Security News

Daily Security News

Exploits

Tools

Vulnerabilities

Reversing/I like ASM

Malware/APT

Crypto

Podcasts

Threat Intel

Privacy/VPNs

Help Wanted

Locks/Social Engineering

Security Blogs

Mainstream Media

Thirsty for more

Daily Security News

PacketStorm
Roaring Trade In Zero-Days Means More Vulns Are Falling Into The Hands Of State Spies new
Over 350,000 Microsoft Exchange Servers Still Open To Flaw new
Hackers Have Been Quietly Targeting Linux Servers new
School Districts Reportedly Ban Use Of Zoom Over Security Issues
DarkHotel Hackers Use VPN Zero-Day To Breach Chinese Government Agencies
Data Watchdog Calls For Single EU Coronavirus App
Cryptocurrency Issuers, Exchanges Face U.S. Class Action Lawsuits
Google Data Shines Light On Whether Coronavirus Lockdowns Worldwide Are Working
14 Million Key Ring Users Exposed In Open Database
Zoom Remove Data-Mining LinkedIn Feature
Google Squashes High Severity Flaws In Chrome Browser
Trump Administration's Lack Of A Unified Coronavirus Strategy Will Cost Lives, A Dozen Experts Say
The Register
China and Taiwan aren't great friends. Zoom sends chats through China. So Taiwan’s banned Zoom new
New year, old threats: Malware peddlers went into overdrive in Q1, says Trend Micro new
Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission new
Atlassian issues advice on how to keep your IT service desk secure... after hundreds of portals found facing the internet amid virus lockdown new
Mozilla plugs two Firefox browser holes exploited in the wild by hackers to hijack victims' computers
Roaring trade in zero-days means more vulns are falling into the hands of state spies, warn security researchers
Kaspersky cleans up poisoned watering hole, Google presses pause on cookie crackdown
British Airways and Marriott UK data protection fines deferred again as coronavirus shutdown hits business
Pan-European group plans cross-border contact-tracing app – and promises GDPR compliance
Watch: Rare Second World War footage of Bletchley Park-linked MI6 intelligence heroes emerges, shared online
Not only is Zoom's strong end-to-end encryption not actually end-to-end, its encryption isn't even that strong
NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it's suing us over
Reddit - NetSec
Scanner of Default Logins in Administrative Web Interfaces new
Don't miss your next Bounty new
Offensive OSINT s01e01 - OSINT & RDP new
Not just another BGP Hijack new
Hosting Crypto Nodes – 5 Best VPS Providers Compared new
Conceptual Attack Graphs - How to create and present them new
Uncovering OpenWRT remote code execution (CVE-2020-7982) new
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR
Internet of Things - Penetration Testing OS
Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs
How we abused Slack's TURN servers to gain access to internal services
OWASP’s Virtual Conference April 28-29 AppSec Days
Bleeping Computer
NASA under 'significantly increasing' hacking, phishing attacks new
Drug testing firm sends data breach alerts after ransomware attack new
BEC gift card scams switch to online stores due to pandemic new
Scammers target Australians financially affected by pandemic new
Microsoft script installs Folding@Home in Windows 10's Sandbox
80% of all exposed Exchange servers still unpatched for critical flaw
PSA: Fake Zoom installers being used to distribute malware
Interpol: Ransomware attacks on hospitals are increasing
New Microsoft Edge features will make you more productive
Microsoft: Emotet Took Down a Network by Overheating All Computers
Zoom's Web Client is Down, Users Report 403 Forbidden Errors
New Coronavirus-Themed Malware Locks You Out of Windows
The Hacker News
Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset new
Secure Remote Working During COVID-19 — Checklist for CISOs new
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
Webinar — Autonomous Breach Protection: The New Security Paradigm Shift

Threat Wire

Exploits

Packet Storm Exploits
dnsmasq-utils 2.79-1 Denial Of Service new
Microsoft Windows Net Use Insufficent Authentication
LimeSurvey 4.1.11 Cross Site Scripting
Vesta Control Panel Authenticated Remote Code Execution
SMBv3 Compression Buffer Overflow
Pandora FMS Ping Authenticated Remote Code Execution
PlaySMS index.php Unauthenticated Template Injection Code Execution
pfSense 2.4.4-P3 User Manager Cross Site Scripting
Bolt CMS 3.7.0 Remote Code Execution
Vanguard 2.1 Cross Site Scripting
WhatsApp Desktop 0.3.9308 Cross Site Scripting
ZOC Terminal 7.25.5 Denial Of Service
Exploit-DB Webapps
[webapps] LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
[webapps] Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
[webapps] WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
[webapps] Bolt CMS 3.7.0 - Authenticated Remote Code Execution
[webapps] LimeSurvey 4.1.11 - 'File Manager' Path Traversal
[webapps] pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
[webapps] Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
[webapps] Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
[webapps] Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
[webapps] Joomla! com_fabrik 3.9.11 - Directory Traversal
[webapps] Zen Load Balancer 3.10.1 - Remote Code Execution
[webapps] ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit-DB Local and Privilege Escalation
[local] Memu Play 7.1.3 - Insecure Folder Permissions
[local] Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
[local] Microsoft NET USE win10 - Insufficient Authentication Logic
[local] AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
[local] DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
[local] 10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)
[local] 10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
[local] Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
[local] Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
[local] AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
[local] 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path
[local] 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
Exploit-DB DoS
[dos] ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)
[dos] dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)
[dos] Nsauditor 3.2.0.0 - 'Name' Denial of Service (PoC)
[dos] UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC)
[dos] Frigate 3.36 - Denial of Service (PoC)
[dos] UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)
[dos] ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)
[dos] UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)
[dos] SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
[dos] Product Key Explorer 4.2.2.0 - 'Key' Denial of Service (PoC)
[dos] DiskBoss 7.7.14 - Denial of Service (PoC)
[dos] FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
[remote] DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
[remote] Redis - Replication Code Execution (Metasploit)
[remote] IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
[remote] SharePoint Workflows - XOML Injection (Metasploit)
[remote] Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
[remote] CyberArk PSMP 10.9.1 - Policy Restriction Bypass
[remote] Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)
[remote] Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
[remote] Rconfig 3.x - Chained Remote Code Execution (Metasploit)
[remote] ManageEngine Desktop Central - Java Deserialization (Metasploit)
[remote] Drobo 5N2 4.1.1 - Remote Command Injection
[remote] Nagios XI - Authenticated Remote Command Execution (Metasploit)

