Denard.me
  • Blog
  • Dashboard
    • Dashboard
    • - Security Experts
    • - Security Operations
    • - Application Security
    • - Sysadmin
    • - Tech News
  • Services
  • Archives
  • Résumé
  • Contact

Security Experts

Anthony Ferrara

  • Wiring a Home Network
  • A PHP Compiler, aka The FFI Rabbit Hole
  • Protecting Against XSS In RAILS - JavaScript Contexts
  • Disclosure: WordPress WPDB SQL Injection - Technical
  • Disclosure: WordPress WPDB SQL Injection - Background
  • Ponderings on Odoriferous Syntactical Constructifications
  • Building an 8-bit Computer
  • Trust
  • All About Middleware
  • Simple, Easy, Risk and Change

Chris Hoff

  • On building fire extinguishers and fighting fires…
  • The 3 Immutable Rules Of Presentations…
  • Looking Forward to Catching Up At RSA…
  • Attribution is the new black…what’s in a name, anyway?
  • The Active Response Continuum & The Right To Cyber Self Defense…
  • Incomplete Thought: The Time Is Now For OCP-like White Box Security Appliances
  • J-Law Nudie Pics, Jeremiah, Privacy and Dropbox – An Epic FAIL of Mutual Distraction
  • How To Be a Cloud Mogul(l) – Our 2014 RSA “Dueling Banjos/Cloud/DevOps” Talk
  • On the Topic Of ‘Stopping’ DDoS.
  • The Easiest $20 I ever saved…

Cryptanalysis

  • Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
  • SSLv3 considered to be insucure – How the POODLE attack works in detail
  • SSL/TLS broken again – A weakness in the RC4 stream cipher
  • Secure Function Evaluation – There is an issue with OTR and plausible denability
  • Ron was wrong, Whit is right – Weak keys in the internet
  • GMR-1 cipher specifications are now public
  • Don’t trust satellite phones – The GMR-1 and GMR-2 ciphers have been broken [UPDATE]
  • Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC
  • Bitcoin – An Analysis
  • Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web

Dan Kaminsky: Blog

  • Hacking the Universe with Quantum Encraption
  • Read My Lips: Let’s Kill 0Day
  • The Cryptographically Provable Con Man
  • Validating Satoshi (Or Not)
  • “The Feds Have Let The Cyber World Burn. Let’s Put the Fires Out.”
  • I Might Be Afraid Of This Ghost
  • A Skeleton Key of Unknown Strength
  • Defcon 23: Let’s End Clickjacking
  • Safe Computing In An Unsafe World: Die Zeit Interview
  • Talking with Stewart Baker

Elliptic News

  • SIAM Conference on Applied Algebraic Geometry (AG23)
  • Some comments on the CSIDH group action
  • Equivalence between CDH and DLP
  • EdDSA standardized
  • Attacks on SIDH/SIKE
  • Breaking supersingular isogeny Diffie-Hellman (SIDH)
  • Hertzbleed Attack
  • Eurocrypt 2021 – Zagreb, Zoom and Zulip
  • Report by Luca de Feo on the 3rd PQC Standardization Conference
  • Some recent papers in isogeny crypto

Fillipio

  • I want XAES-256-GCM/11
  • A Cryptographic Near Miss
  • Planning Go 1.21 Cryptography Work
  • Avoid The Randomness From The Sky
  • I’m Now a Full-Time Professional Open Source Maintainer
  • ssh whoami.filippo.io
  • Go 1.20 Cryptography
  • My age+YubiKeys Password Management Solution
  • A GC-Friendly Go Interning Cache
  • Why Did the OpenSSL Punycode Vulnerability Happen

Graham Cluley

  • Three men found guilty of laundering $2.5 million in Target gift card tech support scam
  • ZeroFont trick makes users think that message has been scanned for threats
  • Ransomware group demands $51 million from Johnson Controls after cyber attack
  • Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security
  • British charities warn supporters their personal data has been breached
  • Exiled Russian journalist claims “European state” hacked her iPhone with Pegasus spyware
  • “The good and the bad that comes with the growth of AI” – watch this …
  • iOS 17 update secretly changed your privacy settings; here’s how to set them back
  • Snatch ransomware – what you need to know
  • Donald Trump Jr’s hacked Twitter account announces his father has died

