Daily Security News
PacketStorm
Microsoft Taps Eric Holder To Audit AnyVision Face Recognition new- Design Flaw Leaves Bluetooth Devices Vulnerable new
- Thousands Of Hacked Disney+ Accounts Are Already For Sale new
- DDoS Kingpin Gets 13 Months, Massive Fine new
- US Charges Men With Cryptocurrency Theft, SIM-Swapping Attacks
- What The Checkra1n Jailbreak Means For iDevice Security
- Open Database Exposes 93M Files On Substance Abuse Patients
- The Myth Of The Sophisticated Hacker
- Breach Affecting 1 Million Was Caught Only After Hacker Maxed Out Target's Storage
- Cryptoqueen Brother Admits Role In OneCoin Fraud
- Threat Actor Impersonates USPS To Deliver Backdoor Malware
- This App Will Tell You If Your iPhone Gets Hacked
The Register
- Denial of service kingpin hit with 13 months denial of freedom and a massive bill to pay
- 1Password hopes to cross some items off its todo list with help from $200m in venture capital
- Try as they might, ransomware crooks can't hide their tells when playing hands
- What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges
- Infosec boffins pour cold water on claims Home Office Brexit app can be easily hacked
- UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball
- Londoner accused of accessing National Lottery users' accounts
- Russian bloke charged in US with running $20 million stolen card-as-a-service online souk
- Shock! US border cops need 'reasonable suspicion' of a crime before searching your phone, laptop
- This November, give thanks for only having one exploited Microsoft flaw for Patch Tues. And four Hyper-V escapes
- Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)
- True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant
Reddit - NetSec
- Networked-Hackthebox writeup by sif0 new
- WhatsApp bug: CVE-2019-11931 new
- Infectious Executable Stacks [GNU C nested functions] new
- WhatsApp flaw CVE-2019-11931 could be exploited to install spyware new
- Networked writeup by phaz0n new
- New Variant of ZombieLoad enables attacks on MDS-resistant CPUs new
- HacktheBox-Networked new
- Hack The Box - Networked Write-up by 0xRick new
- Hack The Box: Networked - Writeup by Khaotic new
- Generate reverse shell from CLI for linux and Windows. new
- Cracking passwords to prevent credential stuffing
- Nov 21 live webinar: The OWASP API Security Top 10
Bleeping Computer
- Microsoft Removes Windows 10 1909 Realtek Driver Update Block new
- Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign new
- The Week in Ransomware - November 15th 2019 - Holy Ransomware
- Windows 10 Build 19025 With Throttled Search Indexer Out for Insiders
- US Govt Recommends Vendor System Configs To Block Malware Attacks
- New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
- DDoS-for-Hire Services Owner Sentenced to 13 Months in Prison
- Google Fixes White Screen Problem in Chrome, Admins Furious
- Silly Phishing Scam Warns That Your Password Will be Changed
- Two Charged Over Crypto Theft via SIM Swapping, Death Threats
- Intel Patched 77 Vulnerabilities in November 2019 Platform Update
- ProtonMail Thanks Paid Accounts by Giving 5GB Extra Storage
The Hacker News
- New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices new
- Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping
- New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks
- Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices
- Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage
- 4 Best Free Online Security Tools for SMEs in 2020
- The Comprehensive Compliance Guide (Get Assessment Templates)
- New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs
- Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices
- Is Facebook Secretly Accessing Your iPhone's Camera? Some Users Claimed
- Amazon's Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password
- Hackers Breach ZoneAlarm's Forum Site — Outdated vBulletin to Blame
Threat Wire
Exploits
Packet Storm Exploits
- FreeRadius 3.0.19 Logrotate Privilege Escalation
- Raritan CommandCenter Secure Gateway Cross Site Scripting
- TP-Link Archer VR300 1 Cross Site Scripting
- WordPress Social Photo Gallery 1.0 Remote Code Execution
- iOS mediaserverd Integer Overflow Sandbox Escape
- Shrew Soft VPN Client 2.2.2 Unquoted Service Path
- FusionPBX Operator Panel exec.php Command Execution
- FusionPBX Command exec.php Command Execution
- FreeSWITCH Event Socket Command Execution
- Ubuntu shiftfs refcount Underflow / Type Confusion
- Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
- oXygen XML Editor 21.1.1 XML Injection
Exploit-DB Webapps
- [webapps] Xfilesharing 2.5.1 - Arbitrary File Upload
- [webapps] Linear eMerge E3 1.00-06 - Remote Code Execution
- [webapps] FUDForum 3.0.9 - Remote Code Execution
- [webapps] Technicolor TD5130.2 - Remote Command Execution
- [webapps] Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
- [webapps] gSOAP 2.8 - Directory Traversal
- [webapps] Fastweb Fastgate 0.00.81 - Remote Code Execution
- [webapps] Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting
- [webapps] Prima FlexAir Access Control 2.3.38 - Remote Code Execution
- [webapps] Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting
- [webapps] Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting
- [webapps] eMerge E3 1.00-06 - Unauthenticated Directory Traversal
Exploit-DB Local and Privilege Escalation
- [local] Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path
- [local] oXygen XML Editor 21.1.1 - XML External Entity Injection
- [local] ScanGuard Antivirus 2020 - Insecure Folder Permissions
- [local] Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
- [local] Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path
- [local] Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path
- [local] RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path
- [local] Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)
- [local] Wondershare Application Framework Service - "WsAppService" Unquote Service Path
- [local] _GCafé 3.0 - 'gbClienService' Unquoted Service Path
- [local] Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
- [local] XML Notepad 2.8.0.4 - XML External Entity Injection
Exploit-DB DoS
- [dos] Siemens Desigo PX 6.00 - Denial of Service (PoC)
- [dos] iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
- [dos] Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream
- [dos] iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
- [dos] Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)
- [dos] FileOptimizer 14.00.2524 - Denial of Service (PoC)
- [dos] JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
- [dos] macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
- [dos] WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive
- [dos] Apple macOS 10.15.1 - Denial of Service (PoC)
- [dos] WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
- [dos] JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
Exploit-DB Shellcode
Exploit-DB Papers
Exploit-DB Remote
- [remote] eMerge E3 Access Controller 4.6.07 - Remote Code Execution
- [remote] eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
- [remote] CBAS-Web 19.0.0 - Information Disclosure
- [remote] rConfig - install Command Execution (Metasploit)
- [remote] Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
- [remote] Nostromo - Directory Traversal Remote Command Execution (Metasploit)
- [remote] MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
- [remote] Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow
- [remote] Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution
- [remote] Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass
- [remote] Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) new
- [remote] Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
Hak5
Vulnerabilities
Bugtraq
- Vulnerability Disclosure and CVE assign
- Vulnerability Disclosure
- [SECURITY] [DSA 4563-1] webkit2gtk security update
- [SECURITY] [DSA 4567-1] dpdk security update
- [SECURITY] [DSA 4566-1] qemu security update
- [SECURITY] [DSA 4565-1] intel-microcode security update
- FreeBSD Security Advisory FreeBSD-SA-19:25.mcepsc
- FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- [SECURITY] [DSA 4564-1] linux security update
- [SECURITY] [DSA 4562-1] chromium security update
- Minor security issue in punbb with SQLite
- WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006
Full Disclosure
- [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius
- c0c0n 2020 Middle East| Abu Dhabhi | The cy0ps c0n - CFP & CFW is Open !
