Clik here to view.
Un informático en el lado del mal: Eventos para la Semana de Internet:...
Hoy voy a pasarme a estar un rato con mis amigos de X1Red+Segura, y mi compañero Fran Ramírez - ya sabéis, uno de los locos que cuenta anécdotas de la historia de la informática y los hackers - estará...
View ArticleWired: Security: Robert Mueller Won't Testify Next Week After All
Facial recognition run amok, antivirus hacks, and more of the week's top security news.
View ArticleClik here to view.
Fox-IT: Getting in the Zone: dumping Active Directory DNS using adidnsdump
Zone transfers are a classical way of performing reconnaissance in networks (or even from the internet). They require an insecurely configured DNS server that allows anonymous users to transfer all...
View ArticleClik here to view.
Un informático en el lado del mal: "AI... AI, AI, AI, AI" (Canta y no...
Ayer me pasé, un año más, por las jornadas de X1Red+Segura en Madrid. Es un evento pequeño, familiar, con animo de integrar y llevar la seguridad informática al gran público que tiene lugar en la...
View ArticleClik here to view.
Un informático en el lado del mal: Cómo funciona TRITON (TRISIS): Un malware...
Tras Stuxnet en 2010 (Irán) e Industroyer en 2016 (Ucrania), no se habían visto ataques combinados y sofisticados focalizados principalmente para atacar y persistir en Infraestructuras Críticas y...
View ArticleClik here to view.
Carnal0wnage Blog: Minecraft Mod, Mother's Day, and A Hacker Dad
Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as...
View ArticleWired: Security: A Cisco Router Bug Has Massive Global Implications
Researchers have discovered a way to break one of Cisco's most critical security features, which puts countless networks at potential risk.
View ArticleWired: Security: How Tech Helped the NSC Change the US Way of War
The National Security Council has gained enormous influence over the last few decades—thanks in no small part to better tech.
View ArticleBreakingPoint Labs Blog: What is ‘Metadata’ and why does it matter?
In the information technology world, metadata is a term you’ll often hear thrown around in many…
View ArticleClik here to view.
Cisco Talos: Vulnerability Spotlight: Remote code execution bug in Antenna...
Emmanuel Tacheau of Cisco Talos discovered this vulnerability.Executive summaryA buffer overflow vulnerability exists in Antenna House’s Rainbow PDF when the software attempts to convert a PowerPoint...
View ArticleSANS Internet Storm Center, InfoCON: green: VMWare just released a security...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
SANS Internet Storm Center, InfoCON: green: Microsoft May 2019 Patch Tuesday,...
This month we got patches for 79 vulnerabilities from Microsoft and 1 from Adobe. From those, 23 are critical and 2 were previously known - including the one that has been exploited in the wild.The...
View ArticleWired: Security: WhatsApp Was Hacked, Your Computer Was Exposed, and More News
Catch up on the most important news today in 2 minutes or less.
View ArticleWired: Security: Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign
A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.
View ArticleWired: Security: Google Will Replace Titan Security Key Over a Bluetooth Flaw
Google will replace any Titan BLE branded security key, after disclosing that a nearby attacker could use it to compromise your accounts.
View ArticleClik here to view.
Un informático en el lado del mal: Sappo para Twitter: Cómo usar Sappo para...
Hace un año, en la conferencia de Open Expo 2018, di una charla en la que presentaba una actualización de nuestra herramienta para hacer Spear Apps to Steal OAuth Tokens que bautizamos como Sappo. Le...
View ArticleWired: Security: The FCC's Robocall Plan Sounds Awfully Familiar
FCC chairman Ajit Pai has proposed a set of rules to combat robocalls. Don't get your hopes up quite yet.
View ArticleClik here to view.
/dev/random: [SANS ISC] The Risk of Authenticated Vulnerability Scans
I published the following diary on isc.sans.edu: “The Risk of Authenticated Vulnerability Scans“:NTLM relay attacks have been a well-known opportunity to perform attacks against Microsoft Windows...
View ArticleClik here to view.
Cisco Talos: Microsoft Patch Tuesday — May 2019: Vulnerability disclosures...
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated...
View ArticleClik here to view.
Zero in a bit: Keys to Scaling Your Application Security Program
It’s best practice to kick off your AppSec inititive by starting small, scanning your most business-critical apps, and addressing the most severe flaws. But it’s also best practice to scale your...
View Article