Daily Security News
PacketStorm
U.S. Lawmakers To Introduce Bill That Threatens Encryption On Tech Platforms- Stone Gets 40 Months And A Rebuke From Judge For Lying To Congress
- Vendors Ditching RSA Over Coronavirus Fears
- Google Denies Harvesting Student Data With Free Chromebooks
- MGM Hack Exposes Personal Data Of 10.6 Million Guests
- ISS World Hack Leaves Thousands Of Employees Offline
- Adobe Releases Patch For Critical Code Execution Vulnerability
- US, UK Blame Russia For Mass Defacement Of Georgian Websites
- Australian MPs Call On UK To Block US Assange Extradition
- Ring Doorbell Makes Two Factor Verification Mandatory
- Why Rudy Giuliani's Twitter Typos Are A Security Fail
- IBM Pulls Out Of RSA Over Coronavirus Fears
The Register
- Google rolls out Titan keys to Europe, Japan. Plus: Group Policy bug is a feature, not a flaw, says Microsoft new
- Duped into running bogus virus scans at Office Depot? Dry your eyes with a small check from $35m settlement
- 'Don't tell anyone but I have a secret.' There, that's my security sorted
- Google exiles 600 apps from Play Store for 'disruptive advertising' amid push to clean up Android souk's image
- Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months
- Stuffing nonsense: Persistent cyberpunks are pummelling banks' public APIs, warns Akamai
- RSA Conference loses one more abbreviated tech giant after AT&T disconnects over Wuhan coronavirus fears
- We know what you did last summer: MGM's hotel spinoff lost 10.7m guest records and now they're on hacker forums
- GRU won't believe it: UK and US call out Russia for cyber-attacks on Georgia last year
- Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA
- Samsung will be Putin dreaded Kremlin-approved shovelware on its phones, claims Russia
- Oi, Cisco! Who left the 'high privilege' login for Smart Software Manager just sitting out in the open?
Reddit - NetSec
- B350 tomahawk scanned drive, what gives new
- I just open-sourced sweetie data, a repo of multiple honeypot logs. new
- OSWE/AWAE Preparation compiled reference Links new
- Writing a GHIDRA Loader: STM32 Edition. new
- Zero Networks Access Orchestrator: Autonomous, airtight network access security at scale - Help Net Security new
- Our First Weeks of Securing Windows 7 and Windows Server 2008 R2
- CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades
- AngularJs Client Side Template Injection (XSS)
- HackTheBox: Zetta - writeup by t3chnocat
- Slickwraps Data breach
- Opposition Research (OSINT): Twitter
- I hacked SlickWraps. This is how.
Bleeping Computer
- Windows 10 Privacy Guide: Settings Everyone Should Use new
- Privacy Concerns Raised Over New Google Chrome Feature new
- Windows 10 Gets Temp Patch for Critical Flaw Fixed In Buggy Update
- Windows 10 Gets Temp Fix for Critical Security Vulnerability
- Extension Brings Internet Explorer Menu Bar to Microsoft Edge
- Slickwraps Data Breach Exposes Financial and Customer Info
- Android Malware: Joker Still Fools Google's Defense, New Clicker Found
- Google Cleans Play Store of Nearly 600 Apps for Ad Policy Violation
- New Mexico Sues Google for Mining Children's Data
- Microsoft Unveils Their New Windows 10 System Icons
- FTC Refunds Victims of Office Depot Tech Support Scam
- WhatsApp Phishing URLs Skyrocket With Over 13,000% Surge
The Hacker News
- Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS
- Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads
- Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes
- Deal: Cloud And Networking Certification Training ~ Get 97% OFF
- Adobe Patches Critical Bugs Affecting Media Encoder and After Effects
- Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks
- US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility
- Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
- Cynet Offers Free Threat Assessment for Mid-sized and Large Organizations
- Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers
- OpenSSH now supports FIDO U2F security keys for 2-factor authentication
- A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices
Threat Wire
Exploits
Packet Storm Exploits
- OpenNetAdmin Ping Command Injection
- Open-Xchange App Suite / Documents Server-Side Request Forgery
- D-Link DGS-1250 Header Injection
- Online Birth Certificate System 1.0 Cross Site Scripting
- AMSS++ 4.31 SQL Injection
- Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write
- Diamorphine Rootkit Signal Privilege Escalation
- WordPress Yikes Inc Easy Mailchimp Extender 6.6.2 Cross Site Scripting
- WordPress WPForms-Lite 1.5.8.2 Cross Site Scripting
- OpenEXR Memory Safety Issues
- WordPress Wordfence 7.4.6 Cross Site Scripting
- XNU ip6_notify_pmtu Remote mbuf Double-Free
Exploit-DB Webapps
- [webapps] Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting new
- [webapps] ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure new
- [webapps] Real Web Pentesting Tutorial Step by Step - [Persian] new
- [webapps] AMSS++ v 4.31 - 'id' SQL Injection new
- [webapps] SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure new
- [webapps] CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin) new
- [webapps] AMSS++ 4.7 - Backdoor Admin Account new
- [webapps] SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure new
- [webapps] ATutor 2.2.4 - 'id' SQL Injection new
- [webapps] I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure new
- [webapps] ManageEngine EventLog Analyzer 10.0 - Information Disclosure new
- [webapps] eLection 2.0 - 'id' SQL Injection new
Exploit-DB Local and Privilege Escalation
- [local] HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
- [local] BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
- [local] MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
- [local] DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path
- [local] TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
- [local] Cuckoo Clock v5.0 - Buffer Overflow
- [local] HomeGuard Pro 9.3.1 - Insecure Folder Permissions
- [local] EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
- [local] SprintWork 2.3.1 - Local Privilege Escalation
- [local] OpenTFTP 1.66 - Local Privilege Escalation
- [local] MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow
- [local] MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
Exploit-DB DoS
- [dos] Core FTP Lite 1.3 - Denial of Service (PoC)
- [dos] Dota 2 7.23f - Denial of Service (PoC)
- [dos] usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
- [dos] iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
