78 matches found
NSA Watchdog Will Review Tucker Carlson Spy Claims
The National Security Agency’s Inspector General Robert Storch has announced a review of whether the agency illegally conducted cyber-espionage and collected the electronic communications of Fox News opinion-show host Tucker Carlson, who has accused the NSA of trying to capture embarrassing...
Malicious owner can arbitrarily change fee to any % value
Handle 0xRajeev Vulnerability details Impact Tracer protocol like any other allows market creators to charge fees for trades. However, a malicious/greedy owner can arbitrarily change fee to any % value and without an event to observe this change or a timelock to react, there is no easy way for...
Malwarebytes releases SMB Cybersecurity Trust & Confidence Report 2021
What can we say about 2020 that hasn’t already been said? Beliefs were shaken. Values were questioned. Truths were tested. Then COVID happened and things really got crazy. The World Health Organization declared the coronavirus outbreak a global pandemic on March 12, 2020. That same day...
Microsoft Offers Up To $30K For Teams Bugs
Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it’s willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most...
Mistakes were Made, Lessons were Learned
Mark Nunnikhoven, AWS Community Hero and Trend Micro Vice President of Cloud Research, explores how to leverage the AWS Well Architected Framework, and six core design principles to build in the AWS cloud with confidence...
The Real Frontiers for 2021 in XDR
XDR is finally delivering on what you’ve been promised—and needed—for years and how it can enable greater confidence in your security strategy...
Cyber Insecurity: Securing the Vote in the 2020 Election
Ahead of the 2020 U.S. presidential election, there are a number of cybersecurity threats looming. In an unprecedented year, we have already begun to see foreign interference,1 government agencies hit with ransomware attacks2, the National Guard deployed by state and local governments to assist...
From the Dorm Room to the White House: How Researcher Jack Cable Works to Ensure Election Security
In a recent episode of Security Nation, Rapid7 welcomed Jack Cable, a junior at Stanford University and employee of the U.S. Cybersecutiy and Infrastructure Security Agency, to discuss the importance of ensuring election security beyond just voting machines. Read on as he shares how to fight...
Geo-Recon - An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts. Setup This tool is compactible with: Any Linux Operating System Debian, Ubuntu, CentOS Termux Linux Setup git clone https://github.com/radioactivetobi/geo-recon.git cd geo-recon chmod +x...
OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery
Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.10.2-rev9, 2.10.3-rev4 Vendor notification...
The Results Are In: Defender Confidence Is On The Rise
Recently, I spent two weeks traveling across Europe talking with defenders, reporters, and leaders of security programs. While each country faces its own unique challenges and has its own needs, there were a few themes that were consistently present. Threat Outlook Report 2020. Naturally, we...
Identifying Let’s Encrypt Revoked Certificates
Let's Encrypt is a free, automated, open certificate authority CA run for the public's benefit as a service from the Internet Security Research Group ISRG. It provides free digital certificates to enable HTTPS SSL/TLS for websites via user-friendly means. Earlier this week, Let's Encrypt announce...
ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
Much has been made of the fallout that companies face after a data breach. But for public companies, shaken investor confidence adds a whole new dimension to recovery concerns. A recent study from Comparitech shows that share prices for large breached companies will hit a low point approximately ...
The Unsexy Threat to Election Security
Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts...
Bandit - Tool Designed To Find Common Security Issues In Python Code
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...
The Problem with Perfection: Tech Confidence in Young Girls
At Akamai, we believe the future of tech is full of amazing opportunities. However, to ensure these opportunities are fulfilled, some things in the industry need to change. To enable these changes, we are committed to providing opportunities to anyone...
How CB LiveOps Helps with Incident Response
Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...
Forrester Finds Carbon Black’s Predictive Security Cloud to have 261% ROI
Your endpoints are one of the most targeted assets in your organization—in 2017 alone, more than 50% of organizations experienced a data breach of some kind.1 At Carbon Black, we understand this risk, and are committed to providing the best possible endpoint protection. In order to demonstrate...
contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities
An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew...
Election Leaks Failed to Move Needle on Polls
The barrage of information leaks, state-sponsored espionage and hacktivism related to the U.S. presidential election has had a mixed bag of effects on the race and voter confidence. For the most part, attacks against organizations supporting both major political parties, extensive email leaks and...