Denard.me
  • Blog
  • Dashboard
    • Dashboard
    • - Security Experts
    • - Security Operations
    • - Application Security
    • - Sysadmin
    • - Tech News
  • Services
  • Archives
  • Résumé
  • Contact

Security Experts

Anthony Ferrara

  • Wiring a Home Network
  • A PHP Compiler, aka The FFI Rabbit Hole
  • Protecting Against XSS In RAILS - JavaScript Contexts
  • Disclosure: WordPress WPDB SQL Injection - Technical
  • Disclosure: WordPress WPDB SQL Injection - Background
  • Ponderings on Odoriferous Syntactical Constructifications
  • Building an 8-bit Computer
  • Trust
  • All About Middleware
  • Simple, Easy, Risk and Change

Chris Hoff

  • On building fire extinguishers and fighting fires…
  • The 3 Immutable Rules Of Presentations…
  • Looking Forward to Catching Up At RSA…
  • Attribution is the new black…what’s in a name, anyway?
  • The Active Response Continuum & The Right To Cyber Self Defense…
  • Incomplete Thought: The Time Is Now For OCP-like White Box Security Appliances
  • J-Law Nudie Pics, Jeremiah, Privacy and Dropbox – An Epic FAIL of Mutual Distraction
  • How To Be a Cloud Mogul(l) – Our 2014 RSA “Dueling Banjos/Cloud/DevOps” Talk
  • On the Topic Of ‘Stopping’ DDoS.
  • The Easiest $20 I ever saved…

Cryptanalysis

  • Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
  • SSLv3 considered to be insucure – How the POODLE attack works in detail
  • SSL/TLS broken again – A weakness in the RC4 stream cipher
  • Secure Function Evaluation – There is an issue with OTR and plausible denability
  • Ron was wrong, Whit is right – Weak keys in the internet
  • GMR-1 cipher specifications are now public
  • Don’t trust satellite phones – The GMR-1 and GMR-2 ciphers have been broken [UPDATE]
  • Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC
  • Bitcoin – An Analysis
  • Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web

Dan Kaminsky: Blog

  • Hacking the Universe with Quantum Encraption
  • Read My Lips: Let’s Kill 0Day
  • The Cryptographically Provable Con Man
  • Validating Satoshi (Or Not)
  • “The Feds Have Let The Cyber World Burn. Let’s Put the Fires Out.”
  • I Might Be Afraid Of This Ghost
  • A Skeleton Key of Unknown Strength
  • Defcon 23: Let’s End Clickjacking
  • Safe Computing In An Unsafe World: Die Zeit Interview
  • Talking with Stewart Baker

Elliptic News

  • EdDSA standardized
  • Attacks on SIDH/SIKE
  • Breaking supersingular isogeny Diffie-Hellman (SIDH)
  • Hertzbleed Attack
  • Eurocrypt 2021 – Zagreb, Zoom and Zulip
  • Report by Luca de Feo on the 3rd PQC Standardization Conference
  • Some recent papers in isogeny crypto
  • SQISign
  • Review of ECC 2020
  • ECC 2020 Conference

Fillipio

  • Avoid The Randomness From The Sky
  • I’m Now a Full-Time Professional Open Source Maintainer
  • ssh whoami.filippo.io
  • Go 1.20 Cryptography
  • My age+YubiKeys Password Management Solution
  • A GC-Friendly Go Interning Cache
  • Why Did the OpenSSL Punycode Vulnerability Happen
  • The Reciprocal Value of Access to Maintainers
  • age and Authenticated Encryption
  • Planning Go 1.20 Cryptography Work

Graham Cluley

  • Free decryptor released for Conti-based ransomware following data leak
  • Android phones can be hacked just by someone knowing your phone number
  • Smashing Security podcast #313: Tesla twins and deepfake dramas
  • Microsoft has another go at closing security hole exploited by Magniber ransomware
  • Software supply chain attacks are on the rise — are you at risk?
  • STALKER 2 hacker demands Ukrainian game developer reinstates Russian language support, or else…
  • FBI reveals that more money is lost to investment fraud than ransomware and business email …
  • WhatsApp and UK government on collision course, as app vows not to remove end-to-end encryption
  • Pirated copies of Final Cut Pro infect Macs with cryptojacking malware
  • TSA tells US aviation industry to boost its cybersecurity

Ivan Ristic

  • Bulletproof TLS and PKI, Second Edition is out
  • OpenSSL Cookbook 3rd Edition now available
  • Second edition of Bulletproof SSL and TLS now in preview
  • Announcing Bulletproof SSL and TLS, the 2017 revision
  • Bulletproof SSL and TLS, three years later
  • SSL Labs Grading Redesign (Preview 1)
  • SSL Labs Distrusts WoSign and StartCom certificates
  • CAA Mandated by CA/Browser Forum
  • Ticketbleed detection added to SSL Labs
  • What’s new in SSL Labs 1.26.5