- [dos] TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
- [dos] AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)
- [dos] TapinRadio 2.12.3 - 'username' Denial of Service (PoC)
- [dos] RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)
- [dos] RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
- [dos] VIM 8.2 - Denial of Service (PoC)
- [dos] AbsoluteTelnet 11.12 - "license name" Denial of Service (PoC)
- [dos] AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
- [remote] Anviz CrossChex - Buffer Overflow (Metasploit)
- [remote] OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
- [remote] D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
- [remote] OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
- [remote] HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account
- [remote] OpenSMTPD 6.6.2 - Remote Code Execution
- [remote] Pachev FTP Server 1.0 - Path Traversal
- [remote] Microsoft SharePoint - Deserialization Remote Code Execution
- [remote] Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
- [remote] Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution
- [remote] Cisco DCNM JBoss 10.4 - Credential Leakage
- [remote] EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
LiveOverflow
Vulnerabilities
Bugtraq
- [slackware-security] proftpd (SSA:2020-051-01)
- [SECURITY] [DSA 4628-1] php7.0 security update
- [SECURITY] [DSA 4629-1] python-django security update
- [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)
- [TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)
- [SECURITY] [DSA 4626-1] php7.3 security update
- [SECURITY] [DSA 4627-1] webkit2gtk security update
- Web Application Firewall bypass via Bluecoat device
- WebKitGTK and WPE WebKit Security Advisory WSA-2020-0002
- [SECURITY] [DSA 4620-1] firefox-esr security update
- [SECURITY] [DSA 4621-1] openjdk-8 security update
- CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability
Full Disclosure
- Open-Xchange Security Advisory 2020-02-19
- D-Link DGS-1250 header injection vulnerability
- Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)
- Multiple vulnerabilities in SmartClient_v12
- [TZO-15-2020] - F-SECURE Generic Malformed Container bypass (RAR)
- [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)
- RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night
- Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
- CA20200205-01: Security Notice for CA Unified Infrastructure Management
- CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability
- [KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
- [KIS-2020-04] SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability
Tools
CyberPunk nowhere.net
Darknet
- Judas DNS – Nameserver DNS Poisoning Attack Tool
- dsniff Download – Tools for Network Auditing & Password Sniffing
- OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
- Cameradar – Hack RTSP Video Surveillance CCTV Cameras
- dSploit APK Download – Hacking & Security Toolkit For Android
- Scallion – GPU Based Onion Hash Generator
- WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
- truffleHog – Search Git for High Entropy Strings with Commit History
Exploit Dev
Reddit - Exploit Dev
- real world RE for exploit dev new
- ShellCode Writing article
- How do I practice windows exploitation?
- Me and my friend need help please
- Who can find zero-day exploit?
- Getting a position in low level security field
- Is there any Exploit that can download a Roblox game like Synapse X for free?
- ISO-8385 Protocol Fuzzer ≈ Packet Storm
- Binary Exploitation Series
- List of pheonix excersies write-ups for beginners
- Automatic ROPChain Generation: https://github.com/d4em0n/exrop
- Request
Google Project Zero
- Escaping the Chrome Sandbox with RIDL
- Mitigations are attack surface, too
- A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering
- A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering
- Part II: Returning to Adobe Reader symbols on macOS
- Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
- Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
- Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
- Policy and Disclosure: 2020 Edition
- Calling Local Windows RPC Servers from .NET
- SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
Security Researchers
- Cloudy With a Chance of Malware: Malboxes Now Deploys to AWS
- What usage restrictions can we place in a free software license?
- Web security trends 2020 from 3 security leaders
- Hacking AWS Cognito Misconfigurations
- RIPS 3.4 Supports Node.js Security Analysis
- Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
- M. Loewinger, Smartbear: “Each product has a DevOps lead who manages Detectify and all its findings”
- Web security trends to watch for 2020
- Avoiding gaps in IOMMU protection at boot
- There's no evidence the Saudis hacked Jeff Bezos's iPhone
- Testing your RedTeam Infrastructure
- How to decrypt WhatsApp end-to-end media files
Reversing/I like ASM
Reddit - Reverse Engineering
- Workshop on Binary Analysis Research (BAR) 2020 at NDSS new
- Ford Remote Control
- X-Post: What is the MCU on this SimonK ESC?
- Radare2/Cutter were accepted in Google Summer of Code 2020 - Call for Students
- In pursuit of reverse engineering, a 3D scan of a PlayStation 4 Dual Shock (DS4) – this is what I have thus far. SMH I’ve…
- New HexEditor compatible with Linux/Windows/MacOS
- Trying to reverse engineer the analog controls of IMSA Racing on the 3DO M2...and failing a bit lol
- Elf libraries reverse enginnering
- Reverse Engineering Carrot Crazy – Part 3 – Level Maps
- Discovering Affine Equalities Using Random Interpretation [PDF]
- The mechanics of LockDown Browser - Blogpost
- How to Write a Runescape Injection Bot
Reddit - Game Hacks
- OpenGL Draw & Render Text Tutorial 1/2
- Rust Scripts Febuary 19 2020 still undetected!
- Pokemon GO Hack SPOOFER JOYSTICK - Pokemon GO Spoofing - Teleport GPS ...
- PerfectAim.io | Battlefield V Hack/Cheat full match showcase | 111 KILLS | Aimbot & ESP
- PerfectAim.io | CSS Hack Undetected 2020
- Destiny 2 Hack/Cheat showcase - Teleport, Godmode, Aimbot, ESP & much more
- WTB Escape From Tarkov Hacks
- Simple C++ DLL Injecting Source Code Tutorial
- Looking for rainbow six siege hack undetected willing to pay but nothing crazy
- PerfectAim.io | The best hack for Counter-Strike: Source
- Kamehameha
- Looking For Minecraft Bedrock Hackers!
Reddit - REGames
- LET IT DIE
- OpenGL Hooking, Drawing & Text Rendering Tutorial
- How to Write a Runescape Injection Bot for Dummies
- Looking for a freelancer
- C# Array of Objects?
