USN-3826-1: QEMU vulnerabilities
https://ift.tt/2DK6vT8
Submitted November 27, 2018 at 08:47PM by jdrch
via reddit https://ift.tt/2P5MkkG
https://ift.tt/2DK6vT8
Submitted November 27, 2018 at 08:47PM by jdrch
via reddit https://ift.tt/2P5MkkG
Ubuntu
USN-3826-1: QEMU vulnerabilities | Ubuntu security notices
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)
It was discovered that QEMU incorrectly…
It was discovered that QEMU incorrectly…
SIEMENS PATCHES MAJOR FIREWALL FLAW, OTHER VULNERABILITIES
https://ift.tt/2RflZCH
Submitted November 27, 2018 at 08:05PM by UnixLinuxPro
via reddit https://ift.tt/2P5ItnI
https://ift.tt/2RflZCH
Submitted November 27, 2018 at 08:05PM by UnixLinuxPro
via reddit https://ift.tt/2P5ItnI
TechGenix
Siemens patches major firewall flaw, other vulnerabilities
German conglomerate Siemens has been busy trying to close several gaps in its security infrastructure caused by critical vulnerabilities.
PLC Bug Hunt: A Team Building Activity
https://ift.tt/2QkZRJK
Submitted November 27, 2018 at 07:57PM by chicksdigthelongrun
via reddit https://ift.tt/2QgOv9N
https://ift.tt/2QkZRJK
Submitted November 27, 2018 at 07:57PM by chicksdigthelongrun
via reddit https://ift.tt/2QgOv9N
Medium
PLC Bug Hunt
A Team Building Activity
Exposing the Public IPs of Tor Services Through SSL Certificates
https://ift.tt/2DNvvsD
Submitted November 27, 2018 at 10:09PM by ziyahanalbeniz
via reddit https://ift.tt/2E0Kyjv
https://ift.tt/2DNvvsD
Submitted November 27, 2018 at 10:09PM by ziyahanalbeniz
via reddit https://ift.tt/2E0Kyjv
Netsparker
Exposing the Public IPs of Tor Services Through SSL Certificates
This blog post explains how the Tor network, selected for anonymity, can actually be used to discover users' IP addresses due to an incorrect SSL configuration. It includes examples, screenshots and recommendations for further reading.
Exploiting developer infrastructure is insanely easy
https://ift.tt/2DWyKig
Submitted November 27, 2018 at 11:11PM by ihsw
via reddit https://ift.tt/2Ro64SE
https://ift.tt/2DWyKig
Submitted November 27, 2018 at 11:11PM by ihsw
via reddit https://ift.tt/2Ro64SE
Medium
Exploiting developer infrastructure is insanely easy
How an npm package was taken over to infect mobile apps and steal bitcoins.
I couldn't find any XSS reverse shell exploits... so I made one
https://ift.tt/2RizIbP
Submitted November 27, 2018 at 11:41AM by skedar46
via reddit https://ift.tt/2TN6ALo
https://ift.tt/2RizIbP
Submitted November 27, 2018 at 11:41AM by skedar46
via reddit https://ift.tt/2TN6ALo
GitHub
raz-varren/xsshell
An XSS reverse shell framework. Contribute to raz-varren/xsshell development by creating an account on GitHub.
Vulnhub - LAMPSecurity's CTF4 Walkthrough
https://ift.tt/2Q02ils
Submitted November 28, 2018 at 01:57AM by 0xCAL3
via reddit https://ift.tt/2Ql53NS
https://ift.tt/2Q02ils
Submitted November 28, 2018 at 01:57AM by 0xCAL3
via reddit https://ift.tt/2Ql53NS
BebopSecurity
LAMPSecurity: CTF4 Walkthrough
A complete boot2root walkthrough of LAMPSecurity's 4th CTF challenge.
Trape - People tracker on the Internet: OSINT analysis and research tool
https://ift.tt/2BvT2Nm
Submitted November 28, 2018 at 01:34AM by DrinkMoreCodeMore
via reddit https://ift.tt/2DKqzox
https://ift.tt/2BvT2Nm
Submitted November 28, 2018 at 01:34AM by DrinkMoreCodeMore
via reddit https://ift.tt/2DKqzox
GitHub
jofpin/trape
People tracker on the Internet: OSINT analysis and research tool by Jose Pino - jofpin/trape
Event-stream vulnerability explained
https://ift.tt/2FLFotw
Submitted November 28, 2018 at 05:57AM by root_trainingwheels
via reddit https://ift.tt/2QhGamf
https://ift.tt/2FLFotw
Submitted November 28, 2018 at 05:57AM by root_trainingwheels
via reddit https://ift.tt/2QhGamf
reddit
r/netsec - Event-stream vulnerability explained
1 vote and 0 comments so far on Reddit
Service that tracks every IP mass scanning/attacking the Internet
https://ift.tt/2DZAhV1
Submitted November 28, 2018 at 10:41AM by andrew_balls
via reddit https://ift.tt/2ra4b05
https://ift.tt/2DZAhV1
Submitted November 28, 2018 at 10:41AM by andrew_balls
via reddit https://ift.tt/2ra4b05
reddit
r/netsec - Service that tracks every IP mass scanning/attacking the Internet
4 votes and 1 comment so far on Reddit
Sennheiser apps installed root cert then leaks private keys
https://ift.tt/2DM5hqy
Submitted November 28, 2018 at 12:50PM by le-quack
via reddit https://ift.tt/2Qm6JXj
https://ift.tt/2DM5hqy
Submitted November 28, 2018 at 12:50PM by le-quack
via reddit https://ift.tt/2Qm6JXj
reddit
