Security News

Daily Security News

Exploits

Tools

Vulnerabilities

Reversing/I like ASM

Malware/APT

Crypto

Podcasts

Threat Intel

Privacy/VPNs

Help Wanted

Locks/Social Engineering

Security Blogs

Mainstream Media

Thirsty for more

Daily Security News

PacketStorm
Biden Beefs Up Cybersecurity Team Post SolarWinds Hack
Bugs Allowed Hackers To Hijack Kindle Accounts With Malicious Ebooks
Hackers Publish Thousands Of Files After Govt Refuses To Pay Ransom
New Website Launched To Document Vulnerabilities In Malware Strains
Malware Found On Laptops Given Out By Government To Students
SAP SolMan Vulnerability Exploitation Detected In The Wild
Scammers Are Sending Fake Job Offers On LinkedIn
Interpol Warns Of Romance Scam Artists Sending Fake Investments Via Apps
SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach
Attackers Steal E-mails, Info From OpenWRT Forum
DNSpooq Lets Attackers Poison DNS Cache Records
Livecoin Slams Its Doors Shut Unable To Recover From Hack
The Register
ADT techie admits he peeked into women's home security cams thousands of times to watch them undress, have sex
Scottish enviro bods shrug off ransomware gang's extortion attempt as 4,000 files dumped online, saying it's nothing big
Clop ransomware gang clips sensitive files from Atlantic Records' London ad agency The7stars, dumps them online
Microsoft Edge goes homomorphic: Nobody will see your credentials... but you'll need to sign in to use it
It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now
Laptops given to British schools came preloaded with remote-access worm
Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes
Wherever your apps, users and data are heading, is your backup keeping up?
Malwarebytes says its Office 365, Azure tenancies invaded by SolarWinds hackers, insists its tools are still safe to use
Slack has entered the Matrix: Element builds a bridge to realm of encrypted, decentralised comms
Open banking is the future, so let’s secure the APIs
Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws
Reddit - NetSec
Windows 7 TCP/IP hijacking write-up + PoCnew
Observability and Security of Fargate Serverless Deploymentsnew
Introduction to Ghidra Scripting for Embedded ELFs and UPX Packed Executables
Who Will Control the Software That Powers the Internet? - Andreessen Horowitz
RIFT: Analysing a Lazarus Shellcode Execution Method
A Red Team Guide for a Hardware Penetration Test
SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products
MSSQL Lateral Movement via .NET CLR
Securing Custom Protocols With Noise
LloydLabs/delete-self-poc - A way to delete a locked file, or current running executable, on disk
Process Memory Integrity on Linux
Unusual infosec attack in the latest episode of sci-fi show The Expanse
Bleeping Computer
Data breach at Buyucoin crypto exchange leaks user info, tradesnew
Another ransomware now uses DDoS attacks to force victims to paynew
Windows 10X feature will prevent unauthorized factory resetsnew
SonicWall firewall maker hacked using zero-day in its VPN device
Russian government warns of US retaliatory cyberattacks
Facebook users were mass-logged out Friday by configuration change
The Week in Ransomware - January 22nd 2021 - Calm before the storm
SAP SolMan exploit released for max severity pre-auth flaw
Bonobos clothing store confirms breach after hacker leaks 70GB database
Bonobos clothing store suffers a data breach, hacker leaks 70GB database
Intel: Hackers stole unpublished earnings info from corporate site
Drupal releases fix for critical vulnerability with known exploits
The Hacker News
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!
MrbMiner Crypto-Mining Malware Links to Iranian Software Company
Here's How SolarWinds Hackers Stayed Undetected for Long Enough
Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet
Importance of Application Security and Customer Data Protection to a Startup
Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Threat Wire

Exploits

Packet Storm Exploits
Selea CarPlateServer 4.0.1.6 Remote Program Execution
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation
Atlassian Confluence 6.12.1 Template Injection
Selea Targa IP OCR-ANPR Camera Remote Code Execution
ERPNext 12.14.0 SQL Injection
Backdoor.Win32.Hupigon.adef Remote Stack Buffer Overflow
Selea Targa IP OCR-ANPR Camera Stream Disclosure
Selea Targa IP OCR-ANPR Camera Cross Site Request Forgery
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
Selea Targa IP OCR-ANPR Camera Directory Traversal
CASAP Automated Enrollment System 1.0 Authentication Bypass
Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite
Exploit-DB Webapps
[webapps] Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution
[webapps] Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
[webapps] Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite
[webapps] Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
[webapps] Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)
[webapps] Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
[webapps] Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
[webapps] Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)
[webapps] Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
[webapps] Library System 1.0 - Authentication Bypass Via SQL Injection
[webapps] CASAP Automated Enrollment System 1.0 - Authentication Bypass
[webapps] ERPNext 12.14.0 - SQL Injection (Authenticated)
Exploit-DB Local and Privilege Escalation
[local] Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation
[local] PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
[local] dnsrecon 0.10.0 - CSV Injection
[local] dirsearch 0.4.1 - CSV Injection
[local] IObit Uninstaller 10 Pro - Unquoted Service Path
[local] WinAVR Version 20100110 - Insecure Folder Permissions
[local] PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
[local] H2 Database 1.4.199 - JNI Code Execution
[local] Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
[local] Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
[local] MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
[local] Knockpy 4.1.1 - CSV Injection
Exploit-DB DoS
[dos] Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
[dos] Nxlog Community Edition 2.10.2150 - DoS (Poc)
[dos] TapinRadio 2.13.7 - Denial of Service (PoC)
[dos] RarmaRadio 2.72.5 - Denial of Service (PoC)
[dos] libupnp 1.6.18 - Stack-based buffer overflow (DoS)
[dos] Pure-FTPd 1.0.48 - Remote Denial of Service
[dos] Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
[remote] Erlang Cookie - Remote Code Execution
[remote] FRITZ!Box 7.20 - DNS Rebinding Protection Bypass
[remote] Solaris SunSSH 11.0 x86 - libpam Remote Root
[remote] SmarterMail Build 6985 - Remote Code Execution
[remote] Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)
[remote] Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
[remote] Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow
[remote] Ksix Zigbee Devices - Playback Protection Bypass (PoC)
[remote] Mitel mitel-cs018 - Call Data Information Disclosure
[remote] YATinyWinFTP - Denial of Service (PoC)
[remote] Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
[remote] Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure

