System Down: a systemd-journald exploit
http://bit.ly/2RmCkt9
Submitted January 10, 2019 at 10:40AM by 0xdea
via reddit http://bit.ly/2FlVM2S
http://bit.ly/2RmCkt9
Submitted January 10, 2019 at 10:40AM by 0xdea
via reddit http://bit.ly/2FlVM2S
Chinese Criminals pull off an Italian Job...
http://bit.ly/2ADogkG
Submitted January 10, 2019 at 12:59PM by Taur3an
via reddit http://bit.ly/2FkUBjw
http://bit.ly/2ADogkG
Submitted January 10, 2019 at 12:59PM by Taur3an
via reddit http://bit.ly/2FkUBjw
The Economic Times
How Chinese hackers pulled off the Italian con job, a Rs 130-crore heist
The hackers sent spoofed emails of group CEO and held fake conference calls to fool India head of Italian company Tecnimont SpA.
Top 10 GDPR Violations and Incidents of 2018
http://bit.ly/2VFL9Nb
Submitted January 10, 2019 at 06:40PM by KeyDutch
via reddit http://bit.ly/2FjleWI
http://bit.ly/2VFL9Nb
Submitted January 10, 2019 at 06:40PM by KeyDutch
via reddit http://bit.ly/2FjleWI
Htbridge
Top 10 GDPR Violations and Incidents of 2018
A brief overview of the most important security and privacy incidents that may have serious GDPR ramifications.
OWASP 2019 Strategy Doc - Request for feedback
http://bit.ly/2QC94tc
Submitted January 10, 2019 at 07:42PM by kerberosmansour
via reddit http://bit.ly/2TIZQgR
http://bit.ly/2QC94tc
Submitted January 10, 2019 at 07:42PM by kerberosmansour
via reddit http://bit.ly/2TIZQgR
Google Docs
DRAFT OWASP Foundation Assessment & Strategic Approach
DRAFT OWASP Foundation Assessment & Strategic Approach Current Position SWOT Analysis Strengths Weaknesses Opportunities Threats Strategic position Financial position Assessment of Risks Porters five forces Challenges + Strategic Options PESTLE Analysis…
The mystery of steganography
http://bit.ly/2C9p1C2
Submitted January 10, 2019 at 08:30PM by liotier
via reddit http://bit.ly/2siKqEp
http://bit.ly/2C9p1C2
Submitted January 10, 2019 at 08:30PM by liotier
via reddit http://bit.ly/2siKqEp
Increment
The mystery of steganography – Increment: Security
Modern, nefarious interpretations of the age-old technique of covert communication have stoked the fires of curiosity—but is steganography really a major security concern?
ves: Command Line End-to-End Encryption Utility. Encrypt Everything Without Fear of Losing the Key
http://bit.ly/2AtTrPd
Submitted January 10, 2019 at 09:53PM by vesvault
via reddit http://bit.ly/2RjK6UB
http://bit.ly/2AtTrPd
Submitted January 10, 2019 at 09:53PM by vesvault
via reddit http://bit.ly/2RjK6UB
reddit
r/linux - ves: Command Line End-to-End Encryption Utility. Encrypt Everything Without Fear of Losing the Key
13 votes and 12 comments so far on Reddit
Z-WASP Vulnerability Used to Phish Office 365 and ATP
http://bit.ly/2FlkMHw
Submitted January 10, 2019 at 09:51PM by EvanConover
via reddit http://bit.ly/2RhdieW
http://bit.ly/2FlkMHw
Submitted January 10, 2019 at 09:51PM by EvanConover
via reddit http://bit.ly/2RhdieW
Avanan
Z-WASP Vulnerability Used to Phish Office 365 and ATP
The ZWASP phishing method was taking advantage of a vulnerability in Office 365 to bypass all of Microsoft's security. All Office 365 users were vulnerable, with or without ATP. Avanan worked with Microsoft to repair the vulnerability.
ServHelper and FlawedGrace - New malware introduced by TA505
http://bit.ly/2M4dnN6
Submitted January 10, 2019 at 10:51PM by EvanConover
via reddit http://bit.ly/2VI8u0L
http://bit.ly/2M4dnN6
Submitted January 10, 2019 at 10:51PM by EvanConover
via reddit http://bit.ly/2VI8u0L
Proofpoint
ServHelper and FlawedGrace - New malware introduced by TA505
Proofpoint researchers detail two undocumented pieces of malware being used by TA505.
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 02:25AM by TheFlame937
via reddit http://bit.ly/2FplxP6
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 02:25AM by TheFlame937
via reddit http://bit.ly/2FplxP6
FireEye
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
We detail three different ways we have seen DNS records be manipulated to enable victim compromises.