- Raritan CommandCenter Secure Gateway XSS Vulnerability on < 8.0
- Raritan CommandCenter Secure Gateway XML External Entity < 8.0
- Stored XSS Vulnerability on TP-Link Archer VR300 v1
- WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution
- Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
- Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
- Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]
- Getting the server ip from a hosted XenForo CMS
- ScanGuard Antivirus (latest version) / Insecure Permissions
- Vulnerability Disclosure and CVE assign
Tools
CyberPunk nowhere.net
Darknet
- Sooty – SOC Analyst All-In-One CLI Tool
- UBoat – Proof Of Concept PoC HTTP Botnet Project
- LambdaGuard – AWS Lambda Serverless Security Scanner
- exe2powershell – Convert EXE to BAT Files
- HiddenWall – Create Hidden Kernel Modules
- Anteater – CI/CD Security Gate Check Framework
- Stardox – Github Stargazers Information Gathering Tool
- ZigDiggity – ZigBee Hacking Toolkit
Exploit Dev
Reddit - Exploit Dev
- Shellcoder Handbook Question new
- What does it mean when input crashes program compiled with afl-gcc but not regular gcc?
- onegadget.me: The libc one gadget rce database.
- Analyzing Android's CVE-2019-2215 (/dev/binder UAF)
- Wargame Meetup #4: November 10, 2019
- [Noob question] I know I could exploit if I can overwrite EIP. What happen or is it possible to exploit if EDX was overwritten with…
- How I found and exploited 4 vulnerabilities in a network security tool (feel free to ask questions!)
- OverTheWire Narnia 2 - SIGKILL Illegal Instruction?
- Exploit education: Stack Five Question
- Format String + Buffer Overflow Vulnerability
- Wargame Meetup #3: October 26, 2019
- Question regarding simple BOF
Source Incite
Google Project Zero
- KTRW: The journey to build a debuggable iPhone
- The story of Adobe Reader symbols
- Windows Exploitation Tricks: Spoofing Named Pipe Client PID
- A very deep dive into iOS Exploit chains found in the wild
- In-the-wild iOS Exploit Chain 1
- In-the-wild iOS Exploit Chain 5
- In-the-wild iOS Exploit Chain 4
- In-the-wild iOS Exploit Chain 3
- In-the-wild iOS Exploit Chain 2
- Implant Teardown
- JSC Exploits
- The Many Possibilities of CVE-2019-8646
Security Researchers
- RIPS 3.3: Scaling Security Testing to Large Teams
- 你用它上網,我用它進你內網! 中華電信數據機遠端代碼執行漏洞
- Seven Security Strategies, Summarized
- Backend SQL Injection in BigTree CMS 4.4.6
- Protecting Your Malware with blockdlls and ACG
- New security test: CVE-2019-11043 PHP-FPM & NGINX RCE
- Official Code Analysis Partner for TYPO3
- An analysis and thought about recently PHP-FPM RCE(CVE-2019-11043)
- Abusing the SYLK file format
- NSO Group / Q Cyber Technologies: Over One Hundred New Abuse Cases
- Cloud Services Enumeration – AWS, Azure and GCP
- Cybersecurity Awareness Month – 5 tips for safe browsing
Reversing/I like ASM
Reddit - Reverse Engineering
- 📌 Computer RAM Reverse Engineered and recreated in Minecraft for educational purposes new
- Exploiting Intel’s Management Engine – Part 2: Enabling Red JTAG Unlock on Intel ME 11.x (INTEL-SA-00086)
- Reversing a Qualcomm Hexagon QDSP modem for profit
- /r/ReverseEngineering's Weekly Questions Thread
- onegadget.me: The libc one gadget rce database.
- Ironblood on the 3DO M2 - made working with help from here and some reverse engineering
- can somebody remove hardlock from this software. it uses old parallel port . but my pc is new
- /r/ReverseEngineering's Triannual Hiring Thread
- Exploiting Intel’s Management Engine – Part 2: Enabling Red JTAG Unlock on Intel ME 11.x (INTEL-SA-00086) [Porting TXE PoC exploit to ME 11.x.]
- Book review:- Reverse Engineering for Beginners
- Malware Analysis | Salseo Reverse Shell Backdoor [Video]
- IDA 7.4 SP1 out! (check your email)
Reddit - REGames
- Monster Hunter Frontier new
- Star Wars Jedi: Fallen Order *.locres file
- Resident Evil 4 PS2 debug symbols (IDA script)
- Best way or tools to reverse io games
- tfc files
- RDR2
- How Can I Reverse Engineer a 14 Years Old Game ??
- Request to Reverse Engineer M.U.G.E.N to open-source it
- Decrypting a .pak file from a MUGEN / OpenBOR game?