Ivan Ristic

  • Bulletproof TLS and PKI, Second Edition is out
  • OpenSSL Cookbook 3rd Edition now available
  • Second edition of Bulletproof SSL and TLS now in preview
  • Announcing Bulletproof SSL and TLS, the 2017 revision
  • Bulletproof SSL and TLS, three years later
  • SSL Labs Grading Redesign (Preview 1)
  • SSL Labs Distrusts WoSign and StartCom certificates
  • CAA Mandated by CA/Browser Forum
  • Ticketbleed detection added to SSL Labs
  • What’s new in SSL Labs 1.26.5

Krebs on Security

  • Don’t Let Zombie Zoom Links Drag You Down
  • A Closer Look at the Snatch Data Ransom Group
  • ‘Snatch’ Ransom Group Exposes Visitor IP Addresses
  • LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
  • Who’s Behind the 8Base Ransomware Website?
  • FBI Hacker Dropped Stolen Airbus Data on 9/11
  • Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
  • Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
  • Why is .US Being Used to Phish So Many of Us?
  • U.S. Hacks QakBot, Quietly Removes Botnet Infections

Lenny Zeltser

  • A Report Template for Incident Response
  • Security Leaders Can Lower Expenses While Reducing Risk
  • Withholding Single Sign-On from SaaS Customers is Bad for Business and Security
  • Three Ways CISOs Can Drive More Meaningful Collaboration
  • Let’s Address the Cybersecurity Careers Gap
  • As a CISO, Are You a Builder, Fixer, or Scale Operator?
  • Untangling the Complexity of SaaS Ownership in the Enterprise
  • Shift Your Mindset from Conflict to Collaboration to Succeed in Security
  • Cybersecurity: No Longer the “Department of No”
  • How to Ask Questions to Succeed with Security Projects

Moxie Marlinspike

  • GPG And Me
  • We Should All Have Something To Hide
  • A Saudi Arabia Telecom's Surveillance Pitch
  • Career Advice
  • The Worst
  • The Cryptographic Doom Principle
  • Your app shouldn't suffer SSL's problems
  • sslsniff: Anniversary Edition
  • SSL And The Future Of Authenticity

The MPC Lounge

  • 5th Bar-Ilan Winter School 2015: Advances in Practical Multiparty Computation
  • Publicly Auditable Secure Multiparty Computation
  • Faster Maliciously Secure Two-Party Computation Using the GPU
  • Adapt, adapt, adapt
  • MiniTrix for MiniMacs
  • Categorizing MPC
  • Communication-Efficient MPC for General Adversary Structures
  • Fair enough
  • How to use bitcoin to design fair protocols
  • Round-efficient black-box constructions of composable multi-party computation

Root Labs rdist

  • Rebooting
  • In Which You Get a Chance to Save Democracy
  • Was the past better than now?
  • Thought experiment on protocols and noise
  • Timing-safe memcmp and API parity
  • In Defense of JavaScript Crypto

Russ McRee

  • Moving blog to HolisticInfoSec.io
  • toolsmith #133 - Anomaly Detection & Threat Hunting with Anomalize
  • toolsmith #132 - The HELK vs APTSimulator - Part 2
  • toolsmith #131 - The HELK vs APTSimulator - Part 1
  • toolsmith #130 - OSINT with Buscador
  • toolsmith #129 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 2
  • McRee added to ISSA's Honor Roll for Lifetime Achievement
  • toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1
  • Toolsmith Tidbit: Windows Auditing with WINspect
  • Toolsmith Release Advisory: Magic Unicorn v2.8

Schneier on Security

  • Friday Squid Blogging: Protecting Cephalopods in Medical Research
  • Critical Vulnerability in libwebp Library
  • Signal Will Leave the UK Rather Than Add a Backdoor
  • Friday Squid Blogging: New Squid Species
  • New Revelations from the Snowden Documents
  • On the Cybersecurity Jobs Shortage
  • Detecting AI-Generated Text
  • Using Hacked LastPass Keys to Steal Cryptocurrency
  • Friday Squid Blogging: Cleaning Squid
  • LLM Summary of My Book Beyond Fear

Shtetl-Optimized

  • Will UT Austin and Texas A&M survive beyond this week?
  • AI safety: what should actually be done now?
  • GPT-4 gets a B on my quantum computing final exam!
  • Quips are what I’ve got
  • If AI scaling is to be shut down, let it be for a coherent reason
  • An unexpected democracy slogan
  • Xavier Waintal responds (tl;dr Grover is still quadratically faster)
  • Of course Grover’s algorithm offers a quantum advantage!
  • On overexcitable children
  • The False Promise of Chomskyism