LiveOverflow

Vulnerabilities

Tools

Exploit Dev

Reddit - Exploit Dev
0CTF Quals (2017) - babyheap CTF Writeup
CVE-2020-8423: exploiting the TP-LINK TL-WR841N V10 router
Spotted in the WIld | JS Injection
34C3 (2017) - SimpleGC CTF Writeup
Hacking the art of exploitation samples ?
SECCON (2017) - election CTF writeup
CVE-2020-3947: Use-After-Free Vulnerability in the VMware Workstation DHCP Component
SECCON (2017) - secure_keymanager CTF writeup
SECCON (2017) - video_player CTF writeup
CSAWQuals (2017) - SCV writeup
A collection of pwn challenges from various CTFs
Bypass ASLR
Source Incite
Silent Schneider :: Revealing a Hidden Patch in EcoStruxure Operator Terminal Expert
Busting Cisco's Beans :: Hardcoding Your Way to Hell
Google Project Zero
TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln
Escaping the Chrome Sandbox with RIDL
Mitigations are attack surface, too
A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering
A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering
Part II: Returning to Adobe Reader symbols on macOS
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
Security Researchers
If You Can't Patch Your Email Server, You Should Not Be Running It new
RedELK Part 3 – Achieving operational oversight new
Conducting Onsite Security Testing – Remotely?
Move Fast and Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
Seeing Book Shelves on Virtual Calls
About them Zoom vulns...
Cyber Essentials: What is changing?
Top 12 tips every pentester should know
Mark-of-the-Web from a red team’s perspective
Skill Levels in Digital Security
Open Banking: Open for Business
When You Should Blog and When You Should Tweet

Reversing/I like ASM

Reddit - Reverse Engineering
No Starch Press is publishing The Ghidra Book (releasing in June 2020) new
A detailed look at how the TP-Link Archer A7 wireless router was exploited at Pwn2Own Tokyo new
IDA Home is coming new
Practical Binary Analysis: Chapter 05 level3, solution and writeup new
OriginTracer: An In-Browser System for Identifying Extension-based Ad Injection new
Gunslinger: A URLScan Hunting Tool
Oregami: a new IDA plugin to follow register usage frame. Very useful for reversing embedded systems
Excision: An In-Browser System for Detection of Malicious Third-Party Content Inclusions
Practical Binary Analysis Chapter 11: format string detector
Practical Binary Analysis Challenge Writeup for Level 2
Incorrectness Logic by Example
Crawlium (DeepCrawling): A crawling platform based on Chrome (Chromium) browser to get a deeper look into the ecosystem of content inclusion on the Web.
Reddit - Game Hacks
Looking for EFT hacks
How to make an OpenGL ESP Tutorial
Undetected Hacks for multiplayer games
Clashroyale hack
Aimbot for cod?
EFT hacks
Dead by Daylight hacks
Minecraft 1.15 FREE w/ Online
CHEATING in Skribble.io
$15 aimbot $5 Spoofer
Hacks for tlopo
(BIG SALE)$15 lifetime FN Hack (Sale, ONLY 24 HOURS)
Reddit - REGames
Has anyone decompiled Resident Evil 4? new
Why don't games cracking SCENE GROUPs release their techniques with the public so the community gets more rich and more people will help develop cracks…
Baby's first XOR Cipher in Colin McRae Rally 04 - another thought process for a trivial case
OpenDW: An open source reverse engineered version of Interplay's 1990s Dragon Wars (WIP)
Finding actual (network) exploits: improving skills?
What do look for in decompilation for decryption?
Is it possible to recreate servers for a ps3 game?
What is Unity Engine normal map texture format?
Where to start in decrypting files
Reverse Engineering Unity Game to Extract Audio
Finding and calling Richard Burns Rally play replay function - I documented my thought process resulting in simple yet practical example
Team to unpack and relive this game
StackExchange - ReverseEngineering
Develop a Hello World plugin for Ollydbg new
Android app crashes even while not edited, how can I solve it? new
exploiting a binary using ret2libc new
Is frida-server latest version compatible with old Android versions new
Problems after export patch new
Find password in a c compiled binary file
structures defined on stack?
ld-uClibc.so.0: No Such file or directory when running qemu-mipsel-static
Function prototypes given by Ghidra is not consistent
Detours not cleaning the stack correctly
How to scan the ECU Delphi MT05?
Force command line argument into exe running java