LiveOverflow

Vulnerabilities

Tools

Exploit Dev

Reddit - Exploit Dev
Running malware samples on VM
Recent Viruses
$100+ for $30 (easy profits) (Amazon Store card method)
[Linux Kernel Exploitation 0x2] Controlling RIP and Escalating privileges via Stack Overflow
why the page fault handler code must never be paged?
exploit development environment
Good assembly project for shedding light on exploit dev?
Salary Expectations?
How do you approach auditing large codebases?
The math for example3.c in prack49 (http://www.phrack.org/issues/49/14.html#article)
Interactive Exploit Development Platform
Fuzzing C/C++ program using honggfuzz (tutorial)
Source Incite
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
Google Project Zero
Windows Exploitation Tricks: Trapping Virtual Memory Access
Hunting for Bugs in Windows Mini-Filter Drivers
In-the-Wild Series: Android Exploits
In-the-Wild Series: Android Post-Exploitation
In-the-Wild Series: Windows Exploits
In-the-Wild Series: Chrome Infinity Bug
In-the-Wild Series: Chrome Exploits
Introducing the In-the-Wild Series
An iOS hacker tries Android
Oops, I missed it again!
Security Researchers
DNS Hijacking – Taking Over Top-Level Domains and Subdomains
Detectify ethical hacker kept the country code domain .cd safe from potential attacks
Flutter based Mac OSX Thick Client SSL Pinning Bypass
Response to NSO Group on the Great iPwn Report
Detectify security updates for January 11
Top 10 Most Critical CVEs Added in 2020
Detectify security updates for December 28
Bring Your Own VM - Mac Edition
Direct Syscalls in Beacon Object Files

Reversing/I like ASM

Reddit - Reverse Engineering
Hook iOS Kernel Functions From Userspace
How To Reverse Engineer RC4 Crypto For Malware Analysis
Modding Framework for Hyper Light Drifter (Linux)
Reverse Engineering Testo Saveris2 firmware
Zelda Drops and RNG - Behind the Code [YouTube]
React Native Application Static Analysis
Process on a diet: anti-debug using job objects
Chain multiple bugs to get unauthenticated remote code execution on the SolarWinds Orion Platform
Hacker's Guide to UART Root Shells (or how to get a quick and easy root shell on your IoT device)
The Role of Working Memory in Program Tracing
Released BsodSurvivor v0.2, which adds support for Windows 10!
Escalating privileges through the Linux eBPF verifier
Reddit - Game Hacks
FiveM / lua executor / dumpernew
Reselling Jojo.cc rainbow six siege cheat one month sub
Reselling JoJo.CC Rainbow Six Siege Cheat For A Month
2K21 EVENT CLOTHING GLITCH IS HERE!! (SAVE WIZARD)
Fallout 76 need new exploit
FORTNITE CHEAP SOFT AIM, ESP and SILENT AIM! 📷
This is a Roblox profile cheat that makes your profile rainbow. All you got to do is goto your Roblox profile. Remove the link, and…
COD COLD WAR MOD MENU
CHEAP FORTNITE SOFT AIM, AIMBOT, ESP, UPDATED AND UNDETECTED
NEW* NBA2K21 CRONUS ZEN VC GENERATOR! UNLIMITED BROKEN VC GLITCH AFTER PATCH 1.06!
NBA 2K21 HOW TO SETUP CRONUS ZEN (GREEN SHOT SCRIPTS + MODS)
cant hack ps2 games
Reddit - REGames
Finding a bounds check for user-defined weather in MS Flight Simulator 2004 and Flight Simulator X (again...)new
Decrushing DOS Doodads
PSX TMD Primitive Type
Reverse Engineering Yakuza 1 and 2 for the ps2
Reverse engineering "Multi-Pulti" (1999) - Part 1
Looking to learn how to reverse engineer video games
A question in regards to network emulation for the Space Marine game
I need to find where the check for this image to be drawn
Reverse Engineering The Saboteur game for Xbox360 with Linux - part 3
Windfish – a GUI tracing disassembler for GB/GBC games
can someone help me reverse engineer among us
Hacking a game with DLL injection [Game Hacking 101]
StackExchange - ReverseEngineering
How to simplify a function "calling itself's reference"new
How to recreate project in android studio after deobfuscation and modifying source code?new
Immunity debugger - find location before a buffer overflow
How can i recognize the length of this array based on the assembly instruction?
open decompiler view of current module (dll) in dynamic analysis
Calculate stack layout with Ida Python
Android app leaking data
Debug 3rd-party apk with .so-files missing debug symbols
Advice on how to attack my first reverse engineering project?
Is it possible to make a dynamic memory allocated .data segment to static in a file?
How can I find the native functions used by the Java Runtime Environment on Linux?
Pin DBI tool - Create executable