Troy Hunt

  • Weekly Update 367
  • Weekly Update 366
  • Weekly Update 365
  • Weekly Update 364
  • Weekly Update 363
  • 68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland
  • Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of …
  • Weekly Update 362
  • Fighting API Bots with Cloudflare's Invisible Turnstile
  • Weekly Update 361

Xavier Mertens

  • [SANS ISC] macOS: Who’s Behind This Network Connection?
  • [SANS ISC] Python Malware Using Postgresql for C2 Communications
  • [SANS ISC] More Exotic Excel Files Dropping AgentTesla
  • [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?
  • [SANS ISC] Quick Malware Triage With Inotify Tools
  • [SANS ISC] From a Zalando Phishing to a RAT
  • [SANS ISC] Show me All Your Windows!
  • [SANS ISC] Are Leaked Credentials Dumps Used by Attackers?
  • [SANS ISC] Do Attackers Pay More Attention to IPv6?
  • [SANS ISC] ShellCode Hidden with Steganography

Sec Ops

Checkpoint

  • Cyber Security Awareness Month: 4 Key Actions to Secure Our World
  • After Ransomware Disruption, Hospital Turns to Check Point Infinity Global Services to Recover and Build …
  • Phishing via Dropbox
  • Check Point Research Uncovers Critical Vulnerabilities in Friend.tech WEB3 Platform
  • Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure …
  • The City of Kamloops Protects City Data and Networks with Check Point Software
  • Check Point CloudGuard is now Microsoft Azure Consumption Commitment Eligible
  • Check Point Wins Globee Leadership Award for Company of the Year in Security Products/Services
  • What is Alert Deafness?
  • Check Point Research exposes new versions of the BBTok banking malware, which targets clients of …

Cloudflare

  • Birthday Week recap: everything we announced — plus an AI-powered opportunity for startups
  • Post-quantum cryptography goes GA
  • Encrypted Client Hello - the last puzzle piece to privacy
  • Cloudflare now uses post-quantum cryptography to talk to your origin server
  • Privacy-preserving measurement and machine learning
  • Network performance update: Birthday Week 2023
  • See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
  • Detecting zero-days before zero-day
  • Cloudflare is free of CAPTCHAs; Turnstile is free for everyone
  • Easily manage AI crawlers with our new bot categories

CSO Online

  • BrandPost: Priorities in preparing for a ransomware attack: people, processes, and technology
  • SEC notice to SolarWinds CISO and CFO roils cybersecurity industry
  • Bionic integrations offer context-based vulnerability management
  • Fortanix adds confidential data search for encrypted enterprise data
  • New Android banking trojan targets US, UK, and Germany
  • Fileless attacks surge as cybercriminals evade cloud security defenses
  • Survey reveals mass concern over generative AI security risks
  • BrandPost: Effective security training programs are vital to creating a cyber-aware workforce
  • Critical flaw in VMware Aria Operations for Networks sees mass exploitation
  • Latest MOVEit exploit hits thousands of NYC school students and staff

Dark Reading

  • Making Sense of Today's Payment Cybersecurity Landscape
  • The Silent Threat of APIs: What the New Data Reveals About Unknown Risk
  • Securing AI: What You Should Know
  • How Can Your Security Team Help Developers Shift Left?
  • Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
  • DHS: Physical Security a Concern in Johnson Controls Cyberattack
  • Cybersecurity Gaps Plague US State Department, GAO Report Warns
  • Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
  • People Still Matter in Cybersecurity Management
  • Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files

FireEye

  • BIOS Boots What? Finding Evil in Boot Code at Scale!
  • Bypassing Antivirus for Your Antivirus Bypass
  • FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings
  • Extending Linux Executable Logging With The Integrity Measurement Architecture
  • Surge in Spam Campaign Delivering Locky Ransomware Downloaders
  • New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks
  • Going To Ground with The Windows Scripting Host (WSH)
  • ELFant in the Room – capa v3
  • Announcing the Eighth Annual Flare-On Challenge
  • capa 2.0: Better, Faster, Stronger

Google Online Security Blog

  • SMS Security & Privacy Gaps Make It Clear Users Need a Messaging Upgrade
  • Scaling Rust Adoption Through Training
  • Capslock: What is your code really capable of?
  • Android Goes All-in on Fuzzing
  • AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
  • Toward Quantum Resilient Security Keys
  • Making Chrome more secure by bringing Key Pinning to Android
  • Downfall and Zenbleed: Googlers helping secure the ecosystem
  • Android 14 introduces first-of-its-kind cellular connectivity security features
  • An update on Chrome Security updates – shipping security fixes to you faster

