Port 22

Neat solution for storing fingerprints in biometric scanners for grocery stores

/u/DiddernReddit NetSec

Creating a Rootkit to Learn C

/u/ScottContiniReddit NetSec

SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference

David GordonThe Register

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

Shaun NicholsThe Register

Facebook Sued Chinese Firm for Hacking its Users and Running Fraud Ads

noreply@blogger.com (Swati Khandelwal)The Hackers News

VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed

Shaun NicholsThe Register

If there's somethin' stored in a secure enclave, who ya gonna call? Membuster!

Thomas ClaburnThe Register

Alleged Russian Hacker Behind $100 Million Evil Corp Indicted

Brian BarrettWired

Apple Explains Mysterious iPhone 11 Location Requests

BrianKrebsKrebs on Security

Dec 12 Webinar: API Whitelisting / Positive Security Model to prevent OWASP API Top 10 A3, A6 & A8

/u/DSotnikovReddit NetSec

Trivial SecureWorks Red Cloak Agent Local Bypass

/u/CowbellSteveReddit NetSec

Chepy 1.3.0 released now with basic pcap support, and many more new improvements!

/u/securisecReddit NetSec

Scammy and spammy harassers are chasing veteran pros off crypto-collab platform Keybase

Shaun NicholsThe Register

A graph-based tool for visualizing effective access and resource relationships in AWS environments

/u/0xdeaReddit NetSec

CVE-2019-14899: Inferring and hijacking VPN-tunneled TCP connections.

/u/pimterryReddit NetSec

Feds slap $5m bounty on 'Evil Corp' Russian duo accused of running ZeuS, Dridex banking trojans

Gareth CorfieldThe Register

How 3 vulns in CRI-O + an overzealous OOM killer could lead to a container escape

/u/prematureretirementReddit NetSec

How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever

Gareth CorfieldThe Register

80% of all Android apps encrypt traffic by default

Amer OwaidaESET

A Practical Consideration of Typosquatting Python Packages

/u/dabbler33Reddit NetSec

Shockwave & Flash co-creator Sarah Allen on lessons learned & system vulnerabilities

/u/AaCodeSyncReddit NetSec

Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again research

Shaun NicholsThe Register

Election Machine Insecurity Story

Bruce SchneierSchneier on Security

Extracting Information from Electronic Devices with the SEC Xtractor - Open Source Hardware Release

/u/dionasReddit NetSec

Microsoft Defender ATP Brings EDR Capabilities to macOS

Dark Reading StaffDark Reading - Threat Intelligence

FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware

noreply@blogger.com (Swati Khandelwal)The Hackers News

Face scanning privacy concern or identity protection?

Tony AnscombeESET

Thales DIS SafeNet Sentinel LDK License Manager Runtime

Advisory DocumentICS-Cert Advisories

Weidmueller Industrial Ethernet Switches

Advisory DocumentICS-Cert Advisories

NTLMRecon - A fast NTLM reconnaissance tool without external dependencies

/u/RestlessDongerReddit NetSec

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

noreply@blogger.com (Unknown)The Hackers News

Authentication Vulnerabilities in OpenBSD

/u/MacpunkReddit NetSec

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

Thomas ClaburnThe Register

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

noreply@blogger.com (Swati Khandelwal)The Hackers News

Lazarus group goes back to the Apple orchard with new macOS trojan

Shaun NicholsThe Register

The RCS Texting Protocol Is Way Too Easy to Hack

Andy GreenbergWired

Generate pentest reports based on Github issues.

/u/mthbernardesReddit NetSec

Taking your Bug Bounty Program Public

/u/chestoneReddit NetSec

What's in a Botnet? Researchers Spy on Geost Operators

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

CCNA 200-125: Assessment Test-I

/u/ashish016Reddit NetSec

JUST IN: Russian Hackers Infect Ohio's Election Voting System

/u/Fit_AlfalfaReddit NetSec

Ewoks Are the Most Tactically Advanced Fighting Force in Star Wars

Angry Staff OfficerWired

FIRST CONTACT: New vulnerabilities in contactless payments

/u/dtdnReddit NetSec

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign

Trend MicroTrend Micro

Becoming a Tech Policy Activist

Bruce SchneierSchneier on Security

Microsoft Issues Advisory for Windows Hello for Business

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

Attackers Continue to Exploit Outlook Home Page Flaw

Robert Lemos Contributing WriterDark Reading - Threat Intelligence

Attackers Can Circumvent Outlook Homepage Flaw

Robert Lemos Contributing WriterDark Reading - Threat Intelligence

APT review: what the worlds threat actors got up to in 2019

David EmmSecure List

Hackers Find Ways Around a Years-Old Microsoft Outlook Fix

Lily Hay NewmanWired

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Matthew McWhirt (noemail@noemail.org)Fire Eye Threat Research

Mozilla locks nosy Avast, AVG extensions out of Firefox store amid row over web privacy

