Quest Diagnostics says 11.9 million patients' financial and medical information may have been exposed in data breach
https://www.cnbc.com/2019/06/03/quest-diagnostics-says-nearly-12-million-patients-may-have-had-data-breached.html
Submitted June 04, 2019 at 10:40PM by RGray805
via reddit http://bit.ly/2EU4dR0
https://www.cnbc.com/2019/06/03/quest-diagnostics-says-nearly-12-million-patients-may-have-had-data-breached.html
Submitted June 04, 2019 at 10:40PM by RGray805
via reddit http://bit.ly/2EU4dR0
CNBC
Quest Diagnostics says 11.9 million patients' financial and medical information may have been exposed in data breach
About 11.9 million Quest Diagnostics patients may have had their financial, medical and other personal information exposed in a data breach, the company said Monday.
secDevLabs: Open-source training lab with OWASP Top10 based vulnerable apps to be secured by developers through Pull Requests
http://bit.ly/2WnT59P
Submitted June 04, 2019 at 10:23PM by Krlier
via reddit http://bit.ly/2WaLLJW
http://bit.ly/2WnT59P
Submitted June 04, 2019 at 10:23PM by Krlier
via reddit http://bit.ly/2WaLLJW
GitHub
globocom/secDevLabs
Laboratory for those who are interested in learning about web security - globocom/secDevLabs
Bypassing CA cert checks in Flutter based apps on Android
http://bit.ly/2QK2TVK
Submitted June 05, 2019 at 12:08AM by fridgehead
via reddit http://bit.ly/2WMBdF5
http://bit.ly/2QK2TVK
Submitted June 05, 2019 at 12:08AM by fridgehead
via reddit http://bit.ly/2WMBdF5
Orangewi.re Labs
Bypassing Root CA checks in Flutter based apps on Android
I recently started looking at Android apps based on the Flutter framework, I’d not come across any before and after a pub discussion about something entirely unrelated managed to find one to …
CapsAttacks: Testing Adversarial Attacks on Capsule Networks
http://bit.ly/2WjImNE
Submitted June 05, 2019 at 12:18AM by Yuqing7
via reddit http://bit.ly/2Wqm2Sz
http://bit.ly/2WjImNE
Submitted June 05, 2019 at 12:18AM by Yuqing7
via reddit http://bit.ly/2Wqm2Sz
Medium
CapsAttacks: Testing Adversarial Attacks on Capsule Networks
Convolutional Neural Networks (CNNs) have been proven vulnerable to attacks by adversarial samples. These slight image modifications are…
Google's Project Zero hacks Windows Notepad to offer remote shell access
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
http://bit.ly/30XUnHk
Submitted June 05, 2019 at 01:05AM by cos
via reddit http://bit.ly/2IcRlWY
MSPoweruser
Google’s Project Zero hacks Windows Notepad to offer remote shell access
It seems Windows Notepad’s days of innocence is over, as Threatpost reports that Google’s Project Zero has managed to corrupt the app into an entry point for full system access. Tavis Ormandy, from Google’s Project Zero managed to find a memory corruption…
SameSite cookies in practice
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
http://bit.ly/318CxBv
Submitted June 05, 2019 at 12:49PM by neverforgetdream
via reddit http://bit.ly/2XsS5O8
reddit
r/netsec - SameSite cookies in practice
0 votes and 0 comments so far on Reddit
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
http://bit.ly/2WJfH3X
Submitted June 05, 2019 at 01:22PM by alt3kx
via reddit http://bit.ly/2QMRy76
Medium
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or…
How to create an EVIL LTE Twin
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
http://bit.ly/2wBYMlh
Submitted June 05, 2019 at 04:43PM by pentest4life
via reddit http://bit.ly/2XrvIst
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthy…
Pulling Credentials from Logs in Exagrid Appliances
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
http://bit.ly/2MF0mgW
Submitted June 05, 2019 at 06:00PM by regul8_
via reddit http://bit.ly/2XqKQ9u
InquisIT
Exagrid Directory Traversal Vulnerability (CVE-2019-12310) to “Support” Credential Extraction - InquisIT
Summary The Exagrid backup appliance at version 4.8.1.1044.P50 suffers from a directory traversal vulnerability at “http://EXAGRID_IP/monitor/data/Upgrade/” (case sensitive) which allows unauthenticated access to detailed log files. Active “support” credentials…
Launching Incidents: an open source web app for organizing non-trivial security investigations
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
https://github.com/veeral-patel/incidentsJIRA, Google Docs, and Slack are sufficient for small security incidents, but as more people get involved and the scope of the investigation grows, it's hard to feel in control and not miss things.Our insight is that incidents are trees of tickets, where some tickets are leads.https://i.redd.it/ji74b2mwpe231.pngVideo Demo: https://www.youtube.com/watch?v=Z7U2iYwOpQ4Live Demo: http://134.209.4.68(Author here, feel free to ask questions)
