This new attack is described is a recently published research paper ennoscriptd "The Dangers of Key Reuse: Practical Attacks on IPsec IKE," set to be presented at the 27th Usenix Security Symposium later this week in Baltimore, USA. From the paper's abstract:
https://ift.tt/2MFWEiY
Submitted August 14, 2018 at 03:52AM by longevitytech
via reddit https://ift.tt/2OzrRET
https://ift.tt/2MFWEiY
Submitted August 14, 2018 at 03:52AM by longevitytech
via reddit https://ift.tt/2OzrRET
Longevity Technology
Cisco Patches Its Operating Systems Against New IKE Crypto Attack
Cisco, one of the world's largest vendor of networking equipment, released security updates today to patch a vulnerability in the IOS and IOS XE operating syste
Free Stock Photos for your Projects
https://ift.tt/2vGCONN
Submitted August 14, 2018 at 06:54AM by professorhase
via reddit https://ift.tt/2P5u2Ry
https://ift.tt/2vGCONN
Submitted August 14, 2018 at 06:54AM by professorhase
via reddit https://ift.tt/2P5u2Ry
Motosha
food Archives - Motosha
Real free high quality stock photos for commercial and private use! From selected professional photographers. Simple download without registration, without obligations. Best quality and 100% Free.
JSON endpoints without tokens don’t leak; they whisper
https://ift.tt/2B9Mnu3
Submitted August 14, 2018 at 06:46PM by albinowax
via reddit https://ift.tt/2P72FXq
https://ift.tt/2B9Mnu3
Submitted August 14, 2018 at 06:46PM by albinowax
via reddit https://ift.tt/2P72FXq
Medium
JSON endpoints without tokens doesn’t leak they whisper
Exploiting interesting feature in HTML5 https://developer.mozilla.org/en-US/docs/Web/API/Resource_Timing_API/Using_the_Resource_Timing_API…
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
https://ift.tt/2MJ36Wl
Submitted August 14, 2018 at 10:41PM by u0000
via reddit https://ift.tt/2Mn4XmQ
https://ift.tt/2MJ36Wl
Submitted August 14, 2018 at 10:41PM by u0000
via reddit https://ift.tt/2Mn4XmQ
reddit
r/netsec - Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
7 votes and 1 comment so far on Reddit
Multi-Factor Mixup: Who Were You Again? Exploiting Microsoft ADFS MFA integration
https://ift.tt/2MmRZFv
Submitted August 14, 2018 at 10:56PM by overflowingInt
via reddit https://ift.tt/2OyvRpa
https://ift.tt/2MmRZFv
Submitted August 14, 2018 at 10:56PM by overflowingInt
via reddit https://ift.tt/2OyvRpa
Okta
Multi-Factor Mixup: Who Were You Again?
Summary:
hideNsneak - enabling obfuscation of attack infrastructure through DevOps
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 12:33AM by karmicSec
via reddit https://ift.tt/2BcPG3L
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 12:33AM by karmicSec
via reddit https://ift.tt/2BcPG3L
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
Playback - a TLS 1.3 story
https://ift.tt/2OBJNih
Submitted August 15, 2018 at 04:54AM by vamediah
via reddit https://ift.tt/2KRVhfk
https://ift.tt/2OBJNih
Submitted August 15, 2018 at 04:54AM by vamediah
via reddit https://ift.tt/2KRVhfk
Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
https://ift.tt/2LKMf98
Submitted August 15, 2018 at 04:41AM by thebrachy
via reddit https://ift.tt/2P8wQgM
https://ift.tt/2LKMf98
Submitted August 15, 2018 at 04:41AM by thebrachy
via reddit https://ift.tt/2P8wQgM
seclists.org
oss-sec: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
August 2018 .NET Framework Security and Quality Rollup
https://ift.tt/2MJi5PT
Submitted August 15, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2BbsmDj
https://ift.tt/2MJi5PT
Submitted August 15, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2BbsmDj
Microsoft
August 2018 .NET Framework Security and Quality Rollup
A first-hand look from the .NET engineering teams
L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161
https://ift.tt/2MqlgPB
Submitted August 15, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2MplMNW
https://ift.tt/2MqlgPB
Submitted August 15, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2MplMNW
reddit
r/netsec - L1 Terminal Fault / CVE-2018-3615 , CVE-2018-3620,CVE-2018-3646 / INTEL-SA-00161
1 vote and 0 comments so far on Reddit
CVE-2018-8302: Getting code execution on Microsoft Exchange through a .NET BinaryFormatter Deserialization vulnerability.
