Google Inbox recipient spoofing vulnerability
https://ift.tt/2TuLrVZ
Submitted November 21, 2018 at 01:02AM by Sephr
via reddit https://ift.tt/2Tol6Jr
https://ift.tt/2TuLrVZ
Submitted November 21, 2018 at 01:02AM by Sephr
via reddit https://ift.tt/2Tol6Jr
Twitter
Eli Grey
One of these screenshots is a draft email to the real PayPal support. The other one is to a scammer. Both screenshots are identical. Unfixed vulnerability in all Google Inbox mobile apps: https://t.co/ixRxU9qLnh PoC demo (open with Google Inbox app): htt…
Office 365 and Azure AD vulnerable to brute-force and password spray attacks
https://ift.tt/2OSp2yw
Submitted November 21, 2018 at 02:00AM by stautistic
via reddit https://ift.tt/2RZ8bfs
https://ift.tt/2OSp2yw
Submitted November 21, 2018 at 02:00AM by stautistic
via reddit https://ift.tt/2RZ8bfs
Hacker Noon
How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks
Azure AD is the de facto gatekeeper of Microsoft cloud solutions such as Azure, Office 365, Enterprise Mobility. As an integral component…
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
https://ift.tt/2S6ziFz
Submitted November 21, 2018 at 01:25AM by Logic_15
via reddit https://ift.tt/2BlFeEQ
https://ift.tt/2S6ziFz
Submitted November 21, 2018 at 01:25AM by Logic_15
via reddit https://ift.tt/2BlFeEQ
FireEye
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign « Not So Cozy: An Uncomfortable Examination of…
FireEye detected new targeted phishing activity at more than 20 of our clients across multiple industries.
Unfixed spoofing vulnerability in Google Inbox mobile apps
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
Twitter
Eli Grey
One of these screenshots is a draft email to the real PayPal support. The other one is to a scammer. Both screenshots are identical. Unfixed vulnerability in all Google Inbox mobile apps: https://t.co/ixRxU9qLnh PoC demo (open with Google Inbox app): htt…
out-of-tree kernel {module, exploit} development tool
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
reddit
r/netsec - out-of-tree kernel {module, exploit} development tool
1 vote and 1 comment so far on Reddit
Web Browser Address Bar Spoofing
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
Netsparker
Web Browser Address Bar Spoofing
This blog post looks at two address bar spoofing incidents. The first involved the Homograph vulnerability, where attackers used the IDN feature to trick users by imitating legitimate characters. The second involved Edge and Safari, in which redirected website…
Signature bypass vulnerability in library used for online German ID card authentication (allows impersonating any citizen)
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
Sec-Consult
My name is Johann Wolfgang von Goethe – I can prove it | SEC Consult
The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using
Mini-Internet using LXC
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
GitHub
flesueur/mi-lxc
Mini-Internet using LXC for practical works. Contribute to flesueur/mi-lxc development by creating an account on GitHub.
Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
reddit
r/netsec - Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
14 votes and 1 comment so far on Reddit
Reverse Engineering Pokemon Go Plus
https://ift.tt/2zks35P
Submitted November 22, 2018 at 03:44AM by cbolat
via reddit https://ift.tt/2S6TlDM
https://ift.tt/2zks35P
Submitted November 22, 2018 at 03:44AM by cbolat
via reddit https://ift.tt/2S6TlDM
reddit
r/netsec - Reverse Engineering Pokemon Go Plus
0 votes and 0 comments so far on Reddit
Security recommendations for hosting on AWS
https://ift.tt/2R49tpm
Submitted November 22, 2018 at 03:08AM by iamcoolc
via reddit https://ift.tt/2PKUdRM
https://ift.tt/2R49tpm
Submitted November 22, 2018 at 03:08AM by iamcoolc
via reddit https://ift.tt/2PKUdRM
Templarbit Inc.
Security recommendations for hosting on AWS
All state of the art hosting services make the security of...
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
https://ift.tt/2OTdMln
Submitted November 22, 2018 at 07:31AM by Natanael_L
via reddit https://ift.tt/2R2oU1r
https://ift.tt/2OTdMln
Submitted November 22, 2018 at 07:31AM by Natanael_L
via reddit https://ift.tt/2R2oU1r
VUSec
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All - VUSec
How well does ECC protects against Rowhammer? Exploiting Correcting Codes: On the Effectivenessof ECC Memory Against Rowhammer Attacks.
This would make for an interesting content filter - would keep people from doing a side hustle while on the clock.
https://ift.tt/2qYB7Zq
Submitted November 22, 2018 at 10:09AM by mach_i_nist
via reddit https://ift.tt/2qWxrra
https://ift.tt/2qYB7Zq
Submitted November 22, 2018 at 10:09AM by mach_i_nist
via reddit https://ift.tt/2qWxrra
reddit
r/antiMLM - I am in charge of our web and spam filters at work.
7,200 votes and 353 comments so far on Reddit
DevSecOps vs DevOps
https://ift.tt/2BrdbE9
Submitted November 22, 2018 at 12:59PM by isaacdiophant
via reddit https://ift.tt/2R30p49
https://ift.tt/2BrdbE9
Submitted November 22, 2018 at 12:59PM by isaacdiophant
via reddit https://ift.tt/2R30p49
A pen test story
https://ift.tt/2QQZu6A
Submitted November 22, 2018 at 12:53PM by hashier
via reddit https://ift.tt/2Qc3Bgp
https://ift.tt/2QQZu6A
Submitted November 22, 2018 at 12:53PM by hashier
via reddit https://ift.tt/2Qc3Bgp
threader.app
A thread written by @TinkerSec
Singing the Blues:
Taking Down an Insider Threat
"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...
...and physically hunted me down." https://t.co/468Q6C4KR5
Taking Down an Insider Threat
"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...
...and physically hunted me down." https://t.co/468Q6C4KR5
Evilginx 2.2 - Jolly Winter Update - 2FA Phishing Framework
https://ift.tt/2OXHbea
Submitted November 22, 2018 at 05:16PM by kgretzky
via reddit https://ift.tt/2zo1Fbn
https://ift.tt/2OXHbea
Submitted November 22, 2018 at 05:16PM by kgretzky
via reddit https://ift.tt/2zo1Fbn
The three fatal bugs behind the Facebook breach - explained
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
Avatao
The three fatal bugs behind the Facebook breach
The breach was discovered after Facebook saw an unusual spike of user activity that began on September 14, 2018. A...
Flying under the radar [pdf]
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
USN-3825-2: mod_perl vulnerability
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
Ubuntu
USN-3825-2: mod_perl vulnerability | Ubuntu security notices
USN-3825-1 fixed a vulnerability in mod_perl. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
USN-3825-1: mod_perl vulnerability
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
Ubuntu
USN-3825-1: mod_perl vulnerability | Ubuntu security notices
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code.
AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
reddit
r/netsec - AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
13 votes and 1 comment so far on Reddit