Have I Been Owned

  • Horse Isle - 27,786 breached accounts
  • ApexSMS - 23,246,481 breached accounts
  • dBforums - 363,468 breached accounts
  • MalindoAir - 4,328,232 breached accounts
  • Viva Air - 932,232 breached accounts
  • Dymocks - 836,120 breached accounts
  • Phished Data via CERT Poland - 67,943 breached accounts
  • Pampling - 383,468 breached accounts
  • PlayCyberGames - 3,681,753 breached accounts
  • SevenRooms - 1,205,385 breached accounts

Kaspersky

  • Transatlantic Cable podcast, episode 296 | Kaspersky official blog
  • Who gets your digital assets after you die? | Kaspersky official blog
  • How to deploy a security solution in a midsize business | Kaspersky official blog
  • Updated Kaspersky Security & VPN for Android | Kaspersky official blog
  • What is conversation hijacking? | Kaspersky official blog
  • Transatlantic Cable podcast, episode 295 | Kaspersky official blog
  • Neural networks reveal the images used to train them | Kaspersky official blog
  • New ransomware groups target VMWare and Linux | Kaspersky official blog
  • Hot crypto wallet, cold crypto wallet: what are they, and how are they stolen from? …
  • What's new in Kaspersky Safe Kids in 2023 | Kaspersky official blog

NYT Bits

  • Man Arrested in VTech Breach of Children’s Data
  • Daily Report: Tech Companies Pressured on Terrorist Content
  • Kazakhstan Moves to Tighten Control of Internet Traffic
  • Researchers Track Tricky Payment Theft Scheme
  • Daily Report: Microsoft Finds Its Security Groove
  • Daily Report: Fear and Loathing in the Tech Industry
  • Hacking for Security, and Getting Paid for It
  • Hackers Prove They Can ‘Pwn’ the Lives of Those Not Hyperconnected
  • Q.&A.: Guarding Personal Data From Abuse by Insiders
  • Firms Pit Artificial Intelligence Against Hacking Threats

Reddit: /r/netsec

  • /r/netsec's Q3 2023 Information Security Hiring Thread
  • Welcome New Moderators!
  • cloudgrep: cloudgrep is grep for cloud storage
  • Microsoft Defender flags Tor Browser as a Trojan and removes it from the system
  • Six 0day exploits were filed against Exim by ZDI, including several RCE. After days of …
  • Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae
  • r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion
  • The Marvin Attack
  • Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
  • SocVel Quiz 1 October 2023

Reddit: /r/pwned

  • University of Manchester announces cyber incident, says data ‘likely’ copied
  • Don't Let Reddit Kill 3rd Party Apps!
  • /r/pwned will be going dark from June 12 in protest against Reddit's API changes which …
  • KFC, Pizza Hut owner discloses data breach after ransomware attack
  • Western Digital says criminals stole data in 'network security' breach; led to disruption of business …
  • Fresh produce giant Dole discloses employee data breach after February ransomware attack that resulted in …
  • Automaker Ferrari discloses data breach after receiving ransom demand
  • CISA: Multiple APTs exploited U.S. Government IIS Server, had access to a "federal civilian agency" …
  • Colorado city of Denver Public Schools hit by data breach; includes employee fingerprints, bank account …
  • California City of Oakland's ransomware: employees' personal information released by cyberthieves - including data on …

Securosis Blog

  • The THIRTEENTH Annual Disaster Recovery Breakfast: Changing of the Guard

Shodan

  • Changelog: www.shodan.io
  • Developer Access to Shodan Trends
  • Accepting Crypto: A Vendor Perspective
  • Historical IP Information
  • nrich: A Tool for Fast IP enrichment
  • Introducing Data Feeds for Search Results
  • Introducing the InternetDB API
  • Introducing the GeoNet API
  • Upgraded Look and Feel
  • Don't Search by Port

Sophos

  • Update on Naked Security
  • Mom’s Meals issues “Notice of Data Event”: What to know and what to do
  • S3 Ep149: How many cryptographers does it take to change a light bulb?
  • Using WinRAR? Be sure to patch against these code execution bugs…
  • Smart light bulbs could give away your password secrets
  • “Snakes in airplane mode” – what if your phone says it’s offline but isn’t?
  • S3 Ep148: Remembering crypto heroes
  • FBI warns about scams that lure you in as a mobile beta-tester
  • “Grab hold and give it a wiggle” – ATM card skimming is still a thing
  • Crimeware server used by NetWalker ransomware seized and shut down

