Daily Security News
PacketStorm
Facebook's Sir Nick Clegg Criticized Over WhatsApp Security new- Mac Users Bombarded By Laughably Unsophisticated Malware new
- Hackers Target Unpatched Citrix Servers To Deploy Ransomware new
- Fake SWAT Calls Hit Tech Execs new
- Amazon Engineer Leaks Encryption Keys To Public GitHub Repo
- Phishing Campaign Leads To UPS Store Data Breach
- Twitter Demands AI Company Stops Collecting Faces
- Suspected Iranian Hackers Target European Energy Companies
- Crown Prince Of Saudi Arabia Accused Of Hacking Jeff Bezos' Phone
- Brazil Prosecutes Greenwald In Attack On Press Freedom
- Data Leak Strikes US Cannabis Users, Sensitive Info Exposed
- Microsoft Discloses Security Breach Of Customer Support Database
The Register
- 2015-member database floats off through breach in Royal Yachting Association's hull new
- Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty
- We need to make it even easier for UK terror cops to rummage about in folks' phones, says govt lawyer
- Ooh, watch out Google. You've got competition. Verizon has a new 'privacy-focused' search engine
- Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned
- Who honestly has a crown prince in their threat model? UN report officially fingers Saudi royal as Bezos hacker
- Safari's Intelligent Tracking Protection is misspelled, says Google: It should be Dumb Browser Stalking Enabler
- Academics call for UK's Computer Misuse Act 1990 to be reformed
- WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet
- Capita Education Services accidentally spaffs email addresses in Helpdesk snafu
- Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message
- No backdoors needed: Apple ditched plans to fully encrypt iCloud backups after heavy pressure from FBI – claim
Reddit - NetSec
- Tool Release - Enumerating Docker Registries with go-pillage-registries new
- Zero-Day Research: Mechanical Keyboard Finder Version 4.31 new
- Another WordPress site management plugin (wpCentral) is vulnerable to authentication issues. new
- A collection of UNIX hacking tips & tricks curated by THC new
- A cron job that could save you from a ransomware attack new
- Created a simple credential finder -- currently uses github, but will add more things like bitbucket, gitlab maybe even google dorks too
- PoC (DoS) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE
- GitHub - reemertastic/infosec-spam-list: List of unwarranted sales email domains you can add to your junk mail filter
- Anatomy of a Facebook-Hosted Phishing Attack
- Securing Bare Metal with Service Mesh
- Spotify DRM Bypass + PoC
- SSO Issues
Bleeping Computer
- The Week in Ransomware - January 24th 2020 - Duck for Cover! new
- Microsoft To Fix Windows 7 Black Wallpaper Bug for ESU Customers new
- Citrix Releases Final Patch as Ransomware Attacks Ramp Up new
- New Ryuk Info Stealer Targets Government and Military Secrets new
- DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs new
- City of Potsdam Servers Offline Following Cyberattack new
- Microsoft is Adding Classic ‘Edge Mode’ to New Edge Browser new
- U.S. Govt Agency Hit with New CARROTBALL Malware Dropper new
- Sonos Backtracks: Legacy Devices Will Get Updates After May
- Bipartisan Coalition Bill Introduced to Reform NSA Surveillance
- TrickBot Now Harvests Windows Active Directory Credentials
- TrickBot Now Steals Windows Active Directory Credentials
The Hacker News
- Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards new
- 250 Million Microsoft Customer Support Records Exposed Online
- Saudi Prince Allegedly Hacked World's Richest Man Jeff Bezos Using WhatsApp
- Download: The State of Security Breach Protection 2020 Survey Results
- BitDam Study Exposes High Miss Rates of Leading Email Security Systems
- Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack
- Evaluating Your Security Controls? Be Sure to Ask the Right Questions
- Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks
Threat Wire
Exploits
Packet Storm Exploits
- OLK Web Store 2020 Cross Site Request Forgery new
- Webtareas 2.0 SQL Injection new
- TP-Link TP-SG105E 1.0.0 Unauthenticated Remote Reboot new
- Genexis Platinum-4410 2.1 Authentication Bypass new
- qdPM 9.1 Remote Code Execution
- Umbraco CMS 8.2.2 Cross Site Request Forgery
- Pachev FTP Server 1.0 Path Traversal
- BOOTP Turbo 2.0 Denial Of Service
- D-Link DIR-859 Unauthenticated Remote Command Execution
- Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
- ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
- Employee Leaves Management System 2.0 Cross Site Request Forgery
Exploit-DB Webapps
- [webapps] Webtareas 2.0 - 'id' SQL Injection
- [webapps] TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
- [webapps] OLK Web Store 2020 - Cross-Site Request Forgery
- [webapps] Genexis Platinum-4410 2.1 - Authentication Bypass
- [webapps] qdPM 9.1 - Remote Code Execution
- [webapps] Citrix XenMobile Server 10.8 - XML External Entity Injection
- [webapps] ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
- [webapps] Adive Framework 2.0.8 - Persistent Cross-Site Scripting
- [webapps] Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
- [webapps] Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
- [webapps] Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
- [webapps] Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Exploit-DB Local and Privilege Escalation
- [local] Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
- [local] Ricoh Printer Drivers - Local Privilege Escalation
- [local] NEOWISE CARBONFTP 1.4 - Weak Password Encryption
- [local] Easy XML Editor 1.7.8 - XML External Entity Injection
- [local] Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite)
- [local] Trend Micro Maximum Security 2019 - Arbitrary Code Execution
- [local] Trend Micro Maximum Security 2019 - Privilege Escalation
- [local] Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
- [local] SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
- [local] Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
- [local] VPN unlimited 6.1 - Unquoted Service Path
- [local] Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Exploit-DB DoS
- [dos] BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
- [dos] Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
- [dos] KeePass 2.44 - Denial of Service (PoC)