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
https://ift.tt/2KSIvNI
Submitted August 15, 2018 at 07:12AM by RedmondSecGnome
via reddit https://ift.tt/2nFNs2U
Zero Day Initiative
Voicemail Vandalism: Getting Remote Code Execution on Microsoft Exchange Server
We recently received a bug report with an intriguing denoscription: “A non-privileged Exchange user can run arbitrary code as "NT AUTHORITY\SYSTEM" in the Exchange Server through a .NET BinaryFormatter Deserialization vulnerability.” It definitely caught…
Phone Call to XXE via Interactive Voice Response
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
https://ift.tt/2Pat1I3
Submitted August 15, 2018 at 07:09AM by sxcurity
via reddit https://ift.tt/2MPPGrP
HackerOne
cdl published a vulnerability from ██████ on HackerOne: Phone Call...
| Summary |
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
|--|
> ████ is vulnerable to XXE due to the processing of DTDs
| Denoscription |
|--|
> *"VoiceXML (VXML) is a digital document standard for specifying interactive media and voice...
Australian Govt releases draft laws targeting encryption
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
https://ift.tt/2MsouC8
Submitted August 15, 2018 at 09:26AM by StewPoll
via reddit https://ift.tt/2MKDNmB
Account takeover due to blind MongoDB injection
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
https://ift.tt/2MO3FhG
Submitted August 15, 2018 at 07:58PM by albinowax
via reddit https://ift.tt/2nGfziJ
HackerOne
Node.js third-party modules disclosed on HackerOne: [flintcms]...
I would like to report a privilege escalation vulnerability in flintcms.
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
It allows to reset a known user password, extract its password reset token and reset its password to then access the...
hideNsneak - An Attack Infrastructure Obfuscation Framework
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 08:41PM by karmicSec
via reddit https://ift.tt/2MOTmtR
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
hideNsneak - Automate, Manage, and Configure Your Attack Infrastructure with Cloud Solutions to Save Time and Evade Detection
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 09:03PM by karmicSec
via reddit https://ift.tt/2MM3lQt
https://ift.tt/2Jkz2xH
Submitted August 15, 2018 at 09:03PM by karmicSec
via reddit https://ift.tt/2MM3lQt
GitHub
rmikehodges/hideNsneak
hideNsneak - a CLI for ephemeral penetration testing
PHAR Deserialization - A New PHP Exploitation Technique
https://ift.tt/2Bm85ey
Submitted August 15, 2018 at 09:39PM by martinbdz
via reddit https://ift.tt/2BbcLUr
https://ift.tt/2Bm85ey
Submitted August 15, 2018 at 09:39PM by martinbdz
via reddit https://ift.tt/2BbcLUr
Announcing Gopherus: Generate Gopher payload for exploiting SSRF and lead to RCE, on SSRF vulnerable sites
I've written this tool for MySQL, FastCGI, Memcached, Redis, Zabbix, SMTP servers.A detailed denoscription can be found here: https://github.com/tarunkant/Gopherusblog post on the same: https://spyclub.tech/2018/blog-on-gopherus/
Submitted August 15, 2018 at 09:10PM by tarunkant
via reddit https://ift.tt/2vSRJoz
I've written this tool for MySQL, FastCGI, Memcached, Redis, Zabbix, SMTP servers.A detailed denoscription can be found here: https://github.com/tarunkant/Gopherusblog post on the same: https://spyclub.tech/2018/blog-on-gopherus/
Submitted August 15, 2018 at 09:10PM by tarunkant
via reddit https://ift.tt/2vSRJoz
GitHub
tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers - tarunkant/Gopherus
Analysing CVE-2018-13417 for files, hashes and shells
https://ift.tt/2KXacF0
Submitted August 15, 2018 at 09:52PM by r3b00tu53r
via reddit https://ift.tt/2KUv4gc
https://ift.tt/2KXacF0
Submitted August 15, 2018 at 09:52PM by r3b00tu53r
via reddit https://ift.tt/2KUv4gc
in.security Cyber Security Services
Analysing CVE-2018-13417 for files, hashes and shells | in.security Cyber Security Services
CVE-2018-13417 was released this August that disclosed an out-of-band XXE vulnerability in the SSDP/UPnP functionality of the XML parsing engine in the popular Vuze Bittorrent client
Password and Credential Management in 2018 - State of the art security for the most valuable secrets
https://ift.tt/2ML1gEh
Submitted August 15, 2018 at 01:48PM by fharw
via reddit https://ift.tt/2ODErCZ
https://ift.tt/2ML1gEh
Submitted August 15, 2018 at 01:48PM by fharw
via reddit https://ift.tt/2ODErCZ
Medium
Password and Credential Management in 2018 🔒
State of the art security for the most valuable secrets
Decided to write a proper guide for WP malware removal. Hopefully it can be helpful if someone comes to you with such issue.
https://ift.tt/2OE4dXX
Submitted August 16, 2018 at 02:18AM by ded1cated
via reddit https://ift.tt/2vLzLUN
https://ift.tt/2OE4dXX
Submitted August 16, 2018 at 02:18AM by ded1cated
via reddit https://ift.tt/2vLzLUN
WebARX
Comprehensive WordPress Malware Removal Guide
Complete step-by-step technical tutorial for WordPress malware removal. Remove WordPress malware, backdoors, SEO Injection, htaccess hack and learn how to remove WordPress site from google blacklist. Extra tips for making the site secure! Everything in one…