- Advice on learning how to reverse engineer PS1 games?
- Need help with a dead game
- Netimmerse resources
StackExchange - ReverseEngineering
- Strange vtable setup in constructor disassembly new
- IDA - How can I get a list of differing instructions from 2 recorded instruction traces? new
- Identifying ROM segment in unknown firmware update file new
- How to extract an unknown archive files? (umd "I am alive" PC)
- How to use x64-86 elf file from an apk file in a linux machine?
- Is there a way to see 'imports' in a .NET binary?
- Call function by ebp
- Add disassembly comment at rip in radare2
- Open TMF firmware with IDA
- Can I perform small mod on Apple Iphone app without access to original source code?
- Course of reversing embedded iot? [on hold]
- How to know which exe call to dll
Guided Hacking
Malware/APT
Reddit - Malware
- 146 New Vulnerabilities All Come Preinstalled on Android Phones new
- 146 New Vulnerabilities All Come Preinstalled on Android Phones new
- Dtrack Malware new
- Malware Analysis | Salseo Reverse Shell Backdoor [Video]
- Inconvenient truths about working in Cybersecurity
- Breach affecting 1 million was caught only after hacker maxed out target’s storage
- Do not open suspicious links even if they are on trusted sites!
- A Glimpse into Glimpse: Analysis of APT34 DNS Tunneling Malware (x-post from /r/ReverseEngineering)
- VirusTotal API to check user’s quota usage
- Dionaea Honeypot capturing mostly Wannacry still and a lot of attacks on port 1433
- AMAs Wanted: Calling any and all professional reverse engineers, malware programmers, whitepaper authors or conference speakers!
- I am a Malware Developer [AMA]
Unit42
- Wireshark Tutorial: Examining Trickbot Infections
- Web-Based Threats: First Half 2019
- Home & Small Office Wireless Routers Exploited to Attack Gaming Servers
- Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 3)
- Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 2)
- Practical Behavioral Profiling of PowerShell Scripts through Static Analysis (Part 1)
- Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub
- Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT
- More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection
- Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
- PKPLUG: Chinese Cyber Espionage Group Attacking Asia
- xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
FireEye Threat Research
- Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models
- MESSAGETAP: Who’s Reading Your Text Messages?
- CertUtil Qualms: They Came to Drop FOMBs
- Shikata Ga Nai Encoder Still Going Strong
- Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions
- LOWKEY: Hunting for the Missing Volume Serial ID
- Staying Hidden on the Endpoint: Evading Detection with Shellcode
- Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques
- Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil
- IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software
- Head Fake: Tackling Disruptive Ransomware Attacks
- The FireEye OT-CSIO: An Ontology to Understand, Cross-Compare, and Assess Operational Technology Cyber Security Incidents
Bug Bounties
HackerOne
- The World's Elite Hackers Share Tips and Insights
- LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
- Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
- Announcing Program Audit Log
- Reducing Risk With a Bug Bounty Program
- U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
- Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results
- 8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure
- Scaling Security: From Startup to Unicorn
- Scaling Security: From Startup to Unicorn
- Why Laurie Mercer Became a Security Engineer at HackerOne
- Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs
Reddit - BugBounty
- Reconnaissance - The way it should be - Inside ProjectDiscovery - Medium
- just starting out, total n00b question
- Anyone that knows Graphql, would you be able to help me out?
- DNS rebinding SSRF leading to aws keys leakage
- Privilege Escalation From user to SYSTEM via unauthenticated command execution
- Nahamsec does a live QA
- H1-213 with The US Air Force and Verizon Media paid $500,00 to hackers!
- Information Disclosure through error message + WAF Bypass led to Local File Inclusion
- BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! 😎
- Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible
- Where to find updated material? + Need a Mentor
- In burp under HTTP history tab there are lots of endpoints and JS files, is there any burp extension or something to keep all of…
Pentester Land
Portswigger
Metasploit Minute
Crypto
Reddit - Crypto
- Is AES-256 "good enough" or is nested encryption a better option? new
- Key Schedule->Round Constant: Is the constant only needed for trivial schedules? new
- (x-post from r/node) A glimpse into the challenges of working with Cryptography APIs in NodeJS new
- First time using this sub. Help
- 25519 and cyclic subgroups
- NTRU cryptosystem
- Is Boringssl slower than Openssl?
- Extremely hard crypto challenge
- Advice on finding PhD's in Europe and the Americas
- Why You Shouldn’t be Using BCrypt and Scrypt
- What was the first Crypto you bought...other than Bitcoin!?
- MPC Alliance launches to further multi-party computation message - The Block
StackExchange - Crypto
- How would you decrypt an affine cipher with only the ciphertext? new
- Two possible plaintext's using OTP decryption new
- Problem on RSA modification new
- Simply using password as a third "private key" for PAKE new
- What encryption / cryptography method is used here? [on hold] new
- How do I go about managing keys? new
- Elliptic curve commitments mod p new
- Cryptographic Reductions in the form if A holds then B holds new
- I have been given a challenge to solve a string wich results in a word [on hold] new
- decrypting a shifted cipher message without knowing shifting parameter in advance new
- Total anonymity against malicious agents new
- Need help cracking a vigenere cypher with period 2 new
Podcasts
Security Weekly
- Ninja Lawyers - PSW #626
- Monday Morning Blues - PSW #625
- Felines & Flamethrowers - PSW #624
- Flush the Cache - PSW #623
- The Last Cigar - PSW #622
- That's What Larry Said - PSW #621
- Special Treats - PSW #620
- The Struggle Is Real - PSW #619
- So Many Jokes, So Little Time - PSW #618
- Save the World - PSW #617
- It Gets Really Hot! - PSW #616
Risky.Biz
- Risky Business #562 -- Two former Twitter staff charged over Saudi spying
- Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards
- Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets
- Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee
- Risky Business #560 -- Facebook sues NSO Group
- Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?
- Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!