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 08:45AM by fireh7nter
via reddit http://bit.ly/2CdLQ7B
http://bit.ly/2QDUmlH
Submitted January 11, 2019 at 08:45AM by fireh7nter
via reddit http://bit.ly/2CdLQ7B
FireEye
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
We detail three different ways we have seen DNS records be manipulated to enable victim compromises.
/r/netsec's Q1 2019 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 11, 2019 at 07:21AM by ranok
via reddit http://bit.ly/2H4r5kg
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere.Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted January 11, 2019 at 07:21AM by ranok
via reddit http://bit.ly/2H4r5kg
Phishing for the Catch of a Lifetime
http://bit.ly/2TMeQut
Submitted January 11, 2019 at 03:53PM by jeramyfromthefuture
via reddit http://bit.ly/2FqP0Is
http://bit.ly/2TMeQut
Submitted January 11, 2019 at 03:53PM by jeramyfromthefuture
via reddit http://bit.ly/2FqP0Is
armadillo
Phishing for the Catch of a Lifetime - armadillo
Fish are tricked into biting the bait on the end of a rod, just as phishing attacks prey on individuals who are fooled into opening fraudulent emails.
New WhatsApp bug may have been discovered, exposes message history in plain text
http://bit.ly/2SJh11K
Submitted January 11, 2019 at 05:33PM by Titokhan
via reddit http://bit.ly/2FkoHED
http://bit.ly/2SJh11K
Submitted January 11, 2019 at 05:33PM by Titokhan
via reddit http://bit.ly/2FkoHED
Piunika Web
New WhatsApp bug may have been discovered, exposes message history in plain text - Piunika Web
Amazon employee Abby Fuller said after they used their new SIM with a new phone, and logged into WhatsApp, they could see someone else's message history.
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492) - Awesome post!
http://bit.ly/2sjSxQU
Submitted January 11, 2019 at 07:12PM by oddvarmoe
via reddit http://bit.ly/2FsyjvZ
http://bit.ly/2sjSxQU
Submitted January 11, 2019 at 07:12PM by oddvarmoe
via reddit http://bit.ly/2FsyjvZ
| bohops |
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
Introduction Greetings, Everyone! It has been several months since I’ve blogged, so it seems fitting to start the New Year off with a post about two topics that I thoroughly enjoy exploring: Appli…
Metasploit Framework 5.0 Released
http://bit.ly/2CdXKy9
Submitted January 11, 2019 at 07:31PM by DemanHD
via reddit http://bit.ly/2VKiGWH
http://bit.ly/2CdXKy9
Submitted January 11, 2019 at 07:31PM by DemanHD
via reddit http://bit.ly/2VKiGWH
Rapid7 Blog
Metasploit Framework 5.0 Released
We are happy to announce the release of Metasploit 5.0, the culmination of work by the Metasploit team over the past year.
Ryuk Ransomware Attack: Rush to Attribution Misses the Point
http://bit.ly/2LY76CC
Submitted January 11, 2019 at 09:21PM by EvanConover
via reddit http://bit.ly/2M6TC7N
http://bit.ly/2LY76CC
Submitted January 11, 2019 at 09:21PM by EvanConover
via reddit http://bit.ly/2M6TC7N
McAfee Blogs
Ryuk Ransomware Attack: Rush to Attribution Misses the Point | McAfee Blogs
Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing
ChaosKey - hardware True Random Number Generator that attaches via USB
http://bit.ly/2k4DWat
Submitted January 11, 2019 at 11:19PM by drspeaker
via reddit http://bit.ly/2Rlahu9
http://bit.ly/2k4DWat
Submitted January 11, 2019 at 11:19PM by drspeaker
via reddit http://bit.ly/2Rlahu9
reddit
r/netsec - ChaosKey - hardware True Random Number Generator that attaches via USB
1 vote and 0 comments so far on Reddit
CackalackyCon Call for Papers is Open
Greetingz to all h4x0rs, breakers, clickers and scrollers, g33k girls, and cyber pathologists!WHAT: CackalackyCon Call for Papers
WHEN: CackalackyCon will happen on May 31st - June 2nd, 2019WHERE: The Sheraton Chapel Hill, NC
HOW: Complete the form and email it to cfp at cackalackycon.org
DEADLINES: First round submissions are due by Feb 28th, 2019. Final round submissions are due by Mar 31st, 2019.CackalackyCon will occur on May 31st - June 2nd, 2019. Our Call for Papers is now officially open! Please review the information below for instructions on submitting your talk ideas. If you have any questions about the CFP process please email cfp at cackalackycon.orgIf you know a thing about hackalacking, hijackalacking network traffic, attackalacking physical security measures, robotics, or unpackalacking malware, etc., and you are interested in presenting at CackalackyCon, we cordially invite you to submit your proposal. Our goal is to put on a conference with a wide range of talks at different levels of knowledge. We are looking forward to reviewing your talk ideas!CFP FormThis year we will be reviewing submissions in two rounds. The earlier you submit, the higher your chances are at being selected and the more time you have to procrastinate working on your talk!