- Any freelancers who want to help?
- Looking to hire a Reverse Engineer
- Bypassing Anti-Cheats - Exploiting Razer Synapse Driver - Niemand
- Help with making a private server for a mobile game
- Trying to figure out the format of a sound file
- How to reverse engineer an anti cheat?
- If an MMORPG Game is going to be shutting down in the near future, what process would I have to go through to be able…
StackExchange - ReverseEngineering
- ghidra-python: create struct with big endian field new
- Can you decrypt data that is encrypted by xoring different bytes of the buffer together and updating the bytes in the buffer afterwards? new
- How to modify JS with mitmproxy? new
- Decrypting some possibly XXTEA encrypted lua/game files
- Intel ME partitions EFFS and FCRS?
- how to go to address in IDA from cheatengine
- Need suggestions on how to make my own pointer search tool?
- macoS malware samples (latest)?
- Exporting/Importing all function info from one ghidra program to another
- Seeking for explanation about “ in_FS_OFFSET ” and “ __stack_chk_fail() ”
- What code gets executed in an ELF binary when Java loadLibrary() is called
- How to decompile obfuscated Python code?
Guided Hacking
Malware/APT
Reddit - Malware
- Guys I think I have virus what should I do I'm really scared
- Suspicious autoclicker.exe file
- Unknown extention when collecting the sample
- Reversing Golang Malware
- Open source Malboxes now deploys Windows desktop OS to AWS ready for malware detonation and analysis with many tools preinstalled (includes video demo)
- Opened a potentially malicious email on gmail
- Virus advice
- malware detection
- Done them library computer dirty
- There's finally a way to remove xHelper, the unremovable Android malware
- Google Removed Over 500 Chrome Extensions Due to Malware Concerns
- 2020 State of Malware Report – Malwarebytes Labs
Unit42
- Can You Trust Your AutoIT Decompiler?
- Wireshark Tutorial: Examining Qakbot Infections
- Unit 42 CTR: Leaked Code from Docker Registries
- Unit 42 CTR: Sensitive Data Exposed in GitHub
- Unit 42 Cloud Threat Report: Spring 2020
- Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
- Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed
- xHunt Campaign: New Watering Hole Identified for Credential Harvesting
- The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks
- Muhstik Botnet Attacks Tomato Routers to Harvest New IoT Devices
- Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601
- Exploits in the Wild for Citrix ADC and Citrix Gateway Directory Traversal Vulnerability CVE-2019-19781
FireEye Threat Research
- M-Trends 2020: Insights From the Front Lines
- The Missing LNK — Correlating User Search LNK files
- Managed Defense: The Analytical Mindset
- STOMP 2 DIS: Brilliance in the (Visual) Basics
- Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D
- Nice Try: 501 (Ransomware) Not Implemented
- 404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
- SAIGON, the Mysterious Ursnif Fork
- The FireEye Approach to Operational Technology Security
- Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
- Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel
Bug Bounties
Reddit - BugBounty
- Weekly Discussion, February 24, 2020: Ask all your bugbounty questions! new
- Hunting Tesla Model Y Secrets in the Parts Catalog
- Where to ask bug bounty questions?
- Bug Bytes #58 - Mobile Hacking Cheatsheet, Full-Time Bug Hunting & live with @zseano
- GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
- Weekly Discussion, February 17, 2020: Ask all your bugbounty questions!
- Are there any streamers/channels that explain or do bug bounties?
- DISCUSSION - What would be the next step to see if this is exploitable?
- @zseano Talks About BugBountyNotes.com, Recon, Reading Javascript, WAF, Wayback Machine, and more!
- Am i on to something?
- On Full-Time Bug Bounty Hunting
- Announcing a special incentive bug bounty for select Trend Micro products
Pentester Land
- The 5 Hacking NewsLetter 93
- The 5 Hacking NewsLetter 92
- The 5 Hacking NewsLetter 91
- The 5 Hacking NewsLetter 90
- The 5 Hacking NewsLetter 89
- The 5 Hacking NewsLetter 88
- The 5 Hacking NewsLetter 87
- The 5 Hacking NewsLetter 86
- The 5 Hacking NewsLetter 85
- The 5 Hacking NewsLetter 84
- The 5 Hacking NewsLetter 83
- The 5 Hacking NewsLetter 82
Portswigger
Crypto
Reddit - Crypto
- RSA Cryptosystem Problem (Help) new
- AES-128 pure hardware implementation new
- How Privacy-computing is conducted in Intel SGX new
- Calls for Digital Dollar Growing Stronger in US new
- Decentralization Philosophy - Does Crypto Still Need Catalysts? - CoinDesk new
- What‘s the best way to encrypt textfiles with a password? new
- Yehuda Lindell: What do cryptographers do? new
- Why do instant messengers not simply use PGP? new
- Working in Cryptography?
- libgcrypt and rdrand
- Crypto
- Helix light tumbler service is online.
StackExchange - Crypto
- Errors when decrypting using ECIES across platforms? new
- Cracking hashes: With vs without knowing the salts new
- Is there an efficient algorithm that allows to construct a cryptographically secure $n$-bit hash function based on two unkeyed $n$-bit permutations? new
- How does byte-sliced AES implementations work? new
- can deep learning simulate an algorithm? new
- Is the encryption more secure if we apply Pohlig-Hellman cipher twice with different keys but with the same modulus? new
- Using SHA384 as an asymmetric cipher? new
- How to Sample from Frobenius Eigenspace? new
- libgcrypt and rdrand usage new
- How can I prove a truncated hash fuction need not be collision resistant? new
- Relation between LPN and GAPSVP? new
- How does MTI protocols provide mutual authentication and stops MITM attacks?