- Risky Biz Soap Box: Yubico's Jerrod Chong talks series 5 Yubikeys and what's next
- Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice
- Snake Oilers 10 part 1: Richard Bejtlich talks Zeek plus pitches from Respond Software and PATH Networks
- Risky Business #557 -- 26 nations release cyber norms statement at UN
- Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack
The CyberWire
- Sodinokibi aka REvil connections to GandCrab — Research Saturday new
- Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
- PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
- NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
- Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling.…
- Special Edition — Andy Greenberg from WIRED on his book "Sandworm."
- Monitoring the growing sophistication of PKPLUG — Research Saturday
- Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
- US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play.…
- App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
- Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
- BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
ISC Daily Stormcast
- ISC StormCast for Friday, November 15th 2019
- ISC StormCast for Wednesday, November 13th 2019
- ISC StormCast for Tuesday, November 12th 2019
- ISC StormCast for Monday, November 11th 2019
- ISC StormCast for Friday, November 8th 2019
- ISC StormCast for Thursday, November 7th 2019
- ISC StormCast for Wednesday, November 6th 2019
- ISC StormCast for Tuesday, November 5th 2019
- ISC StormCast for Monday, November 4th 2019
Threat Intel
Reddit - Onions
- Looking for a good html generator new
- Dread not loading?
- Documentaries
- Please tell how do i do it (ios mobile)
- Elude bitcoin mixer is a scam
- Introducing Kilos, a new search engine for the darknet markets
- Free talk Fridays - What's on your mind?
- Questions on safe deep webbing.
- I need some help my dudes!
- Shut up about The Hidden Wiki - referring to an onion service without a link is not helpful, friendly names for onions is hard, and…
- Anonymous Detailed $75M Bitcoin Fund for Privacy Tech Development
- Community of reditors on the dark web?
Reddit - Pwned
- Breach affecting 1 million was caught only after hacker maxed out target’s storage
- Ransomware attack at Mexico's state-owned petroleum company Pemex halts work, threatens to cripple computers
- A Utah-based renewable energy company was the victim of a rare cyberattack that disrupted communications with several solar- and wind- power installations
- Rogue worker at antivirus firm sold user data to scammers who targeted customers
- McDonald's customers frustrated as 'Hamburglar' hacks more app accounts, ordering meals with owners' money
- McDonald's customers frustrated as 'Hamburglar' hacks more app accounts
- Hack of Chilean national police exposes more than 10,000 files, including intelligence
- Bed Bath & Beyond admits in SEC filing that some of their users' accounts were accessed without authorization
- City of Johannesburg, South Africa, hit by ransomware - again
- NordVPN Hack - Everything You Need to Know (Updated Info)
- Report: Travel Reservations Platform Leaks US Government Personnel Data (AWS - over 179GB of data)
- NordVPN confirms it was hacked – TechCrunch
HaveIBeenPwned
- ToonDoo - 6,002,694 breached accounts
- Vedantu - 686,899 breached accounts
- StreetEasy - 988,230 breached accounts
- Sephora - 780,073 breached accounts
- Wanelo - 23,165,793 breached accounts
- Lumin PDF - 15,453,048 breached accounts
- KiwiFarms - 4,606 breached accounts
- Minehut - 396,533 breached accounts
- Void.to - 95,431 breached accounts
- Poshmark - 36,395,491 breached accounts
- Mastercard Priceless Specials - 89,388 breached accounts
- XKCD - 561,991 breached accounts
Privacy/VPNs
Slashdot - Rights
- Most Americans Think They're Being Constantly Tracked, Study Finds new
- Germany Forces Apple To Let Other Mobile Wallet Services Use iPhone's NFC Chip new
- White House Unveils Rules Requiring Online Disclosure of Hospital Prices
- Supreme Court Will Hear Long-Running Google and Oracle Copyright Lawsuit
- Disney + and 'The Mandalorian' Are Driving People Back To Torrenting
- Google Almost Made 100,000 Chest X-rays Public -- Until it Realized Personal Data Could Be Exposed
- A Jury of Random People Can Do Wonders For Facebook
- Andrew Yang Wants To Tax Digital Ads, Launch a New Algorithm Regulator
- Amazon Appeals Pentagon's Choice of Microsoft For $10 Billion Cloud Contract
- Uber Hit With $650 Million Employment Tax Bill In New Jersey
- FCC Sued By Dozens of Cities After Voting To Kill Local Fees and Rules
- GitHub Faces More Resignations In Light of ICE Contract
Reddit - Privacy
- Question about trackers. new
- Email Clients: What should I look out for? new
- Clothing apps and Pinterest new
- People here who use a cloud-based password manager or file storage service like LastPass or Dropbox, knowing that all your stuff is sitting on someone… new
- Mobile password manager new
- Which TV vendor spies the least on their users? new
- YouTube change of conditions : between Deception and wrong interpretation ! new
- DMCA ignored dedicated servers new
- Facebook privacy app alternative needed. new
- Targeting someone online by doxing them and making their information public is the most pathetic act a human can do new
- Cashing Money Order Psuedoanonymously new
- New private by default marketplace new
Reddit - VPN
- Thoughts about UltraVPN new
- VPN for Netflix, Hulu and Disney+ new
- VPN makes my upload speeds faster? new
- Deep Packet Inspection new
- Can someone give me info or direct me to where I can find out how to configure a VPN on my Linksys E1200 v1 router,…
- If I use my work VPN and a VPN service at the same time, does that grant the VPN service access to my work network,…
- Wifi working on my android only when connected to a vpn
- Could someone Hide DNS From Proxy ?
- VPN For Ping?
- Mask/ignore indian content on the internet and search results
- im planning to buy a proton vpn subscription, how should i pay for it?
- If my VPN provider logs, does tor stop my VPN provider from logging?
Help Wanted
Reddit - AskNetSec
- What is the best way to enumerate your external facing assets?
- What is the best way to enumerate your external facing assets?
- Bridge IPv6 to IPv4 in all-IPv4 network?
- Bridge IPv6 to IPv4 in all-IPv4 network?
- Avast (my current subscription) or Kaspersky for 2020?
- Trustworthy salary sources?
