Port 22

The New robots.txt

/u/ghostlulzReddit NetSec

Equifax used 'admin' as username and password for sensitive data: lawsuit

/u/destro2323Reddit NetSec

CVE-2019-16278 - Unauthenticated Remote Code Execution in Nostromo web server

/u/sudo_sudokaReddit NetSec

Model Based fuzzing of the WPA3 Dragonfly Handshake

/u/incolumitasReddit NetSec

Weaponizing and Gamifying AI for WiFi Hacking: Presenting Pwnagotchi 1.0.0

/u/evilsocketReddit NetSec

Hack The Box - Ellingson Write-up by 0xRick

/u/Ahm3d_H3shamReddit NetSec

Pwn2Win CTF 2019 - Registration is now open!

/u/alissonbReddit NetSec

The Air Force Ditches Its Nuclear Command Floppy Disks

Brian BarrettWired

Congress Still Doesn't Have an Answer for Ransomware

Matt LasloWired

At an Outback Steakhouse Franchise, Surveillance Blooms

Louise MatsakisWired

Forgive Me Father For I Have Hacked (How we broke an app before its official release)

/u/kurtisebearReddit NetSec

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app

Iain ThomsonThe Register

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

Bruce SchneierSchneier on Security

Why Technologists Need to Get Involved in Public Policy

Bruce SchneierSchneier on Security

We are the privacytools.io team (in a week, at r/Privacy) Ask Us Anything!

/u/trai_depReddit NetSec

Letting Birds scooters fly free

/u/skeetoReddit NetSec

Tor Weaponized to Steal Bitcoin

Dark Reading StaffDark Reading - Threat Intelligence

In A Crowded Endpoint Security Market, Consolidation Is Underway

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing

Mobile Threat Response TeamTrend Micro

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

noreply@blogger.com (Unknown)The Hackers News

Week in security with Tony Anscombe

Tom FoltnESET

How does 36m sound, mon CHERI? UK.gov pumps cash into Arm security research

John OatesThe Register

Bypassing LLMNR/NBT-NS honeypot

/u/adamziaja_comReddit NetSec

Adding a Hardware Backdoor to a Networked Computer

Bruce SchneierSchneier on Security

DOMDig, discovering javascript injection using Headless Chrome and Nodejs

/u/filippo_cavallarinReddit NetSec

Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

Anton CherepanovESET

Cryptocurrency-Mining Malware Found Embedded in Audio Files

/u/StaorminReddit NetSec

Better USB injection with rawcoon

/u/Nitr4xReddit NetSec

Google slings websites into Chrome's solitary confinement on Android to thwart Spectre-style data snooping

Thomas ClaburnThe Register

Using open source products to prevent common passwords from being used

/u/HanSolo71Reddit NetSec

OWASP Top 10: XML External Entity(XXE)

/u/ghostlulzReddit NetSec

DNC Hackers Resurface, Zuckerberg Talks Free Speech, and More News

Alex Baker-WhitcombWired

Apple's Good Intentions on Privacy Stop at China's Borders

Louise MatsakisWired

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back

Shaun NicholsThe Register

Ahh shhgit! A brief look into git secrets

/u/eth0izzleReddit NetSec

A Thorough Introduction to PASETO (secure JWT alternative)

/u/sarciszewskiReddit NetSec

A cautionary, Thames Watery tale on how not to look phishy: 'Click here to re-register!'

Richard SpeedThe Register

Phishing Campaign Targets Stripe Credentials, Financial Data

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

Definitive Dossier of Devilish Debug Details Part Deux: A Didactic Deep Dive into Data Driven Deductions

Matt Berninger (noemail@noemail.org)Fire Eye Threat Research

Smart Meters The Spanish Scenario and the Telemanagement System

/u/gid0rahReddit NetSec

JA3/S Signatures and How to Avoid Them

/u/Hubble_BC_SecurityReddit NetSec

Attacking Amazon EMR clusters

/u/strandjsReddit NetSec

State of SMB Insecurity by the Numbers

Ericka Chickowski Contributing WriterDark Reading - Threat Intelligence

Remember the Democratic National Committee email leak? Same hackers now targeting EU countries, say malware boffins

Gareth CorfieldThe Register

Wayback Machine - Sql Injection Scanner

/u/ghostlulzReddit NetSec

Using Machine Learning to Detect IP Hijacking

Bruce SchneierSchneier on Security

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

noreply@blogger.com (Swati Khandelwal)The Hackers News

Cozy Bear Emerges from Hibernation to Hack EU Ministries

Robert Lemos Contributing WriterDark Reading - Threat Intelligence

AVEVA Vijeo Citect and Citect SCADA

Advisory DocumentICS-Cert Advisories

Horner Automation Cscape

Advisory DocumentICS-Cert Advisories

Inside Olympic Destroyer, the Most Deceptive Hack in History

Andy Greenberg, ExcerptWired

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

Milo ermkESET

Operation Ghost: The Dukes arent back they never left

ESET ResearchESET

Russias Cozy Bear Hackers Resurface With Clever New Tricks

Andy GreenbergWired

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

noreply@blogger.com (Swati Khandelwal)The Hackers News

When Card Shops Play Dirty, Consumers Win

BrianKrebsKrebs on Security

A Comprehensive Guide On How to Protect Your Websites From Hackers

noreply@blogger.com (The Hacker News)The Hackers News

Bash script to automate the creation of a Tor access point.