Tenable

  • Tenable Cyber Watch: DHS Tracks New Ransomware Trends as Attacks Drive Up Cyber Insurance Claims, …
  • Cybersecurity Snapshot: CISOs See Budgets Tighten, as Cyberthreats Intensify
  • CISA Adds Vulnerabilities Exploitable Via Bluetooth to KEV
  • Empowering Cybersecurity Excellence: IBM and Tenable Collaborate for IT/OT Security Innovation
  • CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities
  • CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
  • Tenable Cyber Watch: U.S. Advises on Deepfake Threats, Best Practices for Securing AI Systems, and …
  • Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Claims and …
  • Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm
  • Tenable Cyber Watch: U.S. Urges Space Industry to Stay Vigilant, Cyber Jobs Get Tougher, and …

Threatpost

  • Student Loan Breach Exposes 2.5M Records
  • Watering Hole Attacks Push ScanBox Keylogger
  • Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  • Ransomware Attacks are on the Rise
  • Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  • Twitter Whistleblower Complaint: The TL;DR Version
  • Firewall Bug Under Active Attack Triggers CISA Warning
  • Fake Reservation Links Prey on Weary Travelers
  • iPhone Users Urged to Update to Patch 2 Zero-Days
  • Google Patches Chrome’s Fifth Zero-Day of the Year

Tools Watch

  • Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA
  • Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact …
  • Black Hat Arsenal MEA Riyadh 2023 – Call For Tools Open
  • Unhacked! Armory Edition 1 London 2023 – Call For Tools is Open
  • Unhacked! Conference Partners with ToolsWatch to Launch Dedicated Security Tools Demo Area
  • Black Hat Singapore 2023 : ToolsWatch Academy Training “Practical IoT Hacking”
  • Introducing ToolsWatch Academy: The Ultimate Cyber Security Training Service
  • Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020
  • Top 10 Most Exploited Vulnerabilities in 2020
  • vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

Trip Wire

  • ICS Environments and Patch Management: What to Do If You Can’t Patch
  • Fighting AI Cybercrime with AI Security
  • ZeroFont trick dupes users into thinking message has been scanned for threats
  • What Does Secure by Design Actually Mean?
  • The Cost of Cybercrime in the US: Facts and Figures
  • Closing Integrity Gaps with NIST CSF
  • Visibility: An Essential Component of Industrial Cyber Security
  • Best 10 Cybersecurity Podcasts
  • Defending against DDoS Attacks: What you need to know
  • 8 of the Best Cybersecurity Conferences

Trusted Sec

  • Basic Authentication Versus CSRF
  • Okta for Red Teamers
  • Creative Process Enumeration
  • Crafting Emails with HTML Injection
  • The Client/Server Relationship — A Match Made In Heaven
  • Prefetch: The Little Snitch That Tells on You
  • Modeling Malicious Code: Hacking in 3D
  • Chaining Vulnerabilities to Exploit POST Based Reflected XSS
  • Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction
  • Incident Response: Bring Out the Body File

App Sec

Checkmarx

  • Kudos to the Unsung Heroes in our Current Times: Software Developers
  • Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial
  • Why “Shift Left” in DevOps is really “Shift Center”
  • Recommendations for Friends and Family on Staying Cyber Safe While Working Remotely
  • A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead
  • Discussing AppSec Policies within DevSecOps
  • RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle
  • Free your Developers from Mundane Tasks
  • Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed
  • Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

iSec Partners

  • Introducing opinel: Scout2's favorite tool
  • IAM user management strategy (part 2)
  • iSEC audit of MediaWiki
  • Work daily with enforced MFA-protected API access
  • Use and enforce Multi-Factor Authentication
  • iSEC reviews SecureDrop
  • Recognizing and Preventing TOCTOU Whitepaper
  • IAM user management strategy
  • Do not use your AWS root account
  • Announcing the AWS blog post series

Mozilla Security

  • Version 2.9 of the Mozilla Root Store Policy
  • Updated GPG key for signing Firefox Releases
  • Upgrading Mozilla’s Root Store Policy to Version 2.8
  • Revocation Reason Codes for TLS Server Certificates
  • Preventing secrets from leaking through Clipboard
  • Improving the Quality of Publicly Trusted Intermediate CA Certificates with Enhanced Oversight and Automation
  • Securing the proxy API for Firefox add-ons
  • Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections
  • Firefox 93 protects against Insecure Downloads
  • Securing Connections: Disabling 3DES in Firefox 93