- WOW LOOK AT THIS YES
- What do you folks think of the course "The Complete Cybersecurity Course" by Station X? Is it any good?
- Are IP Blacklists applied only on incoming traffic or also on outgoing
- Forensic images
- devices compromised?
- Noob question about crontab (Another question)
Reddit - Netsec Students
- CISA Practice Questions new
- Want to move from SWE to offensive pentester new
- Awesome Lesser known Windows commands new
- Hack The Box: Networked - Writeup by Khaotic new
- "Multi One Password", a password manager that does not store users encryptedhashed passwords neither locally in the users computers nor in the Cloud! new
- Hack+ : Only 35K+ TG channel with best information security news and stuff without any spam. new
- What to learn for my first CTF? new
- Breaking Stigmas: Teaching Adult Actors how to Hack new
- Wargames new
- [video] Controls for Rogue SVGs
- Inconvenient truths about working in Cybersecurity
- Transitioning from a technical role to management
Stackoverflow - Security
- How can I integrate a payment system for my website? (php) new
- How to get started on Python Twisted for beginners new
- Block access to my system web-application files on the server new
- anomaly detection in cloud computing environments new
- Grant 'Log on as a service' permissions to a Network Service account for specific machine new
- How secure is a client-side security service? new
- Setting Up Secure SMS Authentication In SPA With a dumb REST Login Endpoint new
- Solutions to Trouble Shooting and Web Security Sourced HTML and CSS with jQuery over Apache 2.4 new
- how to send a token in the HTTP header with ajax new
- Track HTTP(S) Network calls being made by an Android Device
- Redhat automated actions with passwordless root ssh
- Spring Boot | Use dynamic keystore/truststore
Stack Exchange
- DBAN alternative new
- detecting MITM attacker on WIFI new
- How to explain to traditional people why they should upgrade their old Windows XP device? new
- How secure is connecting to the Internet via Windows XP (or even older) nowadays only for e-mail? new
- Volatility: Issue with analyzing Windows 10 and Server 2016 systems new
- What are the security concerns about using unencrypted TCP keepalive with TLS? new
- Should I chunk or not for AES-GCM file encryption new
- What identifiable variables can be collected via server/client connection logs( wireless AP's) to uniquely identify a device across networks? new
- Is it safe to type your password in Google? new
- What are the possible reasons to get two copies of the same Gmail? new
- Undrestand dns zone transfer attack [duplicate] new
- Is it a good idea from a security standpoint to disable Referer headers in the browser? What discomforts will you have to deal with? new
Locks/Social Engineering
Reddit - Lockpicking
- American 1105 from eBay picked and gutted new
- How to Pick a Lock new
- For Yellow Belt new
- 2 out of 3 submitting for belt new
- Expert Frustration new
- What kind of lock should I research to find out more about this keyway? Not a clue what the inside of that would even look… new
- Matched set with different (or worn) keyways. new
- [15] Picked & Gutted - Mul T Lock Jr. - Mistakes were made... new
- Cherry Hook new
- Found four locks at the flea market today new
- Is this LockPickingLawyer's next Challenge Lock? new
- lockpicking set (please read) new
Reddit - Social Engineering
- The Power of Language - The Art of Spelling - Every word, written or spoken, is a spell new
- Sick of Irrelevant YouTube Recommendations? Here's What You Need to Do new
- How Social Media Is Making Humanity Anti-Social
- An interesting podcast episode. Go listen.
- Research: A Few Seconds of Speech Sparks Class Bias in Hiring
- Thought y'all could use this on yourselves lol
- Woman gets job at the US State Department, by making fake Time Magazine covers, lying about Harvard and her experience.
- Social Engineering Technique
- Google and Twitter Approved Our BS Anti-Vaxx Ads
- Conversational Maps | The Libertarian Ideal
- Social Engineering in a Different Language/Across Cultures
- Book about the dynamics in conversation.
Security Blogs
Security Bloggers Network
- Vulnerable Versions of Adminer as a Universal Infection Vector
- Why Cybersecurity Breach Survivors are Valued Assets
- Business Email Compromise (#BEC) Email Forwarding In Action
- Derbycon2019, Nicole Schwartz’ (aka CircuitSwan Formerly AmazonV) ‘Are You Ready To Leverage DevSecOps? Get Ready And Use It For Good’
- XKCD, Recombination And Reionization
- Life Cycle of a Security Bug
- Derbycon2019, Brett Hawkins’ ‘SharPersist: Windows Persistence Toolkit In C#’
- Does VDI protect against data leaks?
- To the Moon and Back
- Threat Alert: TCP Reflection Attacks
- Automate Mac Management
- Automated Sensitive Data Leak Detection
ThreatPost
- Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers
- James Clapper: Lessons Learned in a Post-Snowden World
- Lizard Squad Threatens UK’s Labour Leader with Cyberattacks Against His Family
- Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
- Double Vision: Stealthy Malware Dropper Delivers Dual RATs
- Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns
- California’s Domino Effect on U.S. Privacy Regulation
- Website, Know Thyself: What Code Are You Serving?
- APT33 Mounts Focused, Highly Targeted Botnet Attacks Against U.S. Victims
- Threat Actor Impersonates USPS to Deliver Backdoor Malware
- Download: The Comprehensive Compliance Guide
- Innovative PureLocker Ransomware Emerges in Targeted Attacks
digitalmunition
- Hackers Discovered Only After Maxing Out Victim’s Cloud Storage new
- Ghostscript up to 9.27 .charkeys PostScript File privilege escalation new
- Eight days to defuse parlt cyber attack new
- Brave founder Brendan Eich hosts huge AMA on Reddit new
- slp-validate 1.0.0 on npm Bitcoin Script privilege escalation new
- How cybersecurity works for utilities new
- Attention! Over 140 apps preinstalled on Android contain malware new
- slpjs up to 0.21.3 on npm Bitcoin Script privilege escalation new
- Interested in cybersecurity law and policy? new
- No electricity at Gt Accra NSA – Bills pile up to GH¢18,000 new
- Bugs in Qualcomm chips leaked private data from Samsung and LG phones new
- Math Plugin on Limnoria/Supybot Eval privilege escalation new
eHacking News
- New Hacking Group Deploying Backdoors and Ransomware in Windows via Word docs new
- The Federal Security Service of Russia opposed applications with an electronic passport new
- Public Cloud Infrastructures suffering from Security Loopholes and Vulnerabilities, researchers say
- Facebook Might Be Secretly Spying On You via Your Phone's Camera
- DJI Proposed App to Identify Nearby Drones and Exact Location of Pilots
- 5G network may appear in St. Petersburg by 2022
- The first commercial quantum communication line to be built in Russia
- ATFuzzer: A Threat that Misuses USB Chargers, Headsets, and Bluetooth.