/u/rubio_botReddit NetSec

Hundreds charged in internet's biggest child-abuse swap-shop site bust: IP addy leak led cops to sys-op's home

Shaun NicholsThe Register

Hey guys, I created this E-Book about how Unsupervised AI can solve all the major roadblocks in the cybersecurity industry, I'm sure there's a lot of room for improvement and would really appreciate the constructive criticism. I'm also happy to answer any questions about Unsupervised Learning also!

/u/anamixmodeReddit NetSec

How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown

Lily Hay NewmanWired

Tailoring CVE-2019-2215 to Achieve Root

/u/TitokhanReddit NetSec

SQL Buster: Manual Union Based Sqli detection with Query Dump

/u/sarthaksainiReddit NetSec

I recently setup a RDP honeypot and it didnt disappoint. The first actor that logged in disabled or broke AV/logging/Task Manager/ etc. via a bat file. Then they dropped two RDP brute forcing tools and a GUI for Massscan. See the full write-up below.

/u/InfoSecJimReddit NetSec

Analysis of Two Newly Patched Kubernetes Vulnerabilities (CVE-2019-16276 and CVE-2019-11253)

/u/pingpongfifaReddit NetSec

Port 22

~ 20 Oct 2019 ~

The New robots.txt

~ 19 Oct 2019 ~

Equifax used 'admin' as username and password for sensitive data: lawsuit

CVE-2019-16278 - Unauthenticated Remote Code Execution in Nostromo web server

Model Based fuzzing of the WPA3 Dragonfly Handshake

Weaponizing and Gamifying AI for WiFi Hacking: Presenting Pwnagotchi 1.0.0

Hack The Box - Ellingson Write-up by 0xRick

Pwn2Win CTF 2019 - Registration is now open!

The Air Force Ditches Its Nuclear Command Floppy Disks

Congress Still Doesn't Have an Answer for Ransomware

At an Outback Steakhouse Franchise, Surveillance Blooms

~ 18 Oct 2019 ~

Forgive Me Father For I Have Hacked (How we broke an app before its official release)

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

Why Technologists Need to Get Involved in Public Policy

We are the privacytools.io team (in a week, at r/Privacy) Ask Us Anything!

Letting Birds scooters fly free

Tor Weaponized to Steal Bitcoin

In A Crowded Endpoint Security Market, Consolidation Is Underway

Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

Week in security with Tony Anscombe

How does 36m sound, mon CHERI? UK.gov pumps cash into Arm security research

Bypassing LLMNR/NBT-NS honeypot

Adding a Hardware Backdoor to a Networked Computer

DOMDig, discovering javascript injection using Headless Chrome and Nodejs

Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

Cryptocurrency-Mining Malware Found Embedded in Audio Files

Better USB injection with rawcoon

Google slings websites into Chrome's solitary confinement on Android to thwart Spectre-style data snooping

Using open source products to prevent common passwords from being used

OWASP Top 10: XML External Entity(XXE)

~ 17 Oct 2019 ~

DNC Hackers Resurface, Zuckerberg Talks Free Speech, and More News

Apple's Good Intentions on Privacy Stop at China's Borders

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back

Ahh shhgit! A brief look into git secrets

A Thorough Introduction to PASETO (secure JWT alternative)

A cautionary, Thames Watery tale on how not to look phishy: 'Click here to re-register!'

Phishing Campaign Targets Stripe Credentials, Financial Data

Definitive Dossier of Devilish Debug Details Part Deux: A Didactic Deep Dive into Data Driven Deductions

Smart Meters The Spanish Scenario and the Telemanagement System

JA3/S Signatures and How to Avoid Them

Attacking Amazon EMR clusters

State of SMB Insecurity by the Numbers

Remember the Democratic National Committee email leak? Same hackers now targeting EU countries, say malware boffins

Wayback Machine - Sql Injection Scanner

Using Machine Learning to Detect IP Hijacking

Chrome for Android Enables Site Isolation Security Feature for All Sites with Login

Cozy Bear Emerges from Hibernation to Hack EU Ministries

AVEVA Vijeo Citect and Citect SCADA

Horner Automation Cscape

Inside Olympic Destroyer, the Most Deceptive Hack in History

What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed

Operation Ghost: The Dukes arent back they never left

Russias Cozy Bear Hackers Resurface With Clever New Tricks

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

When Card Shops Play Dirty, Consumers Win

A Comprehensive Guide On How to Protect Your Websites From Hackers

~ 16 Oct 2019 ~

Bash script to automate the creation of a Tor access point.

Hundreds charged in internet's biggest child-abuse swap-shop site bust: IP addy leak led cops to sys-op's home

Hey guys, I created this E-Book about how Unsupervised AI can solve all the major roadblocks in the cybersecurity industry, I'm sure there's a lot of room for improvement and would really appreciate the constructive criticism. I'm also happy to answer any questions about Unsupervised Learning also!

How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown

Tailoring CVE-2019-2215 to Achieve Root

SQL Buster: Manual Union Based Sqli detection with Query Dump

I recently setup a RDP honeypot and it didnt disappoint. The first actor that logged in disabled or broke AV/logging/Task Manager/ etc. via a bat file. Then they dropped two RDP brute forcing tools and a GUI for Massscan. See the full write-up below.

Analysis of Two Newly Patched Kubernetes Vulnerabilities (CVE-2019-16276 and CVE-2019-11253)