Samsung Galaxy Apps Store RCE via MITM (Writeup)
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
http://bit.ly/2GappUv
Submitted January 30, 2019 at 06:38PM by cbolat
via reddit http://bit.ly/2To0y35
Adyta
Writeup – Samsung Galaxy Apps Store RCE via MITM
When your memory allocator hides security bugs
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
http://bit.ly/2RUjdHj
Submitted January 30, 2019 at 08:23PM by KingdomOfBullshit
via reddit http://bit.ly/2FUBihS
reddit
r/netsec - When your memory allocator hides security bugs
1 vote and 0 comments so far on Reddit
Yesterday's mass-login attack on Basecamp is another reminder to protect yourself
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
http://bit.ly/2MJ1exB
Submitted January 31, 2019 at 03:12AM by BoBab
via reddit http://bit.ly/2GaZ2xz
Signal v. Noise
Yesterday’s mass-login attack on Basecamp is another reminder to protect yourself
Yesterday at 12:45pm central time, our ops team detected a dramatic spike in login requests to Basecamp. More than 30,000 login attempts were made in the hour that followed from a wide array of IP …
XXE that can Bypass WAF Protection
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
http://bit.ly/2HI8QSl
Submitted January 31, 2019 at 01:12PM by Fugitif
via reddit http://bit.ly/2SgK0ge
Wallarm
XXE that can Bypass WAF Protection
by Alex Drozdov, Wallarm Research
Password Manager: Free vs. Paid
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
http://bit.ly/2FZkbMa
Submitted January 31, 2019 at 02:22PM by RalJans
via reddit http://bit.ly/2DL2Eog
The Devolutions Blog
Password Manager: Free vs. Paid
Just like Stanley from The Office, we agree that it would be lovely if every day was Pretzel Day. After all, who doesn’t love free stuff?
However, in the real world we often need to pay for things — a...
However, in the real world we often need to pay for things — a...
Multiple vulnerabilities (leading to unauth RCE) in Nuuo CMS (management system for cameras and NVR)
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
http://bit.ly/2DN4uW1
Submitted January 31, 2019 at 05:12PM by jose_boneh
via reddit http://bit.ly/2Bbawht
seclists.org
Full Disclosure: [Several CVE]: NUUO CMS - multiple vulnerabilities resulting in unauth RCE
$7.5k Google Cloud Platform organization issue
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
http://bit.ly/2TmKzT5
Submitted January 31, 2019 at 07:05PM by albinowax
via reddit http://bit.ly/2Bcci1I
www.ezequiel.tech
$7.5k Google Cloud Platform organization issue
Website of Ezequiel Pereira, Uruguayan security enthusiast and student.
Top 10 most insecure WordPress plugins: Woocommerce, Jetpack, Wordfence, Yoast SEO, Contact Form 7...
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
http://bit.ly/2FZ3iB2
Submitted January 31, 2019 at 06:27PM by KeyDutch
via reddit http://bit.ly/2TjCcrk
Mac malware “CookieMiner” steals your cryptocurrency exchange cookies
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
http://bit.ly/2BgdxNn
Submitted January 31, 2019 at 09:35PM by atomicspace
via reddit http://bit.ly/2G1o03m
VentureBeat
Palo Alto Networks: Mac malware steals your cryptocurrency exchange cookies
Mac malware has been deteced stealing cookies for cryptocurrency exchanges, according to a report from Palo Alto Networks.
SBI leaks financial data of millions due to unprotected server
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
http://bit.ly/2DMY09x
Submitted January 31, 2019 at 09:13PM by KeyDutch
via reddit http://bit.ly/2HJIQG1
Locking down WhatsApp on Android
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
http://bit.ly/2GbbYna
Submitted January 31, 2019 at 10:44PM by Kloudtrader
via reddit http://bit.ly/2CWMRRR
Medium
Reducing WhatsApp Digital Footprint in the Age of Facebook
Leverage Android User Profiles to sandbox WhatsApp
Protecting User Accounts When Usability Matters
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
http://bit.ly/2FXdQ3y
Submitted January 31, 2019 at 11:03PM by ScottContini
via reddit http://bit.ly/2TowKn3
Wordpress
Protecting User Accounts When Usability Matters
Scenario: Password guessing attacks are happening on your website. The attacker is performing password spraying: he tries a single password for a user, and if it fails, he moves on to the next user…
PKI as a Service with HashiCorp Vault
http://bit.ly/2G0945B
Submitted January 31, 2019 at 11:40PM by friendlytuna
via reddit http://bit.ly/2HJC9nh
http://bit.ly/2G0945B
Submitted January 31, 2019 at 11:40PM by friendlytuna
via reddit http://bit.ly/2HJC9nh
Medium
PKI as a Service with HashiCorp Vault
Creating and renewing TLS certificates is a tedious and boring task when done manually. It can be automated by using Let’s Encrypt for…
Exploiting the Magellan bug on 64-bit Chrome Desktop - Exodus Intelligence
http://bit.ly/2COUw4P
Submitted February 01, 2019 at 04:12AM by CuriousExploit
via reddit http://bit.ly/2Uvjzkj
http://bit.ly/2COUw4P
Submitted February 01, 2019 at 04:12AM by CuriousExploit
via reddit http://bit.ly/2Uvjzkj
Exodus Intelligence
Exploiting the Magellan bug on 64-bit Chrome Desktop
In this post, we show how to reverse engineer the Magellan bug from the patch and exploit it on a 64bit desktop environment.