- Carding Bots Now Pose a Threat to E-Commerce Platforms
- ISRO targeted by North Korean Hackers during Chandrayaan-2 Launch
- Cyber Intrusions on a Rise in Oregon, Attackers Bringing in Sophisticated Methods
- Researchers Discover the Existence of the New APT Framework “Darkuniverse”
Wired - Security
- Hackers Discovered Only After Maxing Out Victim's Cloud Storage new
- 146 New Android Bugs, an Audio Porn Streaming Site, and More News
- The Evidence That Links Russia’s Most Brazen Hacking Efforts
- 146 New Vulnerabilities All Come Preinstalled on Android Phones
- Russia Fails to Stop Alleged Hacker From Facing US Charges
- The Brave Browser Extends Its Payouts to iOS
- Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings
- As 5G Rolls Out, Troubling New Security Flaws Emerge
- Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum
- How Do We Bring Equality to Data Ownership and Usage?
- Cloudflare CEO Matthew Prince on the Struggles of Policing the Web
- What Keeps NSA Cybersecurity Boss Anne Neuberger Up at Night
Krebs on Security
- Orcus RAT Author Charged in Malware Scheme
- Patch Tuesday, November 2019 Edition
- Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin
- Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks
- NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm
- Breaches at NetworkSolutions, Register.com, and Web.com
- Takeaways from the $566M BriansClub breach
- Cachet Financial Reeling from MyPayrollHR Fraud
- Ransomware Hits B2B Payments Firm Billtrust
- Avast, NordVPN Breaches Tied to Phantom User Accounts
- When Card Shops Play Dirty, Consumers Win
- “BriansClub” Hack Rescues 26M Stolen Cards
Naked Security
- How ransomware attacks
- How the Linux kernel balances the risks of public bug disclosure
- Data thieves blew cover after maxing out victim’s hard drive
- Brave 1.0 launches, extends ad-watching payouts to iOS
- Apple fires employee after he texts customer’s pic to his own phone
- S2 Ep17: Fake AirBnBs, lying ISPs and a glance at the cyberfuture – Naked Security Podcast
- Facebook fixes iPhone camera bug
- Warrantless searches of devices at US borders ruled unconstitutional
- Alleged mastermind behind $20m stolen-card site extradited to US
- November 2019 Patch Tuesday fixes 13 critical flaws and one zero day
- Apple pulls Instagram-watching app from store
- US-CERT warns of critical flaws in Medtronic equipment
Schneier on Security
- Friday Squid Blogging: Planctotuethis Squid
- TPM-Fail Attacks Against Cryptographic Coprocessors
- Upcoming Speaking Engagements
- Technology and Policymakers
- NTSB Investigation of Fatal Driverless Car Accident
- Identifying and Arresting Ransomware Criminals
- Fooling Voice Assistants with Lasers
- Friday Squid Blogging: 80-Foot Steel Kraken Deliberately Sunk
- xHelper Malware for Android
- Eavesdropping on SMS Messages inside Telco Networks
- Details of an Airbnb Fraud
- Obfuscation as a Privacy Tool
Linux Security
- GitHub launches 'Security Lab' to help secure open source ecosystem
- Brave 1.0 launches, extends ad-watching payouts to iOS
- Canonical Outs Major Linux Kernel Security Updates for All Supported Ubuntu OSes
- Linux vs. Zombieland v2: The security battle continues
- Technology and Policymakers
- Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers
- Intel, Mozilla, Red Hat, and Fastly partner to make WebAssembly a cross-platform runtime
- Fooling Voice Assistants with Lasers
- Virtual(ly) Private Network: NordVPNs Breach and the Limitations of VPNs
- Weve got to regulate the application of AI '" not the tech itself
- India is going ahead with its facial recognition program despite privacy concerns
- Why Adding Client-Side Scanning Breaks End-To-End Encryption
Dark Reading
- Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed
- Illegal Booter Connected with DDoSes Sentenced to Prison, Fine
- 12 Tips for Dealing with a Manipulative Security Manager
- Black Hat Europe Brings A Bevy of IoT Security Insights
- Attackers' Costs Increasing as Businesses Focus on Security
- DevSecOps: The Answer to the Cloud Security Skills Gap
- Symantec, McAfee Patch Privilege Escalation Bugs
- I'm Setting Up a Bug-Bounty Program. What Should I be Thinking About?
- BSIMM10 Shows Industry Vertical Maturity
- Capture the Flag Planned to Find Missing Persons Information
- Attacks on Healthcare Jump 60% in 2019 - So Far
- 5 Cybersecurity CISO Priorities for the Future
Securelist
Whitehat Security Blog
HITB News
- UAE announces Middle East defense giant in the wake of Aramco attacks
- Fired Disney Streaming Employee Alleges Company Hacked His Phone, Computer
- Microsoft announces a slew of security enhancements for Azure
- Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home
- Antarctic researchers send an SOS to the world: Who wrote this message in a bottle?
- TikTok’s parent company facing national security review, report says
- Pixelbook Go review: A cheaper Pixelbook does not come without compromises
- Adobe exposed personal data of 7.5 million Creative Cloud users in unsecured database
- China passes cryptography law as gears up for digital currency
- Nasty PHP7 remote code execution bug exploited in the wild
- Man sues AT&T after fraudulent SIM swap led to $1.8M cryptocurrency theft
- Here’s what the people who claimed Google’s quantum supremacy have to say about it
The RISKS Digest
- Radios do interfere with garage-door openers!