Krebs on Security

  • Feds Charge NY Man as BreachForums Boss “Pompompurin”
  • Microsoft Patch Tuesday, March 2023 Edition
  • Two U.S. Men Charged in 2022 Hacking of DEA Portal
  • Who’s Behind the NetWire Remote Access Trojan?
  • Sued by Meta, Freenom Halts Domain Registrations
  • Highlights from the New U.S. Cybersecurity Strategy
  • Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
  • When Low-Tech Hacks Cause High-Impact Breaches
  • Who’s Behind the Botnet-Based Service BHProxies?
  • New Protections for Food Benefits Stolen by Skimmers

Lenny Zeltser

  • Cybersecurity vs. Everyone
  • How to Ask Questions to Succeed with Security Projects
  • How You Can Start Learning Malware Analysis
  • REMnux Tools List for Malware Analysis
  • Version 7 of the REMnux Distro Is Now Available
  • Unemployment Insurance Fraud and Identity Theft: Up Close and Personal
  • How You Can Write Better Threat Reports
  • Learning Malware Analysis and Cybersecurity Writing Online
  • How to Set Up a SpiderFoot Server for OSINT Research
  • What’s It Like for a New CISO?

Moxie Marlinspike

  • GPG And Me
  • We Should All Have Something To Hide
  • A Saudi Arabia Telecom's Surveillance Pitch
  • Career Advice
  • The Worst
  • The Cryptographic Doom Principle
  • Your app shouldn't suffer SSL's problems
  • sslsniff: Anniversary Edition
  • SSL And The Future Of Authenticity

The MPC Lounge

  • 5th Bar-Ilan Winter School 2015: Advances in Practical Multiparty Computation
  • Publicly Auditable Secure Multiparty Computation
  • Faster Maliciously Secure Two-Party Computation Using the GPU
  • Adapt, adapt, adapt
  • MiniTrix for MiniMacs
  • Categorizing MPC
  • Communication-Efficient MPC for General Adversary Structures
  • Fair enough
  • How to use bitcoin to design fair protocols
  • Round-efficient black-box constructions of composable multi-party computation

Root Labs rdist

  • Rebooting
  • In Which You Get a Chance to Save Democracy
  • Was the past better than now?
  • Thought experiment on protocols and noise
  • Timing-safe memcmp and API parity
  • In Defense of JavaScript Crypto

Russ McRee

  • Moving blog to HolisticInfoSec.io
  • toolsmith #133 - Anomaly Detection & Threat Hunting with Anomalize
  • toolsmith #132 - The HELK vs APTSimulator - Part 2
  • toolsmith #131 - The HELK vs APTSimulator - Part 1
  • toolsmith #130 - OSINT with Buscador
  • toolsmith #129 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 2
  • McRee added to ISSA's Honor Roll for Lifetime Achievement
  • toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1
  • Toolsmith Tidbit: Windows Auditing with WINspect
  • Toolsmith Release Advisory: Magic Unicorn v2.8

Schneier on Security

  • Friday Squid Blogging: New Species of Vampire Squid Lives 3,000 Feet below Sea Level
  • Upcoming Speaking Engagements
  • How AI Could Write Our Laws
  • NetWire Remote Access Trojan Maker Arrested
  • Friday Squid Blogging: Chinese Squid Fishing in the Southeast Pacific
  • Elephant Hackers
  • Another Malware with Persistence
  • BlackLotus Malware Hijacks Windows Secure Boot Process
  • Prompt Injection Attacks on Large Language Models
  • New National Cybersecurity Strategy

Shtetl-Optimized

  • Martinis, The Plot Against America, Kill Chain
  • AirToAll: Another guest post by Steve Ebin
  • Lockdown day 39
  • The quantum computer that knows all
  • John Horton Conway (1937-2020)
  • When events make craziness sane
  • If I used Twitter…
  • On “armchair epidemiology”
  • Ask Me Anything: Apocalypse Edition
  • First it came for Wuhan

Troy Hunt

  • Weekly Update 339
  • Weekly Update 338
  • To Infinity and Beyond, with Cloudflare Cache Reserve
  • Weekly Update 337
  • Weekly Update 336
  • Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep …
  • Weekly Update 335
  • Weekly Update 334
  • Pwned Passwords Adds NTLM Support to the Firehose
  • Weekly Update 333

