Clik here to view.
Cisco Talos: Threat Roundup for August 3-10
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 3 - 10. As with previous roundups, this post isn’t...
View ArticleClik here to view.
AlienVault Blogs: The Black Hat Recap
BlackHat is always one of the most interesting conferences of the year. Firmly sandwiched between BsidesLV and DefCon, it brings a unique mix of research and people to Las Vegas.We unveiled our new...
View ArticleClik here to view.
Didier Stevens: Update: format-bytes Version 0.0.5
This new version has many new features and options.First there is the remainder (*) when using option -f to specify a parsing format.For example, -f “<i25s” directs format-bytes to interpret the...
View ArticleClik here to view.
AlienVault Blogs: Improving Threat Detection through Managed Security Service...
Executive Summary:Cybersecurity is a growing concern as breaches continue to increase in frequency and make headline news. Unfortunately, due to time and other constraints, many smaller businesses...
View ArticleClik here to view.
Fox-IT: Phishing – Ask and ye shall receive
During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient...
View ArticleClik here to view.
...And you will know me by the trail of bits: Fault Analysis on RSA Signing
Aditi GuptaThis spring and summer, as an intern at Trail of Bits, I researched modeling fault attacks on RSA signatures. I looked at an optimization of RSA signing that uses the Chinese Remainder...
View ArticleClik here to view.
Cisco Talos: Microsoft Tuesday August 2018
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Monaco; color: #000000; background-color: #ffffff} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 10.0px Monaco; color: #000000; background-color:...
View ArticleArsTechnica: Security Content: Intel’s SGX blown wide open by, you guessed...
Foreshadow explained in a video. Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be...
View ArticleClik here to view.
Un informático en el lado del mal: Unos vídeos de fútbol, loros, Aura,...
Hoy es el día que se juega la Supercopa de Europa (canal Movistar Liga de Campeones en el dial 50) y, aprovechando que ya estoy de vuelta por Madrid, antes de irme de viaje a Alemania y Estados Unidos...
View ArticleClik here to view.
AlienVault Blogs: Discovering CVE-2018-11512 - wityCMS 0.6.1 Persistent XSS
Content Management Systems (CMS) are usually good to check out for security issues, especially if the system is gaining popularity or being used by a number of people. Doing a white box type of...
View ArticleClik here to view.
Zero in a bit: AppSec Mistake No. 3: Neglecting to Integrate AppSec Into...
We’ve been in the application security business for more than 10 years, and we’ve learned a lot in that time about what works, and what doesn’t. This is the third in a blog series that takes a look at...
View ArticleClik here to view.
/dev/random: [SANS ISC] Truncating Payloads and Anonymizing PCAP files
I published the following diary on isc.sans.org: “Truncating Payloads and Anonymizing PCAP files“:Sometimes, you may need to provide PCAP files to third-party organizations like a vendor support team...
View ArticleClik here to view.
Cisco Talos: Beers with Talos EP 35: Live from the RiRa at Black Hat
Beers with Talos (BWT) Podcast Ep. #35 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast.Ep. #35...
View ArticleClik here to view.
AlienVault Blogs: Do You Take Security Seriously?
Well Javvad Malik has created another awesome report taking on what taking security seriously actually looks like - both for customers and providers. Here's a little excerpt:The “we take security...
View ArticleClik here to view.
Zscaler Research: AntiCoinMiner mining campaign
Coinminer malware has been on the rise for some time. As more and more users become aware of this threat and try to take measures to protect themselves, cybercriminals are attempting to cash on that...
View ArticleClik here to view.
Zscaler Research: Anti-Coinminer Mining Campaign
Coinminer malware has been on the rise for some time. As more and more users become aware of this threat and try to take measures to protect themselves, cybercriminals are attempting to cash on that...
View ArticleClik here to view.
/dev/random: Detecting SSH Username Enumeration
A very quick post about a new thread which has been started yesterday on the OSS-Security mailing list. It’s about a vulnerability affecting almost ALL SSH server version. Quoted from the initial...
View ArticleClik here to view.
Cisco Talos: Threat Roundup for August 10-17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 10 and August 17. As with previous round-ups, this post isn't meant to be an in-depth analysis....
View ArticleClik here to view.
Didier Stevens: Quickpost: Revisting JA3
A year ago I tried out JA3. Time for a new test.This new version no longer crashes on some packets, it’s more stable. However, there’s a bug when producing json output, which is easy to fix.The JA3...
View Article