- Robinhood Markets -- rob the poor to feed the rich?
- Members of violent white supremacist website exposed in massive data dump
- The Internet is tilting toward tyranny
- Expanded testbed in Singapore for autonomous vehicles a big boost for research and developers
- Trolling Is Now Mainstream Political Discourse
- Uber self-driving car involved in fatal crash couldn't detect jaywalkers
- Screen time is actually good for kids!
- AT&T claims a weeks-long voicemail outage will be fixed with a single device update
- Wrong-way driverless Tesla Model 3
- Kiwibot delivery bots drones
- Drones Used in Crime Fly Under the Law's Radar
Kaspersky Blog
- LAN sockets in reception areas — unnecessary and dangerous new
- Cheat or death? The secret world of malware-like cheats in video games
- Transatlantic Cable podcast, episode 118
- Beware of fleeceware
- Terminator 6/3: Sarah Connor and a bag of chips
- Transatlantic Cable podcast, episode 117
- Challenges and opportunities for European MSPs
- Chrome in the zero-day crosshairs
- Finding out what data apps really collect
- Transatlantic Cable podcast, episode 116
- A 30-year cybermaze, from the Cascade virus to recent days
- The cybersecurity of the Terminator
Adam Shostack & friends
- Managed Attribution Threat Modeling
- Message Sequence Charts
- Medical Device Security Standards
- Includes No Dirt: Healthcare Threat Modeling (Thursday)
- Interesting finds: Liberalism, machine learning, encryption and learning
- Who Are We Kidding with Attacker-Centered Threat Modeling?
- Interesting Reads: Risk, Automation, lessons and more!
- Quick Threat Model Links October 2019
- OWASP Portland: Talk and Podcast
- Interesting reads
- Capture the Flag events and eSports
- Course announcement: Tampering in Depth!
Graham Cluley
- Only after running out of hard disk space did firm realise hacker had stolen one million users’ details
- About the “easy to hack” EU Exit: ID Document Check app
- Smashing Security #154: A buttock of biometrics
- Donation details “leak” from the Labour Party website
- Unlock the power of threat intelligence with this practical guide. Get your free copy now
- That “sophisticated” Labour cyber-attack – don’t panic
- BlueKeep: What you need to know
- Mac users warned that disabling all Office macros doesn’t actually disable all Office macros
- Smashing Security #153: Cybercrime doesn’t pay (but Uber does)
- Nikkei worker tricked into transferring $29 million into scammer’s bank account
- After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign
- A guest appearance on the IT Pro podcast…
Rapid7
- Metasploit Wrap-Up
- What Is Texas Senate Bill 820, and How Will It Affect Your School District?
- We Don’t Want White Font: Office Macros, Evasion, and Malicious Self-Reference
- How to Develop a Common Language for Security Buy-In Across Your Business
- Patch Tuesday - November 2019
- IoT Security and Risk: What Is It, Where Is It Heading, and How Do We Embrace It?
- Be Audit You Can Be, Part 2: How to Parse Out Fields in Your Logs
- Metasploit Wrap-Up
- #Rapid7GivesBack Month: Moose That Drive Impact Together
- The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue
- New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security
- Unlocking the Power of the InsightIDR Threat API, Part 2
Hacker News (YCombinator) - Security
- Getting Work Done – What a Year at a Mechanic Shop Taught Me About Process new
- U.S. police may now be able to access online DNA database records new
- Fully Homomorphic Encryption Using Ideal Lattices (2009) [pdf]
- Show HN: Simple PDF to PNG Server
- How Google uses blacklists, algorithm tweaks and contractors for search results
- Mexican state-owned oil company Pemex currently held hostage by ransomware
- Fed sees climate change shaping economy, policy
- Google whistleblower: the medical data of millions of Americans is at risk
- Scammers deepfake CEO’s voice to talk underling into $243k transfer?
- We're Surrounded by Billions of Internet-Connected Devices. Can We Trust Them?
- The Age of Surveillance Capitalism [video]
- How Knightscope’s Security Robots Surveil the Public
Security in Mainstream Media
Google News Hacking
- Iowa hired hackers to break into courthouse, then locked them up - Fox Business new
- A Security Flaw Lets Hackers Overfill Your Pet's Bowl - Popular Mechanics new
- Marrakech Police Arrest Italian National for Hacking Telephone Systems - Morocco World News new
- Hackers targeting loyalty rewards points and miles - KOMO News new
- Hacking the US power grid: How cybersecurity works for utilities - CNBC new
- Hackers Discovered Only After Maxing Out Victim's Cloud Storage - WIRED new
- 'If Jeff Bezos’ phone was hacked, then no one is safe' - Haaretz new
- 5 things you must do to protect your phone from hackers - Komando new
- New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices - Internet new
- Thousands of hacked Disney+ accounts are already for sale on hacking forums - ZDNet new
- Silent Surveillance Attack: How Hackers Can Use Wi-Fi to Track You Inside Your Home - SciTechDaily new
- Multiple 2K Social Media Accounts Hacked And Posting Offensive Material - Forbes new
Google Cyber Security
- Cyber Security Act awaits Cabinet approval - Sunday Observer new
- Registration nears for Illinois girls' cybersecurity program - Hartford Courant new
- Registration nears for Illinois girls’ cybersecurity program - Kansas City Star new
- Cloudflare's Cybersecurity and Web Delivery Software Surges in Its First Post-IPO Report - Motley Fool new
- Q&A: Cybersecurity must be a priority in M&A strategies (Includes interview) - Digital Journal new
- Cyber security needs a seat at the high table - Gulf News new