Guided Hacking

Malware/APT

Reddit - Malware
Sandbox to detonate malware and phishing links for the team at work new
[Information] Unique PC identifier called by this software (imports in post) new
[Blog Article] Weird, Scary, and Annoying malware new
Nanocore & CypherIT new
Discord link that got access to account
Locating Spyware on a bricked phone
Suggestions
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
Trojan Agent Tesla - Malware Analysis
BotGrabber: An Anomaly-based Botnet Detection System
All courses (including DFIR) are free at PluralSight during April 2020
(Meta) Earning legitimate money as a malware developer
Unit42
Grandstream and DrayTek Devices Exploited to Power New Hoaxcalls DDoS Botnet
GuLoader: Malspam Campaign Installing NetWire RAT
SilverTerrier: 2019 Nigerian Business Email Compromise Update
Don’t Panic: COVID-19 Cyber Threats
New Mirai Variant Targets Zyxel Network-Attached Storage Devices
Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
2020 Unit 42 IoT Threat Report
Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
Cortex XDR™ Detects New Phishing Campaign Installing NetSupport Manager RAT
Can You Trust Your AutoIT Decompiler?
Wireshark Tutorial: Examining Qakbot Infections
Unit 42 CTR: Leaked Code from Docker Registries
FireEye Threat Research
Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation new
Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One
FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG
Kerberos Tickets on Linux Red Teams
It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit
Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats
Six Facts about Address Space Layout Randomization on Windows
They Come in the Night: Ransomware Deployment Trends
Crescendo: Real Time Event Viewer for macOS
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

Bug Bounties

Crypto

Reddit - Crypto
Transport Layer Security Matrix new
Earn free crypto with Gain new
How to decode Bilateral Ciphers? new
CryptoHack - A fun challenge platform for learning cryptography new
Can someone pls tell me what cipher this is. My sister gave it to me for my birtday and I can't figure it out. Thanks!… new
Why are some new algorithms adopted so quickly these days? new
The Zoom Encryption Debate new
Hashing passwords new
Cofactor Explained: Clearing Elliptic Curves' dirty little secret new
Earn 100 TWT new
Is the main Wikipedia page on elliptic curves wrong in its definition? new
Timing side channels for defensive purposes
StackExchange - Crypto
How to make sure non-open source programs are really using end-to-end encryption? new
Could Helios Voting be changed to allow cumulative voting? new
Fooling Proof-of-Storage Protocols. What's the difference with Length-Extension attack? new
In ElGamal, how does knowing the secret number used for a signature reveal the signer's private key? new
How to compute an identity function on encrypted vector by using a third party? new
How to implement ECC sec256pk1 in C language new
Why can a symmetric encryption algorithm be considered a pseudo-random number generation algorithm? new
random mask reversible after homomorphic encryption new
How random are permutations generated from Feistel networks with a small number of rounds? new
Good Books for self learning crpytography basics new
Curve25519 Specification new
Algorithm for factoring a 30 decimal digit number

Podcasts

Security Weekly
Mad Skillz - PSW #645
The Idaho Experience - PSW #644
A Bunch of Old Farts - PSW #643
Balance of Power - PSW #642
The Pit - PSW #641
Hacking Back - PSW #640
Leaky Secrets - PSW #639
Come Hang Out! - PSW #638
What Could Go Wrong - PSW #637
Something Sanitary - PSW #636
Lots of Smoke - PSW #635
The Knuckle Busters - PSW #634
Risky.Biz
Feature Podcast: Voting in 2020 will likely be by mail
Risky Business #577 -- Stir crazy lockdown edition (reposted)
Risky Biz Soap Box: VPNs are out, identity-aware proxies are in
Risky Business #576 -- Are cloud computing resources the new toilet paper?
Volunteers and vigilantes back hospital InfoSec
Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates
Risky Biz Soap Box: Trend Micro's Jon Clay talks ransomware and being a portfolio company
Risky Business #574 -- EARN IT Act targets crypto, Joshua Schulte to be retried on most serious charges
Risky Biz Soap Box: Chris Kennedy on the latest MITRE ATT&CK developments
Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more
Risky Biz Soap Box: Cmd's Jake King talks Linux security
Risky Business #572 -- Equifax indictments land, some big Huawei news
The CyberWire
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud. new
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
Your Security Stack is Moving: SASE is Coming.
A rough year ahead for ransomware attacks - and how to stop them.
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Hidden dangers inside Windows and LINUX computers.
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
Cyber Security Interviews
#083 – Nate Fick: Give Teams Autonomy
#082 – Jamil Jaffer: Not All Nation-state Activity Is the Same
#081 – James Patchett: Make Small Businesses Safe
#080 – Heather Mahalik: Earn The Tool
ISC Daily Stormcast
ISC StormCast for Wednesday, April 8th 2020 new
ISC StormCast for Tuesday, April 7th 2020
ISC StormCast for Monday, April 6th 2020
ISC StormCast for Friday, April 3rd 2020
ISC StormCast for Thursday, April 2nd 2020
ISC StormCast for Wednesday, April 1st 2020
ISC StormCast for Tuesday, March 31st 2020
ISC StormCast for Monday, March 30th 2020
ISC StormCast for Friday, March 27th 2020
ISC StormCast for Thursday, March 26th 2020

