Facebook Paying People $20/Month to Install Data Harvesting VPN App on iPhones
http://bit.ly/2DGXiKO
Submitted January 30, 2019 at 07:08AM by detroitguy16
via reddit http://bit.ly/2sVBJ34
http://bit.ly/2DGXiKO
Submitted January 30, 2019 at 07:08AM by detroitguy16
via reddit http://bit.ly/2sVBJ34
Macrumors
Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones
Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data...
PKI federation: how to use certificates & mTLS to connect across clouds and stuff
http://bit.ly/2B96h63
Submitted January 30, 2019 at 06:45AM by sourishkrout
via reddit http://bit.ly/2TqYt6R
http://bit.ly/2B96h63
Submitted January 30, 2019 at 06:45AM by sourishkrout
via reddit http://bit.ly/2TqYt6R
Smallstep
We are excited to start the New Year off with a new release (v0.8.3) of step certificates, the powerful open source certificate management solution. Amongst regular bug fixes, we’ve included some exciting new features!
Black Hats & White Collars: SEC EDGAR Database Hackers Revealed
https://splk.it/2Wmdngi
Submitted January 30, 2019 at 04:53AM by orygunian
via reddit http://bit.ly/2G71ntk
https://splk.it/2Wmdngi
Submitted January 30, 2019 at 04:53AM by orygunian
via reddit http://bit.ly/2G71ntk
Splunk-Blogs
Black Hats & White Collars: SEC EDGAR Database Hackers Revealed
One of the most critical aspects of crime is to understand intent so we can further understand the increasingly cozy relationship between black hat hackers and white collar criminals
24 million loan records found on open Amazon S3 bucket
http://bit.ly/2Bbr4pv
Submitted January 30, 2019 at 11:24AM by sidcool1234
via reddit http://bit.ly/2TlDZw9
http://bit.ly/2Bbr4pv
Submitted January 30, 2019 at 11:24AM by sidcool1234
via reddit http://bit.ly/2TlDZw9
SC Media
24 million loan records found on open Amazon S3 bucket| SC Media
The original mortgage and credit documents involved in the 24 million Elasticsearch data breach also have been found residing in an open Amazon S3 bucket.
BEEMKA: Basic Electron Framework Exploitation Tool (Red Team Persistence / Data Egress)
http://bit.ly/2B4PdxZ
Submitted January 30, 2019 at 02:27PM by h0wlett
via reddit http://bit.ly/2Tm5m9t
http://bit.ly/2B4PdxZ
Submitted January 30, 2019 at 02:27PM by h0wlett
via reddit http://bit.ly/2Tm5m9t
GitHub
ctxis/beemka
Basic Electron Exploitation. Contribute to ctxis/beemka development by creating an account on GitHub.
Samsung Galaxy Apps Store RCE via MITM (Writeup)
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
Adyta
Writeup – Samsung Galaxy Apps Store RCE via MITM
When your memory allocator hides security bugs
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
reddit
r/netsec - When your memory allocator hides security bugs
1 vote and 0 comments so far on Reddit
Yesterday's mass-login attack on Basecamp is another reminder to protect yourself
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
Signal v. Noise
Yesterday’s mass-login attack on Basecamp is another reminder to protect yourself
Yesterday at 12:45pm central time, our ops team detected a dramatic spike in login requests to Basecamp. More than 30,000 login attempts were made in the hour that followed from a wide array of IP …
XXE that can Bypass WAF Protection
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
Wallarm
XXE that can Bypass WAF Protection
by Alex Drozdov, Wallarm Research
Password Manager: Free vs. Paid
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
The Devolutions Blog
Password Manager: Free vs. Paid
Just like Stanley from The Office, we agree that it would be lovely if every day was Pretzel Day. After all, who doesn’t love free stuff?
However, in the real world we often need to pay for things — a...
However, in the real world we often need to pay for things — a...
Multiple vulnerabilities (leading to unauth RCE) in Nuuo CMS (management system for cameras and NVR)
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
seclists.org
Full Disclosure: [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE
$7.5k Google Cloud Platform organization issue
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
www.ezequiel.tech
$7.5k Google Cloud Platform organization issue
Website of Ezequiel Pereira, Uruguayan security enthusiast and student.
Top 10 most insecure WordPress plugins: Woocommerce, Jetpack, Wordfence, Yoast SEO, Contact Form 7...
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
Mac malware “CookieMiner” steals your cryptocurrency exchange cookies
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
VentureBeat
Palo Alto Networks: Mac malware steals your cryptocurrency exchange cookies
Mac malware has been deteced stealing cookies for cryptocurrency exchanges, according to a report from Palo Alto Networks.
SBI leaks financial data of millions due to unprotected server
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
Locking down WhatsApp on Android
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
Medium
Reducing WhatsApp Digital Footprint in the Age of Facebook
Leverage Android User Profiles to sandbox WhatsApp
Protecting User Accounts When Usability Matters
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
Wordpress
Protecting User Accounts When Usability Matters
Scenario: Password guessing attacks are happening on your website. The attacker is performing password spraying: he tries a single password for a user, and if it fails, he moves on to the next user…
PKI as a Service with HashiCorp Vault
http://bit.ly/2G0945B
Submitted January 31, 2019 at 11:40PM by friendlytuna
via reddit http://bit.ly/2HJC9nh
http://bit.ly/2G0945B
Submitted January 31, 2019 at 11:40PM by friendlytuna
via reddit http://bit.ly/2HJC9nh
Medium
PKI as a Service with HashiCorp Vault
Creating and renewing TLS certificates is a tedious and boring task when done manually. It can be automated by using Let’s Encrypt for…
Exploiting the Magellan bug on 64-bit Chrome Desktop - Exodus Intelligence
http://bit.ly/2COUw4P
Submitted February 01, 2019 at 04:12AM by CuriousExploit
via reddit http://bit.ly/2Uvjzkj
http://bit.ly/2COUw4P
Submitted February 01, 2019 at 04:12AM by CuriousExploit
via reddit http://bit.ly/2Uvjzkj
Exodus Intelligence
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
The /r/netsec Monthly Discussion Thread - February 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2CZy60t
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2CZy60t
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
http://bit.ly/2Da3gTh
Submitted February 01, 2019 at 07:16PM by albinowax
via reddit http://bit.ly/2WCsEcS
http://bit.ly/2Da3gTh
Submitted February 01, 2019 at 07:16PM by albinowax
via reddit http://bit.ly/2WCsEcS
Blogspot
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file...