- Automotive Cyber Security Market 2019 : Latest Trends, Demand & Forecast 2026 - Markets Gazette 24 new
- Winter 2019 US- China Cybersecurity Update - Global Trade Magazine new
- Cyber Security for Oil & Gas Market Report 2019 – Market Size, Share, Price, Trend and Forecast - Global Industry Magazine new
- Ransomware wrecks the ER - The San Diego Union-Tribune new
- 21st November – Pencoed Cyber Security – The Current Threat - Business News Wales
- Cybersecurity tops state administrators' risk-management list - StateScoop
Thirsty for more
Hacker News (YCombinator)
- Joplin – a note taking and to-do application with synchronization capabilities new
- “That Deep Romantic Chasm”: Libertarianism and the Computer Culture (1999) new
- 11 months of a lone wolf's 2,774 miles traveled in northern Minnesota new
- Internet in Iran gradually shuttting down due to protests new
- Surgery for Blocked Arteries Is Often Unwarranted, Researchers Find new
- New Vulnerabilities All Come Preinstalled on Android Phones new
- You Promised Me Mars Colonies but I Got Facebook new
- Lombok Saved My Ass new
- A Week with Chauffeurs Showed the Major Flaw in a Self-Driving Car Future new
- Using multi-arch Docker images to support apps on any architecture new
- Infectious Executable Stacks new
- Americans and Privacy: Concerned, Confused and Feeling Lack of Privacy new
Reddit - Cyberpunk
- Protestor Archers at the CUHK new
- This is going on my bucket list new
- Rainy night in Copenhagen new
- How Americans Can Become Tech Policy Activists new
- Los Angeles: November 19 - Tonight, 09:00PM @ Das Bunker (2 Free Tickets) new
- Hover-backpack new
- urban4 | 持続する new
- I drew Ryuko on a cyberpunk universe! new
- Did not expect that. new
- Cyber scrapyard webcomics (self-promotion) new
- Looking for a new cyberpunk clothing brand, seen in an ad. Help me out? new
- The revolution will be stylized... new
Reddit - Security CTF
- Networked writeup by phaz0n new
- Hack The Box - Networked Write-up by 0xRick new
- onegadget.me: The libc one gadget rce database. new
- Pwn2Win 2019 - [Quantum/Rev] HARPA Hyper quantum Login system (Official write-up)
- Pwn2Win 2019 - [Crypto] Bilinear Evil (Official write-up)
- VulnHub - unknowndevice64: 1
- GitHub - io12/pwninit: pwninit - automate starting binary exploit challenges
- RITSEC CTF 2019 Signups are up! Competition is November 15th 12:00pm EST to November 17th at midnight!
- Pwn2Win 2019 - [Web] Calc (Official Write-up)
- Problem with team
- [Pwn] Pwn2Win 2019 CTF - Random Vault
- Jarvis: Hack The Box Walkthrough
Reddit - Sysadmin
- How do you manage off domain backup servers new
- Anyone ever use EmEditor? new
- Autohotkey alternative Open source? new
- Is Skillsoft a good certification prep website? new
- What could MS do to slowdown/stop ransomware? new
- Building engineers fried circuits during routine maintenance The engineers for our building managed to fry the circuit to our UPS we've been 30% down for… new
- Backup Home Lab new
- Linux learning for the Windows Admin? new
- Ubuntu NVR migration new
- Disabling cpu cores vs one cpu new
- VmWare to Clonezilla new
- IT/Support Guy/WindowsFormat Guy for a <20 employee company. new
Reddit - Bitcoin
- List of bitcoin person-to-person (P2P) Exchanges (e.g., Bisq, HodlHodl, LocalCoinSwap, etc.) new
- Ledger Nano X + Ledger Live iOS + watch-only bitcoin core full node? new
- List of bitcoin person-to-person (P2P) Exchanges (e.g., Bisq, HodlHodl, LocalCoinSwap, etc.) new
- Found these cakes in a random store by the bus stop new
- US Dollar Failed as ‘Savings Technology,’ Highlighting Bitcoin new
- Thomas Voegtlin - Electrum Wallet: Bitcoin seeds, PSBT, Multi sig, Lightning SLP125 - Stephan Livera new
- Christmas market stall in the U.K. accepting bitcoin new
- "2 years ago, I thought SegWit2x was the best path forward for Bitcoin. I‘ve since come to realize that it was extremely dangerous & irresponsible" new
- Hilariously new
- Colored Bitcoin and Wallets new
- Less than 180 days till 50% reduction in BTC rations!!! Bitcoin going to 1.8%! Be Prepared. new
- IRS is going after Crytpo ATMs "They’re required to abide by the same know-your-customer, anti-money laundering regulations" new
Reddit - CryptoCurrency
- There is so much to talk about this week that we can't even fit it in this excerpt! Check out what's new with Divi in… new
- NFC Cryptocurrency Wallet Card Design Improvements - NFC Wallet Card v2 new
- CoinMarketCap moves away from volume. Introduces a new metric: Liquidity explained new
- You can now create a Portis wallet in seconds - no hardware wallet needed in the ShapeShift Plaform new
- Donate to TeamTrees with NIM and add to the 600 the community has donated so far new
- Former UBS CEO rooting for Crypto - Bullish? new
- Mexican Cryptocurrency Exchange Allegedly Makes Largest-Ever Land Purchase new
- Walmart creates its own blockchain, They wont be using any alt-coin, Dont fall to the scam coins promoting a blockchain revolution. new
- The Hotbit exchange has just scammed its users! See if you were affected. new
- What would this physical atom be worth? new
- Where can I sell trade (not candle) data? new
- Modern problems new
Lobste.rs
- Getting Started with Golang Google Cloud Functions new
- belluzj/fantasque-sans Fantasque Sans Mono 1.8.0 new
- The perils of functional CSS (atomic CSS) new
- Jupyter on your phone (or anywhere, really) new
- The Value in Go's Simplicity new
- Linux Systems Performance new
- I made Redux Form, maintained it for 3 years, travelled the globe new
- Pascal and the P-Machine new
- The Unknown Plan new
- Penetration tester's Windows notes / cheatsheet new
- Code Health: Respectful Reviews == Useful Reviews new
- NUVIA Raises $53 Million to Reimagine Silicon Design for the Data Center new