Guided Hacking

Malware/APT

Reddit - Malware
Rogue Antivirusnew
Computer can’t download anything to ssdnew
Vadokrist: A wolf in sheep’s clothingnew
Malicious Shell Script Steals Cloud Credentialsnew
Running malware inside VM & security concerns
[Video] Fileless Gozi/Ursnif static analysis and unpacking
Analysis of BitRat dropper
I have no idea what happened with my computer
Dynamic Analysis Tools
[PDF] Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets
Identify sinkhole nameservers
Malwarebytes says some of its emails were breached by SolarWinds hackers
Unit42
Network Attack Trends: Internet of Threats
Wireshark Tutorial: Examining Emotet Infection Traffic
Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs
xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
TA551: Email Attack Campaign Switches from Valak to IcedID
The History of DNS Vulnerabilities and the Cloud
SolarStorm Supply Chain Attack Timeline
Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
SUPERNOVA: A Novel .NET Webshell
Threat Brief: SolarStorm and SUNBURST Customer Coverage
PyMICROPSIA: New Information-Stealing Trojan from AridViper
Threat Brief: FireEye Red Team Tool Breach
FireEye Threat Research
Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction
Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction
Emulation of Kernel Mode Rootkits With Speakeasy
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
SUNBURST Additional Technical Details
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Unauthorized Access of FireEye Red Team Tools
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
Election Cyber Threats in the Asia-Pacific Region
Purgalicious VBA: Macro Obfuscation With VBA Purging

Bug Bounties

Crypto

Reddit - Crypto
Applied Cryptology Coursenew
Optimizing Pairing-based cryptographynew
Researchers in China used drones to prototype a small quantum network using lasercom (18th Jan 2021)
Question about block cipher
"Argon2 is weaker than bcrypt for runtimes < 1000ms" - Why is that?
Differential and linear attack on my toy cipher
Where to start?
Hybrid encryption and the KEM/DEM paradigm
Question about OneAndZeroes and TrailingBitComplement Paddings
Key generation for curve25519
Hey what do you guys think about CELO is it a good buy right now ??
Curious about the reasoning behind JWT choices
StackExchange - Crypto
Why should a distribution being pseudorandom strictly be a sequence of distributions being pseudorandomnew
Diffie Hellman protocol connect to DES [closed]new
Deterministic generation of secure private keys from parent private keynew
Need help to understand this RSA common modulus attack Python codenew
Can we build two messages with same MD5 but different size? [duplicate]new
What encryption mode should i use to protect CAN bus communication?new
Why this function isn't preimage resistant?new
Significance of parameter q in NTRU lattice attacknew
Question about SSH host key algorithms
Schnorr Protocol Implementation - Sometimes Fails on Curve25519
How reliable is sagecipher?
In RSA, what happens if the plaintext $m$ is not coprime to $n$? [duplicate]

Podcasts

Security Weekly
There Was Definitely Harm Done - PSW #680
The Floppy Tangent - PSW #679
The Breath of the Targets - PSW #678
This Is How You Get Skynet - PSW #677
The Whole Crew's Awesome - PSW #676
Sometimes, Computers Just Freak Out - PSW #675
Junior High Geometry - PSW #674
We Don't Give A Font - PSW #673
Paranoid Security Professionals - PSW #672
Risky.Biz
Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim
Risky Business #610 -- Propellerheads in dark on JetBrains
Risky Biz Soap Box: Mapping NIST 800-53 to MITRE ATT&CK
Risky Business #609 -- It's not NotPetya
Risky Business #608 -- FireEye discloses breach and tool exfil
Risky Biz Soap Box: VMRay co-founders on the evolution of sandbox tech
Risky Business #607 -- Trump lawyer calls for Krebs' execution, ransomware insurance getting wobbly
Risky Business #606 -- BEC nukes Australian hedge fund
Risky Biz Soap Box: Bugcrowd CEO Ashish Gupta
Risky Business #605 -- Trump fires CISA director Chris Krebs
Risky Business #604 -- Election-related cyber shenanigans fail to materialise
Risky Business #603 -- YOU get sanctions, and YOU get sanctions
The CyberWire
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]new
Trickbot may be down, but can we count it out? [Research Saturday]
Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
More on that Solorigate threat actor, especially its non-SolarWinds activity. Chimera’s new target list. Executive Order on reducing IaaS exploitation. The case of the stolen…
EMA emails altered before release in apparent disinformation effort. Vishing rising. Another backdoor found in SolarWinds supply chain campaign. An arrest and a stolen laptop.
Encore: You will pay for that one way or another. [Caveat]
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Manufacturing sector is increasingly a target for adversaries. [Research Saturday]
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA,…
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Cyber Security Interviews
#110 – Ryan Louie: Security Starts In the Mind
#109 – Amanda Berlin: Happier People Stay Longer
#108 – Bill Hudenko: The Mind Body Connection
#107 – Daniel Wood: We Don’t Have Enough Skilled People
#106 – Jasson Casey: Hire Missionaries, Not Mercanaries
#105 – John Hammond: Raise The Cyber Security Poverty Line
#104 – David Wong: Many Layers of Complexity
#103 – Jeff Hussey: Try Not To Make More Than One Mistake In a Row
#102 – John Ford: Keeping The Organization Informed
#101 – Brandon Hoffman: Align Security To Business Outcomes
#100 – Douglas Brush: Cybersecurity Is Psychological
ISC Daily Stormcast
ISC StormCast for Monday, January 25th, 2021new
ISC StormCast for Friday, January 22nd, 2021
ISC StormCast for Thursday, January 21st, 2021
ISC StormCast for Wednesday, January 20th, 2021
ISC StormCast for Tuesday, January 19th, 2021
ISC StormCast for Monday, January 18th, 2021
ISC StormCast for Friday, January 15th, 2021
ISC StormCast for Thursday, January 14th, 2021
ISC StormCast for Wednesday, January 13th, 2021
ISC StormCast for Tuesday, January 12th, 2021
Darknet Diaries
83: NSA Cryptologists
82: Master of Pwn
81: The Vendor
80: The Whistleblower
79: Dark Basin
78: Nerdcore
77: Olympic Destroyer