- [dos] Sysax Multi Server 5.50 - Denial of Service (PoC)
- [dos] APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC)
- [dos] GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC)
- [dos] WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
- [dos] Redir 3.3 - Denial of Service (PoC)
- [dos] Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN
- [dos] TaskCanvas 1.4.0 - 'Registration' Denial Of Service
- [dos] SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)
- [dos] Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
- [remote] Pachev FTP Server 1.0 - Path Traversal
- [remote] Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
- [remote] Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution
- [remote] Cisco DCNM JBoss 10.4 - Credential Leakage
- [remote] EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
- [remote] ASTPP VoIP 4.0.1 - Remote Code Execution
- [remote] JetBrains TeamCity 2018.2.4 - Remote Code Execution
- [remote] nostromo 1.9.6 - Remote Code Execution
- [remote] FreeSWITCH 1.10.1 - Command Execution
- [remote] OpenMRS - Java Deserialization RCE (Metasploit)
- [remote] Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
- [remote] FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
Hak5
Vulnerabilities
Bugtraq
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0001
- [SECURITY] [DSA 4609-1] python-apt security update
- SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS
- [SECURITY] [DSA 4608-1] tiff security update
- [SECURITY] [DSA 4607-1] openconnect security update
- Neowise CarbonFTP v1.4 Insecure Proprietary Password Encryption CVE-2020-6857
- Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697
- Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357
- [SECURITY] [DSA 4606-1] chromium security update
- [SECURITY] [DSA 4603-1] thunderbird security update
- [SECURITY] [DSA 4604-1] cacti security update
- [SECURITY] [DSA 4605-1] openjdk-11 security update
Full Disclosure
- Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers new
- [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857 new
- CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows new
- SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus
- CarolinaCon CFP
- [REVIVE-SA-2020-001] Revive Adserver Vulnerability
- Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857
- .diagcab directory traversal leading to arbitrary code execution
- Re: Fortinet FortiSIEM Hardcoded SSH Key
- CVE-2020-2656 - Low impact information disclosure via Solaris xlock
- CVE-2019-19697 / Trend Micro Security 2019 (Consumer) / Security Bypass Protected Service Tampering
- CVE-2019-20357 / Trend Micro Security (Consumer) / Persistent Arbitrary Code Execution
Tools
CyberPunk nowhere.net
Packet Storm Tools
Darknet
- dSploit APK Download – Hacking & Security Toolkit For Android
- Scallion – GPU Based Onion Hash Generator
- WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
- truffleHog – Search Git for High Entropy Strings with Commit History
- AIEngine – AI-driven Network Intrusion Detection System
- Sooty – SOC Analyst All-In-One CLI Tool
Exploit Dev
Reddit - Exploit Dev
- Automatic ROPChain Generation: https://github.com/d4em0n/exrop
- Request
- Introduction To GLIBC Heap Exploitation - Max Kamper
- GitHub - guyinatuxedo/nightmare - A collection of binary exploitation / reverse engineering challenges and writeups
- Beginner/Newbie need help with stack overflow understanding
- Fuzzing JavaScript WebAssembly APIs with Dharma/Domato (Chrome/v8)
- I need help
- Any real life exploit developer or security researcher here?
- When To Focus on Exploit Dev
- Shellcode writing helper tool
- How close do electromagnetic signal detectors have to be to registers for side channel attacks?
- ShellCoder Handbook Edition 2: Windows Server
Source Incite
Google Project Zero
- Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
- Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
- Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
- Policy and Disclosure: 2020 Edition
- Calling Local Windows RPC Servers from .NET
- SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
- Bad Binder: Android In-The-Wild Exploit
- KTRW: The journey to build a debuggable iPhone
Security Researchers
Reversing/I like ASM
Reddit - Reverse Engineering
- BlueKeep dissection (CVE-2019-0708) using REVEN Data Tainting, APIs & Memory History new
- Reflecting on 16 Years of Work on Adversarial Interoperability new
- Reversing XC3 Anticheat: Analyzing dispatch functions new
- Magecart Found on Olympic Ticket Reseller
- OBD2 Reverse Engineering Breakout Board I'm Working On
- Shikata Gai Nai still in use 2019 after 15 years of existance.
- heksa - CLI hex dumper with colors
- Getting Hardware and Schematics Details of any Electronic Product
- Apebot - one of the last demos I’ve managed to get running on the 3DO M2
- Control Flow Integrity (CFI) in the Linux kernel
- Now UEFI_RETool IDA plugin can display the sequence of execution of UEFI images and dependencies between images
- Reverse Engineering the BMW Connected Apps Protocol
Reddit - Game Hacks
- Anyone know where to get a Friday the 13th hack client
- Pokemon Vortex V4 Cheat bot | SnowFall V1.1 | Custom Pokemon Finder, Legendary Pokemon Finder & etc.
- Here's a generator that sends poke coins to your account and it legitimately doesn't ask for any information
- LF SC2 Maphack (Not Free)
- Looking for a Rust hack
- DayZ SA Script Injector?
- New Frontier Hacks?
- Red Dead Redemption 2 Online Mod Menu
- DEADBYDAYLIGHT BOOSTING SERVICE
- You want cheap and legit recoveries for GTA V Online with safest mod menu? With live proof? Ping me if your interested
- Is DarwinModz trustworthy?
- Hi
Reddit - REGames
- Unpack DAT Files
- Need help REing missing files for rule checking app for Pokemon B(2)/W(2)
- Mobius Final Fantasy End of Service Announcement (Jun. 30, 2020)
- Downloading online flash game for offline use?
- Star Wars Uprising Server Emulator
- Where to start for Packet Captures?
- OpenNitemare3D update: sprites and a basic enemy(plus a huge performance fix).
- Exploiting: Spiderman 2000 - Buffer overflow in file loading routine
- Tool for Arkham City game from github doesn't work correctly
- working on the raycaster for OpenNitemare3D, hopefully I can figure out how to implement sprites soon.