Xavier Mertens

  • [SANS ISC] A Backdoor with Smart Screenshot Capability
  • This Blog Has 20 Years!
  • [SANS ISC] A First Malicious OneNote Document
  • [SANS ISC] Do you collect “Observables” or “IOCs”?
  • [SANS ISC] Another Script-Based Ransomware
  • CTI-Summit 2022 Luxembourg Wrap-Up
  • [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky
  • Pass-The-Salt 2022 Wrap-Up
  • [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions
  • [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper

Sec Ops

Checkpoint

  • How Agentless Workloads Improves Security Velocity
  • GigaOm Recognizes CloudGuard AppSec as a Leader in Innovation and Feature Play in its 2023 …
  • Checkmate: Check Point Research exposes security vulnerabilities on Chess.com
  • Check Point Research conducts Initial Security Analysis of ChatGPT4, Highlighting Potential Scenarios For Accelerated Cybercrime
  • Can your SASE solution block these top malware?
  • Beware of Fake Calls! It’s not really your bank calling. Check Point Research draws attention …
  • Check Point Software Technologies Earns Top Spots in 19 G2 Leadership Grids
  • February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government
  • Is your security team concerned with unmanaged devices?
  • International Women’s Day: Achieving Gender Parity in the C-Suite and Advancing Equity in the Cybersecurity …

Cloudflare

  • Account Security Analytics and Events: better visibility over all domains
  • Wildcard and multi-hostname support in Cloudflare Access
  • One-click ISO 27001 certified deployment of Regional Services in the EU
  • Cloudflare Access is the fastest Zero Trust proxy
  • Stop brand impersonation with Cloudflare DMARC Management
  • Introducing custom pages for Cloudflare Access
  • Cloudflare partners with KnowBe4 to equip organizations with real-time security coaching to avoid phishing attacks
  • How we built DMARC Management using Cloudflare Workers
  • Post-quantum crypto should be free, so we’re including it for free, forever
  • IBM Cloud works with Cloudflare to help clients modernize and deliver secured cloud infrastructure

CSO Online

  • Two Patch Tuesday flaws you should fix right now
  • Cybersecurity startups to watch for in 2023
  • UK bans TikTok on government devices over data security fears
  • When and how to report a breach to the SEC
  • Why red team exercises for AI should be on a CISO's radar
  • Russian hacktivist group targets India’s health ministry
  • BrandPost: Reduce, reuse, recycle: Bad actors practicing the three Rs
  • Dell beefs up security portfolio with new threat detection and recovery tools
  • Cybercriminals target SVB customers with BEC and cryptocurrency scams
  • Palo Alto Networks announces new SD-WAN features for IoT security, compliance support

Dark Reading

  • How CISOs Can Work With the CFO to Get the Best Security Budget
  • Microsoft Azure Warns on Killnet's Growing DDoS Onslaught Against Healthcare
  • Prancer Announces Integration With ChatGPT for Enhanced Security Assessments
  • Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug
  • Technology Firms Delivering Much-Sought Encryption-in-Use
  • The Ethics of Network and Security Monitoring
  • Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation
  • Meta Proposes Revamped Approach to Online Kill Chain Frameworks
  • Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks
  • $3B Crypto-Mixer Money Laundering Operation Seized by Cops

FireEye

  • BIOS Boots What? Finding Evil in Boot Code at Scale!
  • Bypassing Antivirus for Your Antivirus Bypass
  • FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings
  • Extending Linux Executable Logging With The Integrity Measurement Architecture
  • Surge in Spam Campaign Delivering Locky Ransomware Downloaders
  • New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks
  • Going To Ground with The Windows Scripting Host (WSH)
  • ELFant in the Room – capa v3
  • Announcing the Eighth Annual Flare-On Challenge
  • capa 2.0: Better, Faster, Stronger

Google Online Security Blog

  • OSV and the Vulnerability Life Cycle
  • Thank you and goodbye to the Chrome Cleanup Tool
  • Google Trust Services now offers TLS certificates for Google Domains customers
  • 8 ways to secure Chrome browser for Google Workspace users
  • Our commitment to fighting invalid traffic on Connected TV
  • Moving Connected Device Security Standards Forward
  • Vulnerability Reward Program: 2022 Year in Review
  • Hardening Firmware Across the Android Ecosystem
  • The US Government says companies should take more responsibility for cyberattacks. We agree.
  • Taking the next step: OSS-Fuzz in 2023