Threat Intel

Reddit - Onions
Self-delete programnew
How do I tell scam sites from legitimate sites on the dark web?new
Shadow Wallet...new
Is there any reason to use a pirate bay onion rather than the clearnet URL?new
Modded Zombies Lobbies- Instant Dark Ether, High Xp Lobbies and More. Join discord for more infonew
Does Onion Browser use WebRTC? If so how do I disable it? Thank you. 🙏🏼
How to promote onion site
As a normie, what would it take to make a secure TOR website?
Gaming
"Steroid King"
Question
find out more about tor hidden services
Reddit - Pwned
Cybersecurity device company SonicWall says its internal systems were targeted using zero-day exploits in its own products
Einstein Healthcare Network (Pennsylvania) notifies Patients of August email breach, 5 months later
Scotland environmental regulator hit by ‘ongoing’ ransomware attack since Christmas Eve - internal systems and external data products are still offline
Washingtonstate -based Jefferson Healthcare falls victim to phishing attack, 2,500+ patients' data exposed
European Medicines Agency compromised by cybercriminals who 'manipulated' stolen COVID-19 vaccine data before leaking it online, in an attempt to "undermine trust" in COVID-19 vaccines
eHealth cyberattack affected millions of files, was one of Sask.'s worst breaches ever: privacy commissioner | CBC News
Ubiquiti, enterprise networking company, notifies customers of a 3rd-party breach, encourages customers to change passwords and enable MFA
Ubiquiti / Third Party Vendor Data Breach
70TB of Parler users' data leaked by "security researchers"
New Zealand Reserve Bank suffers data breach via compromised 3rd-party storage partner
United Nations data breach exposed over 100k UNEP staff records
Japan's Kawasaki Heavy Industries discloses security breach, potential data leak
HaveIBeenPwned
Nitro - 77,159,696 breached accounts
Romwe - 19,531,820 breached accounts
Jobandtalent - 10,981,207 breached accounts
Glofox - 2,330,735 breached accounts
GeniusU - 1,301,460 breached accounts
Ledger - 1,075,241 breached accounts
Peatix - 4,227,907 breached accounts
Pluto TV - 3,225,080 breached accounts
Cit0day (unverified) - 226,883,414 breached accounts
123RF - 8,661,578 breached accounts
Home Chef - 8,815,692 breached accounts
Animal Jam - 7,104,998 breached accounts

Privacy/VPNs

Slashdot - Rights
Andrew Yang Proposes a Local Currency, Sees Growing Support for Universal Basic Incomenew
Ransomware Attackers Try Publishing 4,000 Scottish Government Agency Filesnew
New Site Extracts and Posts Every Face from Parler's Capitol Hill Insurrection Videosnew
US Treasury Nominee Yellen Wants to Encourage Cryptocurrencies -- 'For Legitimate Activities'
GitHub Reverses Takedown of Code for Anime Torrent Site Despite Film Group's DMCA
Intelligence Analysts Use US Smartphone Location Data Without Warrants, Memo Says
FTC Fines Three Ticket Scalping Companies For Illegally Using Bots
A Home Security Worker Hacked Into Surveillance Systems To Watch People Have Sex
Federal Judge Blocks Parler's Bid To Be Restored on Amazon Web Services
Microsoft Patent Shows Plans To Revive Dead Loved Ones As Chatbots
There's Still No Sign of Privacy Labels On Most Google iOS Apps
Biden Names Jessica Rosenworcel Acting FCC Chair
Reddit - Privacy
Cloud storage for photosnew
Is there a privacy alternative to echo and google home?new
Computer to computer communicationsnew
I have a extreamly abusive ex and I need help.new
Is it time to leave WhatsApp – and is Signal the answer?new
Do wireless mouse drivers ever include spyware?new
Userbase: tool to add end-to-end encrypted storage and authentication to an app in a few lines of code, 100% open sourcenew
Do I need to host my own jitsi server for it to be private? Is there an easy guide on how to do it? I…new
Youtube Vanced inside of Shelter appnew
Diving innew
WhatsApp loses millions of users after terms updatenew
App vs loginnew
Reddit - VPN
VPN for chrome ssh extension/appnew
Hotspot Shield v8.71 Blocked At Worknew
I have Australian Netflix and want to watch US Netflixnew
Help using VPN to stream videosnew
Norton VPN: Credible or Nah?new
Can VPNs see https content?new
Created my own vpn having trouble connecting via commandline..new
Started using name cheap vpn what you guys thoughts of it I love it does everything I need it to with good pricenew
Question about download speedsnew
When setting up Wireguard as VPN protocol, which port is the best for security and to avoid data leak during connection drop? UDP ports 2049,…
Mozilla VPN and Netflix?
If I want to use gmail, google drive, and other services by google, do I have to turn off my VPN?

