recentpopularlog in

po : infosec   526

« earlier  
Hundreds of exposed Amazon cloud backups found leaking sensitive data | TechCrunch
How safe are your secrets? If you used Amazon’s Elastic Block Storage snapshots, you might want to check your settings. New research just presented at the Def Con security conference reveals how companies, startups and governments are inadvertently leaking their own files from the cloud. You may have heard of exposed S3 buckets — those […]
aws  infosec  leaks  breach  backups  fail 
9 days ago by po
CVE - CVE-2014-4130
Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs) from around the world, use of CVE Entries ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybers...
obscure  infosec 
18 days ago by po
GitHub - tunz/js-vuln-db: A collection of JavaScript engine CVEs with PoCs
A collection of JavaScript engine CVEs with PoCs. Contribute to tunz/js-vuln-db development by creating an account on GitHub.
infosec  exploits  javascript  cve 
18 days ago by po
Nessus | Tenable®
Download Nessus and Nessus Manager.
nessus  downloads  infosec  security.scanners 
20 days ago by po
Russia's Secret Intelligence Agency Hacked: 'Largest Data Breach In Its History'
Hackers successfully targeted Russia's state security agency last week through a major contractor, stealing and publishing details of secret internet projects including social media scraping and Tor de-anonymization.
russia  foreign.interference  infosec  security  breaches  tor  social.media 
28 days ago by po
Response to Video-On Concern - Zoom Blog
Setting aside the rank stupidity of the implementation, this is pretty much a textbook case of how not to respond to a security disclosure by a researcher.
Pitch-perfect: bungled response ("security guy is out, we'll let him know"), adversarial response to researcher, dissembling explanations (borderline ludicrous, frankly), bungled release, releasing a regression, tone-deaf and defensive public messaging, and advertising their commitment to hiding their security issues.
All of which is evidence that they didn't really have a response plan.

Fortunately they managed to avoid: threatening/initiating a lawsuit, typically a c/d, against the investigator and condemning the infosec community in general.
zoom  bad.security  privacy  infosec  security  bad.management 
5 weeks ago by po
Wi-Fi helped ID Howard County teens who drew racist, anti-Semitic graffiti all over Glenelg High School - Baltimore Sun
Four Maryland teenagers sneaked onto their school’s property the night before graduation last year and covered it in racist, homophobic and anti-Semitic graffiti.
wifi  infosec  criminal.investigations  police  hate.crimes 
5 weeks ago by po
Is Firefox better than Chrome? It comes down to privacy. - The Washington Post
Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week.
google  chrome  privacy  infosec  security  cookies  tracking  surveillance.capitalism  trackers  web  data.privacy 
6 weeks ago by po
ciaranm/securemodelines: A secure alternative to Vim modelines
A secure alternative to Vim modelines. Contribute to ciaranm/securemodelines development by creating an account on GitHub.
vim  modelines  plugin  security  infosec 
9 weeks ago by po
ShadowHammer: A large-scale operation | Kaspersky Lab official blog
At least four companies were compromised in a similar manner, and three more are suspected to have been breached by the same attacker.
antivirus  asus  attack.vectors  supply.chain.security  infosec  security  adversaries 
12 weeks ago by po
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - The New York Times
The latest case of cyberweapons escaping American control raises questions about the United States’ expensive and dangerous digital arsenal.
malware  nsa  usa  china  infosec  datasec  vectors  tools  security  fail  breaches 
may 2019 by po
New speculative execution bug leaks data from Intel chips’ internal buffers | Ars Technica
Intel-specific vulnerability was found by researchers both inside and outside the company.
of.course.it.does  intel  hardware  failure  infosec  security 
may 2019 by po
Canada Border Services seizes lawyer's phone, laptop for not sharing passwords | CBC News
A Canadian border officer seized lawyer Nick Wright's laptop and phone when he wouldn't hand over his passwords. The case highlights the growing concern over Canadian border officers’ powers to search travellers' digital devices.
canaduh  privacy  mobiles  security  infosec 
may 2019 by po
OpenConnect VPN project / ocserv · GitLab
Openconnect server (ocserv) is an SSL VPN server for administrators who require elaborate user management and control. https://ocserv.gitlab.io/www/
openconnect  ocserv  vpn.server  vpn  ssl  tools  infosec  security  privacy 
april 2019 by po
Here's How To Find Out Who Has Your Data On Facebook
A transparency tool on Facebook inadvertently provides a window into the confusing maze of companies you’ve never heard of who appear to have your data.
facebook  advertising  surveilance.capitalism  privacy  infosec  security  surveillance.culture  social.media  scraping 
april 2019 by po
Will Security Enhance Trust Online, or Supplant It? by Helen Nissenbaum :: SSRN
Promoters of the Internet and other digital media cite many and diverse benefits of these advances to humanity, from wide-ranging access to information and comm
security  trust  surveillance.capitalism  privacy  infosec  transactions  provocative 
april 2019 by po
Kubernetes Kubectl CLI Tool Stung by 'High' Severity Security Fla
The Kubernetes community found a “high” severity security flaw in a component of the platform that could delete files on a workstation.
kubernetes  security  infosec 
march 2019 by po
Extracting BitLocker keys from a TPM
Extracting BitLocker keys sealed with a TPM by sniffing the LPC bus
tpm  hardware  infosec  security  bitlocker  msft  encryption  physical.security  fpga 
march 2019 by po
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
infosec  training  security  adversaries  tutorials  howto  exploits  guides  interesting 
february 2019 by po
Okta | Always On
The Okta Identity Cloud provides secure identity management with Single Sign-On, Multi-factor Authentication, Lifecycle Management (Provisioning), and more.
authentication.service  authentication  identity.management  sso  saas  infosec  opsec  security 
february 2019 by po
All the US infrastructure hacks of 2018 — Quartz
Police departments, power grids, air traffic, hospitals—is any entity safe from hacks?
infosec  secuity  usa  lists  insecurity 
december 2018 by po
Amazon gibt intime Alexa-Sprachdateien preis | heise online
Durch einen Fehler von Amazon.de fielen rund 1700 Alexa-Sprachaufzeichnungen in die Hände eines Unbefugten.
amazon  alexa  infosec  security  surveillance.capitalism  audio  privacy  panopticon  gdpr 
december 2018 by po
OpenBSM auditing on Mac OS X | Der Flounder
Way back in 10.3.x, Apple submitted Mac OS X and Mac OS X Server to the National Information Assurance Partnership for Common Criteria certification. Common Criteria certification means that the the covered hardware and software has been tested and evaluated to make sure that it meets an established set of requirements for security and data…
osx  auditing  security  infosec  tools 
december 2018 by po
GitHub - theupdateframework/notary: Notary is a project that allows anyone to have trust over arbitrary collections of data
Notary is a project that allows anyone to have trust over arbitrary collections of data - theupdateframework/notary