- [PS2] Smuggler's Run 2
- Help with internal lua vm execution
StackExchange - ReverseEngineering
- CAN Bus checksum new
- How to “unprotect” malicious workbook without knowing password new
- IDA shows MEMORY or unknown references on C std library calls (memset, memcpy, etc.) new
- List function supported by /bin/sh new
- I.MX28x device reading new
- BIOS first jump leads to empty memory new
- Linux encryption/luks/pymouth password scripts corruption
- ELF file crashing after executing shellcode
- Generate dummy struct in IDA hexrays
- Some obstacles in reversing a JNI Native library
- Using IDA pro 7.2 and android server breakpoints problem
- Is it possible to read a device's firmware or internal programming in computer's RAM?
Guided Hacking
Malware/APT
Reddit - Malware
- A small python script I made that uses the VirusTotal API to identify potentially malicious samples new
- Mistyped URL (youbico vs yubico) and got presented with malware.
- Ticket resellers infected with a credit card skimmer
- U.S. Government Targeted in Spear-Phishing Attacks
- Bitcoinminer.COMSPECRST
- Working malware samples site
- Looking for a complete sample of SpySheriff malware
- Malware making tools
- Hungarian notation
- Emotet file hashes, Compromised IP addresses and domains, and malicious powershell artifacts
- Not able to run NotPetya
- Binaries generated by MinGW32 detected as trojan
Unit42
- The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks
- Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
- Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601
- Exploits in the Wild for Citrix ADC and Citrix Gateway Directory Traversal Vulnerability CVE-2019-19781
- Threat Brief: Iranian-linked Cyber Operations
- Wireshark Tutorial: Examining Ursnif Infections
- Unit 42 Discovers 13 New Vulnerabilities Across Microsoft and Adobe Products
- Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
- Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
- Unit 42 Presents New Research at BlueHat Seattle on Three new Windows RDP Vulnerability Exploit Methods
- What I Learned from Reverse Engineering Windows Containers
- TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
FireEye Threat Research
- Nice Try: 501 (Ransomware) Not Implemented new
- 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
- SAIGON, the Mysterious Ursnif Fork
- The FireEye Approach to Operational Technology Security
- Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
- Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel
- FIDL: FLARE’s IDA Decompiler Library
- Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models
- MESSAGETAP: Who’s Reading Your Text Messages?
- CertUtil Qualms: They Came to Drop FOMBs
Bug Bounties
Reddit - BugBounty
- Bug Bytes #54 – Killing Snakes for Fun, Seagate RCE & Finding Bugs in API’s
- This interview is packed with good advice for web hacking and bug bounties: @Jhaddix Talks About Defcon, Burp Suite, Hacking, Bug Bounties and How He…
- The schedule for Pwn2Own 2020 is out with live, updating results
- Weekly Discussion, January 20, 2020: Ask all your bugbounty questions!
- Would this be considered a Business Logic bug?
- NahamSec Kicks off the New Year With an AMA!
- Free Shopping on Shopify stores -- Shopify trying to avoid paying me?
- h1-415 CTF - A chance to win a trip to HackerOne's h1-415 in San Francisco
- Anyone have experience testing Salesforce Lightning web apps?
- Sites like pentester.land
- Why Companies Like Google And Facebook Pay Hackers Millions
- Enumerating, Analyzing, and Exploiting The Citrix ADC RCE - CVE-2019-19781
Pentester Land
- The 5 Hacking NewsLetter 89
- The 5 Hacking NewsLetter 88
- The 5 Hacking NewsLetter 87
- The 5 Hacking NewsLetter 86
- The 5 Hacking NewsLetter 85
- The 5 Hacking NewsLetter 84
- The 5 Hacking NewsLetter 83
- The 5 Hacking NewsLetter 82
- The 5 Hacking NewsLetter 81
- The 5 Hacking NewsLetter 80
- The 5 Hacking NewsLetter 79
- The 5 Hacking NewsLetter 78
Portswigger
Crypto
Reddit - Crypto
- How do known answer tests work for key encapsulation? new
- I'm looking for some help with this potential cipher... new
- I've written an article "Anti-Data-Leak Pattern", to prevent data leak from web sites (+ example project) new
- https://aesencryption.net/ Is this website real encryption?
- XRP JESTER LEVELS THE PLAYING FIELD!!
- ChaCha20: Given a ciphertext, can adversaries determine the key stream?
- The Problem With Crypto Storage
- Anti-Data-Leak Pattern for Web Services
- .Net library for ed25519 signature verification?
