Posted in r/netsec by u/oleavr • 63 points and 6 comments

List of worst passwords of the 2019 list. You can check out the list and see if your password is on the list or not.

Facebook’s Tor gateway will be out of commission for a week or two after a TLS certificate expired. “Our onion service, facebookcorewwwi.onion, is

Amazon Web Services’ AssumeRole operation accepts an optional parameter called “sts:ExternalId” which is intended to mitigate certain types of attacks. However, both the attacks t…

Hardlinks again! Yes, there are plenty of opportunities to raise your privileges due to incorrect permissions settings when combined with  hardlinks in many softwares (MS included) ;-) In this post…

Broken Links Repair Plugin disables the bad links in your content immediately upon detection by Hexometer.com scanner.

Christmas is basically in one week, and if you are like me, which means you are not keen on the idea of going into actual shops and…

Since ever I've been using HID devices on red-team assessments at Char49 - specially using Rubber Ducky and latelly with Cactus WHID. I wanted to play a little

Posted in r/netsec by u/EatonZ • 40 points and 9 comments

“This gives a potential attacker access to view cameras in somebody’s home — that’s a real serious potential invasion of privacy right there.”

I found a security vulnerability in PandoraFMS 7 Monitoring System. As an authenticated user it is possible to modify or configure alerts…

As part of Apple’s commitment to security, we reward researchers who share with us critical issues and the techniques used to exploit them.

A method to bypass a null byte in a POP-POP-RETN address for exploiting local SEH overflows via DLL injection - FULLSHADE/POPPOPRET-nullbyte-DLL-bypass

Securing the world's software, together.

Based on ultra low power STM32 MCU for daily hacking of access control systems, radio protocols. Compatible with Arduino IDE and PlatformIO.

Daniel Kaye, also known as Spdrman, found regular jobs tough but corporate espionage easy. He’s about to get out of prison.

I have been asked about the usefulness of security monitoring of entropy levels in the Linux kernel. This calls for some explanation of how random generation works in Linux systems. So, randomness …

Crypto security and hardware developer Ledger has a new 2FA system that, while designed for crypto, can now protect your Google, Facebook or GitHub accounts

To everything (TURN! TURN! TURN!)