The /r/netsec Monthly Discussion Thread - February 2019
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2CZy60t
OverviewQuestions regarding netsec and discussion related directly to netsec are welcome here.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on /r/netsec.As always, the content & discussion guidelines should also be observed on /r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted February 01, 2019 at 10:06AM by AutoModerator
via reddit http://bit.ly/2CZy60t
Reddit
Technical Information Security Content & Discussion
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
http://bit.ly/2Da3gTh
Submitted February 01, 2019 at 07:16PM by albinowax
via reddit http://bit.ly/2WCsEcS
http://bit.ly/2Da3gTh
Submitted February 01, 2019 at 07:16PM by albinowax
via reddit http://bit.ly/2WCsEcS
Blogspot
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file...
Rinnegan - A distributed tracer for blackbox systems
http://bit.ly/2G488gu
Submitted February 01, 2019 at 07:33PM by tunnelshade
via reddit http://bit.ly/2UyIq6O
http://bit.ly/2G488gu
Submitted February 01, 2019 at 07:33PM by tunnelshade
via reddit http://bit.ly/2UyIq6O
reddit
r/netsec - Rinnegan - A distributed tracer for blackbox systems
4 votes and 0 comments so far on Reddit
ActiveX Exploitation in 2019 :: Instantiation is not Scripting
http://bit.ly/2G6F8EO
Submitted February 01, 2019 at 08:18PM by cbolat
via reddit http://bit.ly/2Usq5Z8
http://bit.ly/2G6F8EO
Submitted February 01, 2019 at 08:18PM by cbolat
via reddit http://bit.ly/2Usq5Z8
srcincite.io
ActiveX Exploitation in 2019 :: Instantiation is not Scripting
But didn’t Microsoft kill ActiveX? I hear you asking. Well they almost did. As most security practitioners know, ActiveX has had a long history of exploitati...
Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation
http://bit.ly/2S4XOeD
Submitted February 01, 2019 at 08:03PM by Jwborc39963
via reddit http://bit.ly/2G6Bfjc
http://bit.ly/2S4XOeD
Submitted February 01, 2019 at 08:03PM by Jwborc39963
via reddit http://bit.ly/2G6Bfjc
./own.sh
Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation
In this article we will introduce the fundamentals of discovering and exploiting buffer overflow vulnerabilities in Windows applications.
Announced device Ledger Nano X on January, available for pre-order on March.
http://bit.ly/2G4KIaW
Submitted February 01, 2019 at 10:12PM by mdansarul
via reddit http://bit.ly/2BdWZFY
http://bit.ly/2G4KIaW
Submitted February 01, 2019 at 10:12PM by mdansarul
via reddit http://bit.ly/2BdWZFY
Ledger
Ledger Nano X - Secure your crypto
Make sure your crypto assets are safe anywhere you go with our most advanced hardware wallet yet. The Ledger Nano X is a bluetooth enabled secure device that stores your private keys and offers an easy-to-use experience for crypto owners.
Bypass AppLocker as an Admin
http://bit.ly/2WBBlEk
Submitted February 01, 2019 at 11:23PM by oddvarmoe
via reddit http://bit.ly/2G4Mbhh
http://bit.ly/2WBBlEk
Submitted February 01, 2019 at 11:23PM by oddvarmoe
via reddit http://bit.ly/2G4Mbhh
Oddvar Moe's Blog
Bypassing AppLocker as an admin
I thought it would be useful to have a blog post about two different techniques you can use to bypass AppLocker if you are an admin on a host that has AppLocker enabled. The first technique that us…