Help Wanted

Reddit - AskNetSec
Is there a risk to servers on separate subnets sharing SAN storage?new
Web Application Penetration Testing Methodology
How do SOC Analysts investigate malicious IP alerts
External sender caution necessary?
(Thesis) What are the most common ways network-level parental controls are broken?
Vulnerability Management
Does the android version matters when testing android app?
Embedded Systems Security
Practical Malware Analysis Labs Chapter 3
How would YOU store customer data in a database?
Reddit - Netsec Students
OSCP Prep LIVE | Vulnhub Inclusiveness vs Security Onion | Can we detec...new
Networking - Load Balancernew
Linux Privilege Escalation Part1 : TryHackMe common priv escnew
Ethical Hacking From Scratch - Exploit Exercises - Nebulanew
Mentoring open for 5 personsnew
Abusing Dropbox's API For C&C Communication
New to this world, please HELP
Anyone do a masters? Experiences?
Analysis of Android Worm that spreads via WhatsApp messages as Huawei Mobile app
Question: Is there a way to differentiate failed logon attempts from software and from user in event viewer?
What should I do? Pretty confused
PXinteract, to interact with shell commands/ external programme in python.
Stackoverflow - Security
How to make sure the app we download from its official website and its open-source release are exactly the same?new
Best way to handle animated GIF with PHPnew
eval() equivalent in this cases? | javascript [duplicate]new
Why does using JWT refresh tokens protect against CSRF during authentication?new
Can I trust user input here?new
How to move passwords away from docker-compose.ymlnew
Limit access to PHP scripts to my server and specific othersnew
Secure Apache Site Permissionsnew
Take information while they are viewing my page
Secret info & EC2 CodeDeploy?
C# and TPM Functions
Stopping malicious Ajax requests
Stack Exchange
Are Brave Browsers Sync encryption parameters secure enough?new
dictionary that is assembled for cracking passwordsnew
SSL handshake - what is the purpose of the finishedClient message?new
Evil DNS + Phishing with evilginx2 [closed]new
Are my devices and information vulnerable in a public network? what are some solutions?new
Can a host be accessed when using a VM on a network?new
Local attacks on windows, using network device, or/and rogue attack devicesnew
I forgot which encryption I use [closed]new
To what extent can Ajax pose a security problem? [closed]new
I mistyped a `pip install` command. Could my system have been compromised?new
Does formatting an SSD securely delete all data?new
Plausible way to manipulate timecode on cctv [closed]new

Locks/Social Engineering

Reddit - Lockpicking
I was talking about a 7-pin Best lock with someone earlier. I'm not sure if this will help, but it might...new
Kwikset SmartKey generationsnew
Cx-5 Scorpion picked and gutted. (Brown belt) thanks to u/Mugatu68 for all his help.new
Brinks Brass - first real padlocknew
Got my first dimple lock open today... ISEOnew
Got this to operating and control today. I'm very new to SFIC locks but have had a lot of fun with thisnew
First challenge locknew
Medeco Biaxial 51S (6 pins) picked and gutted - I'm finally at this club 😜new
Mul-T-Lock Interactive + with spool drivers. Took a while to learn how to pick this lock. The recorded version took longer than the test runs,…new
Gere shutter dd padlock opened.new
Database of lockpick profiles?new
BANDITO Challenge Lock picked and gutted - YOU ARE VIEWING YOUR OWN RESPONSIBILITY 😉new
Reddit - Social Engineering
TOP 5 Best Social Media Detox Tips & THE IMPORTANCE OF SOCIAL MEDIA DETOXnew
Protest , poetry , Democracy and Cinema. Narrative is in Bengali language.new
Someone tried to socially engineer me yesterday and it was sad.
Insider Threat study
How to engineer someone to tell you their name on the phone! Help please
Are Magicians Social Engineers?
CTF flags from social engineering competitions?
Is social engineering a one-size-fits-all?
Podcasts
Inlufnce Linkedin
New liberal politics , lndia and our journalism. Narrative is in English language.
Subliminal Persuasion for Social Engineers

