More vulnerabilities in Guardzilla IoT Video Camera (CVE-2018-18600, CVE-2018-18601, CVE-2018-18602)
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
http://bit.ly/2VgJxJv
Submitted December 28, 2018 at 09:20PM by jaymzu
via reddit http://bit.ly/2Ro687W
Bitdefender Labs
IoT Report: Major Flaws in Guardzilla Cameras Allow Remote Hijack...
Vulnerabilities in indoor security camera allows remote compromise and device takeover The commodification of IoT devices has paved the way to the smart home... #guardzilla #iot #vulnerability
First Sednit UEFI Rootkit Unveiled
http://bit.ly/2LBPxrS
Submitted December 29, 2018 at 01:22AM by maze-le
via reddit http://bit.ly/2ETr9BG
http://bit.ly/2LBPxrS
Submitted December 29, 2018 at 01:22AM by maze-le
via reddit http://bit.ly/2ETr9BG
media.ccc.de
First Sednit UEFI Rootkit Unveiled
UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns ...
BYOB (Build Your Own Botnet) v0.5 Released with New Crypto Miner Module
http://bit.ly/2StkZLx
Submitted December 30, 2018 at 12:00AM by PoonSafari
via reddit http://bit.ly/2LDpfWh
http://bit.ly/2StkZLx
Submitted December 30, 2018 at 12:00AM by PoonSafari
via reddit http://bit.ly/2LDpfWh
GitHub
malwaredllc/byob
BYOB (Build Your Own Botnet). Contribute to malwaredllc/byob development by creating an account on GitHub.
Buffer Overflow Practical Examples , Hexadecimal values and Environment Variables !
http://bit.ly/2StGHzk
Submitted December 30, 2018 at 05:13AM by Ahm3d_H3sham
via reddit http://bit.ly/2VkXBBN
http://bit.ly/2StGHzk
Submitted December 30, 2018 at 05:13AM by Ahm3d_H3sham
via reddit http://bit.ly/2VkXBBN
0xRick Owned Root !
Buffer Overflow Practical Examples , Hexadecimal values and Environment Variables ! - Protostar Stack1 , Stack2
Introduction So last week I talked about bufferoverflows and solved Protostar Stack0. Today I’m gonna solve Stack1 and Stack2, they are not different from Stack0 in their objective which is changing a variable’s value , but they are different in the way of…
Attack disables infrastructure of shared production platform for various US newspapers including Los Angles Times
https://lat.ms/2QdwYeB
Submitted December 30, 2018 at 10:23AM by two0nine
via reddit http://bit.ly/2LEQwYq
https://lat.ms/2QdwYeB
Submitted December 30, 2018 at 10:23AM by two0nine
via reddit http://bit.ly/2LEQwYq
latimes.com
Suspected malware attack causes major Los Angeles Times newspaper delivery interruptions
A major computer breakdown prevented distribution of the Saturday edition of the Los Angeles Times to many subscribers.
CenturyLink 911 outage was caused by a single network card sending bad packets
http://bit.ly/2SsQZ2q
Submitted December 30, 2018 at 07:42PM by yesnoornext
via reddit http://bit.ly/2Q7vbrj
http://bit.ly/2SsQZ2q
Submitted December 30, 2018 at 07:42PM by yesnoornext
via reddit http://bit.ly/2Q7vbrj
threader.app
A thread written by @GossiTheDog
CenturyLink is 6 hours into a 15 location outage of its External Cloud Network https://t.co/LOzcEXx6gE
Malware may have thwarted printing of Tribune Publishing newspapers
https://nbcnews.to/2VeHCFs
Submitted December 30, 2018 at 07:42PM by hacktvist
via reddit http://bit.ly/2Vmu7U2
https://nbcnews.to/2VeHCFs
Submitted December 30, 2018 at 07:42PM by hacktvist
via reddit http://bit.ly/2Vmu7U2
NBC News
Malware may have thwarted printing of Tribune Publishing newspapers
"It’s likely that the issues will affect the process of printing and delivering the Sunday newspapers as well," the Los Angeles Times said in a statement.
Another 0Day for Windows published by @SandBoxEscaper (Overwriting Files with Arbitrary Data)
http://bit.ly/2EWJGfF
Submitted December 31, 2018 at 12:55PM by Dormidera
via reddit http://bit.ly/2VrBDgK
http://bit.ly/2EWJGfF
Submitted December 31, 2018 at 12:55PM by Dormidera
via reddit http://bit.ly/2VrBDgK
BleepingComputer
Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data
A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.
Fuzzing Like It’s 1989
http://bit.ly/2Ss9hAR
Submitted December 31, 2018 at 09:54PM by yossarian_flew_away
via reddit http://bit.ly/2s45UVn
http://bit.ly/2Ss9hAR
Submitted December 31, 2018 at 09:54PM by yossarian_flew_away
via reddit http://bit.ly/2s45UVn
Trail of Bits Blog
Fuzzing Like It’s 1989
With 2019 a day away, let’s reflect on the past to see how we can improve. Yes, let’s take a long look back 30 years and reflect on the original fuzzing paper, An Empirical Study of the Reliability…
A Review of my Bug Hunting Journey
http://bit.ly/2R0LxaC
Submitted December 31, 2018 at 10:04PM by kongwenbin
via reddit http://bit.ly/2GOoUkU
http://bit.ly/2R0LxaC
Submitted December 31, 2018 at 10:04PM by kongwenbin
via reddit http://bit.ly/2GOoUkU
My Learning Journey
A Review of my Bug Hunting Journey
A review of my bug hunting journey so far, from when I started, to the point where I made it into the Top 200 bug hunters on Bugcrowd after two years.
