Amazon sent 1,700 Alexa voice files to the wrong customer, revealing private conversations.
https://ift.tt/2ShyE8J
Submitted December 20, 2018 at 03:28PM by Fingolas
via reddit https://ift.tt/2BuESe6
https://ift.tt/2ShyE8J
Submitted December 20, 2018 at 03:28PM by Fingolas
via reddit https://ift.tt/2BuESe6
heise online
Amazon reveals private Alexa voice data files
Due to an internal error, Amazon recently sent 1,700 Alexa voice files to an unauthorized customer. German computer magazine c't details what happened.
Amazon’s R&D lab in Kiev processing Ring’s footage
https://ift.tt/2SbCVdz
Submitted December 20, 2018 at 03:23PM by marie_dm_
via reddit https://ift.tt/2A8vJYF
https://ift.tt/2SbCVdz
Submitted December 20, 2018 at 03:23PM by marie_dm_
via reddit https://ift.tt/2A8vJYF
threader.app
A thread written by @mattdrange
Amazon's Ring dominates the growing video doorbell market. But little is known about the company's secretive R&D lab in Kiev, Ukraine. Here's the story of how customer video footage is sent there for image recognition purposes, despite internal concerns.…
Another sanboxescaper 0day
https://ift.tt/2EFiOl6
Submitted December 20, 2018 at 04:31PM by bigbottlequorn
via reddit https://ift.tt/2rIy3Bc
https://ift.tt/2EFiOl6
Submitted December 20, 2018 at 04:31PM by bigbottlequorn
via reddit https://ift.tt/2rIy3Bc
reddit
r/AskNetsec - Here's another 0day drop..
14 votes and 2 comments so far on Reddit
MD5 instant collisions of any JPG, PNG, PDF, MP4 ...
https://ift.tt/2ShprgE
Submitted December 20, 2018 at 05:23PM by 0v3rl04d
via reddit https://ift.tt/2A7DnT0
https://ift.tt/2ShprgE
Submitted December 20, 2018 at 05:23PM by 0v3rl04d
via reddit https://ift.tt/2A7DnT0
GitHub
corkami/pocs
Proof of Concepts (PE, PDF...). Contribute to corkami/pocs development by creating an account on GitHub.
Local Privilege Escalation in forticlient 6.0.3.0155 ( 0day )
https://ift.tt/2POV9j6
Submitted December 20, 2018 at 07:29PM by ggisz
via reddit https://ift.tt/2BygSXm
https://ift.tt/2POV9j6
Submitted December 20, 2018 at 07:29PM by ggisz
via reddit https://ift.tt/2BygSXm
Security Uncut
0day in FortiClient <= 6.0.3.0155
Forticlient LPE to SYSTEM 0day
Popular email app is collecting and storing usernames and passwords on their servers.
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
reddit
r/netsec - Popular email app is collecting and storing usernames and passwords on their servers.
1 vote and 0 comments so far on Reddit
US Charges China Intelligence Officers Over Hacking of MSPs
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
www.justice.gov
Two Chinese Hackers Associated With the Ministry of State Security
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,”
Internet Explorer Zero Day Exploited in Attacks
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
InfoSec-IT
Internet Explorer Zero Day Exploited in Attacks | InfoSec-IT
Microsoft have released an out-of-band patch in order to fix the zero day vulnerability that has been exploited by malicious users in attacks .
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
The Cloudflare Blog
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.
Inside of Danderspritz post-exploitation modules
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
Medium
Inside of Danderspritz post-exploitation modules
Introduction
Complete and in-depth analysis of an Android SMS stealing application
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
Linux process infection(I): using the address space of other processes as warehouse
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
Tarlogic Security - Cyber Security and Ethical hacking
Linux process infection (part I)
Among the different tasks that a Read Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence. Unfortunately, most of this persistence mechanisms are based…
A Write-up: Social Engineering - Impersonation exploit with support team
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
WastedCake
Social Engineering - Impersonation made easy — WastedCake
The one thing that we used to identity a user was not safe. Impersonation of another user was easy and just required a bit of social engineering.
Exploiting an 18 Year Old Bug
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
Medium
Exploiting an 18 Year Old Bug
A Write-up for CVE-2018–1160
How I accidentally found a clickjacking “feature” in Facebook and why it won't be fixed
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
Malware Dropped in Fake Amazon Order Confirmations
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
InfoSec-IT
Malware Dropped in Fake Amazon Order Confirmations | InfoSec-IT
The Christmas season is upon us, which means an increased level in phishing and malspam campaigns. This time a fake Amazon campaign has been identified.
The bleak picture of two-factor authentication adoption in the wild
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
reddit
r/netsec - The bleak picture of two-factor authentication adoption in the wild
1 vote and 0 comments so far on Reddit
RSync the old is still new...
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
BinaryEdge - Science and Technology
RSync the old is still new...
This is a special blogpost for us. We usually work on our research by ourselves and present it in the same way, but this time, this research was partially done in collaboration with the amazing team at Rapid7. You should also check out their counterpart report…
Someone is trying to take entire countries offline and cybersecurity experts say 'it's a matter of time because it's really easy'
https://aol.it/2V8ozwH
Submitted December 23, 2018 at 06:02AM by Zapper216
via reddit http://bit.ly/2EJZzXq
https://aol.it/2V8ozwH
Submitted December 23, 2018 at 06:02AM by Zapper216
via reddit http://bit.ly/2EJZzXq
AOL.com
Someone is trying to take entire countries offline and cybersecurity experts say 'it's a matter of time because it's really easy'
The West's biggest security weakness is in the old electronics and sensors that control processes in infrastructure and industry.
Bachelor Thesis & Open Source Framework: Implementation and evaluation of secure and scalable anomaly-based network intrusion detection
http://bit.ly/2EFyDaD
Submitted December 23, 2018 at 03:59PM by alien_1337
via reddit http://bit.ly/2CuNQd3
http://bit.ly/2EFyDaD
Submitted December 23, 2018 at 03:59PM by alien_1337
via reddit http://bit.ly/2CuNQd3
GitHub
dreadl0ck/netcap
A framework for secure and scalable network traffic analysis - dreadl0ck/netcap
Hey everyone, I was wondering what you think about the topic talked about in the linked document, "Overwriting Hard Drive Data: The Great Wiping Controversy"
http://bit.ly/1q2Sfdo
Submitted December 24, 2018 at 03:22AM by orthoset
via reddit http://bit.ly/2GAZ7wv
http://bit.ly/1q2Sfdo
Submitted December 24, 2018 at 03:22AM by orthoset
via reddit http://bit.ly/2GAZ7wv
reddit
r/netsec - Hey everyone, I was wondering what you think about the topic talked about in the linked document, "Overwriting Hard…
0 votes and 1 comment so far on Reddit