NCC Group Crypto Services

  • Implementing Optimized Cryptography for Embedded Systems
  • Fast and Secure Implementations of the Falcon Post-Quantum Cryptography Signature Algorithm
  • The Longest Blockchain is not the Strongest Blockchain
  • The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
  • Bitcoin Orphan Transactions and CVE-2012-3789
  • Undefined Behavior Is Really Undefined
  • Ethereum Top 10 Security Vulnerabilities For Smart Contracts
  • Confidential Transactions from Basic Principles
  • New Practical Attacks on 64-bit Block Ciphers (3DES, Blowfish)
  • What are State-sized adversaries doing to spy on us? Or how to backdoor Diffie-Hellman

Offensive Security

  • New Solution: Learn Enterprise
  • PEN-200 (PWK): Updated for 2023
  • Experience the Refreshed OffSec
  • How the University of Tulsa is Educating and Training the Next Generation of Cybersecurity Professionals
  • OffSec Yearly Recap 2022
  • New 90-day Course and Cybersecurity Certification Exam Bundles
  • Q4 Community Updates: Bridging the Diversity Gap, New Payment Plans, and Industry Events
  • Selecting The Best Information Security Training
  • How To Identify Cybersecurity Skills For Your Technical Team
  • How To Write Entry Level Cybersecurity Job Descriptions

Qualys

  • Oracle Patch Tuesday April 2023 Security Update Review
  • Qualys Security Updates: Cloud Agent for Windows and Mac
  • Microsoft and Adobe Patch Tuesday April 2023 Security Update Review
  • 3CXDesktopApp Backdoored in a Suspected Lazarus Campaign
  • Risk Fact #5: Infrastructure Misconfigurations Open the Door to Ransomware
  • Risk Fact #4: Misconfigurations Still Prevalent in Web Applications
  • Risk-based Vulnerability Management Combined With A Cyber Risk Management Platform
  • Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore
  • Risk Fact #2: Automation Is the Difference Between Success and Failure
  • Risk Fact #1: Speed Is the Key to Out-Maneuvering Adversaries

SANS Application Security

  • Cybersecurity Jobs: Security Architect & Engineer (Japanese)
  • The game of CLUE
  • SANS Cybersecurity Leadership Curriculum
  • Cloud Agnostic or Devout?
  • How to Build AI-Powered Cybersecurity Applications
  • Be Dazzled by Identity-as-a-Service (IDaaS)
  • Your Security Awareness Program Can Do More Than You Think: Fulfilling the Promise of “Training …
  • What are Sock Puppets in OSINT
  • Cybersecurity Jobs: Blue Teamer (Japanese)
  • Cybersecurity Jobs: CISO (Japanese)

Websec.io

  • Securing Credentials for PHP with Docker
  • Keeping Credentials Secure in PHP
  • Package Protection with Roave/SecurityAdvisories
  • Using Canaries for Input Detection and Response
  • Does This Null Padding Make my Hash Look Big?
  • Building a Secure API - Part 5
  • Building a Secure API - Part 4
  • Building a Secure API - Part 3
  • Building a Secure API - Part 2
  • Building a Secure API - Part 1

The Hacker News

  • APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
  • LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
  • Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
  • OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
  • BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
  • Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
  • FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
  • Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
  • New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
  • Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

Sysadmin

AWS Blog

  • Amazon Bedrock Is Now Generally Available – Build and Scale Generative AI Applications with Foundation …
  • Amazon MSK Introduces Managed Data Delivery from Apache Kafka to Your Data Lake
  • AWS Weekly Roundup: Amazon EC2 M2 Pro Mac, Amazon Coretto 21, Amazon CloudWatch Synthetics, and …
  • New – Add Your Swift Packages to AWS CodeArtifact
  • New – Amazon EC2 M2 Pro Mac Instances Built on Apple Silicon M2 Pro Mac …
  • New – NVMe Reservations for Amazon Elastic Block Store io2 Volumes
  • AWS Weekly Roundup: C7i Instances, Knowledge Base for Amazon Bedrock, and More (Sept. 18, 2023)
  • Preview – Connect Foundation Models to Your Company Data Sources with Agents for Amazon Bedrock
  • New – Amazon EC2 R7a Instances Powered By 4th Gen AMD EPYC Processors for Memory …
  • AWS Weekly Roundup: R7iz Instances, Amazon Connect, CloudWatch Logs, and Lots More (Sept. 11, 2023)