- Adiantum-inner parts questions
- Encrypting a specific folder in Ubuntu
- (Very) Basic Intro to Lattices in Cryptography
StackExchange - Crypto
- Can BLS aggregate signatures be merged? new
- How can we convert public key system to private key? [closed] new
- Would creating a custom human language be stronger protection than encrypting a known human language? new
- Vigènere Cipher: Question on Decoding new
- How to decrypt a Vigenere cipher without knowing the key? [closed] new
- What's the difference between threshold signatures and multisignatures? new
- what is algorithm behind truecrypt? [closed] new
- Threshold decryption in multi-key homomorphic encryption new
- What are the safe primes for $p$ and $q$ used in ElGamal? new
- Lifting point to quadratic twisted curve new
- Why use any other password generation method when Diceware/EFF dictionary exists? [migrated] new
- How to prepare random digit values for ENT and NIST statistical test suites (convert to bytes or bits) new
Podcasts
Security Weekly
- Lots of Smoke - PSW #635
- The Knuckle Busters - PSW #634
- Sexy Knowledge - PSW #633
- Scientific Hooligans - PSW #632
- Twerking Santa - PSW #631
- A Christmas Miracle - PSW #630
- The Casting Couch - PSW #629
- Drinking Brake Fluid - PSW #628
- Sound Medical Advice - PSW #627
- Ninja Lawyers - PSW #626
- Monday Morning Blues - PSW #625
Risky.Biz
- Feature podcast: Alexa O'Brien on Wikileaks, intelligence and influence
- Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges
- Risky Business #568 -- Let's Decrypt
- Risky Business #567 -- ToTok, Iran and big-game ransomware galore
- Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade
- Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade
- Risky Biz Soap Box: Some Zero Trust facts of life
- Risky Business #565 -- Crypto bro takes Jong turn
- Risky Business #564 -- PRC suffers leak, alleged defection
- Risky Biz Soap Box: Trend Micro VP of Cloud Research Mark Nunnikhoven
- Risky Business #563 -- Phineas Phisher returns
- Risky Business #562 -- Two former Twitter staff charged over Saudi spying
The CyberWire
- PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose… new
- Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7,…
- The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord…
- RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
- Clever breaches demonstrate IoT security gaps - Research Saturday
- Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
- Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
- Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
- Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
- Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do…
- Profiling the Linken Sphere anti-detection browser - Research Saturday
- Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android…
ISC Daily Stormcast
- ISC StormCast for Friday, January 24th 2020
- ISC StormCast for Thursday, January 23rd 2020
- ISC StormCast for Wednesday, January 22nd 2020
- ISC StormCast for Tuesday, January 21st 2020
- ISC StormCast for Monday, January 20th 2020
- ISC StormCast for Friday, January 17th 2020
- ISC StormCast for Thursday, January 16th 2020
- ISC StormCast for Wednesday, January 15th 2020
- ISC StormCast for Tuesday, January 14th 2020
- ISC StormCast for Monday, January 13th 2020
Threat Intel
Reddit - Pwned
- Jeff Bezos's Phone Hacked by Saudi Crown Prince
- Hacker defaces some Iranian gov sites and puts PS752 victims names there as memorial
- Las Vegas city officials assessing impact after cyber attack - The city faces an average of 279,000 attempts to breach its systems every month
- Louisiana Community College System Hit with Ransomware - remaining grades from the last semester must be entered manually
- Ransomware Hits Maastricht University in Netherlands - All Systems Taken Down and Offline for At Least A Week
- Blue-Chip MSP Synoptek Hit By Ransomware, Paid Ransom To 'Extortionists' - the cyber attack disrupted operations at many of Synoptek’s clients
- U.S. Coast Guard says Ryuk Ransomware took down entire IT network of Maritime Facility for over 30 hours
- Malware Hits Travelex Currency Exchange Service - the New Year's Eve malware attack forced Travelex employees to resort to manual operations
- US government agency website hacked and defaced by group claiming to be from Iran
- IoT device vendor Wyze says a server leak exposed data
- UK government apologises for accidentally exposing home addresses of over 1,000 people who received New Year honours
- Massive leak leaves 267 million Facebook users' data exposed
HaveIBeenPwned
- europa.jobs - 226,095 breached accounts
- Planet Calypso - 62,261 breached accounts
- BtoBet - 444,241 breached accounts
- Go Games - 3,430,083 breached accounts
- Indian Railways - 583,377 breached accounts
- Universarium - 564,962 breached accounts
- Factual - 2,461,696 breached accounts
- Zynga - 172,869,660 breached accounts
- AgusiQ-Torrents.pl - 90,478 breached accounts
- Data Enrichment Exposure From PDL Customer - 622,161,052 breached accounts
- GateHub - 1,408,078 breached accounts
- EpicBot - 816,662 breached accounts
Privacy/VPNs
Slashdot - Rights
- 'There's Nothing Wrong With My No-Email Policy' new
- EPA Reasoning For Gutting Fuel-Economy Rule Doesn't Hold Up, Senator Finds new
- China's Battle With the Wuhan Coronavirus is Shackled by a Toxic Relationship With Information new
- Trend Micro Set Up a Fake Tech Company and Honeypot To Study Cyber Criminals
- 'Unauthorized Bread': A Tale of Jailbreaking Refugees Versus IoT Appliances
- Oregon Supreme Court Approves Measure To Limit Self-Checkout Lanes
- Apple Lawsuit Tests If An Employee Can Plan Rival Startup While On Payroll
- FCC Shuts New York Out of $20 Billion Broadband Fund, and Senators Are Angry
- Amazon Asks Court To Halt Microsoft's Work on Pentagon 'War Cloud'
- Twitter Tells Facial Recognition Trailblazer To Stop Using Site's Photos
- Nintendo Doesn't Have To Refund Digital Preorders, According To European Court
- Microsoft Discloses Security Breach of Customer Support Database Containing 250 Million Records
Reddit - Privacy
- How did this happen? new
- This may be an oxymoron, but, privacy crypto wallet on iOS? new
- New Deepfake Method Can Put Words In Anyone's Mouth new
- I asked this before but got very convoluted answers: how likely is it an ISP is giving my data to prospective colleges (I’m in high… new
- Hiding from data brokers new
- Clearview AI facial recognition tool being used by more than 600 US police agencies new
- Any good recomendation on techniques or app to keep personal files on pc? new
- Cashless businesses are now banned in NYC new
- What happened to Michael Chesbro? new
- Lemmy: An ongoing project to build a federated link aggregator (reddit-like forum) in rust. new
- Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone. new
- Class action lawsuit alleges massive security holes in Ring security devices new
Reddit - VPN
- PiVPN Wireguard set up - can't pass traffic new
- Spotify new
- Need some help setting up a vpn failover new
- VPN not working in school new
- CA Certificate vs Username/Pass, how insecure is a Username/Pass exposed to the internet? new
- My school blocked VPN’s. new
- VPN services with port forwarding?
- VPN for shopping in the US?
- Employer knowing activity at home on personal devices
- Originally posted to r/Piracy but apparently VPN is a buzz word there...
- Help me bypass my school wifi and I will share the wifi
- Need dedicated IP and Killswitch, do not need privacy. Can't find a good option.
