Unfixed spoofing vulnerability in Google Inbox mobile apps
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
https://ift.tt/2FwSDOD
Submitted November 21, 2018 at 01:15AM by Sephr
via reddit https://ift.tt/2Kn1iSv
Twitter
Eli Grey
One of these screenshots is a draft email to the real PayPal support. The other one is to a scammer. Both screenshots are identical. Unfixed vulnerability in all Google Inbox mobile apps: https://t.co/ixRxU9qLnh PoC demo (open with Google Inbox app): htt…
out-of-tree kernel {module, exploit} development tool
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
https://out-of-tree.io
Submitted November 21, 2018 at 10:28AM by jollheef
via reddit https://ift.tt/2DPKint
reddit
r/netsec - out-of-tree kernel {module, exploit} development tool
1 vote and 1 comment so far on Reddit
Web Browser Address Bar Spoofing
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
https://ift.tt/2S7MpX1
Submitted November 21, 2018 at 12:16PM by ziyahanalbeniz
via reddit https://ift.tt/2zjS3hQ
Netsparker
Web Browser Address Bar Spoofing
This blog post looks at two address bar spoofing incidents. The first involved the Homograph vulnerability, where attackers used the IDN feature to trick users by imitating legitimate characters. The second involved Edge and Safari, in which redirected website…
Signature bypass vulnerability in library used for online German ID card authentication (allows impersonating any citizen)
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
https://ift.tt/2BnPZXu
Submitted November 21, 2018 at 05:09PM by 0x9000
via reddit https://ift.tt/2KoeEhw
Sec-Consult
My name is Johann Wolfgang von Goethe – I can prove it | SEC Consult
The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using
Mini-Internet using LXC
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
https://ift.tt/2qY4afM
Submitted November 21, 2018 at 05:44PM by mariuz
via reddit https://ift.tt/2zjNCDw
GitHub
flesueur/mi-lxc
Mini-Internet using LXC for practical works. Contribute to flesueur/mi-lxc development by creating an account on GitHub.
Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
https://ift.tt/2PxMbvl
Submitted November 21, 2018 at 07:09PM by Glitch-is
via reddit https://ift.tt/2FzdGzY
reddit
r/netsec - Multiple 0days in MacOS discovered and used in a red team exercise at Dropbox
14 votes and 1 comment so far on Reddit
Reverse Engineering Pokemon Go Plus
https://ift.tt/2zks35P
Submitted November 22, 2018 at 03:44AM by cbolat
via reddit https://ift.tt/2S6TlDM
https://ift.tt/2zks35P
Submitted November 22, 2018 at 03:44AM by cbolat
via reddit https://ift.tt/2S6TlDM
reddit
r/netsec - Reverse Engineering Pokemon Go Plus
0 votes and 0 comments so far on Reddit
Security recommendations for hosting on AWS
https://ift.tt/2R49tpm
Submitted November 22, 2018 at 03:08AM by iamcoolc
via reddit https://ift.tt/2PKUdRM
https://ift.tt/2R49tpm
Submitted November 22, 2018 at 03:08AM by iamcoolc
via reddit https://ift.tt/2PKUdRM
Templarbit Inc.
Security recommendations for hosting on AWS
All state of the art hosting services make the security of...
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
https://ift.tt/2OTdMln
Submitted November 22, 2018 at 07:31AM by Natanael_L
via reddit https://ift.tt/2R2oU1r
https://ift.tt/2OTdMln
Submitted November 22, 2018 at 07:31AM by Natanael_L
via reddit https://ift.tt/2R2oU1r
VUSec
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All - VUSec
How well does ECC protects against Rowhammer? Exploiting Correcting Codes: On the Effectivenessof ECC Memory Against Rowhammer Attacks.
This would make for an interesting content filter - would keep people from doing a side hustle while on the clock.
https://ift.tt/2qYB7Zq
Submitted November 22, 2018 at 10:09AM by mach_i_nist
via reddit https://ift.tt/2qWxrra
https://ift.tt/2qYB7Zq
Submitted November 22, 2018 at 10:09AM by mach_i_nist
via reddit https://ift.tt/2qWxrra
reddit
r/antiMLM - I am in charge of our web and spam filters at work.
