Attacking Google Authenticator
https://ift.tt/2CL3KjQ
Submitted October 29, 2018 at 09:00PM by westondeboer
via reddit https://ift.tt/2CNLRRG
https://ift.tt/2CL3KjQ
Submitted October 29, 2018 at 09:00PM by westondeboer
via reddit https://ift.tt/2CNLRRG
reddit
r/netsec - Attacking Google Authenticator
3 votes and 0 comments so far on Reddit
Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
https://ift.tt/2SrDdxq
Submitted October 29, 2018 at 08:58PM by EvanConover
via reddit https://ift.tt/2qibWk4
https://ift.tt/2SrDdxq
Submitted October 29, 2018 at 08:58PM by EvanConover
via reddit https://ift.tt/2qibWk4
Trendmicro
Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments - TrendLabs Security Intelligence Blog
Cybercriminals make use of old file types in brand-new ways in spam attachments, proving that they are regularly experimenting to evade spam filters.
Attacking Google Authenticator
https://ift.tt/2CL3KjQ
Submitted October 29, 2018 at 09:38PM by Chris911
via reddit https://ift.tt/2SwcZKv
https://ift.tt/2CL3KjQ
Submitted October 29, 2018 at 09:38PM by Chris911
via reddit https://ift.tt/2SwcZKv
reddit
r/netsec - Attacking Google Authenticator
1 vote and 0 comments so far on Reddit
Windows Defender Antivirus can now run in a sandbox
https://ift.tt/2z7kq1B
Submitted October 30, 2018 at 01:15AM by picklednull
via reddit https://ift.tt/2zf31E6
https://ift.tt/2z7kq1B
Submitted October 30, 2018 at 01:15AM by picklednull
via reddit https://ift.tt/2zf31E6
Microsoft Security Blog
Windows Defender Antivirus can now run in a sandbox | Microsoft Security Blog
Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox.
Mac cryptocurrency ticker app installs backdoors
https://ift.tt/2OiLrVC
Submitted October 30, 2018 at 01:23AM by EvanConover
via reddit https://ift.tt/2ObKj5T
https://ift.tt/2OiLrVC
Submitted October 30, 2018 at 01:23AM by EvanConover
via reddit https://ift.tt/2ObKj5T
Malwarebytes
Mac cryptocurrency ticker app installs backdoors
A Mac application named CoinTicker has been found installing two different backdoors, capable of keylogging, data theft, execution of arbitrary commands, and more.
Facebook's New ID Verification System Is Intrusive
https://ift.tt/2OelmXt
Submitted October 30, 2018 at 06:02AM by lawandordercandidate
via reddit https://ift.tt/2Q5kFBB
https://ift.tt/2OelmXt
Submitted October 30, 2018 at 06:02AM by lawandordercandidate
via reddit https://ift.tt/2Q5kFBB
1000 Days of Code
Facebook's New ID Verification System Is Intrusive
I run social media for a small company that represents unions in the local area. Before, creating posts and Facebook ads have been easy. With [...]
.:: Phrack Magazine ::. Viewer Discretion Advised
https://ift.tt/2Svp6HG
Submitted October 30, 2018 at 04:03PM by _cacao
via reddit https://ift.tt/2AAJaBn
https://ift.tt/2Svp6HG
Submitted October 30, 2018 at 04:03PM by _cacao
via reddit https://ift.tt/2AAJaBn
phrack.org
.:: Phrack Magazine ::.
Phrack staff website.
Persistent GCP backdoors with Google’s Cloud Shell
https://ift.tt/2Q5Fxsw
Submitted October 30, 2018 at 08:36PM by lukeberner
via reddit https://ift.tt/2qku7WG
https://ift.tt/2Q5Fxsw
Submitted October 30, 2018 at 08:36PM by lukeberner
via reddit https://ift.tt/2qku7WG
Medium
Persistent GCP backdoors with Google’s Cloud Shell
Cloud Shell GCP Google Cloud Security
Java Deserialization — From Discovery to Reverse Shell on Limited Environments
https://ift.tt/2Dc0rDo
Submitted October 30, 2018 at 09:51PM by H3x0r1337
via reddit https://ift.tt/2OgmeLs
https://ift.tt/2Dc0rDo
Submitted October 30, 2018 at 09:51PM by H3x0r1337
via reddit https://ift.tt/2OgmeLs
Medium
Java Deserialization — From Discovery to Reverse Shell on Limited Environments
By Ahmed Sherif & Francesco Soncina
C++ Async HTTPS server built with oat++ framework and LibreSSL
https://ift.tt/2Q1P6IJ
Submitted October 31, 2018 at 12:14AM by oatpp
via reddit https://ift.tt/2OVm94O
https://ift.tt/2Q1P6IJ
Submitted October 31, 2018 at 12:14AM by oatpp
via reddit https://ift.tt/2OVm94O
GitHub
oatpp/oatpp-examples
List of example projects of how to use oat++ framework - oatpp/oatpp-examples
Google Home (in)Security: Unauthenticated Google Home API with all sorts of fun uses
https://ift.tt/2OV5MoZ
Submitted October 31, 2018 at 02:57AM by Syonyk
via reddit https://ift.tt/2EPjXaj
https://ift.tt/2OV5MoZ
Submitted October 31, 2018 at 02:57AM by Syonyk
via reddit https://ift.tt/2EPjXaj
JerryGamblin.com
Google Home (in)Security
TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap –open -p 8008 192.168.1.0/24 | awk ‘/is up/ {print up};…
Project Dribble: hacking Wi-Fi with cached JavaScript
https://ift.tt/2Oia0lo
Submitted October 31, 2018 at 02:25AM by rhaidiz
via reddit https://ift.tt/2zdfx7j
https://ift.tt/2Oia0lo
Submitted October 31, 2018 at 02:25AM by rhaidiz
via reddit https://ift.tt/2zdfx7j
Federico De Meo
Project Dribble: hacking Wi-Fi with cached JavaScript
@font-face { font-family: "Harry"; src: url(/fonts/hp.ttf) format("truetype"); } I’ve been meaning to work on this little project for quite some time, but life got in the way and I was always t
Isolated Networks in the Cloud – it's possible
https://ift.tt/2GXbrSH
Submitted October 31, 2018 at 09:37AM by midael
via reddit https://ift.tt/2qk6nSl
https://ift.tt/2GXbrSH
Submitted October 31, 2018 at 09:37AM by midael
via reddit https://ift.tt/2qk6nSl
Medium
Isolated Networks in the Cloud
After a recent roadmapping session, it seemed like a good idea to research network isolation in cloud environments. We chose to test AWS…
I wrote a simple 'rogue device' scanner that uses ping sweeps/nmap to intermittently scan a subnet and log any new hosts. Feedback is welcome!