Help Wanted
Reddit - AskNetSec
- How would you plan your career track to maximize on financial gains ($$$)? new
- Questions to ask for defining if information security department should be the owner and responsible for new solutions new
- What are some good challenging vulnerability-searching sources? new
- Possible to move from AAA game dévelopment to InfoSec ? new
- IT Security news twitter feeds new
- Privileged user accounts on 2nd system new
- Originating Computer in System Time Change Event on WK2008R2 new
- Question about port 445 and 3389 - Fingerprinting
- What do you wish your Manager/Supervisor/Director did more of to make your job better and thus you happier and more contempt at work?
- In light of the recent news about the Jeff Bezos hack, how can a whatsapp user protect themselves from similar attacks?
- Any downsides to blocking .info traffic?
- Should I do an IT bootcamp? What are the advantages over self study? (
Reddit - Netsec Students
- Infect My Computer; a request. new
- Some useful forensics tools for your forensics investigation new
- Quality sources for Industry Reports regarding Cyber Forensics? new
- Interview with Peter Kim, expert red-teamer, cybersecurity trainer, and author of The Hacker Playbook new
- SMB enumeration issues! new
- Using Memory forensics in security investigations - Beginner friendly new
- Anyone migrate into the CISA gang?
- What is cryptojacking? How to prevent, detect, and recover from it
- 7 common IT mistakes that can spark future success
- Fuzzing in complex, hard-to-read code, such as web browsers and operating systems (Magnus Klaaborg Stubman)
- Preparing for sec504 OnDemand advice?
- How to video - Detecting Malware Beacons with Zeek and RITA
Stackoverflow - Security
- Restrict PHP script only to its directory and sub directories new
- Comparing SSL Cipher Suite Notations new
- Can the AMP framework interfere with WordPress security plugins such as WordFence? new
- Where to store access token(JWT) on SPA when server is on another domain new
- How to handle a DDOS challenge response in Android App new
- Two ways to check integrity of container. Which better? new
- Copy file to network drive not working even with security configured new
- Is it unsafe to get a AES Key from AndroidKeyStore without a password? new
- Is setting X-XSS-Protection header still up-to-date solution to protect XSS attacks? new
- What's the difference between KeyDerivation.Pbkdf2 and Rfc2898DeriveBytes? new
- How to set custom keypad in PassCodeView? [closed] new
- Can I "trust" request origin parameter? new
Stack Exchange
- Can any tools/tactics produce a higher confidence in a clean system than Microsoft Security Scanner? new
- One way authentication vs two-way authentication new
- What kind of encryption is this? IMPORTANT new
- How to save the page content to a port using javascript new
- Logging into IOS applications Secure? new
- Is it safe to store user-uploaded ID scans in S3 (with server encryption)? new
- Is Signal still more secure when compared to WhatsApp and Telegram? new
- Can i get a double layer protection if I use both desktop & browser based VPN? new
- Which payment website is better in security new
- Can AWS Time Sync be argued PCI compliant? new
- XSS into Javascript? new
- Wordlist generator with specific word new
Locks/Social Engineering
Reddit - Lockpicking
- 3 for 3 (Mako Mo 427) new
- 2nd of 3 Mako Mo. 427s Picked W00T new
- Wow I Did Not Realize My Second CL Was Quite So Easy new
- The Latest Lock I Have Conquered new
- I told my reddit secret Santa I liked candy and lockpicking, so they sealed up a bag full of candy for me to open section… new
- NEW TOYS ! ! ! new
- I just got a pinning tweezer from sparrows. They don’t grab the pin. Should I file the end down? new
- Shitty hotel room door security. Be careful and be safe. new
- Just in time for the weekend! new
- Master 911 in sixty seconds flat. new
- BosnianBill/LPL Disc Detainer design coming to Sparrows late March / early April new
- Picked: Everything on the right. Unpicked: the yellow 410. new
Reddit - Social Engineering
- The Malala you won't hear about - One of the Nobel Peace Prize winners is a socialist opponent of U.S. drone strikes, but you wouldn't… new
- Why Banning Facial Recognition Misses the Real Threat Of A Surveillance Society new
- The Right Move? Getting called out via text message
- My idea
- Basic Social Engineering Guide
- How is this guy so charismatic???
- Not Bot, Not Beast: Scientists Create First Ever Living, Programmable Organism
- 50 common cognitive biases and examples
- Getting people to follow through on their commitment.
- Anyone have a script or method/brainstorm for wifi phishing?
- LeakPeek.com - Find Passwords from Email / Username for free + UK Electoral Register Search -> Useful for Social Engineering
- Looking for soc1opaths discord
Security Blogs
Security Bloggers Network
- Synopsys adds world-class security to Finastra’s banking app ecosystem FusionFabric.cloud new
- Personal Online Security – Account Management new
- Ryuk Ransomware — Malware of the Month, January 2020 new
- Security Lessons from a Division 1 Football Coach new
- Protecting Websites from Magecart and Other In-Browser Threats new
- Embracing Data Privacy Day new
- DEF CON 27, Voting Village – Kimberly Young McLear PhD ‘Organizational Cybernetics: A Key To Resilience’ new
- XKCD ‘Solar System Changes’ new
- DEF CON 27, Voting Village – Marian Schneider’s ‘Voting Systems Are Insecure: Lets Just Vote On Phones’ new
- Forrester Study on the Benefits of Cloud vs. On-Premises AppSec new
- Cybersecurity Trends to Watch in 2020 new
- Forrester Analysis on the State of Government Application Security: Government Must Make Significant Advances new
ThreatPost
- ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates new
- Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings new
- New Bill Proposes NSA Surveillance Reforms new
- Fake Smart Factory Honeypot Highlights New Attack Threats new
- Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
- U.S. Gov Agency Targeted With Malware-Laced Emails
- Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
- Cisco Warns of Critical Network Security Tool Flaw
- Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking
- Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment
- Vivin Nets Thousands of Dollars Using Cryptomining Malware
- sLoad Malware Revamped as Powerful ‘StarsLord’ Loader
digitalmunition
- IXP EasyInstall 6.2.13723 Service Port 20050 Cleartext weak encryption new
- The critical flaw is demonstrated by the common digital security algorithm new
- SuSE Linux Enterprise Server 15 munge privilege escalation new
- New EFS Ransomware Attack Uses Windows Encrypting File System Against Itself new
- Twitter’s ‘Comfortably Smug’ unveils ‘Liberal Hack Tournament’ featuring CNN, MSNBC hosts new
- Fortinet FortiOS up to 5.6.10/6.0.6/6.2.1 CLI Console Private Key information disclosure new
- Iran Hacking Group Used Open Source multi-platform PupyRAT new
- secure_headers Gem up to 3.8.x/5.1.x/6.2.x on Ruby Newline privilege escalation new
- US Government Agency Spear Phished with New CARROTBALL Malware new
- Scaling Security in Software Development: The Art of Possible new
- Ricoh Printer Drivers – Local Privilege Escalation new
- New Mac malware detected. Thousands of Apple users infected each day new
eHacking News
- Simple Tips to Prevent your WhatsApp Account from Hackers new
- Experts predicted an increase in the number of DDoS attacks in 2020 new
- Amazon Chief’s Phone Hacked by the Saudi Arab Crown Prince new
- Russian Bank reminds about the danger of transferring personal data to someone
- Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft
- Cyber Attack Alert! A Fake Factory Network Attacked With RAT, Ransomware, Malware and So On!
