Popular email app is collecting and storing usernames and passwords on their servers.
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
https://ift.tt/2S7IfOZ
Submitted December 20, 2018 at 08:34PM by ericalexander303
via reddit https://ift.tt/2T3CKBe
reddit
r/netsec - Popular email app is collecting and storing usernames and passwords on their servers.
1 vote and 0 comments so far on Reddit
US Charges China Intelligence Officers Over Hacking of MSPs
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
https://ift.tt/2rO4ONb
Submitted December 20, 2018 at 09:32PM by iSECo
via reddit https://ift.tt/2A8RGHb
www.justice.gov
Two Chinese Hackers Associated With the Ministry of State Security
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,”
Internet Explorer Zero Day Exploited in Attacks
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
https://ift.tt/2T1NorX
Submitted December 20, 2018 at 11:01PM by Fantastic_Fix
via reddit https://ift.tt/2S7srfg
InfoSec-IT
Internet Explorer Zero Day Exploited in Attacks | InfoSec-IT
Microsoft have released an out-of-band patch in order to fix the zero day vulnerability that has been exploited by malicious users in attacks .
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
https://ift.tt/2GuZVms
Submitted December 20, 2018 at 11:31PM by civicode
via reddit https://ift.tt/2LuY5kd
The Cloudflare Blog
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account.
Inside of Danderspritz post-exploitation modules
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
https://ift.tt/2Aj9EqH
Submitted December 21, 2018 at 01:45AM by Mysterii8
via reddit https://ift.tt/2S8ww2F
Medium
Inside of Danderspritz post-exploitation modules
Introduction
Complete and in-depth analysis of an Android SMS stealing application
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
http://bit.ly/2QKlhkz
Submitted December 21, 2018 at 04:35PM by ThisIsLibra
via reddit http://bit.ly/2A9BsxB
Linux process infection(I): using the address space of other processes as warehouse
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
http://bit.ly/2BxqWQE
Submitted December 21, 2018 at 06:01PM by gid0rah
via reddit http://bit.ly/2EL2lM6
Tarlogic Security - Cyber Security and Ethical hacking
Linux process infection (part I)
Among the different tasks that a Read Team should carry out, there is one that is remarkable by its intrinsic craftsmanship: putting an APT inside a computer system and ensuring its persistence. Unfortunately, most of this persistence mechanisms are based…
A Write-up: Social Engineering - Impersonation exploit with support team
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
http://bit.ly/2LvAzE3
Submitted December 21, 2018 at 07:10PM by TheEffortless
via reddit http://bit.ly/2EIdZau
WastedCake
Social Engineering - Impersonation made easy — WastedCake
The one thing that we used to identity a user was not safe. Impersonation of another user was easy and just required a bit of social engineering.
Exploiting an 18 Year Old Bug
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
http://bit.ly/2R8BmQy
Submitted December 21, 2018 at 07:33PM by chicksdigthelongrun
via reddit http://bit.ly/2EEvLdN
Medium
Exploiting an 18 Year Old Bug
A Write-up for CVE-2018–1160
How I accidentally found a clickjacking “feature” in Facebook and why it won't be fixed
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
http://bit.ly/2LtOt9p
Submitted December 21, 2018 at 08:01PM by Lasq
via reddit http://bit.ly/2rNvI7Z
Malware Dropped in Fake Amazon Order Confirmations
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
http://bit.ly/2Sa8eFv
Submitted December 21, 2018 at 08:53PM by Fantastic_Fix
via reddit http://bit.ly/2AbjTwV
InfoSec-IT
Malware Dropped in Fake Amazon Order Confirmations | InfoSec-IT
The Christmas season is upon us, which means an increased level in phishing and malspam campaigns. This time a fake Amazon campaign has been identified.
The bleak picture of two-factor authentication adoption in the wild
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
http://bit.ly/2QJvT36
Submitted December 22, 2018 at 07:33PM by liotier
via reddit http://bit.ly/2Aa5NMw
reddit
r/netsec - The bleak picture of two-factor authentication adoption in the wild
1 vote and 0 comments so far on Reddit
RSync the old is still new...
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
http://bit.ly/2LABzGY
Submitted December 23, 2018 at 12:24AM by fabipe
via reddit http://bit.ly/2rTqo36
BinaryEdge - Science and Technology
RSync the old is still new...
