Cisco is buying Duo Security for 2.35B
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
https://ift.tt/2LNDQBV
Submitted August 02, 2018 at 06:59PM by macx333
via reddit https://ift.tt/2LYvfeO
Cisco Announces Intent to Acquire Duo
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
https://ift.tt/2AvuNA8
Submitted August 02, 2018 at 06:51PM by patoh
via reddit https://ift.tt/2vwDd4L
Duo Security
The Evolution of Networking and Security: Cisco Announces Intent to Acquire Duo
8 years, 12,000 customers, and over 700 extremely talented and dedicated team members later, we’ve made our mark on the industry, helping to make security easy and effective for all, and earning the love of our customers, partners, and community. I could…
Bypassing and exploiting Bucket Upload Policies and Signed URLs
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
https://ift.tt/2AzTHPf
Submitted August 02, 2018 at 08:35PM by albinowax
via reddit https://ift.tt/2n59Ous
Detectify Labs
Bypassing and exploiting Bucket Upload Policies and Signed URLs
TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with…
massive cryptojacking campaign targeting tens of thousands of MikroTik routers
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
https://ift.tt/2LIDYCx
Submitted August 02, 2018 at 08:03PM by ksigler
via reddit https://ift.tt/2OByxDj
Trustwave
Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?
On July 31st , just after getting back to the office from my talk at RSA Asia 2018 about how cyber criminals use cryptocurrencies for their malicious activities, I noticed a huge surge of CoinHive in Brazil. After a quick...
ASP.NET resource files (.RESX) and deserialisation issues
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
https://ift.tt/2M2XVUg
Submitted August 02, 2018 at 09:08PM by digicat
via reddit https://ift.tt/2Mg0Fdt
How I could have stolen your local files using just a simple HTML file
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
https://ift.tt/2M5ACpl
Submitted August 02, 2018 at 08:45PM by ziyahanalbeniz
via reddit https://ift.tt/2O6aFXu
Netsparker
Exploiting a Microsoft Edge Vulnerability to Steal Files
This blog post documents the experiment of our Security Researcher Ziyahan Abeniz in exploiting a Microsoft Edge browser vulnerability. Proof of Exploit video included.
Public pentest report: Thunderbird & Enigmail [pdf]
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
https://ift.tt/2OBoHBo
Submitted August 02, 2018 at 10:08PM by albinowax
via reddit https://ift.tt/2O4JQ5W
One security weakness per 4000 lines of Android source code
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
https://ift.tt/2LJMAZL
Submitted August 02, 2018 at 10:30PM by AlexKonubov
via reddit https://ift.tt/2LW8Izu
Medium
We Checked the Android Source Code by PVS-Studio, or Nothing is Perfect
Development of large complex projects is impossible without the use of programming techniques and tools helping to monitor the quality of…
Creating a key generator to reset a Hikvision IP camera's admin password
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
https://ift.tt/2LHAUGS
Submitted August 02, 2018 at 10:21PM by pierenjan
via reddit https://ift.tt/2KlEAbK
neonsea.uk
Creating a key generator to reset a Hikvision IP camera's admin password
Unfortunately, generic IP cameras are notorious for their poor security practices. Most of the time, the manufacturer’s don’t force secure passwords, and mor...