First round submissions are due by Feb 28th, 2019 before midnight EST.
Final submissions are due by Mar 31st, 2019 before midnight EST.If you present at the Con, you will receive;
*Free Cackalacky admission for you and one guest
*One free CackalackyCon shirt
*Unlimited fist bumps from our staff
*A reputation, but not necessarily a good oneAfter selection, CackalackyCon will publish the following information to the website:
*Presentation noscript
*Presentation abstract
*Presenter names or handles
*Presenter biosThanks for your submission! We wouldn’t be a con without you!
Signed,
The CackalackyCon CrewCackalackyCon.org
Submitted January 11, 2019 at 09:38PM by Curbob
via reddit http://bit.ly/2smsNDJ
Greetingz to all h4x0rs, breakers, clickers and scrollers, g33k girls, and cyber pathologists!WHAT: CackalackyCon Call for Papers
WHEN: CackalackyCon will happen on May 31st - June 2nd, 2019WHERE: The Sheraton Chapel Hill, NC
HOW: Complete the form and email it to cfp at cackalackycon.org
DEADLINES: First round submissions are due by Feb 28th, 2019. Final round submissions are due by Mar 31st, 2019.CackalackyCon will occur on May 31st - June 2nd, 2019. Our Call for Papers is now officially open! Please review the information below for instructions on submitting your talk ideas. If you have any questions about the CFP process please email cfp at cackalackycon.orgIf you know a thing about hackalacking, hijackalacking network traffic, attackalacking physical security measures, robotics, or unpackalacking malware, etc., and you are interested in presenting at CackalackyCon, we cordially invite you to submit your proposal. Our goal is to put on a conference with a wide range of talks at different levels of knowledge. We are looking forward to reviewing your talk ideas!CFP FormThis year we will be reviewing submissions in two rounds. The earlier you submit, the higher your chances are at being selected and the more time you have to procrastinate working on your talk!
First round submissions are due by Feb 28th, 2019 before midnight EST.
Final submissions are due by Mar 31st, 2019 before midnight EST.If you present at the Con, you will receive;
*Free Cackalacky admission for you and one guest
*One free CackalackyCon shirt
*Unlimited fist bumps from our staff
*A reputation, but not necessarily a good oneAfter selection, CackalackyCon will publish the following information to the website:
*Presentation noscript
*Presentation abstract
*Presenter names or handles
*Presenter biosThanks for your submission! We wouldn’t be a con without you!
Signed,
The CackalackyCon CrewCackalackyCon.org
Submitted January 11, 2019 at 09:38PM by Curbob
via reddit http://bit.ly/2smsNDJ
reddit
r/netsec - CackalackyCon Call for Papers is Open
1 vote and 0 comments so far on Reddit
Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent Drable
http://bit.ly/2FnCIBr
Submitted January 12, 2019 at 12:59AM by teksquisite
via reddit http://bit.ly/2smRAaD
http://bit.ly/2FnCIBr
Submitted January 12, 2019 at 12:59AM by teksquisite
via reddit http://bit.ly/2smRAaD
Lastline
Threat Actor “Cold River”: Network Traffic Analysis and a Deep Dive on Agent Drable
Cold River is a sophisticated threat actor making malicious use of DNS tunneling for command and control activities, compelling lure documents, and previously unknown implants. Read our detailed analysis.
Capture The Flag! Here's how to get started with CTFs.
http://bit.ly/2Rhol85
Submitted January 12, 2019 at 12:57AM by teksquisite
via reddit http://bit.ly/2sws4jr
http://bit.ly/2Rhol85
Submitted January 12, 2019 at 12:57AM by teksquisite
via reddit http://bit.ly/2sws4jr
Lastline
Capture That Flag!
Participating in hacking competitions – aka, Capture the Flag – improves security culture and the talent of the security team. Learn how to think like a hacker in order to defeat hackers.
Hack The Box - Oz write-up by 0xRick
http://bit.ly/2ABXXLN
Submitted January 12, 2019 at 08:14PM by Ahm3d_H3sham
via reddit http://bit.ly/2SQcLgZ
http://bit.ly/2ABXXLN
Submitted January 12, 2019 at 08:14PM by Ahm3d_H3sham
via reddit http://bit.ly/2SQcLgZ
0xRick Owned Root !
Hack The Box - Oz
Quick Summary Hey I’m back with another Hack The Box write-up , this time Oz has retired and it was rated as a hard box. I enjoyed this box , it was really fun. It had some docker tricks which were very cool , It’s a linux box and it’s ip is 10.10.10.96 so…