7,200 votes and 353 comments so far on Reddit
DevSecOps vs DevOps
https://ift.tt/2BrdbE9
Submitted November 22, 2018 at 12:59PM by isaacdiophant
via reddit https://ift.tt/2R30p49
https://ift.tt/2BrdbE9
Submitted November 22, 2018 at 12:59PM by isaacdiophant
via reddit https://ift.tt/2R30p49
A pen test story
https://ift.tt/2QQZu6A
Submitted November 22, 2018 at 12:53PM by hashier
via reddit https://ift.tt/2Qc3Bgp
https://ift.tt/2QQZu6A
Submitted November 22, 2018 at 12:53PM by hashier
via reddit https://ift.tt/2Qc3Bgp
threader.app
A thread written by @TinkerSec
Singing the Blues:
Taking Down an Insider Threat
"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...
...and physically hunted me down." https://t.co/468Q6C4KR5
Taking Down an Insider Threat
"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...
...and physically hunted me down." https://t.co/468Q6C4KR5
Evilginx 2.2 - Jolly Winter Update - 2FA Phishing Framework
https://ift.tt/2OXHbea
Submitted November 22, 2018 at 05:16PM by kgretzky
via reddit https://ift.tt/2zo1Fbn
https://ift.tt/2OXHbea
Submitted November 22, 2018 at 05:16PM by kgretzky
via reddit https://ift.tt/2zo1Fbn
The three fatal bugs behind the Facebook breach - explained
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
https://ift.tt/2znS4RM
Submitted November 22, 2018 at 05:57PM by judit_k
via reddit https://ift.tt/2Bq5ON9
Avatao
The three fatal bugs behind the Facebook breach
The breach was discovered after Facebook saw an unusual spike of user activity that began on September 14, 2018. A...
Flying under the radar [pdf]
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
https://ift.tt/2QcasXh
Submitted November 22, 2018 at 07:25PM by albinowax
via reddit https://ift.tt/2FBcRGS
USN-3825-2: mod_perl vulnerability
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
https://ift.tt/2TBr7me
Submitted November 23, 2018 at 07:14AM by jdrch
via reddit https://ift.tt/2r0gUSY
Ubuntu
USN-3825-2: mod_perl vulnerability | Ubuntu security notices
USN-3825-1 fixed a vulnerability in mod_perl. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
Original advisory details:
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged…
USN-3825-1: mod_perl vulnerability
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
https://ift.tt/2r0DUkZ
Submitted November 23, 2018 at 07:13AM by jdrch
via reddit https://ift.tt/2Fzqfv5
Ubuntu
USN-3825-1: mod_perl vulnerability | Ubuntu security notices
Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code.
AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
https://ift.tt/2BroRqD
Submitted November 23, 2018 at 03:02PM by ThisIsLibra
via reddit https://ift.tt/2PLXbW9
reddit
r/netsec - AndroidProjectCreator: easily convert an APK to an Android Studio project to reverse engineer the application
13 votes and 1 comment so far on Reddit
As if the holiday turkey couldn't get any worse, here's KernelSU - Kernel-Assisted Superuser, a small and ugly rootkit to provide "su".
https://ift.tt/2QeSRxP
Submitted November 23, 2018 at 10:44PM by zx2c4
via reddit https://ift.tt/2KsPmyF
https://ift.tt/2QeSRxP
Submitted November 23, 2018 at 10:44PM by zx2c4
via reddit https://ift.tt/2KsPmyF
Project Blacklist3r & .net Machine key analysis
https://ift.tt/2P1Bb4t
Submitted November 24, 2018 at 01:06AM by anantshri
via reddit https://ift.tt/2PMugBf
https://ift.tt/2P1Bb4t
Submitted November 24, 2018 at 01:06AM by anantshri
via reddit https://ift.tt/2PMugBf
NotSoSecure
Project Blacklist3r - NotSoSecure
TL;DR The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target…
CCI-Based Web Security: A Design Using PGP (1995) - 23 years later, still no common interface for trustable end-to-end encryption built into the browser
https://ift.tt/2TI4BYB
Submitted November 25, 2018 at 03:42AM by Ask-Alice
via reddit https://ift.tt/2BvNpyK
https://ift.tt/2TI4BYB
Submitted November 25, 2018 at 03:42AM by Ask-Alice
via reddit https://ift.tt/2BvNpyK