Some (over 2000) phishing URLs you might want to block
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
https://ift.tt/2M3xLkh
Submitted August 03, 2018 at 01:47AM by dadoftwins71309
via reddit https://ift.tt/2O7H6Vn
archive.fo
PHISHING websites 20180730 #verified - Pastebin.com
archived 2 Aug 2018 15:08:07 UTC
Announcing the BlueHat v18 Schedule
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
https://ift.tt/2ACv4S8
Submitted August 03, 2018 at 03:40AM by jdrch
via reddit https://ift.tt/2LXsmuM
Kovter malware teardown, including "invisible" registry persistence
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
https://ift.tt/2vwDeFN
Submitted August 02, 2018 at 11:02PM by ewhitehats
via reddit https://ift.tt/2ABv1pB
POC and White Paper on Writing Values Regedit Cannot Export or Display
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
https://ift.tt/2LXDF6l
Submitted August 03, 2018 at 09:41AM by ewhitehats
via reddit https://ift.tt/2O3yQFV
GitHub
ewhitehats/InvisiblePersistence
InvisiblePersistence - Persisting in the Windows registry "invisibly"
A Linux Auditd rule set mapped to MITRE's Attack Framework
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
https://ift.tt/2O7DgLM
Submitted August 03, 2018 at 06:12PM by digicat
via reddit https://ift.tt/2LX8zf2
reddit
r/blueteamsec - A Linux Auditd rule set mapped to MITRE's Attack Framework
2 votes and 1 comment so far on Reddit
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
https://ift.tt/2MgliGz
Submitted August 03, 2018 at 06:12PM by CaptMeelo
via reddit https://ift.tt/2M1f68o
GitHub
capt-meelo/Telewreck
Telewreck - A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
Pwning Web Applications via Telerik Web UI
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
https://ift.tt/2OETbCB
Submitted August 03, 2018 at 06:04PM by CaptMeelo
via reddit https://ift.tt/2vfPPOj
Hack.Learn.Share
Pwning Web Applications via Telerik Web UI
This blog contains write-ups of the things that I researched, learned, and wanted to share to others.
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
https://ift.tt/2LNxBOp
Submitted August 03, 2018 at 07:39PM by certcc
via reddit https://ift.tt/2O5qFJg
https://ift.tt/2LNxBOp
Submitted August 03, 2018 at 07:39PM by certcc
via reddit https://ift.tt/2O5qFJg
insights.sei.cmu.edu
When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults
As a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations. Working in this field, it doesn't take too long to realize that there will never be...
Critical directory traversal bug in cgit 0.8 through 1.2 (patched in 1.2.1)
https://ift.tt/2M1NHmT
Submitted August 04, 2018 at 12:52AM by CodeBlock
via reddit https://ift.tt/2ALusK6
https://ift.tt/2M1NHmT
Submitted August 04, 2018 at 12:52AM by CodeBlock
via reddit https://ift.tt/2ALusK6
reddit
r/netsec - Critical directory traversal bug in cgit 0.8 through 1.2 (patched in 1.2.1)
4 votes and 0 comments so far on Reddit
From Slack to Discord — InfoSec Community has a new home
https://ift.tt/2LR1hdx
Submitted August 04, 2018 at 03:22AM by Eta-Meson
via reddit https://ift.tt/2n7OR21
https://ift.tt/2LR1hdx
Submitted August 04, 2018 at 03:22AM by Eta-Meson
via reddit https://ift.tt/2n7OR21
Medium
From Slack to Discord — InfoSec Community has a new home
Hello members of the InfoSec Community!
Question about using Wifi Pineapple as NIC
https://ift.tt/2O9yZaP
Submitted August 04, 2018 at 06:02AM by Army17C
via reddit https://ift.tt/2KsnhpA
https://ift.tt/2O9yZaP
Submitted August 04, 2018 at 06:02AM by Army17C
via reddit https://ift.tt/2KsnhpA
reddit
r/hacking - Question about using Wifi Pineapple as NIC
3 votes and 1 comment so far on Reddit
Security auditing and automated hunting DNS w/ CoreDNS+malwaredomains+Gravwell
https://ift.tt/2vEFOtA
Submitted August 04, 2018 at 08:20AM by remasis
via reddit https://ift.tt/2LYI0pO
https://ift.tt/2vEFOtA
Submitted August 04, 2018 at 08:20AM by remasis
via reddit https://ift.tt/2LYI0pO
www.gravwell.io
Security Auditing DNS With CoreDNS and Gravwell
This meaty post covers the CoreDNS + Gravwell integration for DNS security auditing. Walk through using DNS threat lists to identify malicious activity and create an orchestration noscript to automatically perform the first few threat hunting steps. Gravwell…