Optionsbleed - HTTP OPTIONS method can leak Apache's server memory
http://ift.tt/2xbidAO
Submitted September 18, 2017 at 06:38PM by oherrala
via reddit http://ift.tt/2h9Q0X7
http://ift.tt/2xbidAO
Submitted September 18, 2017 at 06:38PM by oherrala
via reddit http://ift.tt/2h9Q0X7
reddit
Optionsbleed - HTTP OPTIONS method can leak Apache's... • r/netsec
1 points and 0 comments so far on reddit
Security In 5: Episode 70 - Why The Equifax Breach Is So Dangerous For Everyone
http://ift.tt/2f4IMjb
Submitted September 18, 2017 at 07:28PM by BinaryBlog
via reddit http://ift.tt/2w2ZQMZ
http://ift.tt/2f4IMjb
Submitted September 18, 2017 at 07:28PM by BinaryBlog
via reddit http://ift.tt/2w2ZQMZ
Libsyn
Security In Five Podcast: Episode 70 - Why The Equifax Breach Is So Dangerous For Everyone
The Equifax breach is one of the largest thus far. Unlike other breaches this one could be far more damaging for people who had their data stolen. It comes down to the type of data that was lost. This episode covers why this could be dangerous for everyone…
CCleaner 5.33 Backdoor: A Vast Number of Machines at Risk
http://ift.tt/2x8g2AA
Submitted September 18, 2017 at 07:41PM by SergeyGor
via reddit http://ift.tt/2f57tf1
http://ift.tt/2x8g2AA
Submitted September 18, 2017 at 07:41PM by SergeyGor
via reddit http://ift.tt/2f57tf1
Talosintelligence
CCleanup: A Vast Number of Machines at Risk
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Week in review: major security incidents in September 11-17
http://ift.tt/2yl0do3
Submitted September 18, 2017 at 08:03PM by CybersecurityHelp
via reddit http://ift.tt/2wpC564
http://ift.tt/2yl0do3
Submitted September 18, 2017 at 08:03PM by CybersecurityHelp
via reddit http://ift.tt/2wpC564
www.cybersecurity-help.cz
Week in review: major security incidents in September 11-17
The article contains a brief report of cybersecurity incidents for the past week.
Videos of all USENIX Security '17 presentations
https://www.youtube.com/playlist?list=PLbRoZ5Rrl5leSmnr5gJpvedQ3oj2ostRR
Submitted September 18, 2017 at 11:24AM by campuscodi
via reddit http://ift.tt/2y974Qc
https://www.youtube.com/playlist?list=PLbRoZ5Rrl5leSmnr5gJpvedQ3oj2ostRR
Submitted September 18, 2017 at 11:24AM by campuscodi
via reddit http://ift.tt/2y974Qc
reddit
Videos of all USENIX Security '17 presentations • r/netsec
5 points and 0 comments so far on reddit
How TrickBot tricks its victims with web injects
http://ift.tt/2x9eu9y
Submitted September 18, 2017 at 09:53PM by _toti
via reddit http://ift.tt/2wBsgNW
http://ift.tt/2x9eu9y
Submitted September 18, 2017 at 09:53PM by _toti
via reddit http://ift.tt/2wBsgNW
AWS Extender - A burp plugin for assessing cloud based web apps
http://ift.tt/2yjTOtb
Submitted September 18, 2017 at 10:49PM by virtue-elliott
via reddit http://ift.tt/2fvh0wQ
http://ift.tt/2yjTOtb
Submitted September 18, 2017 at 10:49PM by virtue-elliott
via reddit http://ift.tt/2fvh0wQ
Virtue Security
AWS Penetration Testing Part 1 - S3 Buckets - Virtue Security
Penetration Testing AWS Services AWS Penetration Testing Part 1. S3 Buckets Amazon Web Services (AWS) provides some of the most powerful and robust infrastructure for modern web applications. As with all new functionality on the web, new security considerations…
Have I been pwned list at 99.34% on Hashes.org by community effort.
http://ift.tt/1oe1K30
Submitted September 18, 2017 at 10:38PM by s3inlc
via reddit http://ift.tt/2xcSuIj
http://ift.tt/1oe1K30
Submitted September 18, 2017 at 10:38PM by s3inlc
via reddit http://ift.tt/2xcSuIj
hashes.org
Hashes.org - Leaked Lists
Hashes.org is a community recovering password from submitted hashes.