- More than half of Russian companies are concerned about the protection of personal data of employees and customers
- Railway Protection Force (RPF) bust a multi-crore ticket fraud
- Google Maps…Creepy or Useful?
- Bot List Containing Telnet Credentials for More than 500,000 Servers, Routers and IoT Devices Leaked Online
- Website Puts 12 Billion User Records Up For Sale and Gets Seized By US Authorities
- Ukrainian government job site posted passport scans of thousands of civil service candidates
Wired - Security
- Patreon Can't Solve Its Porn Pirate Problem new
- Inside Pwn2Own's High-Stakes Industrial Hacking Contest
- Elections Globally Are Under Threat. Here's How to Protect Them
- Jeff Bezos’ Hacked Phone, Coronavirus Hits the US, and More News
- Everything We Know About the Jeff Bezos Phone Hack
- Free Press Advocates Decry Cybercrime Charges Against Glenn Greenwald
- A Handy Chrome Feature, a Sonos Update Warning, and More News
- Donald Trump's 'National Security' Impeachment Defense Is a Red Herring
- How to Watch Donald Trump’s Impeachment Trial
- An Open Source Effort to Encrypt the Internet of Things
- Don't Ignore Chrome's New Password Checkup Feature
- FBI Takes Down Site With 12 Billion Stolen Records
Krebs on Security
- Apple Addresses iPhone 11 Location Privacy Concern
- DDoS Mitigation Firm Founder Admits to DDoS
- Patch Tuesday, January 2020 Edition
- Cryptic Rumblings Ahead of First 2020 Patch Tuesday
- Phishing for Apples, Bobbing for Links
- Alleged Member of Neo-Nazi Swatting Group Charged
- Lawmakers Prod FCC to Act on SIM Swapping
- Tricky Phish Angles for Persistence, Not Passwords
- The Hidden Cost of Ransomware: Wholesale Password Theft
- Happy 10th Birthday, KrebsOnSecurity.com
- Ransomware at IT Services Provider Synoptek
- Nuclear Bot Author Arrested in Sextortion Case
Naked Security
- Google finds privacy holes in Safari’s ITP anti-tracking system new
- Protestors petition equity firm over .org buyout new
- 9th Methbot suspect arrested in massive clickfraud ring new
- Privacy watchdog throws wider net to protect children online new
- Looking for silver linings in the CVE-2020-0601 crypto vulnerability
- UN report alleges that Saudi crown prince hacked Jeff Bezos’s phone
- Apple allegedly made nice with FBI by dropping iCloud encryption plan
- Sonos’s tone-deaf legacy product policy angers customers
- FBI issues warning about lucrative fake job scams
- Big Microsoft data breach – 250 million records exposed
- Ubisoft sues DDoS-for-hire operators for ruining game play
- NIST’s new privacy rules – what you need to know
Schneier on Security
- Friday Squid Blogging: More on the Giant Squid's DNA new
- Technical Report of the Bezos Phone Hack new
- Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained
- Half a Million IoT Device Passwords Published
- Brazil Charges Glenn Greenwald with Cybercrimes
- SIM Hijacking
- Clearview AI and Facial Recognition
- Friday Squid Blogging: Giant Squid Genome Analyzed
- Securing Tiffany's Move
- Critical Windows Vulnerability Discovered by NSA
- 5G Security
- Artificial Personas and Public Discourse
Linux Security
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020> new
- Linux Kernel Security in a Nutshell: How to Secure Your Linux System> new
- Get ready for the emergence of AI-as-a-Service> new
- Police are about to deploy 'privacy destroying' facial recognition cameras across London> new
- ProtonVPN Applications are Now 100% Open Source>
- Weakening Encryption Could Impact Election Security, Coalition Says>
- ProtonVPN apps handed to open source community in transparency push>
- Why Artificial Intelligence Is The Smart Way to Form Real Bonds With Customers>
- The Performance Cost To SELinux On Fedora 31>
- Amazon’s Ring blamed hacks on consumers reusing their passwords. A lawsuit says that’s not true.>
- Washington State Lawmakers Introduce Legislation Regulating Data Privacy, Facial Recognition>
- EU considers banning facial recognition technology in public spaces>
Dark Reading
- New Social Engineering Event to Train Business Pros on Human Hacking new
- 7 Steps to IoT Security in 2020 new
- 5 Resume Basics for a Budding Cybersecurity Career new
- Online Employment Scams on the Rise, Says FBI new
- The Annoying MacOS Threat That Won't Go Away
- 'CardPlanet' Operator Pleads Guilty in Federal Court
- DHS Warns of Increasing Emotet Risk
- NSA Offers Guidance on Mitigating Cloud Flaws
- Deconstructing Web Cache Deception Attacks: They're Bad; Now What?