Have I Been Owned

  • Shopper+ - 878,290 breached accounts
  • HDB Financial Services - 1,658,750 breached accounts
  • Eye4Fraud - 16,000,591 breached accounts
  • iD Tech - 415,121 breached accounts
  • LBB - 39,288 breached accounts
  • GunAuction.com - 565,470 breached accounts
  • Convex - 150,129 breached accounts
  • RealDudesInc - 101,543 breached accounts
  • Weee - 1,117,405 breached accounts
  • LimeVPN - 23,348 breached accounts

Kaspersky

  • Decrypt all strains of Shade ransomware
  • PhantomLance Android backdoor discovered on Google Play
  • Transatlantic Cable podcast, episode 140
  • From zero to online privacy hero in 5 steps
  • The problems with videoconferencing apps
  • Fake deliveries in an age of lockdown
  • Data leaks and employee motivation
  • Transatlantic Cable podcast, episode 139
  • Greening our digital lives
  • MITRE ATT&CK evaluations

NYT Bits

  • Man Arrested in VTech Breach of Children’s Data
  • Daily Report: Tech Companies Pressured on Terrorist Content
  • Kazakhstan Moves to Tighten Control of Internet Traffic
  • Researchers Track Tricky Payment Theft Scheme
  • Daily Report: Microsoft Finds Its Security Groove
  • Daily Report: Fear and Loathing in the Tech Industry
  • Hacking for Security, and Getting Paid for It
  • Hackers Prove They Can ‘Pwn’ the Lives of Those Not Hyperconnected
  • Q.&A.: Guarding Personal Data From Abuse by Insiders
  • Firms Pit Artificial Intelligence Against Hacking Threats

Reddit: /r/netsec

  • /r/netsec's Q1 2023 Information Security Hiring Thread
  • Bitwarden PINs can be brute-forced, a how-to and reason for stronger master passwords.
  • Obfuscating WebAssembly using Emscripten with an LLVM-based obfuscator
  • Undocumented behavior change in Android 10: mode "w" no longer truncates
  • VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress
  • OpenSIPS Security Audit Report is fully disclosed and out there (VoIP security)
  • Chaos Malware - Persistence and Evasion Techniques
  • Bypassing PPL in userland again
  • Debugging D-Link: Emulating firmware and hacking hardware
  • 18 Remote and Silent Zero Day RCEs/Baseband Exploits for Samsung Exynos

Reddit: /r/pwned

  • Colorado city of Denver Public Schools hit by data breach; includes employee fingerprints, bank account …
  • California City of Oakland's ransomware: employees' personal information released by cyberthieves - including data on …
  • Spanish "Hospital Clinic de Barcelona" crippled by ransomware, forcing cancellation of 150 operations and ~3,000 …
  • TV-provider Dish Network's outage starting last week is due to ransomware, company finally admits
  • U.S. Marshals Service hit by ransomware attack; sensitive law enforcement data stolen incl. investigations data, …
  • FBI New York Field Office breached in cyber attack - computer system used in investigations …
  • Unprotected US military mail server exposed years of sensitive data belonging to the United States …
  • Food-producer Dole temporarily shut down North America production due to cyber attack, likely ransomware
  • Community Health Systems, one of US' largest healthcare providers, breached; personal data on up to …
  • Video game-maker Activision confirms data breach exposing employee and game info

Securosis Blog

  • Understanding COVID, ARDS, and Mechanical Ventilation
  • Mastering the Journey—Building Network Manageability and Security for your Path
  • Defining the Journey—the Four Cloud Adoption Patterns
  • Your Cloud Journeys is Unique, but Not Unknown
  • The TWELFTH Annual Disaster Recovery Breakfast: (IM)MATURITY
  • Saying Goodbye
  • Understanding and Selecting RASP 2019: New Paper

Shodan

  • Accepting Crypto: A Vendor Perspective
  • Historical IP Information
  • nrich: A Tool for Fast IP enrichment
  • Introducing Data Feeds for Search Results
  • Introducing the InternetDB API
  • Introducing the GeoNet API
  • Upgraded Look and Feel
  • Don't Search by Port
  • Introducing Shodan Trends
  • Search Engine Improvements

Sophos

  • Dangerous Android phone 0-day bugs revealed – patch or work around them now!
  • S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
  • Microsoft fixes two 0-days on Patch Tuesday – update now!
  • Firefox 111 patches 11 holes, but not 1 zero-day among them…
  • Linux gets double-quick double-update to fix kernel Oops!
  • SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
  • S3 Ep125: When security hardware has security holes [Audio + Text]
  • Serious Security: TPM 2.0 vulns – is your super-secure data at risk?
  • DoppelPaymer ransomware supsects arrested in Germany and Ukraine
  • Feds warn about right Royal ransomware rampage that runs the gamut of TTPs