Podcasts
Security Weekly
- Hacking Back - PSW #640
- Leaky Secrets - PSW #639
- Come Hang Out! - PSW #638
- What Could Go Wrong - PSW #637
- Something Sanitary - PSW #636
- Lots of Smoke - PSW #635
- The Knuckle Busters - PSW #634
- Sexy Knowledge - PSW #633
- Scientific Hooligans - PSW #632
- Twerking Santa - PSW #631
- A Christmas Miracle - PSW #630
- The Casting Couch - PSW #629
Risky.Biz
- Risky Biz Soap Box: Chris Kennedy on the latest MITRE ATT&CK developments
- Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more
- Risky Biz Soap Box: Cmd's Jake King talks Linux security
- Risky Business #572 -- Equifax indictments land, some big Huawei news
- Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?
- Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws
- Risky Business #570 -- FTI report lands like a lead balloon
- Feature podcast: Alexa O'Brien on Wikileaks, intelligence and influence
- Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges
- Risky Business #568 -- Let's Decrypt
- Risky Business #567 -- ToTok, Iran and big-game ransomware galore
- Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade
The CyberWire
- Rigging the game.
- New vulnerabilities in PC sound cards.
- DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
- UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants…
- Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
- Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
- If you can't detect it, you can't steal it.
- Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
- Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in…
- Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday.…
- Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
- US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud…
Cyber Security Interviews
- #083 – Nate Fick: Give Teams Autonomy
- #082 – Jamil Jaffer: Not All Nation-state Activity Is the Same
- #081 – James Patchett: Make Small Businesses Safe
- #080 – Heather Mahalik: Earn The Tool
- #079 – Mari DeGrazia: Not Just One Technology
- #078 – Nadean Tanner: Boil It Down
- #077 – Frank Downs: Know When To Leave
ISC Daily Stormcast
- ISC StormCast for Monday, February 24th 2020 new
- ISC StormCast for Friday, February 21st 2020
- ISC StormCast for Thursday, February 20th 2020
- ISC StormCast for Wednesday, February 19th 2020
- ISC StormCast for Tuesday, February 18th 2020
- ISC StormCast for Monday, February 17th 2020
- ISC StormCast for Friday, February 14th 2020
- ISC StormCast for Thursday, February 13th 2020
- ISC StormCast for Wednesday, February 12th 2020
- ISC StormCast for Tuesday, February 11th 2020
Threat Intel
Reddit - Onions
- Buying cash? new
- If anyone’s interested I have a discord server either a bunch of .onion links new
- Action against person who removed post? new
- Can someone help me out with a .onion where I can torrent movies(preferably anime ones) in decent quality ? new
- Apple world store new
- Im looking for some occult onion sites can someone help me new
- Anyone got a legit Dread link they can DM me ?
- pgp adress - need help
- Fresh onions
- What Happened to DNStats.net? - Darknetlive
- Riseup.net account code.
- A little help
Reddit - Pwned
- The hacker who breached SlickWraps and irresponsibly disclosed it publicly has now deleted their Twitter account
- Slickwraps Data Breach Exposes Financial and Customer Info - "White Hat" hacker irresponsibly disclosed the vulnerability and breach
- US Defense Information Systems Agency (DoD information security) breached; personal data of 200,000 people compromised
- Details of 10.6 million MGM hotel guests posted on a hacking forum | ZDNet
- Payment card data stolen from West Virginia restaurant chain owner of "Quaker Steak & Lube"
- Elections Office in US City of Palm Beach, Florida was hit with Ransomware Pre-2016 Election - prior boss denies while current chief insists
- Customer data stolen from Idaho Central Credit Union in two breaches
- IOTA Cryptocurrency Shut Down Its Entire Network After a Wallet Breach
- Redcar cyber-attack: Council using pen and paper
- Puerto Rico sent more than $4 million to scammers in response to phishing attacks during economic crisis
- Investigation launched after Teesside council's website targeted in 'cyber-attack'
- Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches from 2018 and 2015/2016 respectively
HaveIBeenPwned
- Slickwraps - 857,611 breached accounts
- MGM Resorts - 3,081,321 breached accounts
- DailyObjects - 464,260 breached accounts
- Tout - 652,683 breached accounts
- europa.jobs - 226,095 breached accounts
- Planet Calypso - 62,261 breached accounts
- BtoBet - 444,241 breached accounts
- Go Games - 3,430,083 breached accounts
- Indian Railways - 583,377 breached accounts
- Universarium - 564,962 breached accounts
- Factual - 2,461,696 breached accounts
- Zynga - 172,869,660 breached accounts
Privacy/VPNs
Slashdot - Rights
- New California Bill Proposes $1,000-a-Month Universal Basic Income new
- Forbes Criticizes Airbnb 'Surveillance Bugs To Make Sure Guests Behave' new
- Activision Fights 'Call of Duty' Leaks With Subpoenas to Reddit new
- Oracle's Allies Against Google Include Scott McNealy and America's Justice Department new
- American Lawmakers Launch Investigations Into Ring's Police Deals new
- Signing Up With Amazon, Wal-Mart, Or Uber Forfeits Your Right To Sue Them new
- Nonprofit Argues Germany Can't Ratify the 'Unitary Patent' Because of Brexit
- A Ransomware Attack Shut a US Natural Gas Plant and Its Pipelines
- Breach of MGM Hotels' Cloud Server Exposed Data on 10.6 Million People
- 'Ring' Upgrades Privacy Settings After Accusations It Shares Data With Facebook and Google
- US Defense Agency That Secures Trump's Communications Confirms Data Breach
- AT&T Loses Key Ruling In Class Action Over Unlimited-Data Throttling
Reddit - Privacy
- Alexa, Siri, and Google Home record you more often than you think new
- Why do I receive updates on Google's Terms of Service without a Google account? new
- If code is considered speech (protected under the first amendment), then how can the Government force companies to alter their speech (code) by writing backdoors? new
- Instagram Following Me? new
- Privacy vs Technology new
- Leaving instagram, but staying in contact with friends? new
- What are some good throw away SMS sites? new
- Is there any privacy with doctors/hospitals? new
- How do you see reddit in your android device? new
- My boss made me install a company related app called reflexis one. I uninstalled it because I don't need it. When I removed the app… new
- What do you think of Utopia P2P? new
- House bugged? new
Reddit - VPN
- NBCUniversal can see my traffic. new
- For logging into a site for piracy, Is a VPN, an adblock, and an antivirus enough? Or should I do more? new
- Trying to figure out VPNs new
- Lifetime subscription of “FastestVPN” reviews? new
- Zscaler on ARM64 / Surface Pro X - when? new
- Using a credit card to pay for a VPN new
- Who holds VPN companies accountable? new
- Inquiry about internet problems new
- Trump administration attempting to backdoor encryption. What will this mean for VPN’s? Will they become pointless? new
- What happens if I connect to my VPN using TCP on my computer and UDP on my router? new
- Port specific redirection on VPN client. new
- What can ISPs see when you visit unencrypted sites? new
Help Wanted
Reddit - AskNetSec
- Netsec Offer Decision Help! new
- Cyber security career advice new
- How can I protect from DDOS attacks when running a game server? new
- Opinions on Offensive Security's PWK new
- Deep Learning in Netsec
- Google | Open Titan | Your view on whether this is going to catch on?