Shaun NicholsThe Register

Elcomsoft Extracts Data from Locked iPhones with Unpatchable checkra1n Jailbreak

/u/TitokhanReddit NetSec

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

noreply@blogger.com (Unknown)The Hackers News

The iPhone 11 Pros Location Data Puzzler

BrianKrebsKrebs on Security

Europol Shuts Down Over 30,500 Piracy Websites in Global Operation

noreply@blogger.com (Wang Wei)The Hackers News

Blockchain Developer Gets Busted After Talk in North Korea

Timothy B. Lee, Ars TechnicaWired

Collection of public security audits grouped by programming language

/u/PeopleCallMeBobReddit NetSec

RSA-240 Factored

Bruce SchneierSchneier on Security

Broken Link Hijacking

/u/ghostlulzReddit NetSec

Notorious spy tool taken down in global operation

Tom FoltnESET

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel

Jake Nicastro (noemail@noemail.org)Fire Eye Threat Research

TrickBot Expands in Japan Ahead of the Holidays

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

When Rogue Insiders Go to the Dark Web

Kelly Jackson Higgins Executive Editor at Dark ReadingDark Reading - Threat Intelligence

TrueDialog Unsecure Database Exposes SMS Data: Report

/u/w3bguyReddit NetSec

Port 22

~ 6 Dec 2019 ~

Neat solution for storing fingerprints in biometric scanners for grocery stores

Creating a Rootkit to Learn C

SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

Facebook Sued Chinese Firm for Hacking its Users and Running Fraud Ads

~ 5 Dec 2019 ~

VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed

If there's somethin' stored in a secure enclave, who ya gonna call? Membuster!

Alleged Russian Hacker Behind $100 Million Evil Corp Indicted

Apple Explains Mysterious iPhone 11 Location Requests

Dec 12 Webinar: API Whitelisting / Positive Security Model to prevent OWASP API Top 10 A3, A6 & A8

Trivial SecureWorks Red Cloak Agent Local Bypass

Chepy 1.3.0 released now with basic pcap support, and many more new improvements!

Scammy and spammy harassers are chasing veteran pros off crypto-collab platform Keybase

A graph-based tool for visualizing effective access and resource relationships in AWS environments

CVE-2019-14899: Inferring and hijacking VPN-tunneled TCP connections.

Feds slap $5m bounty on 'Evil Corp' Russian duo accused of running ZeuS, Dridex banking trojans

How 3 vulns in CRI-O + an overzealous OOM killer could lead to a container escape

How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever

80% of all Android apps encrypt traffic by default

A Practical Consideration of Typosquatting Python Packages

Shockwave & Flash co-creator Sarah Allen on lessons learned & system vulnerabilities

Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again research

Election Machine Insecurity Story

Extracting Information from Electronic Devices with the SEC Xtractor - Open Source Hardware Release

Microsoft Defender ATP Brings EDR Capabilities to macOS

FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware

Face scanning privacy concern or identity protection?

Thales DIS SafeNet Sentinel LDK License Manager Runtime

Weidmueller Industrial Ethernet Switches

NTLMRecon - A fast NTLM reconnaissance tool without external dependencies

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Authentication Vulnerabilities in OpenBSD

Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

Lazarus group goes back to the Apple orchard with new macOS trojan

~ 4 Dec 2019 ~

The RCS Texting Protocol Is Way Too Easy to Hack

Generate pentest reports based on Github issues.

Taking your Bug Bounty Program Public

What's in a Botnet? Researchers Spy on Geost Operators

CCNA 200-125: Assessment Test-I

JUST IN: Russian Hackers Infect Ohio's Election Voting System

Ewoks Are the Most Tactically Advanced Fighting Force in Star Wars

FIRST CONTACT: New vulnerabilities in contactless payments

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in KurdishCoder Campaign

Becoming a Tech Policy Activist

Microsoft Issues Advisory for Windows Hello for Business

Attackers Continue to Exploit Outlook Home Page Flaw

Attackers Can Circumvent Outlook Homepage Flaw

APT review: what the worlds threat actors got up to in 2019

Hackers Find Ways Around a Years-Old Microsoft Outlook Fix

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Mozilla locks nosy Avast, AVG extensions out of Firefox store amid row over web privacy

Elcomsoft Extracts Data from Locked iPhones with Unpatchable checkra1n Jailbreak

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

The iPhone 11 Pros Location Data Puzzler

Europol Shuts Down Over 30,500 Piracy Websites in Global Operation

~ 3 Dec 2019 ~

Blockchain Developer Gets Busted After Talk in North Korea

Collection of public security audits grouped by programming language

RSA-240 Factored

Broken Link Hijacking

Notorious spy tool taken down in global operation

Excelerating Analysis Tips and Tricks to Analyze Data with Microsoft Excel

TrickBot Expands in Japan Ahead of the Holidays

When Rogue Insiders Go to the Dark Web

TrueDialog Unsecure Database Exposes SMS Data: Report