Tenable

  • OpenAI’s ChatGPT and GPT-4 Used as Lure in Phishing Email, Twitter Scams to Promote Fake …
  • Cybersecurity Snapshot: CISA Pinpoints Vulnerabilities in Critical Infrastructure Orgs that Ransomware Groups Could Exploit
  • Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
  • Tenable Cyber Watch: Tenable’s 2022 Threat Landscape Report, Top Cyber Risks for 2023, and A …
  • Cybersecurity Snapshot: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for …
  • What's New in Tenable OT Security: Superior IT/OT/IoT Asset Discovery, Advanced Threat Detection and More
  • The Challenges of Multi-Cloud Compliance
  • Tenable Cyber Watch: Protecting Cyber Critical Infrastructure, Attackers Gain Upper Hand in Data Compromises, and …
  • FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group
  • Cybersecurity Snapshot: A ChatGPT Special Edition About What Matters Most to Cyber Pros

Threatpost

  • Student Loan Breach Exposes 2.5M Records
  • Watering Hole Attacks Push ScanBox Keylogger
  • Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  • Ransomware Attacks are on the Rise
  • Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  • Twitter Whistleblower Complaint: The TL;DR Version
  • Firewall Bug Under Active Attack Triggers CISA Warning
  • Fake Reservation Links Prey on Weary Travelers
  • iPhone Users Urged to Update to Patch 2 Zero-Days
  • Google Patches Chrome’s Fifth Zero-Day of the Year

Tools Watch

  • Unhacked! Armory Edition 1 London 2023 – Call For Tools is Open
  • Unhacked! Conference Partners with ToolsWatch to Launch Dedicated Security Tools Demo Area
  • Black Hat Singapore 2023 : ToolsWatch Academy Training “Practical IoT Hacking”
  • Introducing ToolsWatch Academy: The Ultimate Cyber Security Training Service
  • Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020
  • Top 10 Most Exploited Vulnerabilities in 2020
  • vFeed, Inc. Introduces Vulnerability Common Patch Format Feature
  • Efficiency of the Vulnerability Response With vFeed Intelligence
  • CVE In The Hook – Monthly Vulnerability Review (March 2020 Issue)
  • CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

Trip Wire

  • Free decryptor released for Conti-based ransomware following data leak
  • How Retiring Gas and Coal Plants Affects Grid Stability
  • What is CSAF (Common Security Advisory Framework)?
  • What are Rootkits? How to prevent them
  • VERT Threat Alert: March 2023 Patch Tuesday Analysis
  • What actually is database integrity?
  • ISO27001 Updates: Change is afoot
  • The Problem with the U.S. Power Grid: It’s too Vulnerable to Attacks
  • TSA tells US aviation industry to boost its cybersecurity
  • What Are Parameter Tampering Attacks?

Trusted Sec

  • Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)
  • Shells in Plain Sight – Storing Payloads in the Cloud
  • Red vs. Blue: Kerberos Ticket Times, Checksums, and You!
  • Changes in the Beacon Object File Landscape
  • Getting Analysis Practice from Windows Event Log Sample Attacks
  • RPC Programming for the Aspiring Windows Developer
  • Top 5 Things That Will Land an Attacker in the Azure Cloud
  • BOFs for Script Kiddies
  • Azure AD Kerberos Tickets: Pivoting to the Cloud
  • ESXiArgs: The code behind the ransomware

App Sec

Checkmarx

  • Kudos to the Unsung Heroes in our Current Times: Software Developers
  • Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial
  • Why “Shift Left” in DevOps is really “Shift Center”
  • Recommendations for Friends and Family on Staying Cyber Safe While Working Remotely
  • A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead
  • Discussing AppSec Policies within DevSecOps
  • RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle
  • Free your Developers from Mundane Tasks
  • Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed
  • Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

iSec Partners

  • Introducing opinel: Scout2's favorite tool
  • IAM user management strategy (part 2)
  • iSEC audit of MediaWiki
  • Work daily with enforced MFA-protected API access
  • Use and enforce Multi-Factor Authentication
  • iSEC reviews SecureDrop
  • Recognizing and Preventing TOCTOU Whitepaper
  • IAM user management strategy
  • Do not use your AWS root account
  • Announcing the AWS blog post series

Mozilla Security

  • Upgrading Mozilla’s Root Store Policy to Version 2.8
  • Revocation Reason Codes for TLS Server Certificates
  • Preventing secrets from leaking through Clipboard
  • Improving the Quality of Publicly Trusted Intermediate CA Certificates with Enhanced Oversight and Automation
  • Securing the proxy API for Firefox add-ons
  • Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections
  • Firefox 93 protects against Insecure Downloads
  • Securing Connections: Disabling 3DES in Firefox 93
  • Mozilla VPN Security Audit
  • Firefox 91 Introduces Enhanced Cookie Clearing