Cyberciti

  • Letsencrypt is revoking certificates on March 4
  • System76 Announces AMD Threadripper Linux Workstations
  • Linux / Unix desktop fun: gti get jeep/car when you mistype git
  • CentOS Linux 8.1 (1911) released and here is how to upgrade it
  • Dell XPS 13 Developer Edition 2020 Ubuntu Laptop Announced
  • Helios64 Arm-Based Linux NAS announced
  • Kubuntu Linux Focus Laptop Announced
  • killersheep – Silly game for Vim version 8.2
  • Debian Linux 10.3 released and here is how to upgrade it
  • Ubuntu Linux 19.10 released: New Features and Download

Distro Watch

  • Distribution Release: SpiralLinux 12.231001
  • DistroWatch Weekly, Issue 1039
  • Distribution Release: Linux Mint 6 "LMDE"
  • Distribution Release: Zephix 7
  • Distribution Release: Porteus 5.01
  • DistroWatch Weekly, Issue 1038
  • Distribution Release: KaOS 2023.09
  • Development Release: Ubuntu 23.10 Beta
  • Development Release: Fedora 39 Beta
  • Development Release: deepin 23 Beta 2

Netflix Techblog

  • Detecting Scene Changes in Audiovisual Content
  • Migrating Netflix to GraphQL Safely
  • Migrating Critical Traffic At Scale with No Downtime — Part 2
  • Escrow Buddy: An open-source tool from Netflix for remediation of missing FileVault keys in MDM
  • Native Frame Rate Playback
  • Ensuring the Successful Launch of Ads on Netflix
  • Debugging a FUSE deadlock in the Linux kernel
  • ABAC on SpiceDB: Enabling Netflix’s Complex Identity Types
  • Migrating Critical Traffic At Scale with No Downtime — Part 1
  • Improved Alerting with Atlas Streaming Eval

Reddit: /r/linux

  • Weekly Project Thread!
  • A Call for Developers | Jellyfin
  • daktilo — Turn your keyboard into a typewriter!
  • VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
  • What is eBPF? Common Use Cases and Best Practices
  • Now more than ever, ChromeOS is Linux with Google’s desktop environment
  • Linux Mint 21.2 Edge released
  • Open VFS - an attempt to bring virtual files mechanism to the free Desktop
  • Could the EU force hardware manufacturers to make fully working drivers for Linux?
  • Weekly Project Thread!

Reddit: /r/linuxadmin

  • [ADVICE] If you are wanting to go into DevOps, please take this advice from a …
  • How should this sub respond to reddit's api changes, part 2
  • I/O errors on External HDD
  • How to optimize Linux for low latency
  • How do admins remember all the configuration changes they made?
  • How to boot from usb
  • Building a Ubuntu Linux server in a VM (Virtualbox) and migrating to an SSD on …
  • Open Sources: Voices from the Open Source Revolution
  • Linux package that prevents losing remote access
  • Diplomado Linux Dominando la Gestión de Paquetes DNF, RPM y TAR

Reddit: /r/sysadmin

  • Creating a DR site
  • AdBlock Plus-like software, with centralization
  • Site loads in IE and Edge in IE Mode, but not regular Edge, Chrome or …
  • Migrating CA from 2012 to 2022.
  • Apache Guacamole VS vanilla RDS VS Citrix stack
  • Reasons for a separate work-provided cell phone.
  • Is anyone familiar with the CJIS process?
  • LF ideas for a new monitoring architecture
  • How do I measure team performance without pissing everyone off?
  • Latest version of MS Teams not opening hyperlinks or Word/Excel Documents

Reddit: /r/homelab

  • Proxmox 4-Node Cluster and adding Ceph
  • Powershell - Run commands against Minecraft server process
  • Truenas Qbittorrent Tailscale need some help.
  • Esxi8.0 u2 for skylake 7820x
  • Establishing a private VPN between two homes - Seeking help
  • RAID5 vs Storage Spaces
  • SwitchOS Lite - Any good?
  • Dell T630 swapped H730 controller to HBA330 now "no storage controllers are detected on the …
  • Help choosing PDU
  • USB-Sata as Raid

Standalone Sysadmin

  • Debian Jessie Preseed – Yes, please
  • How I approach a new python project
  • Debian Jessie and Puppet
  • Great Open Positions at Northeastern CCIS
  • Ad Astra Per Aspera – Leaving Boston
  • Stop Hating Your Work
  • So…containers. Why? How? What? Start here if you haven’t.
  • Are you monitoring your switchports the right way?
  • New Blog Theme is Up
  • Reminder (to self, too): Use Python virtualenv!