Just because Docker images are official doesn't mean they have the same update strategy.
http://ift.tt/2ffCZLh
Submitted September 18, 2017 at 10:31PM by weighanchore
via reddit http://ift.tt/2xcNUcW
http://ift.tt/2ffCZLh
Submitted September 18, 2017 at 10:31PM by weighanchore
via reddit http://ift.tt/2xcNUcW
Anchore
A Look at How Often Docker Images are Updated
In our last blog, we reported on operating systems usage on DockerHub, focusing on official base images. Most users do not build their container image from scratch they built on top of these base images, for example extending an image such as library/alpine:latest…
Anyone Familiar With Cybersecurity Framework? How do you document your implementation? [x-post from /r/cybersecurity]
We're taking a look at implementing NIST's cybersecurity framework and we've downloaded the papers and Core template, but have no idea how to document the implementation. Is there a checklist or implementation template you can fill out? Or better yet, is there a tool out there that can be used that might show your progress? How did you document your implementation?
Submitted September 19, 2017 at 12:31AM by alaskaline
via reddit http://ift.tt/2wqI3DZ
We're taking a look at implementing NIST's cybersecurity framework and we've downloaded the papers and Core template, but have no idea how to document the implementation. Is there a checklist or implementation template you can fill out? Or better yet, is there a tool out there that can be used that might show your progress? How did you document your implementation?
Submitted September 19, 2017 at 12:31AM by alaskaline
via reddit http://ift.tt/2wqI3DZ
reddit
Anyone Familiar With Cybersecurity Framework? How do... • r/security
We're taking a look at implementing NIST's cybersecurity framework and we've downloaded the papers and Core template, but have no idea how to...
Researchers Discover New Android Banking Trojan
http://ift.tt/2xKIw4d
Submitted September 19, 2017 at 01:37AM by majorllama
via reddit http://ift.tt/2fvWsEq
http://ift.tt/2xKIw4d
Submitted September 19, 2017 at 01:37AM by majorllama
via reddit http://ift.tt/2fvWsEq
BleepingComputer
Researchers Discover New Android Banking Trojan
Security researchers have detected a new Android banking trojan by the name of Red Alert 2.0 that was developed during the past few months and has been recently rolled out into distribution.
CCleaner 5.33 backdoor vulnerability. Official download sources of CC 5.33 were compromised with a hidden vulnerability for nearly a month. Millions of systems potentially at risk.
http://ift.tt/2x8g2AA
Submitted September 19, 2017 at 02:41AM by weev1
via reddit http://ift.tt/2hcrfGn
http://ift.tt/2x8g2AA
Submitted September 19, 2017 at 02:41AM by weev1
via reddit http://ift.tt/2hcrfGn
Talosintelligence
CCleanup: A Vast Number of Machines at Risk
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
MinerBlock - A web extension to block known web-based cryptocurrency miners all over the web
http://ift.tt/2ykUD4L
Submitted September 19, 2017 at 02:30AM by lintr
via reddit http://ift.tt/2wCfoqB
http://ift.tt/2ykUD4L
Submitted September 19, 2017 at 02:30AM by lintr
via reddit http://ift.tt/2wCfoqB
GitHub
xd4rker/MinerBlock
An efficient browser extension to block browser-based cryptocurrency miners all over the web. - xd4rker/MinerBlock
Linux Attack Surface Analysis -- dawgmon 1.0 release
http://ift.tt/2wpA4Hg
Submitted September 19, 2017 at 01:17AM by anvilventures
via reddit http://ift.tt/2ffrMtZ
http://ift.tt/2wpA4Hg
Submitted September 19, 2017 at 01:17AM by anvilventures