- Burp - No Cipher Suites in Common.
- How Can I Protect Against Virus From Other Family PCs?
- ParrotLinux vs SecurityOnion: Which is best?
- As a layperson how much time do I need to invest in learning about cybersecurity to be on par with you folks here?
- Possible to take down APT?
- What happened to SANS SEC550?
Reddit - Netsec Students
- Hack the box - N00b to 1337 | Full play list new
- Another 32-Bit Stack Overflow Exercise (DirectRET) new
- Splunk Tutorial - Introduction For Beginners - Upload Data new
- Starting a degree in sciences and wanting to branch into sub-disciplines new
- Are universities with Cyber security degrees setting kids up for disappointment?
- Introduction to Networking | Network Basics for Beginners - Authentication
- Hacking: Beginner's Guide Ep: 2 - Passive Information Gathering
- How much of PWK is OS knowledge vs coding vs network
- Security Consultant & Red Team Operator - Live Twitch AMA @ 8PM CST (Ask Me Anything about Security)
- Resigned today from my comfortable job
- How to create malware payloads which bypass Anti Virus software
- Incident Management Process and Policy Template
Stackoverflow - Security
- How is an authentication follow designed? new
- Recommended settings for .Aspnet.Cookies and __RequestVerificationToken new
- Can AWS RDS Proxy with IAM enforced authentication provide protections against brute force and ddos attacks as effective as whitelisting server IPs? new
- Unable to set a variable for a python script that sends an attachment from a security camera to my email address on my RPi3B+ new
- How to run arbitrary python code with imports? new
- should I upgrade php5.6 to 7.3? [closed] new
- Is this Auth Flow secure? new
- Is it secure way to store private values in .env file?
- Hiding command prompt in a cuckoo report screenshots
- Where to start to work in cyber security area? [closed]
- How to allow imports with RestrictedPython
- Chrome is not executing script tag inserted in the dom [duplicate]
Stack Exchange
- InfoSec certifications for global startup new
- How to check/test security issues of freeware? new
- Is this sufficient to verify a website's domain? new
- How to identify UDP based DoS new
- Should the Router or Firewall Come First? new
- Is it possible to set permissions on a per application basis? new
- Downsides of allowing multiple emails per user? new
- Can a file upload function be vulnerable without it the file name getting passed? new
- Who implements Cryptoki on PKCS#11 Infrastructure, Software or Token/Devices new
- If I send a plaintext e-mail using Gmail to somebody, including my PGP public key block, is that secure? new
- How can you hide the usage of an external VPN? new
- Are downloads from http connections safe? new
Locks/Social Engineering
Reddit - Lockpicking
- Hyper Tough padlock “picked” in two seconds new
- Abus 55MB/30 new
- First American picked. Any tips on tools for properly gutting it? new
- How do I pick this lock??? Its different from the locks you see in most tutorials. This is really old family box and the key… new
- Stock Lock Sunday practice for my blue belt with some American 5200s and a 5400. new
- Where to buy bulk key blanks? new
- Viro 103 Picked! new
- Kryptonite Evolution bike lock picked from the packet. new
- Road Treasure! new
- These Abus 80TI/50 are a really fun lock. Great size to hold comfortably and 6 pins. new
- Sparrows Tools? new
- 1st lock, homemade pick, old broken door lock new
Reddit - Social Engineering
- How do I find out what IDs from certain events look like? new
- Collecting information to aid in Social Engineering new
- Mission Impossible: I've Been Unable To Approach Girls In Nightclubs For 7 years (Willing To Pay $10 000 For Help) new
- How to get people not skeptical or ask a lot of questions?