Stack Exchange: Security

  • Advice on more in depth web app info gathering phase
  • How much does manually entering a key at process start help?
  • How much security do DigitalOcean managed databases provide?
  • Can UUID v7 be treated as a unguessable, opaque identifier?
  • Gmail encryption
  • What information is contained in the local SAM in an Active Directory network
  • What are certificate vulnerabilities? [closed]
  • Does using Apache/nginx actually improve security of a webapp?
  • Testing an antivirus feature on an app [closed]
  • OAuth2 implicit flow - is it still possible to hijack the token with HTTPS?

Tech News

Ars Technica

  • Critical vulnerabilities in Exim threaten over 250k email servers worldwide
  • A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day
  • Meta launches consumer AI chatbots with celebrity avatars in its social apps
  • AI language models can exceed PNG and FLAC in lossless compression, says study
  • Jony Ive and OpenAI’s Altman reportedly collaborating on mysterious AI device
  • Backdoored firmware lets China state hackers control routers with “magic packets”
  • Spotify uses AI to clone and translate podcaster voices in new pilot program
  • Google quietly corrects previously submitted disclosure for critical webp 0-day
  • GPUs from all major suppliers are vulnerable to new pixel-stealing attack
  • Can you melt eggs? Quora’s AI says “yes,” and Google is sharing the result

Slashdot

  • Amazon Sales Surge But Bezos Says Coronavirus Costs Could Hit $4 Billion
  • US Senator Wants To Know Which Federal Authorities Are Using Clearview AI To Track the …
  • NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service
  • Google Announces Chrome Web Store Crackdown For August 2020
  • HTC's Blockchain Phone Takes Over a Century To Mine Enough Crypto To Pay For Itself
  • Microsoft's Big Xbox Game Pass Bet is Starting To Pay Off
  • Trump's Disinfectant Talk Trips Up Sites' Vows Against Misinformation
  • Amazon To Cut Price of its Ebooks in UK To Reflect Removal of VAT
  • Microsoft's Visual Studio Online Code Editor is Now Visual Studio Codespaces and Gets a Price …
  • This Tech Conference Is Being Held on an Animal Crossing Island

Tech Crunch

  • Top 10 AI Tools in 2023 That Will Make Your Life Easier
  • Top 10 AI Content Generator & Writer Tools in 2022
  • Beginner Guide to CJ Affiliate (Commission Junction) in 2022
  • TOP 11 AI MARKETING TOOLS YOU SHOULD USE (Updated 2022)
  • Most Frequently Asked Questions About Affiliate Marketing
  • What is Blockchain: Everything You Need to Know (2022)
  • ProWritingAid VS Grammarly: Which Grammar Checker is Better in (2022) ?
  • Sellfy Review 2022: How Good Is This Ecommerce Platform?
  • Ahrefs vs SEMrush: Which SEO Tool Should You Use?
  • Top 10 Best PLR(Private Label Rights) Websites | Which One You Should Join in 2022?

The Verge

  • FTX’s Sam Bankman-Fried is on trial for fraud and conspiracy
  • Beyoncé’s Renaissance film is the next movie theater blockbuster
  • Someone already unboxed the Google Pixel 8 and 8 Pro
  • This giant, next-generation satellite is now one of the brightest objects in the night sky
  • FEMA’s national emergency alert test rings phones, TVs, and radios on Wednesday
  • The Beats Studio Pro are once again $100 off (in all color options)
  • Who wins when telehealth companies push weight loss drugs?
  • Tesla produced over 430,000 vehicles in the third quarter of 2023
  • Chromebook Plus is Google’s new certification for premium Chromebooks
  • Google Pixel event: how to watch and what to expect

AnandTech

  • Micron to Ship HBM3E Memory to NVIDIA in Early 2024
  • Micron Samples 128 GB Modules Based on 32 Gb DDR5 ICs
  • Intel Meteor Lake SoC is NOT Coming to Desktops: Well, Not Technically
  • eMMC Destined to Live a Bit Longer: KIOXIA Releases New Generation of eMMC Modules
  • Crucial Unveils X9 Portable SSD: QLC for the Cost-Conscious Consumer
  • Corsair's Dominator Titanium Memory Now Available, Unveils Plans for Beyond 8000 MT/s
  • GlobalFoundries Applies for CHIPS Money to Expand U.S. Fabs
  • Modular LPDDR Memory Becomes A Reality: Samsung Introduces LPCAMM Memory Modules
  • Solidigm Introduces D7-P5810: 144L SLC NVMe Drive for Write-Intensive Workloads
  • Sabrent Ships 8TB SSD for PlayStation 5: High Capacity for a High Price
  • Back to top
  • RSS
  • GitHub