- Severe Vulnerabilities Discovered in GE Medical Devices
- Weathering the Privacy Storm from GDPR to CCPA & PDPA
- Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
Whitehat Security Blog
HITB News
- Saudi Hack of Bezos' Phone Shines Bright Light on Security Challenges new
- LastPass accidentally deleted its own Chrome extension new
- Librem 5 phone hands-on—Open source phone shows the cost of being different new
- Patreon Can't Solve Its Porn Pirate Problem new
- Experts: Windows Feature Can Be Used as Ransomware new
- Shlayer malware puts thousands of macOS devices at risk new
- London Police Amp Up Surveillance With Real-Time Facial Recognition new
- How the North Korean hackers behind WannaCry got away with a stunning crypto-heist new
- Adult website leaves sex workers' personal information vulnerable, report says new
- Trend Micro antivirus zero-day used in Mitsubishi Electric hack new
- Microsoft Looms Over the Privacy Debate in Its Home State
- Mac users are getting bombarded by laughably unsophisticated malware
The RISKS Digest
- Re: What happens if your mind lives forever on the Internet?
- Company shuts down because of ransomware, leaves 300 without jobs just before holidays
- Fresh Cambridge Analytica leak 'shows global manipulation is out of control'
- Europe rejects patent applications signed with AI inventor
- Amazon' Next-Day Delivery Has Brought Chaos And Carnage To America's Streets, But The World' Biggest Retailer Has A System To Escape The Blame
- 737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight
- 'Shattered' -- Inside the secret battle to save America's undercover spies in the digital age
- The Internet Is No Longer a Disruptive Technology
- Software Glitch Affects 14,000 New York City Parking Meters
- The Ghost of Y2K hits Hamburg
Kaspersky Blog
- Transatlantic Cable podcast, episode 126
- RIP Windows 7. What now?
- Web-threat protection and targeted attacks
- Safer smartphones for schoolchildren
- You, me, and Facebook makes three
- Going green in IT: How and why
- Uncle Sam compensates you for data leaks (yeah, right)
- Transatlantic Cable podcast, episode 125
- Can you trust digital signatures in PDF files?
- The Faketoken Trojan sends out offensive texts
- 11 Years of Making a Difference
- Four theories for better learning
Adam Shostack & friends
- Threat Model Thursday: Files
- Cryptographic Excitement
- Enter the SpudNet
- 100,00 Moon Shots
- Threat Modeling Thursday: The Human Element
- Threat Modeling Thursday: Machine Learning
- Echo, Threat Modeling and Privacy
- Star Wars Episode 9 is a week away!
- Encryption & Privacy Policy and Technology
- Empirical Evaluation of Secure Development Processes
- Goodbye, Feedburner
- Books Worth Your Time (Q4)
Graham Cluley
- We’re dung for! Hackers hit firms with ransomware by exploiting Shitrix flaw new
- You want your photo removed from our facial recognition database? Just send us your photo and government-issued ID… new
- Sonos backtracks (a little) over its software updates fustercluck new
- Whoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back now new
- Ransomware: The average ransom payment has doubled in just three months
- Traffic jams could be worse than normal, because of the Shitrix vulnerability
- A free tool for detecting Shitrix-related compromises on your business network
- Smashing Security #162: Robocalls, health hacks, and facial recognition fears
- Plastic surgery patients at risk after ransomware attack
- Teenager charged over $50 million SIM-swap cryptocurrency theft
- Microsoft data breach exposes 250 million customer service and support records
- Jeff Bezos, WhatsApp, and Mohammed bin Salman – what you need to know
Rapid7
- Seven Tips for Better Cloud Security in 2020 new
- Discover the New BMC Remedy ITSM Plugin for InsightConnect
- Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model
- Better Together: How to Collaborate to Drive Vulnerability Remediation Among Security, IT, and DevOps Teams
- Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know
- How to Get Started with the InsightVM Integration for ServiceNow CMDB
- Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
- How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
- Announcing the 2020 Metasploit community CTF
- Patch Tuesday - January 2020
- How to Define and Communicate Vulnerability Risk Across Your Company
- Simplify Your Data Search with Query Builder in InsightVM
Hacker News (YCombinator) - Security
- Does Your Domain Have a Registry Lock? new
- Kube-scan: Octarine k8s cluster risk assessment tool new
- Questions to Ask at the Start of a New Software Project new
- Hacking the Job Search with Fifty Dollars of Free LinkedIn Credit new
- Police Begins Operational Use of Live Facial Recognition in London new
- Police begin operational use of live facial recognition technology in London new
- We Wasted $50K on Google Ads So You Don't Have To (2019) new
- US Department of Justice Argues Assange Has No First Amendment Rights new
- Google Cloud’s Secrets Manager new
- Show HN: Top PDFs Posted to Hacker News in 2019 Computed from Internet Archive
- Hundreds of surveillance experiments along the U.S.-Mexico border
- My Emacs Productivity Tricks/Hacks
Hacker Noon #Security
- Personal Security Online Is Not Complicated new
- Finding The Privacy Balance - Is There Such Thing as Too Much Privacy? new
- Is Building Digital Escapes Ethical? new
- AI in Healthcare: Personalized Meds, Data Security, Virtual Nurses, More new
- 6 Types of Web Hosting to Consider new
- A Non-Technical Intro to The Brave Browser and How it Protects You, Your Data, and Your Privacy! new
- How to Install Free SSL Certificates on WordPress Websites
- Complete Guide to Choosing the Best Billing & Invoicing Software
- Getting Authentication Correct
- The Biggest Data Privacy Risks For Every User
- Personal Data Protection: Mission Impossible?
