polkit: temporary auth hijacking via PID reuse and non-atomic fork - project-zero
http://bit.ly/2RH1sKw
Submitted January 09, 2019 at 07:08PM by danielkza
via reddit http://bit.ly/2QD5Ohq
http://bit.ly/2RH1sKw
Submitted January 09, 2019 at 07:08PM by danielkza
via reddit http://bit.ly/2QD5Ohq
reddit
r/netsec - polkit: temporary auth hijacking via PID reuse and non-atomic fork - project-zero
1 vote and 0 comments so far on Reddit
RCE On Your Build Server: Gradle Plugin Portal: Clickjacking & Cross-Site Request Forgery enabling Account Takeover
http://bit.ly/2ACqP6m
Submitted January 09, 2019 at 07:50PM by Fido488
via reddit http://bit.ly/2sgxXAW
http://bit.ly/2ACqP6m
Submitted January 09, 2019 at 07:50PM by Fido488
via reddit http://bit.ly/2sgxXAW
Medium
Gradle Plugin Portal: Clickjacking & Cross-Site Request Forgery enabling Account Takeover
Two security vulnerabilities in the Gradle Plugin Portal would have allowed any website to change the username, email & password of any…
5 Best VPN Services with free Trials while torrenting or pirating.
http://bit.ly/2AFI3zZ
Submitted January 09, 2019 at 09:33PM by asa25640
via reddit http://bit.ly/2TEIEc3
http://bit.ly/2AFI3zZ
Submitted January 09, 2019 at 09:33PM by asa25640
via reddit http://bit.ly/2TEIEc3
AndowMac
5 Best VPN Services in 2019 Chosen by Users (Updated January 2019) - AndowMac
11 VPN also known as Virtual Private Network is the best way to surf the internet anonymously without revealing any
Trammell Hudson - Modchips of the State
http://bit.ly/2Fl8r5w
Submitted January 09, 2019 at 09:54PM by liotier
via reddit http://bit.ly/2Fjfix0
http://bit.ly/2Fl8r5w
Submitted January 09, 2019 at 09:54PM by liotier
via reddit http://bit.ly/2Fjfix0
reddit
r/netsec - Trammell Hudson - Modchips of the State
2 votes and 0 comments so far on Reddit
A Policy Based Approach to Docker Security and Compliance
http://bit.ly/2CaxiWd
Submitted January 09, 2019 at 11:58PM by weighanchore
via reddit http://bit.ly/2RnHtkY
http://bit.ly/2CaxiWd
Submitted January 09, 2019 at 11:58PM by weighanchore
via reddit http://bit.ly/2RnHtkY
Anchore
A Policy Based Approach to Container Security and Compliance
At Anchore, we take a preventative, policy-based compliance approach, specific to organizational needs. Our philosophy of scanning and evaluating Docker images against user-defined policies as early as possible in the development lifecycle, greatly reduces…
2FA Can Be Bypassed with New Tool
http://bit.ly/2FhRrO2
Submitted January 09, 2019 at 11:56PM by Fantastic_Fix
via reddit http://bit.ly/2QACTKS
http://bit.ly/2FhRrO2
Submitted January 09, 2019 at 11:56PM by Fantastic_Fix
via reddit http://bit.ly/2QACTKS
InfoSec-IT
2FA Can Be Bypassed with New Tool | InfoSec-IT
2 Factor Authentication may not be as secure as you think, as a new tool has been released that can bypass the security feature.
PacketFence v8.3 is out! Clickatell support, spoofing detection based on device profiling and see what's coming up in v9!
http://bit.ly/2LZPwhH
Submitted January 10, 2019 at 01:28AM by extrafu
via reddit http://bit.ly/2QzTvSO
http://bit.ly/2LZPwhH
Submitted January 10, 2019 at 01:28AM by extrafu
via reddit http://bit.ly/2QzTvSO
reddit
r/netsec - PacketFence v8.3 is out! Clickatell support, spoofing detection based on device profiling and see what's coming up in…
2 votes and 1 comment so far on Reddit
RCE via DHCP in Windows
http://bit.ly/2TCwvVe
Submitted January 10, 2019 at 02:44AM by jeffrossisfat
via reddit http://bit.ly/2CZb3nH
http://bit.ly/2TCwvVe
Submitted January 10, 2019 at 02:44AM by jeffrossisfat
via reddit http://bit.ly/2CZb3nH
reddit
r/netsec - RCE via DHCP in Windows
1 vote and 1 comment so far on Reddit
Circumventing Limited Visibility in Detection Engineering
http://bit.ly/2RCYpDi
Submitted January 10, 2019 at 03:06AM by beaulambeau
via reddit http://bit.ly/2RnZZK0
http://bit.ly/2RCYpDi
Submitted January 10, 2019 at 03:06AM by beaulambeau
via reddit http://bit.ly/2RnZZK0
Red Canary
How To Detect Cybersecurity Threats with Limited Visibility
Security tools have limited visibility, but you can work around endpoint detection and response (EDR) and other tooling limitations with these tips.