Threat Intel

Reddit - Onions
Hydroxychloroquine on DNM’s? new
Is there a safe way to buy pills directly to my house? new
can't access dread new
I'm new anyone wanna give me some cool links new
Rhodium new
Hacking forum new
Tor on IOS
I trying to explore... help out please
Newbie Tuesdays - Don't know where to start? Worried about your security? Other questions? Post in here!
anybody here in South Africa? need help
I'm a new tor user and I'm looking for some interesting .onion sites to get started with. Obviously I don't want any illegal site I'm…
Link to howto's .onion link
Reddit - Pwned
Personal details for the entire country of Georgia published online
Hacker Steals Millions of Accounts from Yu-Gi-Oh Fan Project ‘Dueling Network’
Czech hospital hit by cyberattack while in the midst of a COVID-19 outbreak
Cyberattack paralyzes California City of Torrance email, website, credit card payments
Ransomware attack disables IT provider for Australian & New Zealand wool markets; forces cancellation of wool sales across Australia
North Carolina city and county governments of Durham victims of Ryuk ransomware attack
Former DHS official charged with theft of confidential government software, databases
Visser Precision, parts-maker for Tesla, SpaceX, and Boeing hit by data-stealing ransomware. Stolen files and documents published online
360,000 Quebec teachers PII possibly compromised in breach of Ministère de l’Éducation et de l’Enseignement supérieur network
Mexico's Office for Economic Affairs hit by cyber attack; mail and archive servers affected, but "sensitive information" considered not compromised
The hacker who breached SlickWraps and irresponsibly disclosed it publicly has now deleted their Twitter account
Slickwraps Data Breach Exposes Financial and Customer Info - "White Hat" hacker irresponsibly disclosed the vulnerability and breach
HaveIBeenPwned
HTC Mania - 1,488,089 breached accounts
OGUsers (2020 breach) - 263,189 breached accounts
Dueling Network - 6,486,626 breached accounts
Tamodo - 494,945 breached accounts
PropTiger - 2,156,921 breached accounts
The Halloween Spot - 10,653 breached accounts
AnimeGame - 1,431,378 breached accounts
Straffic - 48,580,249 breached accounts
Slickwraps - 857,611 breached accounts
MGM Resorts - 3,081,321 breached accounts
DailyObjects - 464,260 breached accounts
Tout - 652,683 breached accounts

Privacy/VPNs

Slashdot - Rights
Easy-To-Pick 'Smart' Locks Gush Personal Data, FTC Finds new
Taiwan Tells Agencies Not To Use Zoom On Security Grounds new
In a First, China Knocks US From Top Spot in Global Patent Race new
Trump Signs Executive Order To Support Moon Mining, Tap Asteroid Resources new
US Schools Are Banning Zoom and Switching To Microsoft Teams
UK Government Encourages Social Distancing With In-Game Health Messages
PayPal and Venmo Are Letting SIM Swappers Hijack Accounts
Russia Accused of Spreading Coronavirus Disinformation
IBM is Deploying Its Watson AI to Help Governments Answer People's Covid-19 Questions
The Story of The Doctor Who Ordered America's First Covid-19 Lockdown
Pandemic Shutdowns Will Help the Economy, Too
Not Just 'The Death of IT'. Cringely Also Predicts Layoffs For Many IT Contractors
Reddit - Privacy
Linux Security: Chinese State Hackers May Have Compromised ‘Holy Grail’ Targets Since 2012 new
A great privacy news website new
Democratic senators question Google over decision to release coronavirus location data new
Fun Project: Overkill Multiple Security OS Setup Help new
Can random people see your search history or am I truly having a paranoia episode? new
Does privacy.com ever refund the confirmation charge? new
Weird behaviour during OS X (Mac OS) update, Catalina 10.15.4 new
Just because you can, doesn't mean you should. Smart toilet identifies you by your analprint. Can you imagine how they did QA? new
Where can I find the data shared with Google by third-party analytics companies? new
hide something within a photo new
How do you handle people violating your privacy and not realizing? new
Lie after lie new
Reddit - VPN
Can my boss see my VPN usage? new
If I'm using a VPN to connect to my work, can my boss view my login credentials? new
Why am I getting this ? new
Looking for the correct VPN client software. I got some credentials but don't know what to do with it new
Looking for cheap wireless routers with openvpn protocol. new
FTP Client searching local network before VPN new
VPN - Help/Suggestions new
How much faith can I have in Pango (TouchVPN) privacy policy ? new
My service provider is showing an outage in my area and my WiFi is down but when I connect to my VPN, I can get…
Work-From-Home VPN Personal Device & Separate Work Device
browser specific vpn
Sonicwall Global VPN Client Issues

