DFIR: PPEE. #Herramienta muy interesante para el análisis estático de ficheros con #Malware.
https://t.co/RZRZrbHGoY
https://t.co/RZRZrbHGoY
mzrst.com
PPEE - Professional PE Explorer
PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details
#MongoDB are the target of data extortionists again, 26,000 servers hijacked https://t.co/49IiXjiYaf
BleepingComputer
Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims
Ransom attacks on MongoDB databases rekindled last week and over the weekend with the emergence of three new groups that hijacked over 26,000 servers, with one group hijacking 22,000.
#Apache #Struts #vulnerability
http://feedproxy.google.com/~r/TheHackersNews/~3/avE1jcuW1IY/apache-struts-vulnerability.html
https://isc.sans.edu/diary/rss/22788
http://feedproxy.google.com/~r/TheHackersNews/~3/avE1jcuW1IY/apache-struts-vulnerability.html
https://isc.sans.edu/diary/rss/22788
The Hacker News
Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
A Critical remote code execution vulnerability (CVE-2017-9805) has been discovered in Apache Struts web application framework
#USB #RubberDucky low cost original
https://thehackerway.com/2017/09/05/vuelve-el-patito-low-cost-ahora-grazna-como-un-usb-rubber-ducky-original/
https://thehackerway.com/2017/09/05/vuelve-el-patito-low-cost-ahora-grazna-como-un-usb-rubber-ducky-original/
Seguridad en Sistemas y Técnicas de Hacking. TheHackerWay (THW)
Vuelve el patito low cost, ahora grazna como un USB Rubber Ducky original
Sobre los autores: Ernesto Sánchez (@ernesto_xload) y Joel Serna (@JoelSernaMoreno) son consultores en seguridad informática que han participado en eventos como: Navaja Negra, MorterueloCON y Eastm…
📃 "La vulnerabilidad de Whatsapp está en sus políticas" https://www.derechosdigitales.org/10831/la-vulnerabilidad-de-whatsapp-esta-en-sus-politicas/
#Whatsapp
⚠️[ALERTA] Suplantan a @bbva en este correo malicioso. #Nocliques #Nopiques y bloquea dominio bbvadocs.es https://t.co/zC4WVfbrVG
Twitter
ESET España
⚠️[ALERTA] Suplantan a @bbva en este correo malicioso. #Nocliques #Nopiques y bloquea dominio bbvadocs.es
Vulnerabilidad de fuga de información en Palo Alto Networks https://t.co/7H5kwh25C4
CERTSI
Fuga de información en Palo Alto Networks
Una vulnerabilidad en el PAN-OS de Palo Alto podría permitir a un atacante remoto no autenticado acceder a información sensible en el sistema.
Vulnerabilidad de ejecución remota de código en Hewlett Packard Enterprise Operations Orchestration https://t.co/IeMTXt8ONQ
Versiones anteriores a 10.80
#HP
Versiones anteriores a 10.80
#HP
CERTSI
Vulnerabilidad de ejecución remota de código en Hewlett Packard Enterprise Operations Orchestration
Se ha publicado una vulnerabilidad cuya explotación permitiría la ejecución remota de código no confiable en instalaciones Hewlett Packard Enterprise Operations Orchestration vulnerables.
#Microsoft won't patch #Edge browser content security bypass
Tells Cisco's Talos it's a feature, not a bug. #Apple and #Google disasgree and fixed it
Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch?…
http://go.theregister.com/feed/www.theregister.co.uk/2017/09/07/talos_says_msft_edge_content_security_bypass_is_a_feature_wont_be_patched/
Tells Cisco's Talos it's a feature, not a bug. #Apple and #Google disasgree and fixed it
Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch?…
http://go.theregister.com/feed/www.theregister.co.uk/2017/09/07/talos_says_msft_edge_content_security_bypass_is_a_feature_wont_be_patched/
www.theregister.co.uk
Microsoft won't patch Edge browser content security bypass
Tells Cisco's Talos it's a feature, not a bug. Apple and Google disasgree and fixed it
#Google lanza un nuevo programa de certificación para programadores
https://developers.googleblog.com/2017/09/introducing-mobile-web-specialist.html?m=1
https://developers.googleblog.com/2017/09/introducing-mobile-web-specialist.html?m=1
Google Developers Blog
Introducing the Mobile Web Specialist Certification by Google Developers
News and insights on Google platforms, tools, and events.
Find a security policy template for your organization in the SANS Security Policy Resources: https://t.co/jckuVhsNac
www.sans.org
SANS - Information Security Resources | Information Security Policy Templates |
Free information security policy templates courtesy of the SANS Institute, Michele D. Guel, and other information security leaders.
#Pharming y #spim: los primos hermanos del #phishing y el #spam ¿Quieres información sobre estos tipos de ataques?
https://t.co/AA7OxLcYmL
https://t.co/AA7OxLcYmL
www.osi.es
Pharming y spim: los primos hermanos del phishing y el spam
PHARMING ¿Qué es el pharming? El pharming es un ciberataque que consiste en redireccionar el tráfico web de una página legítima hacia otra página falsa. ¿Cómo funciona el pharming? Mediante esta técnica, el atacante consigue que, cuando abramos nuestro navegador…
#Bug in #Windows #Kernel Could Prevent Security Software From Identifying #Malware
https://t.co/7IpgIoK6MA
https://t.co/7IpgIoK6MA
BleepingComputer
Bug in Windows Kernel Could Prevent Security Software From Identifying Malware
Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime.
CVE-2017-0780: Denial-of-Service #Vulnerability can #Crash #Android Messages App https://t.co/UVmhfiFihe #TrendMicro
TrendLabs Security Intelligence Blog
CVE-2017-0780: Denial-of-Service Vulnerability can Crash Android Messages App - TrendLabs Security Intelligence Blog
CVE-2017-0780, a denial-of-service vulnerability we recently disclosed to Google, can let attackers remotely crash their victims’ Android Messages app.
Heap Exploitation
This short book is written for people who want to understand the internals of 'heap memory', particularly the implementation of glibc's 'malloc' and 'free' procedures, and also for security researchers who want to get started in the field of heap exploitation.
https://www.gitbook.com/book/dhavalkapil/heap-exploitation/details
This short book is written for people who want to understand the internals of 'heap memory', particularly the implementation of glibc's 'malloc' and 'free' procedures, and also for security researchers who want to get started in the field of heap exploitation.
https://www.gitbook.com/book/dhavalkapil/heap-exploitation/details
GitBook
Heap Exploitation · GitBook
heap-exploitation: This book on heap exploitation is a guide to understanding the internals of glibc's heap. It also describes, in detail, various attacks possible on the heap structure.