- Enable Secure Sovereign Identity: Avatars by Metaverse
Security in Mainstream Media
Google News Hacking
- Twitter's 'Comfortably Smug' unveils 'Liberal Hack Tournament' featuring CNN, MSNBC hosts - Home - WSFX new
- Hackers Stole $10.5 Million From Richardson Company: Feds - NBC 5 Dallas-Fort Worth new
- Cybersecurity: New companies are helping enterprises fight hacking menace - The Financial Express new
- Facebook official struggles to explain Bezos' WhatsApp hack - Mashable new
- Woman shares ingenious money-saving cruise ship hack - Yahoo Lifestyle new
- Behind The Suspected Saudi Arabian Hacking Of Jeff Bezos' Phone - NPR new
- Trend Micro antivirus zero-day used in Mitsubishi Electric hack - ZDNet new
- Explainer: Bezos allegations put phone hacking technology in the spotlight - Reuters new
- Wyden calls on NSA to examine White House cybersecurity following Bezos hack | TheHill - The Hill new
- Portland children’s clothing retailer Hanna Andersson says hackers stole customers’ credit card info - OregonLive new
- How the North Korean hackers behind WannaCry got away with a stunning crypto-heist - MIT Technology Review new
- What Is House Hacking? - Is House Hacking a Good Idea? - GoodHousekeeping.com new
Google Cyber Security
- International Pressure Raises Cybersecurity Threats | Pillsbury Winthrop Shaw Pittman LLP - JD Supra new
- North Dakota's Cybersecurity Education Iniative | The Mighty 790 KFGO - KFGO News new
- Months from 2020 election, Va. updates cybersecurity, voting equipment rules - WTOP new
- The global railway cybersecurity market is estimated to grow at a CAGR of 9.8% from USD 6.0 billion in 2019 to USD 12.6 billion by… new
- ETF of the Week: Global X Cybersecurity ETF (BUG) - ETF Trends new
- UWF secures $2.4 million grant to support cybersecurity students - Pensacola News Journal new
- FDA issues cybersecurity alert on GE Healthcare medical devices - Healthcare IT News new
- Pentagon Updating Cybersecurity Guidance - National Defense Magazine new
- Cybersecurity isn't infrastructure? 'Like hell it isn't' warned New Orleans mayor - StateScoop new
- Atlanta Metro Area County Increases Cybersecurity Budget - Government Technology new
- Ohio Fills New Job Overseeing Cybersecurity for Elections - Government Technology new
- Cyber security experts say there is not conclusive proof Saudi Arabia hacked Jeff Bezos - Daily Mail new
Thirsty for more
Hacker News (YCombinator)
- Vine founder launches TikTok competitor new
- Linode launches free DDoS protection new
- The Farewell Address new
- Normalization of Deviance (2015) new
- Google backtracks on search results design new
- Mux is hiring a Product Designer to help improve video streaming for billions new
- Belyayev's Fox Experiment new
- Bezos’ Girlfriend Gave Texts to Brother Who Leaked to National Enquirer new
- Don't rinse with water straight after toothbrushing new
- JetBrains to reimagine IntelliJ as text editor, add machine learning new
- Second Travel-Related Case of 2019 Novel Coronavirus Detected in United States new
- Show HN: Phoenix – a macOS window and app manager scriptable with JavaScript new
Reddit - Cyberpunk
- Digging for an underground train station in Montreal new
- *Subliminal Messages about Weinstien in Blade Runner 2049 LISTEN* new
- This is a proof of concept piece for Levitating a dab on an ultrasonic transducer array then smoke it out of midair with a laser… new
- Futuristic Billboards new
- Is the upcoming Cyberpunk2077 based upon a false cyberpunk premise? new
- why the fuck does this sub worship elon. new
- Cyber arm new
- What's your favorite cyberpunk cityscape from a film? new
- [OC] Food delivery robots are taking over my college campus. They’re everywhere. It feels like a South Park episode new
- I made a cyberdeck inspired by the Matrix, more info in the comments and on my site at back7.co new
- Cyberpunk Chicago? new
- Laying in water by Milosz Wojtasik new
Reddit - Security CTF
- Automatic ROPChain Generation using Exrop (https://github.com/d4em0n/exrop)
- PwnDayCTF
- i need 2 guys to play with me now
- Player: Hack The Box Walkthrough
- Hack the Box Writeup: Player
- Hack the Box - Player - Write up
- New here and got some questions
- CTFs
- Reverse quizz on twitter
- A new efficient way to use keepass on Linux
- Google Hall Of Famer: How I Gain Access to Google's Internal Management Interface
- Attack | Defense - Metasploit Pivot CTF 1
Reddit - Sysadmin
- NTFS Long file paths enabled by default in 1909? new
- Need some advice on tasking new
- Visitor Check-in/Unmanned reception software and hardware new
- Where do folks look for sysadmin jobs? new
- How it used to be done...and how much it cost. new
- Linux on various raid arrays new
- Zero-budget Windows Management Options new
- Java showing IPv6 traffic on a 2012r2 server with no IPv6 enabled? new
- Response from ConnectWise CEO new
- Demobilizing IT environment new
- Regularly scheduled maintenance new
- We are "unruly denizens" new
Lobste.rs
- nix-freeze-tree-0.1.0.0 - Freeze a tree using fixed-output derivations new
- Peeking inside C++/CX delegates new
- What do you use for performance testing? new
- Record/Replay testing in Sorbet new
- Mirage JS new
- StackGhost Hardware Facilitated Stack Protection (2001) new
- Cameron's World (A love letter to the Internet of old) new
- Why the Sorbet typechecker is fast new
- Edge Networking’s Last Resort new
- Browsh -- the modern text-based browser new
- JQF: Coverage-Guided Property-Based Testing in Java new
- Haskell For a New Decade new