://ift.tt/2It4Wb0
Submitted June 27, 2018 at 05:20PM by GiraffeandBear
via reddit https://ift.tt/2tGTlj7
reddit
r/netsec - WordPress File Delete to Code Execution
3 votes and 3 so far on reddit
ASLR Protection for Statically Linked Executables
https://ift.tt/2tHdfL2
Submitted June 27, 2018 at 07:54PM by LeviathanSecurity
via reddit https://ift.tt/2tAEmIh
https://ift.tt/2tHdfL2
Submitted June 27, 2018 at 07:54PM by LeviathanSecurity
via reddit https://ift.tt/2tAEmIh
Leviathan Security
ASLR Protection for Statically Linked Executables
We present new research that details crucial security weaknesses in Linux software that has been statically linked. We also provide a solution to temporarily resolve these security issues. Finally, we conclude by demonstrating how to have both RELRO [1] and…
Subdomain Takeover: Basics
https://ift.tt/2IAHnx6
Submitted June 27, 2018 at 10:07PM by patrikhudak
via reddit https://ift.tt/2KoLqkZ
https://ift.tt/2IAHnx6
Submitted June 27, 2018 at 10:07PM by patrikhudak
via reddit https://ift.tt/2KoLqkZ
Playing with Relayed Credentials
https://ift.tt/2twaFIy
Submitted June 28, 2018 at 12:36AM by mgalloar
via reddit https://ift.tt/2lERaca
https://ift.tt/2twaFIy
Submitted June 28, 2018 at 12:36AM by mgalloar
via reddit https://ift.tt/2lERaca
Core Security
Playing with Relayed Credentials
During penetration testing exercises, the ability to make a victim connect to an attacker’s controlled host provides an interesting approach for compromising systems.
Security Research: Opening the Black Box of Payment Terminal Security
https://ift.tt/2lBnGvI
Submitted June 28, 2018 at 01:18AM by marketingversprite
via reddit https://ift.tt/2tJC9cZ
https://ift.tt/2lBnGvI
Submitted June 28, 2018 at 01:18AM by marketingversprite
via reddit https://ift.tt/2tJC9cZ
VerSprite | Integrated Security Services and Consulting
Opening the Black Box of Payment Terminal Security | VerSprite Blog
The proliferation of credit card skimming is evidence enough that many fraudsters’ target of choice is the payment terminal.
Ticketmaster breach, end users are affected
https://ift.tt/2yNiw9v
Submitted June 28, 2018 at 01:56AM by pause1
via reddit https://ift.tt/2Kq8aOg
https://ift.tt/2yNiw9v
Submitted June 28, 2018 at 01:56AM by pause1
via reddit https://ift.tt/2Kq8aOg
security.ticketmaster.se
INFORMATION ABOUT DATA SECURITY INCIDENT BY THIRD-PARTY SUPPLIER
Ticketmaster has created this website for customers whose personal information may have been compromised in the Inbenta incident. Ensuring the safety and security of the personal data of customers is very important to Ticketmaster. As soon as it was determined…