Pompa - another open-source phishing toolkit for those who value flexibility and control
http://bit.ly/2G6awlU
Submitted January 29, 2019 at 01:03AM by m1nl
via reddit http://bit.ly/2FVHEOf
http://bit.ly/2G6awlU
Submitted January 29, 2019 at 01:03AM by m1nl
via reddit http://bit.ly/2FVHEOf
GitHub
m1nl/pompa
Fully-featured spear-phishing toolkit - web front-end - m1nl/pompa
Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago
http://bit.ly/2t22qTX
Submitted January 30, 2019 at 01:46AM by notchplusone
via reddit http://bit.ly/2Wuo1BC
http://bit.ly/2t22qTX
Submitted January 30, 2019 at 01:46AM by notchplusone
via reddit http://bit.ly/2Wuo1BC
Macrumors
Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]
While it only made the news yesterday, it appears Apple was alerted to a major FaceTime privacy bug over a week ago. Twitter user MGT7500...
Unsecured access to personal data of a million Leo Express users
http://bit.ly/2Shi5g8
Submitted January 30, 2019 at 03:50AM by ThomasCZ
via reddit http://bit.ly/2sSd4wp
http://bit.ly/2Shi5g8
Submitted January 30, 2019 at 03:50AM by ThomasCZ
via reddit http://bit.ly/2sSd4wp
Thomas Orlita's blog
Unsecured access to personal data of a million Leo Express users - Thomas Orlita's blog
Leo Express is a Czech company operating train and bus lines in Central Europe. When I signed up, I noticed that on every page load a GraphQL request is sent to the server, which returns my account information in JSON. GraphQL is a query language for APIs…
Reversing the Rachio3 Smart Sprinkler Controller
http://bit.ly/2Gdi9ax
Submitted January 30, 2019 at 02:25AM by chicksdigthelongrun
via reddit http://bit.ly/2DHPaKc
http://bit.ly/2Gdi9ax
Submitted January 30, 2019 at 02:25AM by chicksdigthelongrun
via reddit http://bit.ly/2DHPaKc
Medium
Reversing the Rachio Smart Sprinkler Controller
A new smart device that “takes the guesswork out of watering.” An IoT device that extends the boundaries of your smart home into the yard…
Facebook Paying People $20/Month to Install Data Harvesting VPN App on iPhones
http://bit.ly/2DGXiKO
Submitted January 30, 2019 at 07:08AM by detroitguy16
via reddit http://bit.ly/2sVBJ34
http://bit.ly/2DGXiKO
Submitted January 30, 2019 at 07:08AM by detroitguy16
via reddit http://bit.ly/2sVBJ34
Macrumors
Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones
Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data...
PKI federation: how to use certificates & mTLS to connect across clouds and stuff
http://bit.ly/2B96h63
Submitted January 30, 2019 at 06:45AM by sourishkrout
via reddit http://bit.ly/2TqYt6R
http://bit.ly/2B96h63
Submitted January 30, 2019 at 06:45AM by sourishkrout
via reddit http://bit.ly/2TqYt6R
Smallstep
We are excited to start the New Year off with a new release (v0.8.3) of step certificates, the powerful open source certificate management solution. Amongst regular bug fixes, we’ve included some exciting new features!
Black Hats & White Collars: SEC EDGAR Database Hackers Revealed
https://splk.it/2Wmdngi
Submitted January 30, 2019 at 04:53AM by orygunian
via reddit http://bit.ly/2G71ntk
https://splk.it/2Wmdngi
Submitted January 30, 2019 at 04:53AM by orygunian
via reddit http://bit.ly/2G71ntk
Splunk-Blogs
Black Hats & White Collars: SEC EDGAR Database Hackers Revealed
One of the most critical aspects of crime is to understand intent so we can further understand the increasingly cozy relationship between black hat hackers and white collar criminals
24 million loan records found on open Amazon S3 bucket
http://bit.ly/2Bbr4pv
Submitted January 30, 2019 at 11:24AM by sidcool1234
via reddit http://bit.ly/2TlDZw9
http://bit.ly/2Bbr4pv
Submitted January 30, 2019 at 11:24AM by sidcool1234
via reddit http://bit.ly/2TlDZw9
SC Media
24 million loan records found on open Amazon S3 bucket| SC Media
The original mortgage and credit documents involved in the 24 million Elasticsearch data breach also have been found residing in an open Amazon S3 bucket.
BEEMKA: Basic Electron Framework Exploitation Tool (Red Team Persistence / Data Egress)
http://bit.ly/2B4PdxZ
Submitted January 30, 2019 at 02:27PM by h0wlett
via reddit http://bit.ly/2Tm5m9t
http://bit.ly/2B4PdxZ
Submitted January 30, 2019 at 02:27PM by h0wlett
via reddit http://bit.ly/2Tm5m9t
GitHub
ctxis/beemka
Basic Electron Exploitation. Contribute to ctxis/beemka development by creating an account on GitHub.
Samsung Galaxy Apps Store RCE via MITM (Writeup)
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
Adyta
Writeup – Samsung Galaxy Apps Store RCE via MITM
When your memory allocator hides security bugs
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
reddit
r/netsec - When your memory allocator hides security bugs
1 vote and 0 comments so far on Reddit
Yesterday's mass-login attack on Basecamp is another reminder to protect yourself
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
Signal v. Noise
Yesterday’s mass-login attack on Basecamp is another reminder to protect yourself
Yesterday at 12:45pm central time, our ops team detected a dramatic spike in login requests to Basecamp. More than 30,000 login attempts were made in the hour that followed from a wide array of IP …
XXE that can Bypass WAF Protection
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
Wallarm
XXE that can Bypass WAF Protection
by Alex Drozdov, Wallarm Research
Password Manager: Free vs. Paid
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
The Devolutions Blog
Password Manager: Free vs. Paid
Just like Stanley from The Office, we agree that it would be lovely if every day was Pretzel Day. After all, who doesn’t love free stuff?
However, in the real world we often need to pay for things — a...
However, in the real world we often need to pay for things — a...
Multiple vulnerabilities (leading to unauth RCE) in Nuuo CMS (management system for cameras and NVR)
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
seclists.org
Full Disclosure: [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE
$7.5k Google Cloud Platform organization issue
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
www.ezequiel.tech
$7.5k Google Cloud Platform organization issue
Website of Ezequiel Pereira, Uruguayan security enthusiast and student.
Top 10 most insecure WordPress plugins: Woocommerce, Jetpack, Wordfence, Yoast SEO, Contact Form 7...
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
Mac malware “CookieMiner” steals your cryptocurrency exchange cookies
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
VentureBeat
Palo Alto Networks: Mac malware steals your cryptocurrency exchange cookies
Mac malware has been deteced stealing cookies for cryptocurrency exchanges, according to a report from Palo Alto Networks.
SBI leaks financial data of millions due to unprotected server
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
Locking down WhatsApp on Android
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
Medium
Reducing WhatsApp Digital Footprint in the Age of Facebook
Leverage Android User Profiles to sandbox WhatsApp
Protecting User Accounts When Usability Matters
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
Wordpress
Protecting User Accounts When Usability Matters
Scenario: Password guessing attacks are happening on your website. The attacker is performing password spraying: he tries a single password for a user, and if it fails, he moves on to the next user…