- Books about social engineering
- Acronym group that sabotaged Iowa caucus birthed by billionaire who funded Alabama disinformation campaign
- Why 'You're Not Listening' - And Technology Doesn't Help
- Highlights of Daniel Kahneman's book "Thinking Fast and Slow" that changed how we think about thinking
- Recent article on the benefits in controlling communications in times of crisis and mediate the spread of information (we've been experiencing this heavily on the…
- I have a question please help! User Agent Logger
- (Paid) (Leak) Refunding E-Book
- Looking for partner that can SE FitBits daily
Hak5
Security Blogs
Security Bloggers Network
- Best Practices for Vulnerability Disclosure Marketing new
- Election Security a 2020 Myth? new
- Ring Mandates Two-Factor Authentication, License Plate Reader Data Sharing, RSA Conference Coronavirus Fears new
- NetOps vs DevOps vs DevSecOps – What’s the Difference? new
- How to Get Started in Digital Forensics new
- Manage Active Directory from a Browser? new
- DEF CON 27, Artificial Intelligence Village – Jesus Solano’s ‘Behavioral Biometrics And Context Analytics’ new
- From The Archive: Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 105’ new
- DEF CON 27, Artificial Intelligence Village – Angelo Oliveira’s ‘Fighting Malware With Deep Learning’ new
- Adding Custom User Attributes with PowerShell new
- List all OS Versions for Your Fleet of Systems
- DEF CON 27, Artificial Intelligence Village – Anna Skelton’s ‘Deep Fakes, Deep Trouble: Analyzing The Effects of Deepfakes On Market Manipulation’
ThreatPost
- Lawsuit Claims Google Collects Minors’ Locations, Browsing History
- Active Attacks Target Popular Duplicator WordPress Plugin
- RSAC 2020: Editors’ Preview of Hottest Sessions, Speakers and Themes
- Burning Man Tickets for $225? Yep, Too Good to Be True
- ISS World Hit with Malware Attack that Shuts Down Global Computer Network
- New ‘Haken’ Malware Found On Eight Apps In Google Play Store
- Google Bans 600 Android Apps for Obnoxious Ads
- Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
- Cybergang Favors G Suite and Physical Checks For BEC Attacks
- Critical Adobe Flaws Fixed in Out-of-Band Update
- MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer
- U.S. Pipeline Disrupted by Ransomware Attack
digitalmunition
- Whatt the new Cisco-certification requirements mean for you new
- 10 things to know about the new Cisco-certification requirements new
- Managed 4G/5G service connects to Amazon, Microsoft clouds new
- Cyber security and ethical hacking news app #1 new
- 5 Most Important Network Layer Protocols new
- A to Z in Dish Network deals new
- Achieve Financial Freedom Through Network Marketing new
- Join the Board and Grow Your Network new
- Why Football Fans Need Their Own Social Network new
- Content Strategy for Social Network Marketing new
- Cross site scripting xss – website hacking – what is cross site scripting (xss)? new
- How to Speed Up Your WordPress Blog With Free Content Delivery Network Using W3c Total Cache Plugin new
eHacking News
- The official representative of the Russian Foreign Ministry responded to the US accusations about Russian fakes about the coronavirus new
- Hackers Gain Access to Sensitive Data; Release Veterans’ Stolen Data Related To PTSD Claims new
- Financial and Customer Info being Exposed in Slickwraps Data Breach new
- Beware of Fake Videos on Facebook and WhatsApp! new
- Russia has responded to Canada's accusations of cyberattacks on Georgian websites
- 33.4 Billion Records Exposed In Breaches Due To Cloud Misconfigurations?
- Alert! The Days of WhatsApp Are Gone? Stronger Competitor In The Market!
- Betting and Gambling Websites under Cyberattack from Chinese Hackers
- SoPo Nonprofit Told, Unknown Number of Clients Affected by Data Breach
- Russian banks and energy companies have undergone a new wave of cyberattacks
- Customer-Facing Enterprise Services Bearing the Majority of DDoS Attacks
- Windows Devices in Hospitals Vulnerable to Potential Exploits
Wired - Security
- How to Share Your Netflix, Hulu, Amazon, and Spotify Accounts the Safe Way new
- A Tiny Piece of Tape Tricked Teslas Into Speeding Up 50 MPH
- Russia Doesn't Want Bernie Sanders. It Wants Chaos
- How Trump Hollowed Out US National Security
- The US Blames Russia's GRU for Sweeping Cyberattacks in Georgia
- Bluetooth-Related Flaws Threaten Dozens of Medical Devices
- YouTube Gaming's Most-Watched Videos Are Dominated by Scams and Cheats
- Hundreds of Millions of PC Components Still Have Hackable Firmware
- Hundreds of Chrome Extensions Secretly Uploaded Private Data
- The 'Robo Revenge' App Makes It Easy to Sue Robocallers
- Signal Is Finally Bringing Its Secure Messaging to the Masses
- Voting App Flaws Could Have Let Hackers Manipulate Results
Krebs on Security
- Encoding Stolen Credit Card Data on Barcodes
- Pay Up, Or We’ll Make Google Ban Your Ads
- A Light at the End of Liberty Reserve’s Demise?
- Microsoft Patch Tuesday, February 2020 Edition
- U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack
- Booter Boss Busted By Bacon Pizza Buy
- Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security
- Sprint Exposed Customer Support Site to Web
- Russian Cybercrime Boss Burkov Pleads Guilty
- Apple Addresses iPhone 11 Location Privacy Concern
- DDoS Mitigation Firm Founder Admits to DDoS
- Patch Tuesday, January 2020 Edition
Naked Security
- The Amazon Prime phishing attack that wasn’t…
- S2 Ep27: Bluetooth holes, dodgy Chrome extensions and forgotten passwords – Naked Security Podcast
- Larry Tesler, of copy-and-paste fame, dies at 74
- US and UK call out Russian hackers for Georgia attacks
- Data of 10.6m MGM hotel guests posted for sale on Dark Web forum
- Adobe fixes critical flaws in Media Encoder and After Effects
- Washington state Senate passes bill to rein in facial recognition
- ISS World “malware attack” leaves employees offline
- Ransomware attack forces 2-day shutdown of natural gas pipeline
- Nearly half of hospital Windows systems still vulnerable to RDP bugs
- Firefox 73.0.1 fixes crashes, blank web pages and DRM niggles
- Ring makes 2FA mandatory to keep hackers out of your doorbell account
Schneier on Security
- Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast
- Inrupt, Tim Berners-Lee's Solid, and Me
- Policy vs Technology
- Internet of Things Candle
- Hacking McDonald's for Free Food
- Voatz Internet Voting App Is Insecure
- Friday Squid Blogging: Squids Are as Intelligent as Dogs
- DNSSEC Keysigning Ceremony Postponed Because of Locked Safe
- A US Data Protection Agency
- Companies that Scrape Your Email
- Crypto AG Was Owned by the CIA
- Apple's Tracking-Prevention Feature in Safari has a Privacy Bug
Linux Security
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020> new
- Linux Kernel Security in a Nutshell: How to Secure Your Linux System> new
- Firefox 73.0.1 fixes crashes, blank web pages and DRM niggles>