Submitted June 05, 2019 at 02:49AM by yaraz
via reddit http://bit.ly/2wz5rwH
GitHub
GitHub - veeral-patel/incidents: Please use https://github.com/veeral-patel/true-positive instead
Please use https://github.com/veeral-patel/true-positive instead - veeral-patel/incidents
Bypassing CSP with policy injection
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
http://bit.ly/2MxLdy6
Submitted June 05, 2019 at 06:43PM by albinowax
via reddit http://bit.ly/2XuT80e
portswigger.net
Bypassing CSP with policy injection | Blog
Whilst testing PayPal looking for ways to bypass CSP and mixed content protection I found an interesting behaviour. PayPal was putting a GET parameter called token inside the report-uri directive of t
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
http://bit.ly/2WmQnl4
Submitted June 05, 2019 at 07:48PM by omriher
via reddit http://bit.ly/2WvuJLH
Check Point Research
We Decide What You See: Remote Code Execution on a Major IPTV Platform - Check Point Research
Research by: Ronen Shustin Introduction About a year ago Check Point Research discovered critical vulnerabilities in a Ukrainian TV streaming platform that, if exploited, could leave service providers exposed to a serious breach. The risks would be their…
What To Do When SIM-Swapping Happens To You - Medium
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
http://bit.ly/2EQHTry
Submitted June 06, 2019 at 12:04AM by trogdortb001
via reddit http://bit.ly/2wzS1As
Medium
What To Do When SIM-Swapping Happens To You
CipherBlade in MyCryptoJun 5 · 50 min read
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
http://bit.ly/2Iob2Lz
Submitted June 06, 2019 at 01:07AM by myover
via reddit http://bit.ly/2IrzRX0
Praetorian
Implementing Application Whitelisting with Google Santa and Upvote (Part 2 of 2)
In part 2 of this series, we will provide technical guidance on how you can deploy Google Santa and Upvote in your organization.
WAF through the eyes of hackers or how to bypass modern WAF
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
http://bit.ly/2HVQATn
Submitted June 05, 2019 at 04:07PM by barracud4_
via reddit http://bit.ly/2IjSvA3
Habr
WAF through the eyes of hackers
Today we’re going to talk about one of the modern security mechanism for web applications, namely Web Application Firewall (WAF). We’ll discuss modern WAFs and...
PSPTool – Parse and trace firmware of AMD's Platform Security Processor
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
http://bit.ly/3191Rre
Submitted June 05, 2019 at 02:15PM by cwerling
via reddit http://bit.ly/2HVPQxz
GitHub
cwerling/psptool
Display, extract, and manipulate PSP firmware inside UEFI images - cwerling/psptool
Welcome Endgame: Bringing Endpoint Security to the Elastic Stack
http://bit.ly/2wFMdoZ
Submitted June 06, 2019 at 03:06AM by CloudButWhy
via reddit http://bit.ly/2Woi0dm
http://bit.ly/2wFMdoZ
Submitted June 06, 2019 at 03:06AM by CloudButWhy
via reddit http://bit.ly/2Woi0dm
Elastic Blog
Welcome Endgame: Bringing Endpoint Security to the Elastic Stack
We are excited to announce that we have entered into an acquisition agreement to join forces with Endgame, Inc. an endpoint security company.
Tutorial: Bringing passwords back like a necromancer with h8mail
http://bit.ly/2WIpMyj
Submitted June 06, 2019 at 03:03AM by khast3x
via reddit http://bit.ly/2Wge2hZ
http://bit.ly/2WIpMyj
Submitted June 06, 2019 at 03:03AM by khast3x
via reddit http://bit.ly/2Wge2hZ
khast3x.club
Getting started with h8mail v2
Information security, tips, hacks and giggles
http://bit.ly/1gFjN4e
http://bit.ly/2Wiv6UH
Submitted June 06, 2019 at 04:42PM by khasaia
via reddit http://bit.ly/2ZaYLRs
http://bit.ly/2Wiv6UH
Submitted June 06, 2019 at 04:42PM by khasaia
via reddit http://bit.ly/2ZaYLRs
secrary[dot]com::LashaKhasaia
Hide From Sandboxes And Emulators
This blog is about malware analysis and reverse engineering. I’m Lasha Khasaia
Understanding LTE, and how to create an LTE Evil Twin to passively obtain IMSI numbers
http://bit.ly/2wBYMlh
Submitted June 06, 2019 at 04:38PM by pentest4life
via reddit http://bit.ly/2ERQla0
http://bit.ly/2wBYMlh
Submitted June 06, 2019 at 04:38PM by pentest4life
via reddit http://bit.ly/2ERQla0
Medium
How to create an EVIL LTE Twin
Be very careful when playing with any cellular bands. Denial of service attacks can have devastating and sometimes jail worthy…
New Toys!
http://bit.ly/2WNwaEw
Submitted June 06, 2019 at 04:07PM by HanoverWilliam
via reddit http://bit.ly/2QO1HAK
http://bit.ly/2WNwaEw
Submitted June 06, 2019 at 04:07PM by HanoverWilliam
via reddit http://bit.ly/2QO1HAK
reddit
r/netsec - New Toys!
0 votes and 1 comment so far on Reddit