NCC Group Crypto Services

  • Implementing Optimized Cryptography for Embedded Systems
  • Fast and Secure Implementations of the Falcon Post-Quantum Cryptography Signature Algorithm
  • The Longest Blockchain is not the Strongest Blockchain
  • The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
  • Bitcoin Orphan Transactions and CVE-2012-3789
  • Undefined Behavior Is Really Undefined
  • Ethereum Top 10 Security Vulnerabilities For Smart Contracts
  • Confidential Transactions from Basic Principles
  • New Practical Attacks on 64-bit Block Ciphers (3DES, Blowfish)
  • What are State-sized adversaries doing to spy on us? Or how to backdoor Diffie-Hellman

Offensive Security

  • How the University of Tulsa is Educating and Training the Next Generation of Cybersecurity Professionals
  • OffSec Yearly Recap 2022
  • New 90-day Course and Cybersecurity Certification Exam Bundles
  • Q4 Community Updates: Bridging the Diversity Gap, New Payment Plans, and Industry Events
  • Selecting The Best Information Security Training
  • How To Identify Cybersecurity Skills For Your Technical Team
  • How To Write Entry Level Cybersecurity Job Descriptions
  • Web Application Security
  • Offensive Security Guide: EXP-301
  • Free Ebook: OSCP & PEN-200 Prep

Qualys

  • Identifying Let’s Encrypt Revoked Certificates
  • Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)
  • PHP Remote Code Execution Vulnerability (CVE-2019-11043)
  • Graboid: Revenge of the Worms
  • Alpine Docker Image Vulnerability (CVE-2019-5021): How to Detect and Fix
  • Third-Party User Enumeration Issue Resolved
  • RunC Container Breakout Vulnerability
  • New Frontiers In Cryptojacking
  • QSC18 Takeaway: Complex Environments Demand Visibility and Real-Time Security
  • QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

SANS Application Security

  • Cybersecurity Podcast Roundup
  • SAP Chief Trust Office Thinks Outside the Box on Fostering Talent with SANS
  • SANS Institute proudly welcomes professor Ciaran Martin, founder of the UK National Cyber Security Centre, …
  • SANS Cloud Security Curriculum
  • Cloud Scanning for Vulnerability Discovery
  • Q&A From SANS Special Broadcast: What You Need to Know About OpenAI's New ChatGPT Bot …
  • Celebrate Those Making a Difference in Cybersecurity
  • SANS MGT433 Managing Human Risk – Now Expanded to Three Days
  • Top 5 Blueprint Podcast Episodes of 2022
  • SANS Cybersecurity Leadership Curriculum

Websec.io

  • Securing Credentials for PHP with Docker
  • Keeping Credentials Secure in PHP
  • Package Protection with Roave/SecurityAdvisories
  • Using Canaries for Input Detection and Response
  • Does This Null Padding Make my Hash Look Big?
  • Building a Secure API - Part 5
  • Building a Secure API - Part 4
  • Building a Secure API - Part 3
  • Building a Secure API - Part 2
  • Building a Secure API - Part 1

The Hacker News

  • Emotet Rises Again: Evades Macro Security via OneNote Attachments
  • Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
  • Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
  • LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions
  • FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps
  • New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
  • A New Security Category Addresses Web-borne Threats
  • Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
  • Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

Sysadmin

AWS Blog

  • AWS Chatbot Now Integrates With Microsoft Teams
  • Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support
  • Celebrate Amazon S3’s 17th birthday at AWS Pi Day 2023
  • New – Use Amazon S3 Object Lambda with Amazon CloudFront to Tailor Content for End …
  • AWS Week in Review – March 13, 2023
  • Meet the Newest AWS Heroes – March 2023
  • AWS Application Composer Now Generally Available – Visually Build Serverless Applications Quickly
  • Subscribe to AWS Daily Feature Updates via Amazon SNS
  • AWS Week in Review – March 6, 2023
  • In the Works – AWS Region in Malaysia

Cyberciti

  • Letsencrypt is revoking certificates on March 4
  • System76 Announces AMD Threadripper Linux Workstations
  • Linux / Unix desktop fun: gti get jeep/car when you mistype git
  • CentOS Linux 8.1 (1911) released and here is how to upgrade it
  • Dell XPS 13 Developer Edition 2020 Ubuntu Laptop Announced
  • Helios64 Arm-Based Linux NAS announced
  • Kubuntu Linux Focus Laptop Announced
  • killersheep – Silly game for Vim version 8.2
  • Debian Linux 10.3 released and here is how to upgrade it
  • Ubuntu Linux 19.10 released: New Features and Download