https://ift.tt/2qlHaHg
Submitted October 31, 2018 at 09:10AM by jbob133
via reddit https://ift.tt/2EUieAK
https://ift.tt/2qlHaHg
Submitted October 31, 2018 at 09:10AM by jbob133
via reddit https://ift.tt/2EUieAK
GitHub
Th3J0kr/A-Simple-Rogue-Device-Scanner
A simple python program that ping sweeps your network at a certain interval and logs new devices. - Th3J0kr/A-Simple-Rogue-Device-Scanner
Emotet Awakens With New Campaign of Mass Email Exfiltration using the Outlook Messaging API
https://ift.tt/2Q2Su69
Submitted October 31, 2018 at 09:08AM by not_2sec4u
via reddit https://ift.tt/2ABrq8S
https://ift.tt/2Q2Su69
Submitted October 31, 2018 at 09:08AM by not_2sec4u
via reddit https://ift.tt/2ABrq8S
Kryptoslogic
Emotet Awakens With New Campaign of Mass Email Exfiltration
The Emotet malware family just raised the stakes by adding email exfiltration to its arsenal, thereby escalating its capabilities to cyber espionage. While i...
Trivial Exploit for X.org Server Local Privilege Escalation
https://ift.tt/2qiiq2y
Submitted October 31, 2018 at 09:00AM by raincan
via reddit https://ift.tt/2EQN11p
https://ift.tt/2qiiq2y
Submitted October 31, 2018 at 09:00AM by raincan
via reddit https://ift.tt/2EQN11p
Tenable®
Tweetable Exploit for X.org Server Local Privilege Escalation
A researcher has published a local privilege escalation exploit that fits in a single tweet for xorg-x11-server. Vendors are rolling out fixes and mitigation advice.
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
https://ift.tt/2Js6dkO
Submitted October 31, 2018 at 08:14AM by EzequielTBH
via reddit https://ift.tt/2DenCNy
https://ift.tt/2Js6dkO
Submitted October 31, 2018 at 08:14AM by EzequielTBH
via reddit https://ift.tt/2DenCNy
Lgtm
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407)
The networking implementation in iOS and macOS contained a heap buffer overflow, which could be triggered by sending a malicious packet to the device. No user interaction was required. This post explains how it was found using QL.
Bloom filter patent
https://ift.tt/2ACUgFX
Submitted October 31, 2018 at 03:10PM by timoh
via reddit https://ift.tt/2P26oco
https://ift.tt/2ACUgFX
Submitted October 31, 2018 at 03:10PM by timoh
via reddit https://ift.tt/2P26oco
[RFC] group entropy for hiding lookup initiator in a distributed hash tables
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
https://ift.tt/2zg74QB
Submitted October 31, 2018 at 04:49PM by gpestana
via reddit https://ift.tt/2qkC6CQ
reddit
r/Rad_Decentralization - [RFC] group entropy for hiding lookup initiator in a distributed hash tables
2 votes and 1 comment so far on Reddit
Analyzing the root DNSSEC key rollover
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
https://ift.tt/2P4ZqUg
Submitted October 31, 2018 at 05:30PM by pimterry
via reddit https://ift.tt/2ADlAEf
reddit
r/netsec - Analyzing the root DNSSEC key rollover
1 vote and 0 comments so far on Reddit
JNDIAT - Penetration testing tool that tests the security of Weblogic servers through T3 protocol
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
https://ift.tt/2Js9Rer
Submitted October 31, 2018 at 07:52PM by HeadProfessional
via reddit https://ift.tt/2DdhHYV
GitHub
quentinhardy/jndiat
JNDI Attacking Tool. Contribute to quentinhardy/jndiat development by creating an account on GitHub.