[pam module]SSHLooter C version
https://ift.tt/2QFnEVK
Submitted December 20, 2018 at 02:31AM by mthbernardes
via reddit https://ift.tt/2Bx6jUJ
https://ift.tt/2QFnEVK
Submitted December 20, 2018 at 02:31AM by mthbernardes
via reddit https://ift.tt/2Bx6jUJ
GitHub
mthbernardes/sshLooterC
It's the C version of https://github.com/mthbernardes/sshLooter - mthbernardes/sshLooterC
CTP
https://ift.tt/2UX7pBX
Submitted December 20, 2018 at 05:56AM by infosecaphorism
via reddit https://ift.tt/2Ra9coe
https://ift.tt/2UX7pBX
Submitted December 20, 2018 at 05:56AM by infosecaphorism
via reddit https://ift.tt/2Ra9coe
reddit
r/AskNetsec - Defcon Capture the Packet
3 votes and 3 comments so far on Reddit
Advisory | MailCleaner Community Edition Remote Code Execution
https://ift.tt/2QCwFPn
Submitted December 20, 2018 at 11:26AM by giomke
via reddit https://ift.tt/2A9GIkH
https://ift.tt/2QCwFPn
Submitted December 20, 2018 at 11:26AM by giomke
via reddit https://ift.tt/2A9GIkH
Pentest Blog
Advisory | MailCleaner Community Edition Remote Code Execution CVE-2018-20323
In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL: https://www.mailcleaner.net/Date of found: 19…
Amazon sent 1,700 Alexa voice files to the wrong customer, revealing private conversations.
https://ift.tt/2ShyE8J
Submitted December 20, 2018 at 03:28PM by Fingolas
via reddit https://ift.tt/2BuESe6
https://ift.tt/2ShyE8J
Submitted December 20, 2018 at 03:28PM by Fingolas
via reddit https://ift.tt/2BuESe6
heise online
Amazon reveals private Alexa voice data files
Due to an internal error, Amazon recently sent 1,700 Alexa voice files to an unauthorized customer. German computer magazine c't details what happened.
Amazon’s R&D lab in Kiev processing Ring’s footage
https://ift.tt/2SbCVdz
Submitted December 20, 2018 at 03:23PM by marie_dm_
via reddit https://ift.tt/2A8vJYF
https://ift.tt/2SbCVdz
Submitted December 20, 2018 at 03:23PM by marie_dm_
via reddit https://ift.tt/2A8vJYF
threader.app
A thread written by @mattdrange
Amazon's Ring dominates the growing video doorbell market. But little is known about the company's secretive R&D lab in Kiev, Ukraine. Here's the story of how customer video footage is sent there for image recognition purposes, despite internal concerns.…
Another sanboxescaper 0day
https://ift.tt/2EFiOl6
Submitted December 20, 2018 at 04:31PM by bigbottlequorn
via reddit https://ift.tt/2rIy3Bc
https://ift.tt/2EFiOl6
Submitted December 20, 2018 at 04:31PM by bigbottlequorn
via reddit https://ift.tt/2rIy3Bc
reddit
r/AskNetsec - Here's another 0day drop..
14 votes and 2 comments so far on Reddit
MD5 instant collisions of any JPG, PNG, PDF, MP4 ...
https://ift.tt/2ShprgE
Submitted December 20, 2018 at 05:23PM by 0v3rl04d
via reddit https://ift.tt/2A7DnT0
https://ift.tt/2ShprgE
Submitted December 20, 2018 at 05:23PM by 0v3rl04d
via reddit https://ift.tt/2A7DnT0
GitHub
corkami/pocs
Proof of Concepts (PE, PDF...). Contribute to corkami/pocs development by creating an account on GitHub.
Local Privilege Escalation in forticlient 6.0.3.0155 ( 0day )
https://ift.tt/2POV9j6
Submitted December 20, 2018 at 07:29PM by ggisz
via reddit https://ift.tt/2BygSXm
https://ift.tt/2POV9j6
Submitted December 20, 2018 at 07:29PM by ggisz
via reddit https://ift.tt/2BygSXm
Security Uncut
0day in FortiClient <= 6.0.3.0155
Forticlient LPE to SYSTEM 0day
Popular email app is collecting and storing usernames and passwords on their servers.
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
reddit
r/netsec - Popular email app is collecting and storing usernames and passwords on their servers.
1 vote and 0 comments so far on Reddit
US Charges China Intelligence Officers Over Hacking of MSPs
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
www.justice.gov
Two Chinese Hackers Associated With the Ministry of State Security
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,”
Internet Explorer Zero Day Exploited in Attacks
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
InfoSec-IT
Internet Explorer Zero Day Exploited in Attacks | InfoSec-IT
Microsoft have released an out-of-band patch in order to fix the zero day vulnerability that has been exploited by malicious users in attacks .
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
The Cloudflare Blog
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.
Inside of Danderspritz post-exploitation modules
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
Medium
Inside of Danderspritz post-exploitation modules
Introduction
Complete and in-depth analysis of an Android SMS stealing application
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
Linux process infection(I): using the address space of other processes as warehouse
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
Tarlogic Security - Cyber Security and Ethical hacking
Linux process infection (part I)
Among the different tasks that a Read Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence. Unfortunately, most of this persistence mechanisms are based…
A Write-up: Social Engineering - Impersonation exploit with support team
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
WastedCake
Social Engineering - Impersonation made easy — WastedCake
The one thing that we used to identity a user was not safe. Impersonation of another user was easy and just required a bit of social engineering.
Exploiting an 18 Year Old Bug
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
Medium
Exploiting an 18 Year Old Bug
A Write-up for CVE-2018–1160
How I accidentally found a clickjacking “feature” in Facebook and why it won't be fixed
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
Malware Dropped in Fake Amazon Order Confirmations
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
InfoSec-IT
Malware Dropped in Fake Amazon Order Confirmations | InfoSec-IT
The Christmas season is upon us, which means an increased level in phishing and malspam campaigns. This time a fake Amazon campaign has been identified.
The bleak picture of two-factor authentication adoption in the wild
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
reddit
r/netsec - The bleak picture of two-factor authentication adoption in the wild
1 vote and 0 comments so far on Reddit
RSync the old is still new...
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
BinaryEdge - Science and Technology
RSync the old is still new...
This is a special blogpost for us. We usually work on our research by ourselves and present it in the same way, but this time, this research was partially done in collaboration with the amazing team at Rapid7. You should also check out their counterpart report…