FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today β€” September 25th 2017Your RSS feeds

Sensitive client emails, usernames, passwords exposed in Deloitte hack

Oops, did someone forget to turn on 2FA?

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that compromised sensitive emails.…

  • September 25th 2017 at 15:17

Chris Vickery on Amazon S3 Data Leaks

By Chris Brook
Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks.

Vuln: IPython JSON Error Responses Multiple Cross Site Scripting Vulnerabilities

IPython JSON Error Responses Multiple Cross Site Scripting Vulnerabilities
  • September 25th 2017 at 00:00

[remote] Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)

Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)
  • September 25th 2017 at 00:00

Insteon and Wink home hubs appear to have a problem with encryption

Which is to say neither do it

Security researchers have discovered that two popular home automation systems are vulnerable to attacks.…

  • September 25th 2017 at 13:32

Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse

By Michael Mimoso
Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.

Brit military wants a small-drone-killer system for Β£20m

Too small for lasers, too big for nets

Fresh from showing off its gotta-zap-'em-all Dragonfire laser cannon, the Ministry of Defence is now buying a Β£20m anti-drone system.…

  • September 25th 2017 at 12:32

SecurityIQ Update Adds Healthcare-Specific Modules, Custom Course Notifications

By Megan Sawle

The latest SecurityIQ update includes nine new security awareness modules for healthcare professionals, and custom course notifications to help you increase program completion rates. Read on for complete release details. 9 New Security Awareness Modules for Healthcare Professionals Staying compliant with HIPAA and PPI regulations just became simpler with SecurityIQ’s new security awareness modules for […]

The post SecurityIQ Update Adds Healthcare-Specific Modules, Custom Course Notifications appeared first on InfoSec Resources.


SecurityIQ Update Adds Healthcare-Specific Modules, Custom Course Notifications was first posted on September 25, 2017 at 7:37 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Cops shut 28k sites flogging knock-off footie kits and other tat

Warn Joe Public: they'll nick your ID and ruin your credit

Cops have closed 28,000 websites selling counterfeit goods over the last three years, the City of London Police’s Intellectual Property Crime Unit (PIPCU) has revealed today.…

  • September 25th 2017 at 11:28

Vuln: Linux kernel CVE-2017-14106 Local Denial of Service Vulnerability

Linux kernel CVE-2017-14106 Local Denial of Service Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel CVE-2017-12154 Denial of Service Vulnerability

Linux Kernel CVE-2017-12154 Denial of Service Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel CVE-2017-1000111 Local Privilege Escalation Vulnerability

Linux Kernel CVE-2017-1000111 Local Privilege Escalation Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel 'drivers/video/fbdev/aty/atyfb_base.c' Local Information Disclosure Vulnerability

Linux Kernel 'drivers/video/fbdev/aty/atyfb_base.c' Local Information Disclosure Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel 'mm/migrate.c' Local Information Disclosure Vulnerability

Linux Kernel 'mm/migrate.c' Local Information Disclosure Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel CVE-2017-1000371 Local Security Bypass Vulnerability

Linux Kernel CVE-2017-1000371 Local Security Bypass Vulnerability
  • September 25th 2017 at 00:00

Vuln: Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure Vulnerabilities

Linux Kernel CVE-2017-7558 Multiple Local Information Disclosure Vulnerabilities
  • September 25th 2017 at 00:00

Startup Security Weekly #56 - A Huge Week

By paul@securityweekly.com

Don Pezet and Tim Broom of ITProTV join us. In the news, building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.securityweekly.com/SSWEpisode56Visit https://www.securityweekly.com/ssw for all the latest episodes!

πŸ’Ύ

  • September 25th 2017 at 09:00

Vuln: Perl CVE-2017-12837 Heap Buffer Overflow Vulnerability

Perl CVE-2017-12837 Heap Buffer Overflow Vulnerability
  • September 25th 2017 at 00:00

Vuln: Perl CVE-2017-12883 Buffer Overflow Vulnerability

Perl CVE-2017-12883 Buffer Overflow Vulnerability
  • September 25th 2017 at 00:00

All the Features You Need to Know About in iOS 11

By l33tdawg
https://i.kinja-img.com/gawker-media/image/upload/s--hloIT1u2--/c_scale,fl_progressive,q_80,w_800/ttgoo29kipsnsddm4v3f.jpg

iOS 11 was released last week, and with it your iPhone and iPad (as long as its one of these models) got a ton of new features. There are so many, that navigating through them all can end up being a pretty daunting, and let’s face it, confusing, task. Not sure how to learn it all? We’ve got your back. A bunch of us at Lifehacker have been putting the operating system through its paces, and have written a ton of great guides to some of the most interesting new stuff.

Tags:Β 
  • September 25th 2017 at 09:31

How Much Money Can Pirate Bay Make from a Cryptocoin Miner?

By l33tdawg
https://images.hardocp.com/images/news/1506286814ndkhc89o1p_1_1.jpg

In a surprise move, The Pirate Bay decided to add a cryptocurrency miner to its website last weekend. The notorious torrent site wanted to see whether this could replace the ads on the site. A controversial idea, but how much money can a site like The Pirate Bay make through mining?

In recent years many pirate sites have struggled to make a decent income.

Tags:Β 
  • September 25th 2017 at 09:31

iFixit’s iPhone 8 teardown finds a smaller battery and lots of glue

By l33tdawg
https://cdn.arstechnica.net/wp-content/uploads/2017/09/OBtFYu33BHuJfHoW-800x600.jpg

There’s a new iPhone out in the wild, which means there’s a new teardown from iFixit showing everything that’s going on inside Apple’s latest handset.

