Statement from DHS Press Secretary on Recent Media Reports of Potential Supply Chain Compromise
https://ift.tt/2OGmaIT
Submitted October 08, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2NtGcSy
https://ift.tt/2OGmaIT
Submitted October 08, 2018 at 04:33AM by jdrch
via reddit https://ift.tt/2NtGcSy
Department of Homeland Security
Statement from DHS Press Secretary on Recent Media Reports of Potential Supply Chain Compromise
Statement from Press Secretary Tyler Houlton on recent media reports of a potential supply chain compromise.
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
https://ift.tt/2Nltl4E
Submitted October 08, 2018 at 02:20PM by albinowax
via reddit https://ift.tt/2QySXgl
https://ift.tt/2Nltl4E
Submitted October 08, 2018 at 02:20PM by albinowax
via reddit https://ift.tt/2QySXgl
Blogspot
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Posted by Ivan Fratric, Google Project Zero Around a year ago, we published the results of research about the resilience of modern bro...
net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available)
https://ift.tt/2NuB8NM
Submitted October 08, 2018 at 04:27PM by magnusstubman
via reddit https://ift.tt/2zY5DrA
https://ift.tt/2NuB8NM
Submitted October 08, 2018 at 04:27PM by magnusstubman
via reddit https://ift.tt/2zY5DrA
reddit
r/netsec - net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available)
1 vote and 0 comments so far on Reddit
serviceFu – Harvesting Service Account Credentials Remotely
https://ift.tt/2Pk4pfz
Submitted October 08, 2018 at 05:22PM by securifera
via reddit https://ift.tt/2C5DnFg
https://ift.tt/2Pk4pfz
Submitted October 08, 2018 at 05:22PM by securifera
via reddit https://ift.tt/2C5DnFg
Securifera
serviceFu – Securifera
serviceFu
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…
In a recent assessment our team found itself in a somewhat new situation that resulted in a useful tool we wanted to share with the community. The assessment started with us gaining initial access into a customer's network. This particular customer…
FlareOn Level 6 with symbolic execution and Binary Ninja
https://ift.tt/2O9pME1
Submitted October 08, 2018 at 06:50PM by thebarbershopper
via reddit https://ift.tt/2IIEZWB
https://ift.tt/2O9pME1
Submitted October 08, 2018 at 06:50PM by thebarbershopper
via reddit https://ift.tt/2IIEZWB
reddit
r/netsec - FlareOn Level 6 with symbolic execution and Binary Ninja
4 votes and 0 comments so far on Reddit
Build a dynamic firewall or how to add dynamically clients to iptables
https://ift.tt/2O9OMuX
Submitted October 08, 2018 at 10:40PM by sqall01
via reddit https://ift.tt/2ylEahN
https://ift.tt/2O9OMuX
Submitted October 08, 2018 at 10:40PM by sqall01
via reddit https://ift.tt/2ylEahN
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system access.
https://ift.tt/2IJz03X
Submitted October 09, 2018 at 02:08AM by EvanConover
via reddit https://ift.tt/2Pl8W1j
https://ift.tt/2IJz03X
Submitted October 09, 2018 at 02:08AM by EvanConover
via reddit https://ift.tt/2Pl8W1j
Tenable™
Tenable Research Advisory: Multiple Vulnerabilities Discovered in
Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system a
Google Shutting Down Google+ After API Leaks 500k Account's Data/Lack Of Adoption
https://ift.tt/2yorSoR
Submitted October 09, 2018 at 03:21AM by g3xxg3xx
via reddit https://ift.tt/2OKUOBw
https://ift.tt/2yorSoR
Submitted October 09, 2018 at 03:21AM by g3xxg3xx
via reddit https://ift.tt/2OKUOBw
BleepingComputer
Google+ Shutting Down After Bug Leaks Info of 500k Accounts
Google has announced that they are closing the consumer functionality of Google+ due lack of adoption and an API bug that leaked the personal information of up to 500,000 Google+ accounts.