via reddit http://ift.tt/2ffrMtZ
Anvilventures
Linux Attack Surface Analysis
Linux attack surface analysis and monitoring -- dawgmon
Pytosquatting -- killing typosquatting+namesquatting threats in PyPI
http://ift.tt/2x7nAmt
Submitted September 19, 2017 at 01:08AM by KingdomOfBullshit
via reddit http://ift.tt/2xtkxW1
http://ift.tt/2x7nAmt
Submitted September 19, 2017 at 01:08AM by KingdomOfBullshit
via reddit http://ift.tt/2xtkxW1
DigitalOcean suffers 1-Click Setup vulnerability affecting debian-sys-maint MySQL user
http://ift.tt/2xbgFab
Submitted September 19, 2017 at 04:44AM by hp777us
via reddit http://ift.tt/2fgaAV8
http://ift.tt/2xbgFab
Submitted September 19, 2017 at 04:44AM by hp777us
via reddit http://ift.tt/2fgaAV8
GitHub
digitalocean/debian-sys-maint-roll-passwd
debian-sys-maint-roll-passwd - Script to update password for MySQL user "debian-sys-maint"
Ransomware Variant "Nyetya" Compromises Systems Worldwide
http://ift.tt/2tTcjlR
Submitted September 19, 2017 at 06:39AM by agb-101
via reddit http://ift.tt/2f795Vz
http://ift.tt/2tTcjlR
Submitted September 19, 2017 at 06:39AM by agb-101
via reddit http://ift.tt/2f795Vz
Talosintelligence
New Ransomware Variant "Nyetya" Compromises Systems Worldwide
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns and says "This is a bad day for the W3C: it's the day it publishes a standard designed to control, rather than empower, web users."
http://ift.tt/2wqQJdB
Submitted September 19, 2017 at 10:19AM by TheReelStig
via reddit http://ift.tt/2wCT4wX
http://ift.tt/2wqQJdB
Submitted September 19, 2017 at 10:19AM by TheReelStig
via reddit http://ift.tt/2wCT4wX
Boing Boing
World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns
World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns
If you can't patch soon and there's a zero day lurking, answer this and get some compensatory controls.
http://ift.tt/2fx6Fk1
Submitted September 19, 2017 at 11:40AM by xrna
via reddit http://ift.tt/2heDDW8
http://ift.tt/2fx6Fk1
Submitted September 19, 2017 at 11:40AM by xrna
via reddit http://ift.tt/2heDDW8
Cyber Sins
I know I haven't patched yet, and there's a zero-day knocking at my door
Patching is important, but let's agree it takes time. It takes time to test & validate the patch in your environment, check the application compatibility with the software and the underlying services. And then, one fine day, an adversary just hacks your server…
Want to Create Hotmail Account Or want Hotmail Toll-Free Number
http://ift.tt/2wstIXB
Submitted September 19, 2017 at 12:38PM by smithsgone
via reddit http://ift.tt/2ffsEie
http://ift.tt/2wstIXB
Submitted September 19, 2017 at 12:38PM by smithsgone
via reddit http://ift.tt/2ffsEie
Mezun
CGACC Social Network - Common Hotmail Issues That You Encounter on a Day to Day Basis
Hotmail is perhaps one of the oldest email platforms, which is still used by many. With an attractive user interface and a host of other benefits, it is certainly built to suit the individual needs and preferences. However, with the changing scenario, you...
Vulnerability in SMS-based 2FA through security hole SS7
http://ift.tt/2ffn53C
Submitted September 19, 2017 at 01:26PM by Frank_Underweed
via reddit http://ift.tt/2xMCP5G
http://ift.tt/2ffn53C
Submitted September 19, 2017 at 01:26PM by Frank_Underweed
via reddit http://ift.tt/2xMCP5G
TechCrunch
Coinbase vulnerability is a good reminder that SMS-based 2FA can wreak havoc
Two days ago, a friend who invested in Bitcoin asked me how secure her Coinbase investment was. She had plans to put her coins in cold storage, but as a security stopgap was relying on two-factor…