Tags:Β 
  • September 25th 2017 at 09:21

Fitbit Ionic review: Meet the $300 fitness-focused smartwatch

By l33tdawg
https://cdn.arstechnica.net/wp-content/uploads/2017/08/fitbitionic10-1440x960.jpg

Fitbit has a lot riding on its new $300 Ionic smartwatch. Analyst reports suggest the smartwatch category will continue to grow over the next few years, and Apple and Google already have well-established devices and operating systems. Being one of the top players in the wearables game, Fitbit is unlikely to build a device that runs Android Wear (much less watchOS), so it designs its own devices from the ground up. The Ionic is Fitbit's serious attempt at a smartwatch, far more so than the $200 Blaze that came out last year.

Tags:Β 
  • September 25th 2017 at 09:21

Security News This Week: Hackers Broke Into the SEC... A Year Ago

By l33tdawg
https://media.wired.com/photos/59c5964f67cc2a5fb9fb8fdb/master/w_1164,c_limit/sec-TA.jpg

The week kicked off with news that CCleaner, a popular security software tool, had itself been compromised, distributing a backdoor to hundreds of thousands of users and highlighting software's serious supply-chain security issue. Just a few days later, it turned out that the CCleaner was designed instead to target nearly two dozen specific tech firms. That's... not good.

Tags:Β 
  • September 25th 2017 at 09:20

All the Ways Equifax Epically Bungled Its Breach Response

By l33tdawg
https://media.wired.com/photos/59c425ad2b229d0adc55a019/master/w_1164,c_limit/Equifax-TopArt-AP_17262506258978.jpg

The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date. But, incredibly, the mistakes and the superlatives don’t end there. Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe.

Tags:Β 
  • September 25th 2017 at 09:19

Pesky users! They're always compromising endpoints! Security baked into silicon helps

Intel chippery tech mitigates the most careless of workers

Sponsored We can all agree that endpoint security is important – and also that it is a pain to enforce. Because of people. Worker carelessness is the most potent threat to endpoint security, according to US IT decision makers.…

  • September 25th 2017 at 08:21

Bugtraq: Kaltura - Remote Code Execution and Cross-Site Scripting

Kaltura - Remote Code Execution and Cross-Site Scripting
  • September 25th 2017 at 09:00

Bugtraq: [slackware-security] libxml2 (SSA:2017-266-01)

[slackware-security] libxml2 (SSA:2017-266-01)
  • September 25th 2017 at 08:00

Bugtraq: [SECURITY] [DSA 3983-1] samba security update

[SECURITY] [DSA 3983-1] samba security update
  • September 25th 2017 at 08:00

Guess – go on, guess – where a vehicle tracking company left half a million records

No prize, because it's too easy: SVR Tracking had an unsecured AWS S3 bucket

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket.…

  • September 25th 2017 at 02:01

Shock! Hackers for medieval caliphate are terrible coders

Daesh-bags give up on writing their own attack code, copy successful hackers

DerbyCon An analysis of the hacking groups allying themselves to Daesh/ISIS has shown that about 18 months ago the religious fanatics stopped trying to develop their own secure communications and hacking tools and instead turned to the criminal underground to find software that actually works.…

  • September 25th 2017 at 01:20
Yesterday β€” September 24th 2017Your RSS feeds

[webapps] Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection

Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection
  • September 22nd 2017 at 00:00

[webapps] Multi Level Marketing - SQL Injection

Multi Level Marketing - SQL Injection
  • September 22nd 2017 at 00:00

[webapps] Cash Back Comparison Script 1.0 - SQL Injection

Cash Back Comparison Script 1.0 - SQL Injection
  • September 22nd 2017 at 00:00

[webapps] Claydip Airbnb Clone 1.0 - Arbitrary File Upload

Claydip Airbnb Clone 1.0 - Arbitrary File Upload
  • September 22nd 2017 at 00:00

[webapps] PHP Auction Ecommerce Script 1.6 - SQL Injection

PHP Auction Ecommerce Script 1.6 - SQL Injection
  • September 22nd 2017 at 00:00

[webapps] Lending And Borrowing - 'pid' Parameter SQL Injection

Lending And Borrowing - 'pid' Parameter SQL Injection
  • September 22nd 2017 at 00:00

All the Ways Equifax Epically Bungled Its Breach Response

By Lily Hay Newman
The Equifax breach that potentially exposed the personal information of 143 million people was bad. The company's response has almost been worse, if that's even possible.

Forensic use of mount --bind, (Sun, Sep 24th)

In my previous diary, I mentioned a recent case that led me to write mac-robber.py. In that case, I mentioned that I needed to build a filesystem timeline and wanted to collect hashes because I suspected there were multiple copies of some possible malware scattered around the disk. The biggest issue I had was that hashing the files requires reading them which would update the access times, something I really did not want to do. So, I decided to use a trick on a live system that I had employed occasionally in the past when I got a tar file rather than a disk image of, say, a directory from a SAN or NAS. For those of you who aren't aware, on Linux, you can use the mount command to essentially link a directory to another location in the directory tree. In the screenshot below, you can see the results of df -h and mount on one of my test VMs.
  • September 24th 2017 at 00:28
Before yesterdayYour RSS feeds
❌