Hak5

Security Blogs

Security Bloggers Network
DEF CON 28 Safe Mode IoT Village – t1v0’s ‘In Search Of The Perfect UPnP Tool’new
Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 313’new
Pcaps and the Tools That Love Them Part 2 of ???new
DEF CON 28 Safe Mode IoT Village – Troy Brown’s ‘Pandemic In Plaintext’new
Calling [Compiled] Swift from R: Part 2new
2020 Data Breaches Point to Cybersecurity Trends for 2021new
SwiftR Switcheroo: Calling [Compiled] Swift from R!
DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
Requiescat In Pacem, Henry Louis (Hank) Aaron 1934 – 2021
DEF CON 28 Safe Mode IoT Village – Sanjana Sarda’s ‘Kicking Devices, Taking CVEs: Zoomer Guide To Hacking’
Encoded Tyranny: Was Reagan’s “Shining City on a Hill” Intolerance for Dissent?
To Deepfake the Dead Can Be Very Right
ThreatPost
Microsoft Edge, Google Chrome Roll Out Password Protection Tools
Amazon Kindle RCE Attack Starts with an Email
ADT Tech Hacks Home-Security Cameras to Spy on Women
Discord-Stealing Malware Invades npm Packages
Ransomware Attackers Publish 4K Private Scottish Gov Agency Files
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Einstein Healthcare Network Announces August Breach
SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
Google Forms Set Baseline For Widespread BEC Attacks
Google Searches Expose Stolen Corporate Credentials
Critical Cisco SD-WAN Bugs Allow RCE Attacks
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
digitalmunition
Breach at Indian exchange BuyUCoin allegedly exposes 325K users’ personal datanew
Cyberpunk 2077: New Update 1.1new
5 PaaS security best practices to safeguard the application layernew
Google Loon shut down?new
Erste Schtzungen: Aecom Technology stellt das Zahlenwerk zum vergangenen Quartal vor | Nachrichtnew
SNP SE und Rackspace Technology schließen Partnerschaft
Solorigate updates. Congress has a long course of post-riot IT security remediation ahead.
Tesla claims a software engineer stole critical automated software from its WARP Drive system
Jack, Is There Something You’re Not Telling Us…
ERPNext 12.14.0 – SQL Injection (Authenticated)
Atlassian Confluence Widget Connector Macro – SSTI
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery ≈ Packet Storm
eHacking News
Ransomware Group Published More Than 4,000 SEPA's Files Onlinenew
Data Breach: Chipmaker Intel Shares Fall by 9%new
ADT Technician Hacks Into Security Footage to Spy on Naked Womennew
Experts found a vulnerability in the application of the Moscow State Servicesnew
Location Data of More Than 100 Million Users Got Compromised
CBI Booked Firms for Harvesting Data of 5.62 Lakh Indian Facebook Users
CHwapi Hospital Suffers a Ransomware Attack
Digital Concentration Camp: Tech giants are playing God
Cyber Security Researcher Exposes the Biggest Threat Regarding YouTube Users Privacy
The Streamer for Gamer Nvidia Shield Tv Detected with Security Bugs
Indian Crypto Exchange BuyUcoin Hacked
Naavi: Information collected from WhatsApp would be shared with Facebook and eventually be used for advertising
Wired - Security
The Truth About North Korea’s Ultra-Lockdown Against Covid-19new
Flash Is Dead—but Not Gonenew
The FTC Cracks Down on Bot-Wielding Ticket Scalpers
Chrome and Edge Want to Help Solve Your Password Problems
Parler Finds a Reprieve in Russia—but Not a Solution
A Site Published Every Face From Parler's Capitol Riot Videos
The SolarWinds Hackers Used Tactics Other Groups Will Copy
Trump’s Worst, Most Bizarre Statements About ‘the Cyber’
Former DOD Head: The US Needs a New Plan to Beat China on AI
The FBI Has Made Over 100 Arrests Related to the Capitol Riot
The Race Is On to Identify and Stop Inauguration Rioters
Big Tech Can’t Ban Its Way Out of This
Krebs on Security
New Charges Derail COVID Release for Hacker Who Aided ISIS
Joker’s Stash Carding Market to Call it Quits
Microsoft Patch Tuesday, January 2021 Edition
Ubiquiti: Change Your Password, Enable 2FA
All Aboard the Pequod!
Hamas May Be Threat to 8chan, QAnon Online
Happy 11th Birthday, KrebsOnSecurity!
VMware Flaw a Vector in SolarWinds Breach?
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
SolarWinds Hack Could Affect 18K Customers
U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise
Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company
Naked Security
US administration adds “subliminal” ad to White House website
S3 Ep16: Darkweb bust, security at home, and browser snoopage [Podcast]
Has the coronavirus pandemic affected Apple’s hardware design?
Naked Security Live – Staying safe online at home (especially if you’re homeschooling!)
Europol announces bust of “world’s biggest” dark web marketplace
S3 Ep15: Titan keys, Mimecast certs and Solarwinds [Podcast]
Home schooling – how to stay secure
Naked Security Live – HTTPS: do we REALLY need it?
Google Titan security keys hacked by French researchers
S3 Ep14: Money scams, HTTPS by default, and hardcoded passwords [Podcast]
Zyxel hardcoded admin password found – patch now!
Chrome browser has a New Year’s resolution: HTTPS by default
Schneier on Security
Friday Squid Blogging: Vegan Chili Squid
SVR Attacks on Microsoft 365
Sophisticated Watering Hole Attack
Injecting a Backdoor into SolarWinds Orion
Friday Squid Blogging: China Launches Six New Squid Jigging Vessels
Click Here to Kill Everybody Sale
Cell Phone Location Privacy
Finding the Location of Telegram Users
On US Capitol Security — By Someone Who Manages Arena-Rock-Concert Security
Cloning Google Titan 2FA keys
Changes in WhatsApp’s Privacy Policy
Friday Squid Blogging: Searching for Giant Squid by Collecting Environmental DNA
Linux Security
OpenWRT reports data breach after hacker gained access to forum admin account>
Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed>
CloudLinux CentOS Replacement Available this Quarter, Named AlmaLinux>
Linux Mint fixes screensaver bypass discovered by two kids>
SolarWinds defense: How to stop similar attacks>
CloudLinux readies CentOS Linux replacement: AlmaLinux>
This Decade's Most Significant Security Vulnerabilities at a Glance>
What must be done to bring Linux to the Apple M1 chip>
Microsoft Defender for Linux now has endpoint detection and response security>