Code release: unCaptcha2 - Defeating Google's ReCaptcha with 91% accuracy (works on latest)
http://bit.ly/2SrlXrK
Submitted December 31, 2018 at 10:53PM by Correcthorse121
via reddit http://bit.ly/2AkVAwv
http://bit.ly/2SrlXrK
Submitted December 31, 2018 at 10:53PM by Correcthorse121
via reddit http://bit.ly/2AkVAwv
GitHub
ecthros/uncaptcha2
defeating the latest version of ReCaptcha with 91% accuracy - ecthros/uncaptcha2
The /r/netsec Monthly Discussion Thread - January 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2F0EecA
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted January 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2F0EecA
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Methodology for Assessing System Images: Enumerate, Examine, Exploit
http://bit.ly/2EXMAkZ
Submitted January 01, 2019 at 06:19AM by xVIoct
via reddit http://bit.ly/2SwDLSf
http://bit.ly/2EXMAkZ
Submitted January 01, 2019 at 06:19AM by xVIoct
via reddit http://bit.ly/2SwDLSf
reddit
r/netsec - Methodology for Assessing System Images: Enumerate, Examine, Exploit
1 vote and 0 comments so far on Reddit
Turn Raspberry Pi Into Network Wide DNS Server
http://bit.ly/2ToqlYN
Submitted January 01, 2019 at 04:20PM by shreyasonline
via reddit http://bit.ly/2CHo1X5
http://bit.ly/2ToqlYN
Submitted January 01, 2019 at 04:20PM by shreyasonline
via reddit http://bit.ly/2CHo1X5
Technitium
Turn Raspberry Pi Into Network Wide DNS Server
Turn your Raspberry Pi into a network wide DNS server for security , privacy and blocking Internet Ads on your private network! Rasp...
Securing Your Online Accounts with 2FA
http://bit.ly/2ArM6j9
Submitted January 02, 2019 at 03:48AM by InfoSecJim
via reddit http://bit.ly/2AsWw1Y
http://bit.ly/2ArM6j9
Submitted January 02, 2019 at 03:48AM by InfoSecJim
via reddit http://bit.ly/2AsWw1Y
Jim Wilbur's Blog
Securing Your Online Accounts with 2FA
A short denoscription on MFA and 2FA followed by a few recommendations on how to keep your online accounts secure. I strongly recommend you enable 2FA for all online accounts.
Sputnik — An Open Source Intelligence Browser Extension
http://bit.ly/2RptkTu
Submitted January 02, 2019 at 07:51AM by Taptempo
via reddit http://bit.ly/2BUh0AG
http://bit.ly/2RptkTu
Submitted January 02, 2019 at 07:51AM by Taptempo
via reddit http://bit.ly/2BUh0AG
Medium
Sputnik — An Open Source Intelligence Browser Extension
Summary
WPScan Web Interface
http://bit.ly/2Qh3pZr
Submitted January 02, 2019 at 12:56PM by gmishra010
via reddit http://bit.ly/2QigO3x
http://bit.ly/2Qh3pZr
Submitted January 02, 2019 at 12:56PM by gmishra010
via reddit http://bit.ly/2QigO3x
GitHub
cyc10n3/WPScan_Web_Interface
A centralised dashboard for running and scheduling WordPress scans powered by wpscan. - cyc10n3/WPScan_Web_Interface
Malicious use of Microsoft LAPS
http://bit.ly/2R2M8sb
Submitted January 02, 2019 at 02:14PM by AkiJos
via reddit http://bit.ly/2R1EUov
http://bit.ly/2R2M8sb
Submitted January 02, 2019 at 02:14PM by AkiJos
via reddit http://bit.ly/2R1EUov
Akijosberry
Malicious use of Microsoft LAPS
LAPS Overview: LAPS (Local Administrator Password Solution) is a tool for managing local administrator passwords for domain joined computers. It stores passwords/secrets in a confidential attribute…
applepie: A hypervisor for Bochs and for fuzzing
http://bit.ly/2F19qby
Submitted January 02, 2019 at 04:24PM by gamozolabs
via reddit http://bit.ly/2SCPW0d
http://bit.ly/2F19qby
Submitted January 02, 2019 at 04:24PM by gamozolabs
via reddit http://bit.ly/2SCPW0d
GitHub
gamozolabs/applepie
A hypervisor for fuzzing built with WHVP and Bochs - gamozolabs/applepie
live #CastHack - Hacking Chromecasts/Google Homes/SmartTVs thru UPnP exposed ports
http://bit.ly/2LNm2DR
Submitted January 02, 2019 at 10:34PM by muglins
via reddit http://bit.ly/2SsFFna
http://bit.ly/2LNm2DR
Submitted January 02, 2019 at 10:34PM by muglins
via reddit http://bit.ly/2SsFFna
reddit
r/netsec - live #CastHack - Hacking Chromecasts/Google Homes/SmartTVs thru UPnP exposed ports
0 votes and 5 comments so far on Reddit
Abine Blur (online password manager) suffers partial breach of Emails, names, encrypted passwords
http://bit.ly/2QgEAge
Submitted January 02, 2019 at 11:33PM by redorhcal
via reddit http://bit.ly/2SD0V9W
http://bit.ly/2QgEAge
Submitted January 02, 2019 at 11:33PM by redorhcal
via reddit http://bit.ly/2SD0V9W
Online Privacy | Abine
Blur Security Update
We recently discovered that some information about Blur users was potentially exposed. We immediately took steps to investigate, respond, and work to prevent this from happening again. We are commu…