Help Wanted

Reddit - AskNetSec
Program requires a root CA to validate an ID on user's computer. How best to proceed? new
Mapping Microsoft Security Bulletins to CVEs new
Why isn't FIDO2 everywhere yet?
What is the best way to learn how to break down malicious activity in a Windows Environment?
Common reason for authentication failures?
Endpoint Security Solution
Is there a way to fully remove browser extensions and adware from managed computers remotely?
Is depth knowledge of Networking essential?
How to go from Navy Linguist to Cyber field?
Getting HSTS warnings for a few websites and it happens across multiple browsers. how should I respond?
As a pentester, do you install programs on compromised server?
Hacker Playbook question - relevance
Reddit - Netsec Students
Tools/Sandbox to detonate malware and phishing links for the team at work new
[video] Surviving Denial of Service Attacks new
CryptoHack – A fun CTF platform for learning modern cryptography new
Lean hacking new
Looking to land your first job in the cloud? Check this out! new
Getting Started with Burp Suite on Ubuntu new
How long does it take to triangulate a WiFi device new
Securing Your VPN: Six Considerations and Best Practices
Top 5 Programming Languages for CyberSecurity in 2020
The OSINT-ification of Job Boards: Hunting the Hunters
How to combine multiple wordlists and remove duplicates and save it?
What would be the PERFECT wordlist for dictionary attacks?
Stackoverflow - Security
OWIN existing implementation issues & whether there is a good authentication architecture? new
iOS Swift Diffie-Hellman key exchange to encrypt and decrypt messages? using Secure Enclave new
Does node execute server-side scripts based on file extension or type similar to php? new
Best practices for Encryption in Android [closed] new
Replace Conscrypt library in Jetty new
asp.net core identity cookie replay attack new
Python, Store root password securely [duplicate] new
OneSignal - security concerns new
http videos not play on https site on Video.js new
Is a $_GET value which is referred to only in a if equality statement making my server vulnerable to code injection? [duplicate] new
Modifying iframe in chrome with disabled CORS security new
What are the potential risks of not using a Web Application Firewall? new
Stack Exchange
Run an app via meterpreter new
Burpsuite Crawling - Display Function Location on Result new
using ping to enrich entropy of dev/random new
bug hunting as a user new
How can I deal with this SQL injection? new
HOW TO: Manjaro LUKS encryption with a keyfile from a pendrive new
AMD SEV equivalent of Intel SGX EGETKEY? new
Do SIEM, IAD, and UAM work together to track employee activity? [closed] new
smart card authentication process new
Reuse Firebase Token for other authentication purporses new
Is a firewall enough of a security measure for an Ubuntu server that hosts a website? new
understanding openid-connect and TLS new

Locks/Social Engineering

Reddit - Lockpicking
A little sentimentality. new
After progressive pinning I have finally joined the 1100 club new
We had a healthy discussion on the discord tonight about brute forcing a Smartkey Gen 3, so I gave it a try. new
2nd pick in progress. Found the best tool so far for holding the blank - vice grip sheet metal pliers. Lots of support and clearance… new
Holy crap, took me 2 weeks FINALLY got it!! new
Key way pick new
Can this lock be used to get your white belt new
First attempt at homemade pick. Handle modeled after Lock Noob’s design. He made a great video on making picks. new
What is the make of this lock ? new
Not as hard as I expected new
Corbin Master Ring new
Tubular lock picked and possibly bricked. I have been trying to do this for months. Got the plug to move this far and... nothing. Glad… new
Reddit - Social Engineering
ENVIRONMENTAL DECISIONS IN THE FACE OF UNCERTAINTY new
The Hitchcock Method – A Quintessential People Management Strategy new
The Ten Elements of Community new
Being harassed need help new
Frame Control Explained: Influence People & Get What You Want (Text Examples)
How to Integrate Your Shadow - The Dark Side is Unrealized Potential
Give me your tired, your poor...Ms. Liberty, now!
Wearing the 'right' clothing
Cultivating adaptability is a pandemic coping skill
How to get into/learn social engineering?
Hi, I wanted to know if there’s anything out there that’s on a higher level than “The 48 Laws of Power” by Robert Greene
There is such a thing . . Even the morally promiscuous