Security-Focused Tails OS Plans To Switch From Xorg To Wayland>
StackRox Acquisition By Red Hat Underscores The Significance Of DevSecOps>
Nvidia has patched several serious security flaws affecting Windows and Linux devices>
Dark Reading
Intel Confirms Unauthorized Access of Earnings-Related Data
Speed of Digital Transformation May Lead to Greater App Vulnerabilities
Why North Korea Excels in Cybercrime
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Breach Data Shows Attackers Switched Gears in 2020
Attackers Leave Stolen Credentials Searchable on Google
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
7 Steps to Secure a WordPress Site
Hacker Pig Latin: A Base64 Primer for Security Analysts
Rethinking IoT Security: It's Not About the Devices
Microsoft Releases New Info on SolarWinds Attack Chain
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
Securelist
Whitehat Security Blog
HITB News
Security firm Malwarebytes was infected by same hackers who hit SolarWinds
New SolarWinds hack victims emerging every day, as Malwarebytes goes public on breach
A Chinese hacking group is stealing airline passenger details
Microsoft: How 'zero trust' can protect against sophisticated hacking attacks
Signal and other video chat apps found to have some major security flaws
Top DNS service may be suffering from some serious security flaws
Palantir’s God’s-Eye View of Afghanistan
How law enforcement gets around your smartphone’s encryption
New MacBook Pro models will arrive this year with MagSafe, M1 successor
US declares Xiaomi a “Communist Chinese military company,” bans investments
A security researcher commandeered a country’s expired top-level domain to save it from hackers
The NSA warns enterprises to beware of third-party DNS resolvers
The RISKS Digest
AI algorithm over 70% accurate at guessing a person's political orientation
Riot in the Capitol is a nightmare scenario for cybersecurity professionals
In-Garage Delivery: Amazon Key
Re: Voting Systems: The Cherry and the Cream
Risk Management and Two-Dose Vaccines
Hacker Locks Internet-Connected Chastity Cage
Lack of Tiny Parts Disrupts Auto Factories Worldwide
Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes
IPhone12 will stop your implantable defibrillator
IRS rushes to fix error that sent millions of stimulus payments to wrong bank accounts
ESS voting machine company sends threats
The Parler API was open without authentication. One or more third parties have done full downloads
Kaspersky Blog
Transatlantic Cable podcast, episode 183
COVID-19 lockdowns stall career progressions for women in tech
Telegram security and privacy tips
Kaspersky Transatlantic Cable podcast, episode 182
An employee, fired
How to tell if a website is taking your (browser) fingerprints
Delivery payment fraud
Gone in a Flash
Hard-coded account in ZyXel equipment
Ethernet, now broadcasting
Transatlantic Cable podcast, episode 181
Air-Fi is another path to stealing data from an isolated computer
Adam Shostack & friends
Digital Guru Books
Humble Bundle: Good, Cheap Books
It’s 2021: Have you checked your backups?
Vaccines
Just the Great Conjunction of Saturn and Jupiter…shot from the moon
Dinosaur Feathers
Chang’e 5!
The Asset Trap
Elevation of Privilege In a Time of Cholera, Redux
Charley Pride (1934-2020)
Fireeye Hack & Culture
We Need a Discipline of Cybersecurity Public Health
Graham Cluley
Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack
Is Joe Biden’s Peloton a cybersecurity risk? Don’t sweat about it
Google Chrome wants to fix your unsafe passwords
Post-ransomware attack, Hackney Council wants to change its cybersecurity culture
Smashing Security podcast #211: Fleeking, COVID-19 hacking, and Bitcoin balls-ups
How most large cloud breaches happen revealed in Orca Security report
Scottish environmental agency still struggling after Christmas Eve ransomware attack
Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads
Cybercriminals are bypassing multi-factor authentication to access organisation’s cloud services
Orca Security public cloud security report reveals how most large cloud breaches happen
Smashing Security podcast #210: DC rioters ID’d, Energydots, and ransomware gets you in a pickle
Rapid7
NICER Protocol Deep Dive: Internet Exposure of NTP
Principles for personal information security legislation
You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace
InsightIDR: 2020 Highlights and What’s Ahead in 2021
Metasploit Wrap-Up
NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS
Patch Tuesday - January 2021
Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations
What’s New in InsightAppSec and tCell: Q4 2020 in Review
How COVID-19 Reinforced the Need for Mobile Device Management
What’s New in InsightVM: Q4 2020 in Review
NICER Protocol Deep Dive: Internet Exposure of DNS
Hacker News (YCombinator) - Security
How Did the Duck Hunt Gun Work?new
Hacking Habit Development with iOS Shortcutsnew
Our experience with the Fediverse, and why we leftnew
Show HN: Plant-based flavor enhancer – hack your tastebuds to eat healthynew
MouSTer Brings USB to Retro Computersnew
Baffling Brexit rules threaten export chaosnew
Software engineering topics I changed my mind on after 6 years in the industry
Software engineering topics I changed my mind on
FAA Files Reveal a Surprising Threat to Airline Safety: US Military's GPS Tests
Cryptocurreny Crime Is Way Ahead of Regulators and Law Enforcement
Cryptocurreny crime is way ahead of regulators and law enforcement
Malware found on laptops given out by government
Hacker Noon #Security
Your Guide To Managed IT Servicesnew
Why Your Business Should Use Enterprise Password Management in 2021new
Why we Prefer "Reasonable" False Negatives to Raising False Positives new
7 Reasons to Choose Flutter for Mobile App Development in 2021new
Technology To Make You Feel Safer Online
Cybersecurity Is No Longer "Optional"
I Built An Ethereum-based Fully Decentralized Voting System
Understanding the background of the Hospital Bed Rental Industry
California's Current Privacy Rights Under CCPA
Essential Cybersecurity Measures for Healthcare IoT
Do Cybercriminals Already Have Access To Your Email?
AT PARSIQ, We Make Blockchain Notifications With Better Security, Compliance and Insights