Length of an Antenna is relative to Wave Length
https://ift.tt/2CvMBLT
Submitted October 09, 2018 at 05:41AM by i_rsX
via reddit https://ift.tt/2NvMmRP
https://ift.tt/2CvMBLT
Submitted October 09, 2018 at 05:41AM by i_rsX
via reddit https://ift.tt/2NvMmRP
reddit
r/hacking - Length of an Antenna is relative to Wave Length
4 votes and 1 comment so far on Reddit
Delivery (Key)Boy
https://ift.tt/2OKJOnB
Submitted October 09, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2yluhk4
https://ift.tt/2OKJOnB
Submitted October 09, 2018 at 05:26AM by jdrch
via reddit https://ift.tt/2yluhk4
AlienVault
Delivery (Key)Boy
IntroductionBelow we’ve outlined the delivery phase of some recent attacks by KeyBoy, a group of attackers believed to operate out of China. They were first identified in 2013 targeting governments and NGOs in South East Asia. Their primary targeting continues…
Active Directory and Privilege Escalation Script
https://ift.tt/2lPu2YP
Submitted October 09, 2018 at 09:44AM by Hausec
via reddit https://ift.tt/2ykpgbs
https://ift.tt/2lPu2YP
Submitted October 09, 2018 at 09:44AM by Hausec
via reddit https://ift.tt/2ykpgbs
GitHub
hausec/ADAPE-Script
Active Directory Assessment and Privilege Escalation Script - hausec/ADAPE-Script
AWS takeover through SSRF in JavaScript
https://ift.tt/2yoaK2p
Submitted October 09, 2018 at 01:48PM by albinowax
via reddit https://ift.tt/2Oem3F9
https://ift.tt/2yoaK2p
Submitted October 09, 2018 at 01:48PM by albinowax
via reddit https://ift.tt/2Oem3F9
Gwendal Le Coguic
AWS takeover through SSRF in JavaScript
Gwendal Le Coguic, web developer and security researcher
A timing attack with CSS selectors and Javanoscript
https://ift.tt/2OOptOB
Submitted October 09, 2018 at 02:27PM by albinowax
via reddit https://ift.tt/2A0iAkF
https://ift.tt/2OOptOB
Submitted October 09, 2018 at 02:27PM by albinowax
via reddit https://ift.tt/2A0iAkF
sheddow's blog
A timing attack with CSS selectors and Javanoscript
Have you ever encountered a website that runs `jQuery(location.hash)`? It turns out this allows you to perform a powerful timing attack that can extract almost any secret from the HTML.
Trusting the delivery of Firefox Updates
https://ift.tt/2Qyk2jM
Submitted October 09, 2018 at 06:18PM by jvehent
via reddit https://ift.tt/2pLc2AM
https://ift.tt/2Qyk2jM
Submitted October 09, 2018 at 06:18PM by jvehent
via reddit https://ift.tt/2pLc2AM
Mozilla Security Blog
Trusting the delivery of Firefox Updates
Providing a web browser that you can depend on year after year is one of the core tenant of the Firefox security strategy. We put ...
Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
https://ift.tt/2Cy692m
Submitted October 09, 2018 at 08:16PM by EvanConover
via reddit https://ift.tt/2Eb4Asv
https://ift.tt/2Cy692m
Submitted October 09, 2018 at 08:16PM by EvanConover
via reddit https://ift.tt/2Eb4Asv
Trendmicro
Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads - TrendLabs Security Intelligence Blog
A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.
Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)
https://ift.tt/2OcMcnQ
Submitted October 09, 2018 at 11:48PM by dionas
via reddit https://ift.tt/2QHeh3x
https://ift.tt/2OcMcnQ
Submitted October 09, 2018 at 11:48PM by dionas
via reddit https://ift.tt/2QHeh3x
Sec-Consult
Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud) | SEC Consult
All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud.
Rapid7 introduces an evasion module for Metasploit Framework (whitepaper inside)
https://blog.rapid7.com/2018/10/09/introducing-metasploits-first-evasion-module/
Submitted October 09, 2018 at 10:59PM by EvaMolotow
via reddit https://ift.tt/2QCQPV6
https://blog.rapid7.com/2018/10/09/introducing-metasploits-first-evasion-module/
Submitted October 09, 2018 at 10:59PM by EvaMolotow
via reddit https://ift.tt/2QCQPV6
Security updates available for Flash Player | APSB18-35
https://ift.tt/2OSZbKM
Submitted October 10, 2018 at 05:21AM by jdrch
via reddit https://ift.tt/2ys4tTj
https://ift.tt/2OSZbKM
Submitted October 10, 2018 at 05:21AM by jdrch
via reddit https://ift.tt/2ys4tTj
Adobe
Adobe Security Bulletin
Security updates available for Flash Player
Security updates available for Flash Player | APSB18-35
https://ift.tt/2OSZbKM
Submitted October 10, 2018 at 05:21AM by jdrch
via reddit https://ift.tt/2ys4tTj
https://ift.tt/2OSZbKM
Submitted October 10, 2018 at 05:21AM by jdrch
via reddit https://ift.tt/2ys4tTj
Adobe
Adobe Security Bulletin
Security updates available for Flash Player
.NET Framework October 2018 Security and Quality Rollup
https://ift.tt/2yvJFKC
Submitted October 10, 2018 at 05:13AM by jdrch
via reddit https://ift.tt/2Ofp1Jn
https://ift.tt/2yvJFKC
Submitted October 10, 2018 at 05:13AM by jdrch
via reddit https://ift.tt/2Ofp1Jn
Microsoft
.NET Framework October 2018 Security and Quality Rollup
A first-hand look from the .NET engineering teams
WhatsApp Heap Corruption
https://ift.tt/2y8OaM4
Submitted October 10, 2018 at 04:00AM by tunnelnel
via reddit https://ift.tt/2Em7DOX
https://ift.tt/2y8OaM4
Submitted October 10, 2018 at 04:00AM by tunnelnel
via reddit https://ift.tt/2Em7DOX
reddit
r/netsec - WhatsApp Heap Corruption
5 votes and 1 comment so far on Reddit