- Lindsey Graham’s new bill would end the internet as we know it>
- New Senate Bill Would Place Moratorium on Federal Use of Facial Recognition>
- Mozilla Firefox 73.0.1 Released with Critical Linux Fixes>
- Ring now requires two-factor sign-ins for its home security devices>
- Millions Of Windows And Linux Systems Are Vulnerable To This ‘Hidden’ Cyber Attack>
- Google pulls 500 malicious Chrome extensions after researcher tip-off>
- VPN Obfuscation (Everything You Need to Know – What It Is, How It Works, Why You Need It, and More)>
- 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users>
- OpenVPN vs WireGuard: The Best VPN Protocol>
Dark Reading
- All About SASE: What It Is, Why It's Here, How to Use It
- Emotet Malware Rears Its Ugly Head Again
- California Man Arrested for Politically Motivated DDoS
- NRC Health Ransomware Attack Prompts Patient Data Concerns
- Olympics Could Face Disruption from Regional Powers
- How to Get CISOs & Boards on the Same Page
- Security Now Merges With Dark Reading
- Popular Mobile Document-Management Apps Put Data at Risk
- Microsoft Announces General Availability of Threat Protection, Insider Risk Management
- Ransomware Damage Hit $11.5B in 2019
- It's Time to Break the 'Rule of Steve'
- Personal Info of 10.6M MGM Resort Guests Leaked Online
Whitehat Security Blog
HITB News
- New VPN Research Reveals Holes in Free Applications
- 'OurMine' group hijacks Twitter accounts for Olympics and FC Barcelona
- North Korean malware could still pose major threat
- Iranian hackers breach VPN servers to plant backdoors in corporate networks worldwide
- Bug in WordPress plugin can let hackers wipe up to 200,000 sites
- UK Police force denies creating 'child hacker' poster
- Bad Guys are sneaking malware into Brit Awards nominee Billie Eilish’s music
- Vast number of vulnerabilities found in source code
- Almost 6,000 unpatched Citrix NetScaler servers remain vulnerable to critical security flaw
- Israeli soldiers tricked into installing malware by Hamas
- Estonian foreign intelligence warns of growing cyber threats from Russia
- Cyber security skills gap could get worse, according to 62% of CISOs
The RISKS Digest
- Re: Car renter paired car to FordPass, could still control car long ...
- Re: The Intelligence Coup of the Century
- Re: A lazy fix 20 years ago means the Y2K bug is taking down computers
- My smart car rental was a breeze - until I got trapped in the woods
- IBM, Marriott, and Mickey Mouse Take on Tech's Favorite Law
- Electrical Tape on Sign Tricked a Tesla Into Speeding in a Test
- Mysterious GPS outages are wracking the shipping industry
- Your Doorbell Camera Spied on You. Now What?
- Sex robots may cause psychological damage
- Israel Says Hamas Targeted Its Soldiers in Honey Trap's Cyberattack
- Fraud Case in Charleston SC Shines Light on Web's Dark Corners
- Orbital Debris Summary
Kaspersky Blog
- Scammers try to cash in on Burning Man
- Adventures in game ratings
- Transatlantic Cable podcast, episode 130
- What ISO 27001 certification is, and why we need it
- FAQ: Microsoft, Kaspersky and KB4524244 security update issues
- Ginp mobile Trojan fakes incoming SMS messages
- Twitter settings: How to protect your account and data
- Transatlantic Cable podcast, episode 129
- Should you buy a smartphone for your kid?
- Safer Internet Day 2020
- Will an immobilizer save your car from being stolen?
- Backing up is no panacea when blackmailers publish stolen data
Adam Shostack & friends
- Repudiation Now Live on Linkedin Learning
- Threat Model Thursday: Games
- Threat Model Thursday: Files
- Cryptographic Excitement
- Enter the SpudNet
- 100,00 Moon Shots
- Threat Modeling Thursday: The Human Element
- Threat Modeling Thursday: Machine Learning
- Echo, Threat Modeling and Privacy
- Star Wars Episode 9 is a week away!
- Encryption & Privacy Policy and Technology
- Empirical Evaluation of Secure Development Processes
Graham Cluley
- ToTok chat app tells users to ignore Google’s spyware warning
- Smashing Security #166: What the Dickens! Ad ban thank you scam
- MGM Resorts hacked: 10.6 million guests have their personal data exposed on hacking forum
- Samsung freaks out smartphone owners with mysterious ‘1’ notification
- LastPass releases its 3rd Annual Global Password Security report
- Teenage girls tempt Israeli soldiers to install spyware for Hamas
- Twitter accounts of The Olympics and FC Barcelona hijacked by OurMine hacking group
- Puerto Rico government falls for $2.6 million email scam
- Secure email service Tutanota complains it is being blocked by AT&T in parts of the United States
- Smashing Security #165: Cheapfakes, deepfakes, and Ashley Madison
- 2FA is being pushed out to all Google Nest users to better protect their accounts
- Patch now! Microsoft releases fixes for 99 security flaws, some being actively exploited by hackers
Rapid7
- Rapid7 Named 2019 Global SOAR Company of the Year by Frost & Sullivan
- Rapid7 Named a Leader in 2020 Gartner Magic Quadrant for Security Information and Event Management
- Dig Deeper in InsightAppSec with New Custom Dashboards Feature
- Come Meet Us at the RSA Conference 2020
- ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB
- Hackers On The Hill - Slides and recap on cybersecurity policy
- Metasploit Wrap-Up
- InsightVM + InsightAppSec: A Love Story
- Ask a Pen Tester Q&A, Part 2: Everything You Need to Know About the Art of Penetration Testing
- How to Handle Misconfigurations in the Cloud
- Patch Tuesday - February 2020
- Intro to the SOC Visibility Triad
Hacker News (YCombinator) - Security
- Raspberry Pi releases new PCB version with USB-C power fix new
- World Economy Shudders as Coronavirus Threatens Global Supply Chains new
- The Dever Ransomware Experience new
- The Risks of Distributing Risk new
- Haven: turn old Android phones into security cameras new
- The Art of Hacking
- Does memory leak? (1995)
- Thinking Journeys rather than Estimates
- JP Morgan economists warn climate crisis is threat to human race
- Follow-up to “The dystopian world of software engineering interviews”
- Criminal Assets Bureau seizes 6k bitcoin, sale impossible without access codes
- South Korean police impose curfew on late-night studying (2011)
Hacker Noon #Security
- 5 Reasons Why Your Startup or SMB needs a VPN new
- Google's Search Algorithm Affects Our Lives in More Ways Than One [A Deep Dive] new
- Differential Privacy with Tensorflow 2.0 : Multi class Text Classification Privacy new
- How to Use AES-256 Cipher: Python Cryptography Examples new
- How We Can Make The Modern Web Experience More Secure
- 10 Security Products to Protect Your Smart Home
- How to Create an Effective Incident Response Plan
- Secure Rendering: A New Browser Standard for User Privacy
- CyberSec Games Part I: Backdoors & Breaches
- Here's What Google Knows About You and How to Download It
- Introducing the InfoSec colour wheel — blending developers with red and blue security teams.