Hak5

Security Blogs

Security Bloggers Network
5 Tips for Successful Remote Workforce IT Management new
How to Scale User Provisioning new
Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure new
True Passwordless? Show me… new
Business Continuity During the COVID-19 Outbreak – We Are Here to Help new
The Citizen’s Guide to Spotting Fake News | Avast new
SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities new
Shmoocon 2020 – Xena Olsen’s ‘Adversary Detection Pipelines: Finally Making Your Threat Intel Useful’ new
Cloud Series: Which Cloud Solution Is Right for You? new
11 Ways to Strengthen Cyber Hygiene With a Remote Workforce new
The Joy of Tech® ‘A Chat With Zoom!’ new
Russia Hijacks Traffic of Huge Cloud and CDN Services new
ThreatPost
Serious Exchange Flaw Still Plagues 350K Servers new
xHelper: The Russian Nesting Doll of Android Malware new
FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks new
Official Government COVID-19 Apps Hide a Raft of Threats new
A Brisk Private Trade in Zero-Days Widens Their Use
FBI Threatens ‘Zoom Bombing’ Trolls With Jail Time
Government VPN Servers Targeted in Zero-Day Attack
Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
Self-Propagating Malware Targets Thousands of Docker Ports Per Day
Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks
Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
digitalmunition
Red Hat Security Advisory 2020-1349-01 ↭ new
Red Hat Security Advisory 2020-1379-01 ↭ new
Red Hat Security Advisory 2020-1352-01 ↭ new
12 years on, audit finds WA government entities still don’t get infosec new
Red Hat Security Advisory 2020-1350-01 ↭ new
Red Hat Security Advisory 2020-1378-01 ↭ new
Red Hat Security Advisory 2020-1351-01 ↭ new
Red Hat Security Advisory 2020-1345-01 ↭ new
Red Hat Security Advisory 2020-1346-01 ↭ new
Red Hat Security Advisory 2020-1347-01 ↭ new
Red Hat Security Advisory 2020-1353-01 ↭ new
Red Hat Security Advisory 2020-1338-01 ↭ new
eHacking News
L4NC34 Ransomware Teaches That Ransomware Attacks Ought To Never Be Trifled With new
'Paranoid' Blocks your Smart Speakers from Spying on you new
BGP Hijacking Victimizes Google, Amazon and Other Famous Networks' Traffic! new
Russia responded to the Swedish Minister's statement about "Russian trolls" new
Zoombombing: what is it and how you can prevent your conference calls from being zoombombed
Facebook, Twitter and Telegram will stop working in Russia due to the weak Runet
E-Commerce Attacks Didn't Increase During Coronavirus Quarantine
Coronavirus Themed Phishing Attacks Continue to Rise
Microsoft Issues Its First Ever ‘Targeted’ Warning ; Saving VPN Servers of Hospitals
Armenian Minister of Justice explains how new software will find COVID-19 infected people
Winja (VirusTotal Uploader)- The Malware Detector!
Hackers use fake Zoom domains to spread malware
Wired - Security
The Defense Production Act Won’t Fix America’s N95 Face Mask Shortage
This Map Shows the Global Spread of Zero-Day Hacking Techniques
How to Keep Your Zoom Chats Private and Secure
A Notorious Spyware Vendor Wants to Track Coronavirus Spread
A Hacker Found a Way to Take Over Any Apple Webcam
So Wait, How Encrypted Are Zoom Meetings Really?
Thousands of Android Apps Are Silently Accessing Your Data
The Zoom Privacy Backlash Is Only Getting Started
Marriott Got Hacked. Yes, Again
Online Credit Card Skimmers Are Thriving During the Pandemic
Chinese Hacking Surges Amid Coronavirus Crisis
Google Bans Infowars Android App Over Coronavirus Claims
Krebs on Security
‘War Dialing’ Tool Exposes Zoom’s Password Problems
Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others
Annual Protest to ‘Fight Krebs’ Raises €150K+
Russians Shut Down Huge Card Fraud Ring
Who’s Behind the ‘Web Listings’ Mail Scam?
Security Breach Disrupts Fintech Firm Finastra
Zyxel Flaw Powers New Mirai IoT Botnet Strain
Coronavirus Widens the Money Mule Pool
The Web’s Bot Containment Unit Needs Your Help
Live Coronavirus Map Used to Spread Malware
Crafty Web Skimming Domain Spoofs “https”
Microsoft Patch Tuesday, March 2020 Edition
Naked Security
Twitter warns users – Firefox might retain private messages new
Two schoolkids sue Google for collecting biometrics new
Thousands of Android apps contain undocumented backdoors, study finds new
Will Apple’s “microphone switch” stop your iPad getting bugged?
Rights groups appeal to governments over COVID-19 surveillance
Hackers’ forum hacked, OGUsers database dumped (again)
Monday review – the hot 24 stories of the week
Firefox zero day in the wild: patch now (Tor Browser too!)
5 things you can do today to make Zooming safer
‘Zombie’ Windows win32k bug reanimated by researcher
Watch out for the new wave of COVID-19 scams, warns IRS
Don’t get locked out of your own website – update this WordPress plugin now!
Schneier on Security
Cybersecurity During COVID-19 new
Emotat Malware Causes Physical Damage
Friday Squid Blogging: On Squid Communication
Security and Privacy Implications of Zoom
Bug Bounty Programs Are Being Used to Buy Silence
Marriott Was Hacked -- Again
Dark Web Hosting Provider Hacked
Clarifying the Computer Fraud and Abuse Act
Privacy vs. Surveillance in the Age of COVID-19
Friday Squid Blogging: Squid Can Edit Their Own Genome
Story of Gus Weiss
On Cyber Warranties
Linux Security
Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020> new
Linux Kernel Security in a Nutshell: How to Secure Your Linux System> new
These hackers have been quietly targeting Linux servers for years> new
Firefox Zero-Day Flaws Exploited in the Wild Get Patched>
WireGuard VPN makes it to 1.0.0—and into the next Linux kernel>
Linux Malware: The Truth About This Growing Threat>
Google Squashes High-Severity Flaws in Chrome Browser>
COVID-19 forces browser makers to continue supporting TLS 1.0>
Debian Linux readies an anti-coronavirus hack-a-thon>
WireGuard VPN added to Linux 5.6>
Linux 5.6 Ships With Broken Intel WiFi Driver After Network Security Fixes Go Awry>
Why Facial Recognition Systems Could Rise In Popularity During Coronavirus Pandemic>
Dark Reading
Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits new
Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign new
