Port 22

Patch your exim servers people

/u/hackerxbellaReddit NetSec

Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin

/u/got_nationsReddit NetSec

Build 18917 arrives to the insiders of the Fast Ring with improved WSL

/u/amitk3333Reddit NetSec

Congress Gives 'Hack Back' Legislation Another Try

Dark Reading StaffDark Reading - Threat Intelligence

A friendly framework for Beginner CTF players

/u/mzfr98Reddit NetSec

The CISO's Drive to Consolidation

Nik Whitfield Computer Scientist & Security Technology EntrepreneurDark Reading - Threat Intelligence

7 Truths About BEC Scams

Ericka Chickowski Contributing WriterDark Reading - Threat Intelligence

BD Alaris Gateway Workstation

Advisory DocumentICS-Cert Advisories

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners

Trend MicroTrend Micro

Johnson Controls exacqVision Enterprise System Manager

Advisory DocumentICS-Cert Advisories

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

Advisory DocumentICS-Cert Advisories

Report on the Stalkerware Industry

Bruce SchneierSchneier on Security

Want to take over the Java ecosystem? All you need is a MITM!

/u/Eta-MesonReddit NetSec

Account takeover using IDOR and the misleading case of error 403.

/u/Eta-MesonReddit NetSec

AI Threats In Banking

/u/Eta-MesonReddit NetSec

BlueKeep scanner supporting NLA (Network Level Authentication)

/u/digicatReddit NetSec

The Rise of 'Purple Teaming'

Joseph R. Salazar Technical Marketing EngineerDark Reading - Threat Intelligence

I wrote a tool to automate part of my workflow - Sooty can sanitize links for email, decode PP encoded urls, perform DNS and revDNS lookups, and web scrape to perform reputation checks

/u/compSecurityReddit NetSec

Password breaches with docker and h8mail

/u/khast3xReddit NetSec

Outlaw Hacking Groups Botnet Observed Spreading Miner, Perl-Based Backdoor

Trend MicroTrend Micro

Drop the MIC - CVE-2019-1040

/u/ga-vuReddit NetSec

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

noreply@blogger.com (Swati Khandelwal)The Hackers News

Digging up the Past: OS X File Versioning and Digital Forensics

/u/marketingverspriteReddit NetSec

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

noreply@blogger.com (Unknown)The Hackers News

Project Hedron

/u/1337shillReddit NetSec

RAMBleed is a new side-channel attack that enables an attacker to read out physical memory belonging to other processes.

/u/ArabianKnight1997Reddit NetSec

Executing a blind XSS on googleplex.com to get access to Google's internal sites

/u/ThomasCZReddit NetSec

Spains top soccer league fined over its apps tactics

Tom FoltnESET

Advancing Windows 10 as a passwordless platform

/u/mycallReddit NetSec

Project Svalbard: The Future of Have I Been Pwned

/u/mycallReddit NetSec

Dataset of 7 Million scraped Venmo transactions

/u/GoGoGadgetSalmonReddit NetSec

Bypassing Google's Santa Application Whitelisting on macOS (Part 2 of 2)

/u/myoverReddit NetSec

One of the world's first keystroke loggers: A device created by the Soviets that translated magnetic waves from an IBM Selectric typewriter and transmitted the results via radio to a nearby listening post.

/u/PilebsaReddit NetSec

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

/u/marketingverspriteReddit NetSec

A guide on how not to disclose reports on HackerOne

/u/VirenM97Reddit NetSec

Intro to CakePHP for Bug Hunters

/u/lynercReddit NetSec

CrowdStrike Prices IPO Above Range at $34

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

Sysmon 10.0 - New features and changes

/u/digicatReddit NetSec

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Chris Schueler Senior VP, Managed Security Services, TrustwaveDark Reading - Threat Intelligence

Microsoft Patch Tuesday, June 2019 Edition

BrianKrebsKrebs on Security

Shifting Tactics: Breaking Down TA505 Groups Use of HTML, RATs and Other Techniques in Latest Campaigns

Trend MicroTrend Micro

BUrpJSLinkFinder

/u/InitRootReddit NetSec

Bypassing CrowdStrike in an enterprise production network [in 3 different ways]

/u/zoh4rsReddit NetSec

Rock-Paper-Scissors Robot

Bruce SchneierSchneier on Security

Cynet Free Visibility Experience Unmatched Insight into IT Assets and Activities

noreply@blogger.com (The Hacker News)The Hackers News

After 6 years in the making, SQRL is now finalized. Here is the 17-page explainer PDF with the details.