Data signing, basically.
Looks like it still requires a secure channel for keys.
Which makes me wonder why they're not using pki or even pubic keys. (I may be misunderstanding the architecture.)
aws  containers  trust  data  docker  security  infosec  storage  tools  web.of.trust  tuf 
december 2018 by po
BeyondTrust on Vimeo
BeyondTrust is the worldwide leader in Privilege-Centric Security, offering the most seamless and straightforward approach to preventing data breaches related to…
videos  infosec  security  jay.beale  linux 
december 2018 by po
Marriott just announced a data breach affecting 500 million people — Quartz
The hotel chain revealed a hack of its Starwood reservation system, potentially affecting a staggering 500 million people who booked stays since 2014.
mariott  breaches  infosec  fail  security  hotels 
november 2018 by po
Facebook executive grilled by unprecedented group of lawmakers from 9 countries - CBS News
The hearing comes just days after a British Member of Parliament seized a cache of documents​ that Facebook has spent months fighting to keep sealed
facebook  corruption  unsurprising  fail  russia  infosec  api  security  breaches  vectors 
november 2018 by po
GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, f
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. - danielmiessler/SecLists
penetration.testing  pentest  security  infosec  lists  tools  fuzzing  testing  attack.vectors 
november 2018 by po
GitHub - MorteNoir1/virtualbox_e1000_0day: VirtualBox E1000 Guest-to-Host Escape
VirtualBox E1000 Guest-to-Host Escape. Contribute to MorteNoir1/virtualbox_e1000_0day development by creating an account on GitHub.
virtualbox  0day  vulnerabilities  infosec  security  exploit 
november 2018 by po
Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS
Tunnelblick | Free open source OpenVPN VPN client server software for Mac OS X and macOS
osx  openvpn  vpn  client  opensores  tools  infosec  security  gui 
november 2018 by po
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys | Ars Technica
Side-channel leak in Skylake and Kaby Lake chips probably affects AMD CPUs, too.
intel  cpu  fail  amd  infosec  security 
november 2018 by po
If you're worried about online privacy, you no longer have an excuse — Quartz
The fact that email addresses are the cornerstone of this identity scheme should give everyone pause.
The industry should be moving away from email, not toward it.
And yet, here we are.
panopticon  surveillance.capitalism  privacy  secrecy  infosec  security  email  digital.identity 
october 2018 by po
« earlier      
per page:    204080120160

Copy this bookmark:





to read