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates new
The Edge Names 'Holy Cow' Cartoon Caption Winners new
How Do I Make Sure My Work-From-Home Users Install Updates? new
Mature DevOps Teams Are Secure DevOps Teams new
The Coronavirus & Cybersecurity: 3 Areas of Exploitation new
71% of Security Pros See Threats Jump Since COVID-19 Outbreak new
Using Application Telemetry to Reveal Insider & Evasive Threats new
COVID-19: Latest Security News & Commentary new
More Attackers Have Begun Using Zero-Day Exploits
Misconfigured Containers Again Targeted by Cryptominer Malware
Securelist
Unkillable xHelper and a Trojan matryoshka new
YARA webinar follow up
Loncom packer: from backdoors to Cobalt Strike
Whitehat Security Blog
HITB News
The next PlayStation controller is called DualSense, looks like a cool robot new
Pixel 4 face unlock finally gains an alertness check new
Firefox 75 overhauls the browser’s address bar new
Why Does Covid-19 Make Some People So Sick? Ask Their DNA new
Want to stay under the radar for a decade or more? This Chinese hacking crew did it... by aiming for Linux servers new
Yet another study finds that Android security is total crap new
Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission new
Attackers can use Zoom to steal users’ Windows credentials with no warning
You might want uninstall Houseparty, expert calls it a privacy ‘trojan horse’
Microsoft warns hospitals about VPN cyberattacks during coronavirus
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees
Apple’s iOS 14 may turn iCloud Keychain into a true 1Password and LastPass competitor
The RISKS Digest
Risks of Leap Years, and depending on WWVB
Re: What happens when Google loses your address?
Coronavirus: Robots use light beams to zap hospital viruses
Coronavirus Reactions Creating Major Internet Security Risks
MIT-based Team Works on Rapid Deployment of Open-source Low-cost Ventilator
A computer virus expert looks at CoVID-19
Electronic Health Records Need an Ethical Tune-Up
Death on Mars
Putin's New Cyberweapons
Classified info on stolen laptop
U.S. government & tech industry discussing ways to use smartphone
U.S. Health and Human Services Department suffered a cyber-attack
Kaspersky Blog
COVID-19 survival guide for your digital life new
10 mobile games for child development during social distancing
Enumeration attack dangers
Ransomware Revealed: Paying for the Protection of your Privacy
Transatlantic Cable podcast, episode 136
Twitch security and privacy settings
Dangerous holy water
5 tips for not bungling home videoconferencing
LightSpy spyware targets iPhone users in Hong Kong
Coronavirus as a hook
How to keep your smartphone coronavirus-free
Updated protection for Microsoft Office 365
Adam Shostack & friends
Power Dynamics in Threat Modeling
Answering “What Are We Working On” When Remote
Friday Star Wars
Medical Device Threat Modeling
The COVID Pandemic
Threat Modeling with Questionnaires
Free Threat Modeling Training
Amazon’s “Alexa Built-in” Threat Model
Threat Modeling Training at Blackhat 2020
Threat Model Thursday: BIML Machine Learning Risk Framework
Blackhat and Human Factors
Repudiation Now Live on Linkedin Learning
Graham Cluley
Crazy cryptomining Cooking Mama rumours spread as game pulled from Nintendo Switch online store new
Unlock the power of threat intelligence with this practical guide. Get your free copy now
Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter
Zoom promises to improve its security and privacy as usage (and concern) soars
Smashing Security #172: UncleF***Face
The UK Cabinet is meeting on Zoom… here’s the meeting ID
Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims
Cyber volunteers needed to help protect our health services during the Coronavirus outbreak
I made a guest appearance on Technado, talking cybersecurity from the safety of my shed
LastPass releases its 3rd Annual Global Password Security report
Cybersecurity insurance firm Chubb investigates its own ransomware attack
Third-party data breach exposes GE employees’ personal information
Rapid7
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization new
Financial resources for small businesses grappling with COVID-19
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
4 Common Goals For Vulnerability Risk Management Programs
Analyze Security Data Faster with Visual Search in InsightIDR
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR
How to Measurably Reduce False Positive Vulnerabilities by Up To 22%
A Chat with Jonathan Cran About Intrigue and Security in the COVID-19 Pandemic
Working from Home? Wi-Fi Security and Tips and Tricks
How to Participate in Our Metasploit Pro Customer Survey
Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
Hacker News (YCombinator) - Security
Landlord service Naborly creates 'blacklist' of tenants who missed April 1 rent new
Firefox 75: Ambitions for April new
Microsoft buys corp.com so bad guys can’t new
Taiwan’s government bars its agencies from using Zoom over security concerns new
Running your own secure communication service with Matrix and Jitsi new
Show HN: WorkDNA – Attract engineers by showing off your engineering culture new
Interactive guide to Buffer Overflow exploitation new
Pandora's Vox: On community in cyberspace (1994)
Time-restricted feeding can reset disrupted clock rhythm, protect against cancer
Zoombombing is a crime, not a prank, prosecutors warn
IKEA Frekvens LED box hack
New York City bans Zoom in schools, citing security concerns
Hacker Noon #Security
Understanding NPM Security [Deep Dive] new
Life After COVID-19: How China is Going Back to Work new
How Secure Are Your Internet Gateways?
Decentralized web / dWeb - what is it?
Google Pronounced The End Of The Cookies' Era And It Will Change Advertising As We Know It
Keeping Your Cryptocurrencies Safe [A Good Practices Guide]
Secure Digital Cards for Simplifying Your Cryptocurrency Transactions [New Launch]
Privacy In The Time of Coronavirus
Will Coronavirus Break the Internet?
How Can We Expose Cyber Criminals Through Identity Attribution
Top 7 Kubernetes Security Practices Everyone Should Follow
How to Manage ACLs in Symfony the Easy Peasy Way