Distro Watch

  • DistroWatch Weekly, Issue 1011
  • Distribution Release: SystemRescue 10.00
  • Distribution Release: Murena 1.9
  • Distribution Release: Qubes OS 4.1.2
  • Development Release: Fedora 38 Beta
  • Distribution Release: Kali Linux 2023.1
  • DistroWatch Weekly, Issue 1010
  • BSD Release: helloSystem 0.8.1
  • Distribution Release: siduction 22.1.1
  • Distribution Release: LibreELEC 11.0.0

Netflix Techblog

  • Ready-to-go sample data pipelines with Dataflow
  • For your eyes only: improving Netflix video quality with neural networks
  • Match Cutting at Netflix: Finding Cuts with Smooth Visual Transitions
  • Helping VFX studios pave a path to the cloud
  • New Series: Creating Media with Machine Learning
  • Machine Learning for Fraud Detection in Streaming Services
  • Seeing through hardware counters: a journey to threefold performance increase
  • Consistent caching mechanism in Titus Gateway
  • Orchestrating Data/ML Workflows at Scale With Netflix Maestro
  • How Product Teams Can Build Empathy Through Experimentation

Reddit: /r/linux

  • LibrePlanet 2023 will be held in Boston and online on March 18-19. Attendees can enjoy …
  • I’m Now a Full-Time Professional Open Source Maintainer (how a maintainer is now making an …
  • Analyzing CVE-2022-4883 (PATH Hijacking in libxpm)
  • Libreboot 20230319 released!
  • This week in Open Source - Two Tiny Linux PCs, RISC-V for IoT, Fedora 38, …
  • Ken Thompson - Closing Keynote - SCaLE 20x
  • Why a world needs an UNIX-style image collection manager?
  • Linux 6.4 AMD Graphics Driver Picking Up New Power Features For The Steam Deck
  • We apologize. We did a terrible job announcing the end of Docker Free Teams.
  • This week in KDE: More Wayland fixes

Reddit: /r/linuxadmin

  • [ADVICE] If you are wanting to go into DevOps, please take this advice from a …
  • Legends <3
  • Ken Thompson - Closing Keynote - SCaLE 20x
  • linux network project ideas
  • Apache Server: HTTP/2 issues
  • AntiX and easytether. Connot get connectivity.
  • Unable to communicate via IPSec Strongswan S2S VPN on Debian servers
  • How to implement dijkstra algo to find optimal path on LAN
  • Is system admin jobs mean linuxadmin job?
  • Any Linux admins willing to try Pygrep?

Reddit: /r/sysadmin

  • Some shares disappeared from Windows 2019 after server restart
  • New employees entries and exits
  • Do you actually get to take all of the pto (paid time off)offered in your …
  • Interactive roadmaps, guides and other educational content for Developers
  • I have joined your ranks.
  • Configurationstatus\ folder piled up
  • Contributing to free and open source software projects
  • The sysadmins that changed their phone number after leaving a company, what prompted you to …
  • I hate Workday
  • Need recommendations for a new headset, compatible with the Mitel MiVoice business console.

Reddit: /r/homelab

  • Where do you buy your handheld game consoles?
  • Any advice on how I can improve my PDU setup in my rack?
  • SilverStone Technology Chassis
  • Any advice on how I can improve my PDU setup in my rack?
  • New virtualization server/NAS/LAB Sanity Check.
  • HP Gen8 Microserver Bios Update
  • DC migration from virtual to physical with adding secondary - Not for faint of heart
  • R730 CPU Upgrade Worth It?
  • Help getting a MZ32-ar0 mobo to boot
  • GUIDE: How to force a BIOS update on a Lenovo ThinkServer RD450 (Possibly RD350, RD550, …

Standalone Sysadmin

  • Debian Jessie Preseed – Yes, please
  • How I approach a new python project
  • Debian Jessie and Puppet
  • Great Open Positions at Northeastern CCIS
  • Ad Astra Per Aspera – Leaving Boston
  • Stop Hating Your Work
  • So…containers. Why? How? What? Start here if you haven’t.
  • Are you monitoring your switchports the right way?
  • New Blog Theme is Up
  • Reminder (to self, too): Use Python virtualenv!