System Down: a systemd-journald exploit
http://bit.ly/2RmCkt9
Submitted January 10, 2019 at 10:40AM by 0xdea
via reddit http://bit.ly/2FlVM2S
http://bit.ly/2RmCkt9
Submitted January 10, 2019 at 10:40AM by 0xdea
via reddit http://bit.ly/2FlVM2S
Chinese Criminals pull off an Italian Job...
http://bit.ly/2ADogkG
Submitted January 10, 2019 at 12:59PM by Taur3an
via reddit http://bit.ly/2FkUBjw
http://bit.ly/2ADogkG
Submitted January 10, 2019 at 12:59PM by Taur3an
via reddit http://bit.ly/2FkUBjw
The Economic Times
How Chinese hackers pulled off the Italian con job, a Rs 130-crore heist
The hackers sent spoofed emails of group CEO and held fake conference calls to fool India head of Italian company Tecnimont SpA.
Top 10 GDPR Violations and Incidents of 2018
http://bit.ly/2VFL9Nb
Submitted January 10, 2019 at 06:40PM by KeyDutch
via reddit http://bit.ly/2FjleWI
http://bit.ly/2VFL9Nb
Submitted January 10, 2019 at 06:40PM by KeyDutch
via reddit http://bit.ly/2FjleWI
Htbridge
Top 10 GDPR Violations and Incidents of 2018
A brief overview of the most important security and privacy incidents that may have serious GDPR ramifications.
OWASP 2019 Strategy Doc - Request for feedback
http://bit.ly/2QC94tc
Submitted January 10, 2019 at 07:42PM by kerberosmansour
via reddit http://bit.ly/2TIZQgR
http://bit.ly/2QC94tc
Submitted January 10, 2019 at 07:42PM by kerberosmansour
via reddit http://bit.ly/2TIZQgR
Google Docs
DRAFT OWASP Foundation Assessment & Strategic Approach
DRAFT OWASP Foundation Assessment & Strategic Approach Current Position SWOT Analysis Strengths Weaknesses Opportunities Threats Strategic position Financial position Assessment of Risks Porters five forces Challenges + Strategic Options PESTLE Analysis…
The mystery of steganography
http://bit.ly/2C9p1C2
Submitted January 10, 2019 at 08:30PM by liotier
via reddit http://bit.ly/2siKqEp
http://bit.ly/2C9p1C2
Submitted January 10, 2019 at 08:30PM by liotier
via reddit http://bit.ly/2siKqEp
Increment
The mystery of steganography – Increment: Security
Modern, nefarious interpretations of the age-old technique of covert communication have stoked the fires of curiosity—but is steganography really a major security concern?
ves: Command Line End-to-End Encryption Utility. Encrypt Everything Without Fear of Losing the Key
http://bit.ly/2AtTrPd
Submitted January 10, 2019 at 09:53PM by vesvault
via reddit http://bit.ly/2RjK6UB
http://bit.ly/2AtTrPd
Submitted January 10, 2019 at 09:53PM by vesvault
via reddit http://bit.ly/2RjK6UB
reddit
r/linux - ves: Command Line End-to-End Encryption Utility. Encrypt Everything Without Fear of Losing the Key
13 votes and 12 comments so far on Reddit
Z-WASP Vulnerability Used to Phish Office 365 and ATP
http://bit.ly/2FlkMHw
Submitted January 10, 2019 at 09:51PM by EvanConover
via reddit http://bit.ly/2RhdieW
http://bit.ly/2FlkMHw
Submitted January 10, 2019 at 09:51PM by EvanConover
via reddit http://bit.ly/2RhdieW
Avanan
Z-WASP Vulnerability Used to Phish Office 365 and ATP
The ZWASP phishing method was taking advantage of a vulnerability in Office 365 to bypass all of Microsoft's security. All Office 365 users were vulnerable, with or without ATP. Avanan worked with Microsoft to repair the vulnerability.
ServHelper and FlawedGrace - New malware introduced by TA505
http://bit.ly/2M4dnN6
Submitted January 10, 2019 at 10:51PM by EvanConover
via reddit http://bit.ly/2VI8u0L
http://bit.ly/2M4dnN6
Submitted January 10, 2019 at 10:51PM by EvanConover
via reddit http://bit.ly/2VI8u0L
Proofpoint
ServHelper and FlawedGrace - New malware introduced by TA505
Proofpoint researchers detail two undocumented pieces of malware being used by TA505.
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 02:25AM by TheFlame937
via reddit http://bit.ly/2FplxP6
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 02:25AM by TheFlame937
via reddit http://bit.ly/2FplxP6
FireEye
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
We detail three different ways we have seen DNS records be manipulated to enable victim compromises.
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 08:45AM by fireh7nter
via reddit http://bit.ly/2CdLQ7B
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 08:45AM by fireh7nter
via reddit http://bit.ly/2CdLQ7B
FireEye
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
We detail three different ways we have seen DNS records be manipulated to enable victim compromises.
/r/netsec's Q1 2019 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 11, 2019 at 07:21AM by ranok
via reddit http://bit.ly/2H4r5kg
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 11, 2019 at 07:21AM by ranok
via reddit http://bit.ly/2H4r5kg
Phishing for the Catch of a Lifetime
http://bit.ly/2TMeQut
Submitted January 11, 2019 at 03:53PM by jeramyfromthefuture
via reddit http://bit.ly/2FqP0Is
http://bit.ly/2TMeQut
Submitted January 11, 2019 at 03:53PM by jeramyfromthefuture
via reddit http://bit.ly/2FqP0Is
armadillo
Phishing for the Catch of a Lifetime - armadillo
Fish are tricked into biting the bait on the end of a rod, just as phishing attacks prey on individuals who are fooled into opening fraudulent emails.