Security in Mainstream Media

Google News Hacking
Hacking the 2020 NFL Draft - 98.5 The Sports Hub new
FBI and CISA Warn of Increased Hacking Attempts of Video Teleconferencing Applications… Steps You Can Take - JD Supra new
"Zoom" taking action to prevent hackers - WKRC TV Cincinnati new
Zoom-bombing: teacher's online class hacked, Zoom increases security measures - WRGB new
A New Ultrasonic Hack Can Exploit Your Siri - CoinDesk new
Local synagogue Zoom meeting hacked by anti-Semites: Part of a growing, national trend - Louisville Eccentric Observer new
Shipbuilder Austal was hacked with stolen creds sold on dark web - iTnews new
NASA under 'significantly increasing' hacking, phishing attacks - BleepingComputer new
Woman who accused NASA astronaut wife of hacking bank account charged with false allegations - NBC News new
Microsoft bought corp.com to keep it away from hackers - Engadget new
NFL teams worried about hacking leading up to league's virtual draft - Insider - INSIDER new
Hackers are now targeting video conference calls - Long Island Business News new
Google Cyber Security
Cybersecurity 2020 | News For The Workers Comp Industry - WorkersCompensation.com new
Coronavirus: Increased cybersecurity required, warns expert - The National new
Taiwan Bans Official Use of Zoom Over Cybersecurity Concerns - Bloomberg new
Ministries warned about increasing cyber threats, Zoom’s security flaws - Malay Mail new
Webroot: Widespread Lack of Cybersecurity Best Practices - Channel Futures new
SAIC to provide services including cybersecurity, analytics, and operations support in Texas - Help Net Security new
Cybersecurity During COVID-19 - Security Boulevard new
WA agencies still vulnerable to cyber security weaknesses - iTnews new
Is Zoom Safe To Use? A Cybersecurity Expert Explains How To Keep Your Data Secure - Bustle new
Coronavirus turns up the heat on cybersecurity projects - SC Magazine new
Maryland launches cybersecurity task force for extra protection during pandemic - StateScoop new
Accenture acquires cybersecurity startup Revolutionary Security - ZDNet new

Thirsty for more

Hacker News (YCombinator)
Ask HN: Should WFH Be a Mandated Option for All Remote-Capable Jobs? new
Taiwan joins Canada in banning Zoom for government video conferencing new
Tesla to Cut Employees’ Pay as Much as 30% to Curb Costs new
LogDNA (YC W15) – Is Hiring Senior Engineer (Remote) new
Yale Students Demand Automatic 'Pass' Due to Covid-19 new
Show HN: Rust Implementation of Conway's Game of Life new
The silence of the owls: How owls fly without making a sound new
MixRank (YC S11) Is Hiring Full Stack Engineers and Data Engineers new
Amazon to suspend delivery service that competes with UPS, FedEx new
Airbnb Paying More Than 10% Interest on $1B Financing Announced Monday new
Easy and fast path to Video Object Detection (counting sharks) new
We’re working on 1M Covid-19 testing capacity per day new
Reddit - Cyberpunk
Cyber Punk new
Little draft I came up with whilst being trapped at home new
Robots replace Japanese students at graduation amid coronavirus new
City 13 A by Kolobaev Mark new
Musical superheroes of the dystopian paradise. new
Gally/Alita and her beautiful brain made by me new
Jarek Madyda: Police Dog new
Adidas PC...ADIDAS PC!!!! new
Jean Michel Nicollet new
I can see this in a cyberpunk game for sure! new
First time photo bashing: Heartbreaker new
Cyborg Samurai, Chun Lo, Digital, 2019 new
Reddit - Security CTF
CryptoHack - a fun CTF platform with over 80 cryptography challenges new
Breaking lCG
Remote School - AU CTF 2020
Cracking Java Random Numbers
My Writeup for VirSecCTF 2020.
Need to find the flag
CTF crypto
What should I do after getting ROOT to prevent kicking me from the machine?
can you Help me with this CTF Question
I created a little XSS challenge
Registry: Hack The Box Walkthrough
HackTheBox Writeup: Registry
Reddit - Sysadmin
Why in the heck do so many people in IT work for free? new
Who is in system administration and almost never logs on a server or remote SSH? new
FOSS Alternatives to CA Workload Automation and Control-M new
Generating multiple RDP shortcuts using CSV file new
iogear GCS1808 kvm dang no firmware upgrade cables on the planet... ? new
SMART report fixing pending sectors rewrite new