This is a special blogpost for us. We usually work on our research by ourselves and present it in the same way, but this time, this research was partially done in collaboration with the amazing team at Rapid7. You should also check out their counterpart report…
Someone is trying to take entire countries offline and cybersecurity experts say 'it's a matter of time because it's really easy'
https://aol.it/2V8ozwH
Submitted December 23, 2018 at 06:02AM by Zapper216
via reddit http://bit.ly/2EJZzXq
https://aol.it/2V8ozwH
Submitted December 23, 2018 at 06:02AM by Zapper216
via reddit http://bit.ly/2EJZzXq
AOL.com
Someone is trying to take entire countries offline and cybersecurity experts say 'it's a matter of time because it's really easy'
The West's biggest security weakness is in the old electronics and sensors that control processes in infrastructure and industry.
Bachelor Thesis & Open Source Framework: Implementation and evaluation of secure and scalable anomaly-based network intrusion detection
http://bit.ly/2EFyDaD
Submitted December 23, 2018 at 03:59PM by alien_1337
via reddit http://bit.ly/2CuNQd3
http://bit.ly/2EFyDaD
Submitted December 23, 2018 at 03:59PM by alien_1337
via reddit http://bit.ly/2CuNQd3
GitHub
dreadl0ck/netcap
A framework for secure and scalable network traffic analysis - dreadl0ck/netcap
Hey everyone, I was wondering what you think about the topic talked about in the linked document, "Overwriting Hard Drive Data: The Great Wiping Controversy"
http://bit.ly/1q2Sfdo
Submitted December 24, 2018 at 03:22AM by orthoset
via reddit http://bit.ly/2GAZ7wv
http://bit.ly/1q2Sfdo
Submitted December 24, 2018 at 03:22AM by orthoset
via reddit http://bit.ly/2GAZ7wv
reddit
r/netsec - Hey everyone, I was wondering what you think about the topic talked about in the linked document, "Overwriting Hard…
0 votes and 1 comment so far on Reddit
How to exploit a PHP Remote CODE Execution bypassing filters, sanitizations and WAF rules
http://bit.ly/2PZAqJs
Submitted December 24, 2018 at 02:55PM by theMiddleBlue
via reddit http://bit.ly/2GGhUGD
http://bit.ly/2PZAqJs
Submitted December 24, 2018 at 02:55PM by theMiddleBlue
via reddit http://bit.ly/2GGhUGD
Secjuice.com
PHP RCE Bypass filters, sanitizations and WAF rules
In this article, I’ll show you how many possibilities PHP gives us in order to exploit a remote code execution bypassing filters, input sanitization, and WAF rules.
ELF in-memory execution via php/python/perl [MSF module included]
http://bit.ly/2T79rgX
Submitted December 24, 2018 at 08:37PM by cyberpunkych
via reddit http://bit.ly/2Cx795y
http://bit.ly/2T79rgX
Submitted December 24, 2018 at 08:37PM by cyberpunkych
via reddit http://bit.ly/2Cx795y
FBK CyberSecurity
ELF in-memory execution
Fileless malware attacks are becoming more and more popular. Which is hardly surprising as they normally leave no trace. In this article we will not speak about program execution in Windows RAM. Instead, we will focus on GNU/Linux. Linux is dominant in the…
The Importance of the Content-Type Header in HTTP Requests
http://bit.ly/2AftSBD
Submitted December 24, 2018 at 08:19PM by ziyahanalbeniz
via reddit http://bit.ly/2EN7ovC
http://bit.ly/2AftSBD
Submitted December 24, 2018 at 08:19PM by ziyahanalbeniz
via reddit http://bit.ly/2EN7ovC
Netsparker
The Importance of the Content-Type Header in HTTP Requests
This article describes the details of a vulnerability that combines Cross-site Request Forgery and Remote Code Execution. This can allow a hacker to discover and gain access to the machines within the network of a router. Content-Type Headers provide a critical…
Basic XPath Injection [Tutorial]
http://bit.ly/2rTlgvW
Submitted December 24, 2018 at 11:29PM by ImVendetta
via reddit http://bit.ly/2LzGVCe
http://bit.ly/2rTlgvW
Submitted December 24, 2018 at 11:29PM by ImVendetta
via reddit http://bit.ly/2LzGVCe
reddit
r/netsec - Basic XPath Injection [Tutorial]
3 votes and 0 comments so far on Reddit
Major flaw and security vulnerability in Plaid API, the banking authentication API behind Venmo, Robinhood, Acorns and many others
http://bit.ly/2T7ru6D
Submitted December 25, 2018 at 12:59AM by chirau
via reddit http://bit.ly/2BAmKzs
http://bit.ly/2T7ru6D
Submitted December 25, 2018 at 12:59AM by chirau
via reddit http://bit.ly/2BAmKzs