Security Boulevard

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. More video! Much better website with content tags Finally, an obvious call to action!

Cloud Migration 64

Cloud Migration Government Network Security Risk 64

Troy Hunt

JUNE 27, 2018

I built a little demo site and embedded all the videos in it over at HTTPSIsEasy.com. I also wanted to keep each video to about 5 minutes so you'll see that there's plenty of stuff I don't embellish on, I just focus on making things work as expeditiously as possible. HTTPS is easy!

Encryption 161

Encryption Banking 161

SiteLock

AUGUST 27, 2021

Have you ever had trouble keeping up with your blog post schedule? If you’ve hit a wall with blogging, it’s likely due to one of these reasons: A lack of time. Sharing relevant articles, videos and other forms of content helps to increase brand loyalty by building a more beneficial relationship with your audience.

Marketing 52

Marketing 52

Security Affairs

APRIL 2, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware 83

Spyware Surveillance Artificial Intelligence Data breaches 83

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. ” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media. eXplorer.

Malware 110

Malware Antivirus Hacking Accountability 110

Troy Hunt

OCTOBER 28, 2020

Everything becomes clear(er) if I manually change the font in the browser dev tools to a serif version: The victim I was referring to in the opening of this blog post? Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size.

Phishing 362

Phishing Password Management Passwords Internet 362

The Last Watchdog

NOVEMBER 19, 2018

Many of these photos are tagged with the identity of the people in them. On a consumer level, it might allow you to post somewhat inappropriate party photos while preventing them being tagged with your identity. The development of universal video surveillance with facial recognition is generally happening away from the public eye.

Surveillance 153

Surveillance Marketing Technology Authentication 153

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. You can safely use an integrity attribute on your script tag because if ever we want to change the implementation, we'll simply rev the version. from its current state.

Government 243

Government Risk Software Technology 243

Security Boulevard

FEBRUARY 2, 2024

I highly recommend reading Andy Robbins’ blog, “ Microsoft Breach — What Happened (and What Should Azure Admins Do)? ”, or our recent video describing the breach here , to understand the full scope of what we know based on Microsoft’s transparency report. What Happened and What is the Attack Path?

Risk 64

Risk Cybersecurity 64

CyberSecurity Insiders

JANUARY 19, 2023

The attack injected malicious JavaScript code into digital ads, allowing the fraudsters to stack dozens of video ads on top of one another and registering views for ads completely invisible to the user. To learn more about the VASTFLUX operation, visit the HUMAN blog , or read the full technical report.

Advertising 59

Advertising Cybercrime CISO Education 59

Troy Hunt

MARCH 15, 2020

But the NDC events really need to run over 2 whole days, so we came up with a better idea: Scott and I will be tag-teaming the 2-day events. Or don't ask anything and we'll banter away as we normally would anyway which people always seem to love when it happens on my weekly videos.

Hacking 255

Hacking Technology Software Risk 255

Troy Hunt

DECEMBER 3, 2023

The very next day I published a blog post about how I made it so fast to search through 154M records and thus began a now 185-post epic where I began detailing the minutiae of how I built this thing, the decisions I made about how to run it and commentary on all sorts of different breaches. And then ensured could never happen again.

Data breaches 363

Data breaches Passwords Internet Internet 363

Troy Hunt

NOVEMBER 14, 2017

That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. No external videos embedded from YouTube, no JavaScript libraries off your favourite CDN and no analytics or tracking from Google. Also, no script blocks.

Hacking 219

Hacking Risk 219

Troy Hunt

SEPTEMBER 26, 2018

Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog. No HTML tags. I went with an absolute bare bones setup which essentially involved just following the instructions on the Pi-hole site (Scott gets a bit fancier in his blog posts). That is all. No tracking.

DNS 274

DNS Risk 274

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that’s a well-written blog post right there, waiting for you. Automate it!

Software 145

Software Firmware VPN Internet 145

Security Affairs

JUNE 13, 2019

” reads a blog post published by Guardio. Researchers published a video PoC of the attacks that shows how hackers can steal a user’s Facebook information and data on PayPal transactions. via social media, email, a compromised blog comment, etc.). via social media, email, a compromised blog comment, etc.).

Advertising 64

Advertising Media Hacking Information Security 64

IT Security Guru

MAY 24, 2021

production or test), which helps identify business-critical assets and tag them automatically. Newly found unmanaged assets can be tagged automatically for addition to Vulnerability Management scan jobs. CyberSecurity Asset Management video. Technical blog post: Introducing CyberSecurity Asset Management.

Cybersecurity 108

Cybersecurity Risk Software Data collection 108

Google Security

JULY 27, 2023

Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [ 2021 , 2020 , 2019 ] and builds off of the mid-year 2022 review. Project Zero wrote about one of these cases in November 2022 in their “Mind the Gap” blog post.

Spyware 91

Spyware Manufacturing Internet Internet 91

Cisco Security

FEBRUARY 3, 2022

Be sure to watch the videos for more in-depth analysis. Watch the full video with Matt on Colonial Pipeline, ransomware, and supply chain attacks: Read more about the new world of critical infrastructure. Importantly, don’t tag it to an individual by name. Watch the full video on Security Debt: .