Security in Mainstream Media

Google News Hacking
Intel says it wasn’t hacked after all; blames internal error for financial results leaking out - OregonLivenew
Former ADT Security Technician Pleads Guilty to Hacking Customers - MSSP Alertnew
Internet-based chastity belts hijacked by malicious hackers - Boing Boingnew
The impact of Bitcoin hacking incidents in the crypto market - Cointelegraphnew
Iranian government tried to recruit US hacker on LinkedIn - Business Insidernew
Hacker leaks data of 2.28 million dating site users - ZDNetnew
Indian Crypto Exchange Buyucoin Hacked, Sensitive Data of 325K Users Reportedly Leaked – Exchanges - Bitcoin Newsnew
When Appliance Hackers Hit The Music Scene - Hackadaynew
Hackers demands Rs 10 crore-extortion from Ghaziabad man, threaten to circulate personal details - India TV News
Wheeling highway message board hacked with explicit anti-government message - WTRF
Swabi varsity's website hacked twice in a week - DAWN.com
Swabi varsity’s website hacked twice in a week - DAWN.com
Google Cyber Security
Managed Cyber Security Services Market Report | Size, Growth, Demand, Scope, Opportunities and Forecast 2020-2027 - NeighborWebSJnew
Automotive Cyber Security Market Report | Size, Growth, Demand, Scope, Opportunities and Forecast 2020-2027 – NeighborWebSJ - NeighborWebSJnew
New Task Force Taps Public, Private Sectors to Combat Ransomware - MSSP Alertnew
State to implement Rs900-crore cyber security project: HM Deshmukh - Times of Indianew
Japan to hold 1st competitive cybersecurity talent search - Japan Todaynew
Internet of Things Connected Devices Are Inherently Insecure, Say Tech Experts - BroadbandBreakfast.comnew
Biden enlists 'world class' cyber security team - iTnewsnew
Healthcare Cyber Security Market Prediction after Covid Pandemic and Analysis Offered By New Study 2020 – 2026 – Reviewindependent - Reviewindependentnew
Industrial Cyber Security Market Analysis and In-depth Research on Size, Trends, Emerging Growth Factors and Regional Forecasts to 2026 – Reviewindependent - Reviewindependentnew
How To Profit From The Cybersecurity Boom: Check Out Check Point Software - Seeking Alphanew
Cyber Security Insurance Market Report | Size, Growth, Demand, Scope, Opportunities and Forecast 2020-2027 – NeighborWebSJ - NeighborWebSJnew
Cyber Security Market Report | Size, Growth, Demand, Scope, Opportunities and Forecast 2020-2027 – NeighborWebSJ - NeighborWebSJnew

Thirsty for more

Hacker News (YCombinator)
Applications of Deep Neural Networks v2 [pdf]new
How Did the Duck Hunt Gun Work?new
Need advice or assistance for son who is in prisonnew
18.7 Million Americans Vaccinatednew
18.7 Million Americans Vaccinatednew
Sales of electric cars up by 43% in 2020new
Krita 4.4.2 Releasednew
American Airlines has so much extra wine that it is starting a delivery servicenew
Papercraft Models of Computersnew
Universal basic income doesn’t impact worker productivitynew
WhatsApp loses millions of users after terms updatenew
Ordering burritos from my SPARC (1992)new
Reddit - Cyberpunk
Emails an extension developer gets from companies wanting to insert malwarenew
I wrote a cyberpunk novel. Check it out.new
Some of my Favorite Films with some of my favorite music, enjoy.new
This A.I. Reviewed A Cyberpunk Themed Novel. Here's what it said: — THE AMARANTH CHRONICLESnew
"On Stage" by Dangiuznew
One step closer to being a cyborgnew
Not sure if Cyberpunk enoughnew
Haze (2021)new
My latest 3d work, Cyberpunk Girlnew
I'm a solo dev working on a cyberpunk city building game, what do you think?new
A cyberpunk/Blade runner inspired dystopian city soundscape I made.new
Archive Movie: discussionnew
Reddit - Security CTF
Compromised: Hack The Box Walkthroughnew
Professional CTF player?new
Try getting the flag.new
HACK IT IF YOU CANnew
The Absolute Beginner Pentesting : Pickle Rick CTF TryHackMe
Implant development CTF?
Replacing Binaries in the PATH
CrowdStrike CTF
Learning to create my own CTF with CTFd
OSINT CTFs?
RCE using glob
Free Bug bounty 100 uniques security issues learning in JUST 20 hours
Reddit - Sysadmin
Snipe-IT and its "Locations" featurenew
Type of Fibre Connector?new
Bios update for Lenovo Thinkcentre M72e through DOSnew
Which is More Secure for a Server: Rolling Release Distros or Fixed Release Distros?new
Allowing Zoom Screen Sharing over Different vLansnew
DHCP over WANnew
adfs cert for enterpriseregistration.domain.comnew
A Couple of questionsnew
Possible to set up 2 hosted email providers on the same domain name? (Split delivery)??new
SBS 2011 SMTP helpnew
OFfice365 MFA with Yubikey/FIDO2?new