r/netsec - Sennheiser apps installed root cert then leaks private keys
5 votes and 1 comment so far on Reddit
Interactive serial sci-fi book with some Info-Sec challenges
https://ift.tt/2Q2NG55
Submitted November 28, 2018 at 05:04PM by SpecificBridge
via reddit https://ift.tt/2RlCwVq
https://ift.tt/2Q2NG55
Submitted November 28, 2018 at 05:04PM by SpecificBridge
via reddit https://ift.tt/2RlCwVq
Htcap 1.1 - Crawl and scan single page applications with headless chrome
https://htcap.org/
Submitted November 28, 2018 at 06:59PM by filippo_cavallarin
via reddit https://ift.tt/2SibRJs
https://htcap.org/
Submitted November 28, 2018 at 06:59PM by filippo_cavallarin
via reddit https://ift.tt/2SibRJs
reddit
r/netsec - Htcap 1.1 - Crawl and scan single page applications with headless chrome
0 votes and 0 comments so far on Reddit
Chrome and Firefox Developers Aim to Remove Support for FTP
https://ift.tt/2PWhZud
Submitted November 28, 2018 at 09:23PM by mick-io
via reddit https://ift.tt/2RfO0tO
https://ift.tt/2PWhZud
Submitted November 28, 2018 at 09:23PM by mick-io
via reddit https://ift.tt/2RfO0tO
BleepingComputer
Chrome and Firefox Developers Aim to Remove Support for FTP
Google developers have wanted to remove FTP support from Chrome for years and an upcoming change in how files stored on FTP servers are rendered in the browser may be the first step in its ultimate removal.
Jailbreaking Subaru StarLink
https://ift.tt/2FJjFCs
Submitted November 28, 2018 at 09:15PM by BDelay
via reddit https://ift.tt/2DPT6ZC
https://ift.tt/2FJjFCs
Submitted November 28, 2018 at 09:15PM by BDelay
via reddit https://ift.tt/2DPT6ZC
GitHub
sgayou/subaru_starlink_research
Subaru StarLink persistent root code execution. Contribute to sgayou/subaru_starlink_research development by creating an account on GitHub.
The writable files API seeks to make it possible for users to choose files or directories that a web app can interact with on the native file system.
https://ift.tt/2PSYO3l
Submitted November 28, 2018 at 09:42PM by mick-io
via reddit https://ift.tt/2TTWYyo
https://ift.tt/2PSYO3l
Submitted November 28, 2018 at 09:42PM by mick-io
via reddit https://ift.tt/2TTWYyo
Google Developers
The Writable Files API: Simplifying local file access | Web
| Google Developers
| Google Developers
Products from ZTE or Huawei
https://ift.tt/2zskWYT
Submitted November 28, 2018 at 10:59PM by networkwise
via reddit https://ift.tt/2P9R9cy
https://ift.tt/2zskWYT
Submitted November 28, 2018 at 10:59PM by networkwise
via reddit https://ift.tt/2P9R9cy
reddit
r/sysadmin - Products from ZTE or Huawei
2 votes and 1 comment so far on Reddit
UPnProxy: EternalSilence - using vulnerable UPnP daemons in consumer routers to expose SMB services to the internet
https://ift.tt/2FNnq9V
Submitted November 28, 2018 at 11:36PM by chadillac83
via reddit https://ift.tt/2Rg4uSI
https://ift.tt/2FNnq9V
Submitted November 28, 2018 at 11:36PM by chadillac83
via reddit https://ift.tt/2Rg4uSI
Akamai
UPnProxy: EternalSilence
By, Chad Seaman Overview: UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely...
Pwning eBay - How I Dumped eBay Japan's Website Source Code
https://ift.tt/2Pc9lTa
Submitted November 29, 2018 at 12:24AM by slashcrypto
via reddit https://ift.tt/2zECilN
https://ift.tt/2Pc9lTa
Submitted November 29, 2018 at 12:24AM by slashcrypto
via reddit https://ift.tt/2zECilN
slashcrypto.org
Pwning eBay - How I Dumped eBay Japan
Today I wanna write about a finding I discovered during a research project where the aim was to find critical vulnera...
Not A Security Boundary: Breaking Forest Trusts
https://ift.tt/2P74faw
Submitted November 29, 2018 at 12:21AM by checky
via reddit https://ift.tt/2zupYo6
https://ift.tt/2P74faw
Submitted November 29, 2018 at 12:21AM by checky
via reddit https://ift.tt/2zupYo6
Posts By SpecterOps Team Members
Not A Security Boundary: Breaking Forest Trusts
For years Microsoft has stated that the forest was the security boundary in Active Directory. For example, Microsoft’s “What Are Domains and Forests?” document (last updated in 2014) has a “Forests…
Changed your GitHub username? Hackers can easily gain access to your account on several devtool sites
https://ift.tt/2FNViDI
Submitted November 29, 2018 at 12:37AM by machete143
via reddit https://ift.tt/2DSIqtc
https://ift.tt/2FNViDI
Submitted November 29, 2018 at 12:37AM by machete143
via reddit https://ift.tt/2DSIqtc
reddit
r/netsec - Changed your GitHub username? Hackers can easily gain access to your account on several devtool sites
0 votes and 0 comments so far on Reddit