Stack Exchange: Security

  • Ways to safeguard Internet users from fraudulent websites
  • Help: Does this website contain malware?
  • XSS bypass in url
  • Windows Certificate Propagation Service configuration
  • Configure Comodo Internet Security to Allow Windows Sandbox to get internet [migrated]
  • Does this journalctl log look like my SCSI HDD is well and truly dead?
  • I'm getting hacked, can't do a thing to stop it. my iphone, my personal computer …
  • Email with strange htm attachment with script [closed]
  • How to analyze the security of a custom passphrase?
  • xss: is it possible to continue javascript code execution after a "throw new Error()" line?

Tech News

Ars Technica

  • Anthropic introduces Claude, a “more steerable” AI competitor to ChatGPT
  • Google tells users of some Android phones: Nuke voice calling to avoid infection
  • AI-imager Midjourney v5 stuns with photorealistic images—and 5-fingered hands
  • Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
  • Free data-center heat is allegedly saving a struggling public pool $24K a year
  • Microsoft 365’s AI-powered Copilot is like an omniscient version of Clippy
  • Baidu shares fall after Ernie AI chatbot demo disappoints
  • OpenAI checked to see whether GPT-4 could take over the world
  • Security firm Rubrik is latest to be felled by GoAnywhere vulnerability
  • Hilariously sad: My great mobile provider, Mint, will sell to T-Mobile for $1.35B

Slashdot

  • Amazon Sales Surge But Bezos Says Coronavirus Costs Could Hit $4 Billion
  • US Senator Wants To Know Which Federal Authorities Are Using Clearview AI To Track the …
  • NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service
  • Google Announces Chrome Web Store Crackdown For August 2020
  • HTC's Blockchain Phone Takes Over a Century To Mine Enough Crypto To Pay For Itself
  • Microsoft's Big Xbox Game Pass Bet is Starting To Pay Off
  • Trump's Disinfectant Talk Trips Up Sites' Vows Against Misinformation
  • Amazon To Cut Price of its Ebooks in UK To Reflect Removal of VAT
  • Microsoft's Visual Studio Online Code Editor is Now Visual Studio Codespaces and Gets a Price …
  • This Tech Conference Is Being Held on an Animal Crossing Island

Tech Crunch

  • Top 10 AI Tools in 2023 That Will Make Your Life Easier
  • Top 10 AI Content Generator & Writer Tools in 2022
  • Beginner Guide to CJ Affiliate (Commission Junction) in 2022
  • TOP 11 AI MARKETING TOOLS YOU SHOULD USE (Updated 2022)
  • Most Frequently Asked Questions About Affiliate Marketing
  • What is Blockchain: Everything You Need to Know (2022)
  • ProWritingAid VS Grammarly: Which Grammar Checker is Better in (2022) ?
  • Sellfy Review 2022: How Good Is This Ecommerce Platform?
  • Ahrefs vs SEMrush: Which SEO Tool Should You Use?
  • Top 10 Best PLR(Private Label Rights) Websites | Which One You Should Join in 2022?

The Verge

  • Today’s the last day to switch away from Twitter’s SMS 2FA method
  • Google Pixel exploit reverses edited parts of screenshots
  • Feds arrest alleged BreachForums owner linked to FBI hacks
  • Two hackers charged with last year’s DEA portal breach
  • If you’re diabetic, don’t wait for your smartwatch to replace your needles
  • This Apple Pencil clone provides 80 percent of the experience for a quarter of the …
  • Good Burger 2 will hit Paramount Plus later this year
  • Apple’s last-gen MacBook Pro 14 and new Mac Mini are up to $400 off
  • I used an incredible X-ray machine to look inside my gadgets — let me show …
  • We are living in a golden age of electric cargo bikes

AnandTech

  • AMD: Ryzen Mobile 7040HS “Phoenix” Laptops Delayed Until April
  • Qualcomm Announces Snapdragon 7+ Gen 2: Premium Segment SoC Gets a Cortex-X CPU Core
  • Inflation Drives Up Fab Costs for Intel and Samsung by Billions of Dollars
  • NVIDIA Bundles Redfall Bite Back Edition With GeForce RTX 40 Series GPUs
  • Apex Storage X21 Carries 21 M.2 SSDs: 168 TB of NAND at up to 31 …
  • Samsung Seeks to Make South Korea No. 1 Chipmaker with $230B Investment Over 20 Years
  • ASUS Unveils TUF Gaming B760M-BTF WIFI D4 Motherboard: Reverse Mounted Connectivity
  • Netgear Introduces Nighthawk RS700 Wi-Fi 7 Router
  • AMD Announces Zen 4 EPYC Embedded 9004 Series: Up to 96 Cores With 1P and …
  • G.Skill Launches DDR5-8000 CL38 48GB Memory Kit For Raptor Lake CPUs
  • Back to top
  • RSS
  • GitHub