- What devs need to know about Encoding / Encryption / Hashing / Salting / Stretching
Security in Mainstream Media
Google News Hacking
- Expensive new US voting machines still at risk of hacking, experts say - The Japan Times new
- BTS gets targeted by hacker group OurMine after NCT127, ARMY trolls them right back with #BTSHack - MEAWW new
- Four in five Aussie IoT adopters have faced a hack - Technology Decisions new
- Email Fraud Scam Victim Sues Bank - pymnts.com new
- Southeast students develop community solutions in Blue Hack competition - Southeast Missourian new
- Chinese hacking: 5 major cases of Beijing-linked cyber intrusion - Home - WSFX new
- Ninja Twitter Hack Leads to Drama with Tfue | Game Rant - GameRant new
- Pharmacist busted for hacking business - Daily Examiner new
- Pharmacist busted for hacking business - Chronicle new
- Trump Allegedly Offered Pardon To Julian Assange For Covering Up Russian Hacking, Assange’s Lawyer Claims - uInterview.com new
- Man Linked to Former Rep. Hill’s Campaign Arrested for Hacking Her Opponent’s Website - The Epoch Times new
- $30M Bitcoin Cash 'SIM Hack' Sparks Wild Crypto Tales With Vague Sources - Bitcoin News new
Google Cyber Security
- Etisalat acquires cybersecurity specialist firm Help AG - ITP.net new
- BATM awarded US$4mln follow-on cyber security contract - Proactive Investors UK new
- Cyber Security in Robotic Market to Witness High Demand During 2020-2025 with Top Key Players | McAfee, Aujas Cybersecurity, TUV Rheinland etc. - Nyse Nasdaq… new
- ISACA’s Cybersecurity Study Shows Skills Gaps, Hiring and Retention Struggles Persist - Yahoo Finance new
- Unveiling new features in security fabric platform - ELE Times new
- Cyber Security Insurance Market 2020-2025 Booming Worldwide - openPR new
- Cyber Security Adjustments Continued At Local School | News, Sports, Jobs - Jamestown Post Journal new
- Rick Howard joins the CyberWire as CSO and Chief Analyst - Security Magazine new
- Cyber Security Insurance Market Development by New Technology 2025 - News Times new
- Cyber Security in Healthcare Market Technologies Overview, Global Share, Company Profiles, Business Opportunity and Forecast 2025 - Keep Reading new
- A Guide on How to Get Started in Digital Forensics - tripwire.com new
- Chinese hacking: 5 major cases of Beijing-linked cyber intrusion - Fox News new
Thirsty for more
Hacker News (YCombinator)
- Capturing ARKit scene into WebRTC video stream for React Native new
- Raspberry Pi releases new PCB version with USB-C power fix new
- Warren Buffett’s Berkshire Hathaway Stock Underperforms the Most Since 2009 new
- Pwn.college new
- Show HN: LinkedIn for Chatbots new
- New Bill Would Give Nearly Every Californian $1,000/Month new
- Ballerina Programing Language new
- Jailed Just-in-Time Compilation on iOS new
- Hybrid Bank Account (2017) new
- Cellular Automata in the Browser new
- World Economy Shudders as Coronavirus Threatens Global Supply Chains new
- Double Slit Experiment and Bayes (2019) new
Reddit - Cyberpunk
- 1917 Ain't Got Shxt On Me, A Skydio 2 Cinematic Vlog with my Dog new
- Imagine how it would look at night new
- An album design I did for Christian Enjel fornhissingle “All night” new
- Cyberpunk Club Slum by Alan Hajduk new
- Body disinfection in China. new
- Doctor Who new
- But not in cyberpunk new
- Wholesome cyberpunk new
- 10 Great Cyberpunk Movies You’ve Probably Never Seen new
- I really like this one, gonna get a commision from the artist later this month. Artist: @Aurahack new
- Beat saber with a staff new
- Zoe's Planet is coming... soon! new
Reddit - Security CTF
- Zetta: Hack The Box Walkthrough
- Pragyan CTF 2020 - Server compromised
- UTCTF 2020
- Hack the Box - Zetta - Writeup
- Hackthebox Zetta: writeup by t3chnocat
- CTFlearn write-ups
- hey can some1 help with this one here and explain it to me i succ in php 🙁
- Secarmy 2020 writeups!!!
- How do you study as a team?
- ChaigncHackademy
- Alpha Testers wanted! (Ctftime app)
- Question about SQL injections?
Reddit - Sysadmin
- Getting tons of mail that uses user's mailadres name and changes 1 letter new
- LUN Size - Hyper V CSV new
- 2008 R2 server with no disk space left new
- How is anybody supposed to get an entry-level IT position? It's an absolute nightmare! Been looking for over 4 months now and not even a… new
- Whats the best software for recording call context? new
- Classic shell and windows update new
- Now that SolarWinds bought Sammanage helpdesk/ITSM tool, how is it? new
- Corsair's website's certificate expired at 8:52pm tonight, they admins must be watching Better Call Saul new
- Looking for legacy ScreenConnect license new