The HHS’ Office for Civil Rights has announced its third HIPAA financial penalty of 2018 - The 4th largest HIPAA penalty ever issued.

A new technique is being used by scammers to hide their phishing websites. This novel phishing attack uses a custom web font to render ciphertext as plaintext. The tactic is being used in phishing scams impersonating major U.S. banks.

A Reddit user has discovered a method to bypass recently introduced Face ID and Touch ID authentication for WhatsApp iOS version

Hi Guys, This is yet another a security vulnerability writeup about a chain of security vulnerabilities that linked up to compromise one…

A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the…

The deep thinkers approach to OSINT. What if all you had was a search engine? A complete and total focus on observable evidence linked by inferences.

Zone transfers for rwhois. Contribute to ShadowHatesYou/whori.sh development by creating an account on GitHub.

0 votes and 0 comments so far on Reddit

Robust and practical application control for Windows - GitHub - microsoft/AaronLocker: Robust and practical application control for Windows

To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security…

Learn everything there is to know about building and maintaining your own home or workplace virtual lab environment on the most popular hypervisors today!

JonLuca’s Blog - A blog about tech, programming, and information

0 votes and 0 comments so far on Reddit

Cybercriminals are promising salaries of up to $360,000 a year to accomplices who seek to extort high networth individuals such as C-Level executives, lawyers, and doctors.

Almost 80% of web page loads now use TLS. But almost no one uses TLS in development and pre-production. Why? Because it's hard. That sucks. When dev and staging don't match prod, bad things happen. Today's step release, version 0.8.6, makes using TLS in dev…

What happens when an image is also javanoscript? And when that Image does not even need a payload to extract the malware from the image.. Well then you have a polyglot!

During a red team exercise it's common to set up a relaying infrastructure to separate your external facing footprint from the actual command and control backend. Some of the popular light-weight options are to set up either HAProxy or NGINX on disposable…

Security researchers have discovered a new Malspam campaign exploiting the recently discovered WinRAR ACE flaw to install malware on the computer

The demonstrates CVE-2018-4233 on iOS. This should work on all 64bit iOS 10 devices but currently the kernel exploit has kernel offsets hardcoded for an iPod7,1 10.1.1 until I manage to add liboffs...

Security researchers have discovered a critical remote execution vulnerability in WinRAR software affecting all versions.