/u/kuuttisReddit NetSec

Android's Built-in Security Key Now Works With iOS Devices For Secure Login

noreply@blogger.com (Unknown)The Hackers News

Predicting Vulnerability Weaponization

Srinivas Mukkamala Co-founder & CEO, RiskSenseDark Reading - Threat Intelligence

What kids get up to online

Anna LarkinaSecure List

Binary Exploitation Series (7): Full RelRO Bypass

/u/made0x78Reddit NetSec

Why cybercriminals are eyeing smart buildings

Juan Manuel HarnESET

Achieving Persistent Access to Burp Collaborator Sessions - Web Hacking - 0x00sec

/u/Evil1337Reddit NetSec

When Time is of the Essence Testing Controls Against the Latest Threats Faster

noreply@blogger.com (Exclusive Deals)The Hackers News

Junes Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscapers Zero Days, HoloLens

Trend MicroTrend Micro

Complete Web Application Firewall Guide - devconnected

/u/SCHKNReddit NetSec

RAMBleed Attack Flip Bits to Steal Sensitive Data from Computer Memory

noreply@blogger.com (Swati Khandelwal)The Hackers News

Roaming Mantis: a new phishing method targets a Japanese MNO

/u/ninosekiReddit NetSec

New ram bit flipping attack that works on ECC

/u/quiet0n3Reddit NetSec

Electronegativity 1.3.0 (Electron Security Tool) released. Interesting vuln around Affinity Check

/u/nibblesecReddit NetSec

New critical NTLM flows avoid all of Microsoft's mitigations

/u/borisdanReddit NetSec

RAMBleed: Reading RSA keys with a rowhammer-based exploit

/u/SyonykReddit NetSec

Malcolm is a powerful, easily deployable network traffic analysis tool suite for PCAP and Zeek logs

/u/mmgueroReddit NetSec

MyBB: From Stored XSS to RCE

/u/zit-hbReddit NetSec

Interesting ways of smuggling data out of a network. Thought r/netsec would be interested.

/u/staz0tReddit NetSec

Microsoft Issues Fixes for 88 Vulnerabilities

Kelly Sheridan Staff Editor, Dark ReadingDark Reading - Threat Intelligence

Port 22

~ 13 Jun 2019 ~

Patch your exim servers people

Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin

Build 18917 arrives to the insiders of the Fast Ring with improved WSL

Congress Gives 'Hack Back' Legislation Another Try

A friendly framework for Beginner CTF players

The CISO's Drive to Consolidation

7 Truths About BEC Scams

BD Alaris Gateway Workstation

Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners

Johnson Controls exacqVision Enterprise System Manager

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

Report on the Stalkerware Industry

Want to take over the Java ecosystem? All you need is a MITM!

Account takeover using IDOR and the misleading case of error 403.

AI Threats In Banking

BlueKeep scanner supporting NLA (Network Level Authentication)

The Rise of 'Purple Teaming'

I wrote a tool to automate part of my workflow - Sooty can sanitize links for email, decode PP encoded urls, perform DNS and revDNS lookups, and web scrape to perform reputation checks

Password breaches with docker and h8mail

Outlaw Hacking Groups Botnet Observed Spreading Miner, Perl-Based Backdoor

Drop the MIC - CVE-2019-1040

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

Digging up the Past: OS X File Versioning and Digital Forensics

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Project Hedron

~ 12 Jun 2019 ~

RAMBleed is a new side-channel attack that enables an attacker to read out physical memory belonging to other processes.

Executing a blind XSS on googleplex.com to get access to Google's internal sites

Spains top soccer league fined over its apps tactics

Advancing Windows 10 as a passwordless platform

Project Svalbard: The Future of Have I Been Pwned

Dataset of 7 Million scraped Venmo transactions

Bypassing Google's Santa Application Whitelisting on macOS (Part 2 of 2)

One of the world's first keystroke loggers: A device created by the Soviets that translated magnetic waves from an IBM Selectric typewriter and transmitted the results via radio to a nearby listening post.

Attacking Weakly-Configured EAP-TLS Wireless Infrastructures

A guide on how not to disclose reports on HackerOne

Intro to CakePHP for Bug Hunters

CrowdStrike Prices IPO Above Range at $34

Sysmon 10.0 - New features and changes

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Microsoft Patch Tuesday, June 2019 Edition

Shifting Tactics: Breaking Down TA505 Groups Use of HTML, RATs and Other Techniques in Latest Campaigns

BUrpJSLinkFinder

Bypassing CrowdStrike in an enterprise production network [in 3 different ways]

Rock-Paper-Scissors Robot

Cynet Free Visibility Experience Unmatched Insight into IT Assets and Activities

After 6 years in the making, SQRL is now finalized. Here is the 17-page explainer PDF with the details.

Android's Built-in Security Key Now Works With iOS Devices For Secure Login

Predicting Vulnerability Weaponization

What kids get up to online

Binary Exploitation Series (7): Full RelRO Bypass

Why cybercriminals are eyeing smart buildings

Achieving Persistent Access to Burp Collaborator Sessions - Web Hacking - 0x00sec

When Time is of the Essence Testing Controls Against the Latest Threats Faster

Junes Patch Tuesday Fixes 88 Security Flaws, Including SandboxEscapers Zero Days, HoloLens

Complete Web Application Firewall Guide - devconnected

RAMBleed Attack Flip Bits to Steal Sensitive Data from Computer Memory

Roaming Mantis: a new phishing method targets a Japanese MNO

~ 11 Jun 2019 ~

New ram bit flipping attack that works on ECC

Electronegativity 1.3.0 (Electron Security Tool) released. Interesting vuln around Affinity Check

New critical NTLM flows avoid all of Microsoft's mitigations

RAMBleed: Reading RSA keys with a rowhammer-based exploit

Malcolm is a powerful, easily deployable network traffic analysis tool suite for PCAP and Zeek logs

MyBB: From Stored XSS to RCE

Interesting ways of smuggling data out of a network. Thought r/netsec would be interested.

Microsoft Issues Fixes for 88 Vulnerabilities