Ransomware 62

Ransomware Risk Government CISO 62

Troy Hunt

JUNE 1, 2020

closed or ia idk | BLM (@pjnkmin) May 31, 2020 Just to be clear: there's not necessarily a direct link between whoever put the video above together and the data now doing the rounds and attribution is tricky once you get a bunch of different people under different accounts and pseudonyms all flying the "Anonymous" banner.

Hacking 364

Hacking Passwords Data breaches Accountability 364

Krebs on Security

MARCH 2, 2020

” A review of Majidi’s Facebook profile shows that phrase as his tag line, and that he has signed several of his posts over the years as “Fatal.001.” A video on Majidi’s Facebook page shows him logged in to the “Fatal.001” There is a third Skype account nicknamed “Fatal.001”

DNS 264

DNS Penetration Testing Malware Hacking 264

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches 279

Data breaches Passwords InfoSec Accountability 279

NopSec

MARCH 27, 2015

Vulnerabilities and related tickets are then tagged with the penetration testing report date so that the organization can track the related vulnerabilities exploited during the pen tests and monitor them until they are remediated. Otherwise the report ends up on auditors / compliance officer / CISO desks to collect dust. Pretty neat, eh!

Penetration Testing 52

Penetration Testing CISO Accountability 52

SiteLock

AUGUST 27, 2021

Then you can set up a business email address, develop high-level messaging for your business like a tag line, and design a logo or hire someone to do it for you. Start a store blog with how-to videos, interviews, gift guides and other content to attract customers. Additionally, a good business name has an available domain name.

Marketing 98

Marketing eCommerce Internet Internet 98

Krebs on Security

MAY 23, 2024

The report points out that Stark Industries continues to host a Russian disinformation news outlet called “Recent Reliable News” (RRN) that was sanctioned by the European Union in 2023 for spreading links to propaganda blogs and fake European media and government websites.

DDOS 274

DDOS Internet Internet Government 274

Kali Linux

MAY 31, 2021

Again) In case you missed it, we have previously covered Kaboxer in it’s own dedicated blog post , which goes into a lot more detail of why we love it so! Your browser does not support the video tag. For developers, this is a great new tool in the arsenal. Releasing Kali-Tweaks v1.0 Announcing Kali-Tweaks !

Engineering 52

Engineering Firmware Architecture Backups 52

Kali Linux

MAY 29, 2023

Some background information: PipeWire is a “server for handling audio, video streams, and hardware on Linux” It was initially released in 2017, is actively developed, and is poised to become the de-facto sound server in pretty much every Linux distribution out there, therefore replacing PulseAudio.

Firmware 52

Firmware Phishing Architecture Authentication 52

Troy Hunt

AUGUST 5, 2021

The Prusa MK3S+ Prusa is based in the Czech Republic and the best primer for who they are and why there's so much love for them is this video: By all accounts, Prusa are just extremely reliable, work with minimal configuration and are one of the easiest ways to get up and running with very little knowledge.

Education 70

Education Technology Software Retail 70

Scary Beasts Security

SEPTEMBER 22, 2009

The bugs represented a range of different C vulnerability classes, which I thought might make an interesting blog post. time : -duration; The problem here is that it is assumed that nb_streams > 0 but no such condition is guaranteed if the attacker supplies an "elst" tag before supplying any tag that creates a stream.

Malware 50

Malware 50

Kali Linux

MARCH 12, 2023

Stay tuned for a blog post coming out for more information! Your browser does not support the video tag. Your browser does not support the video tag. We have a RSS feeds and newsletter of our blog ! It will be ready for immediate download or updating by the time you have finished reading this post.

Firmware 52

Firmware Architecture Engineering Technology 52

Kali Linux

MAY 15, 2022

Your browser does not support the video tag. We have a RSS feeds & newsletter of our blog ! Hacking as shown in popular media, has ranged from really fun to completely absurd, so we saw the opportunity to do a tribute to some of our favourite instances (and get a little nostalgic). And Twitter is not a Bug Tracker!

Wireless 52

Wireless Firmware Architecture Media 52

ForAllSecure

MAY 13, 2022

Since then Hash started a reverse engineering wiki site called Recessim and created dozens of YouTube videos in a channel of that same name to chronicle his adventures. Everybody's got their own little blog where they post stuff. Then you get to the point and then I decide I think I'm gonna start making some videos about this.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

Troy Hunt

JANUARY 10, 2018

The video within that story reiterates over and over again that "Aadhaar data cannot be breached" It then goes on to quote the government as saying that: it cannot be questioned by a handful of individuals. Much of what I'm going to cover in the remainder of this blog post will focus on the site at uidai.gov.in

Hacking 279

Hacking Government Risk Encryption 279

Troy Hunt

MARCH 21, 2018

Transparency has been a huge part of that effort and I've always written and spoken candidly about my thought processes, how I handle data and very often, the mechanics of how I've built the service (have a scroll through the HIBP tag on this blog for many examples of each).

Data breaches 181

Data breaches Government Passwords Media 181

Google Security

JANUARY 29, 2021

Examples include Address Space Layout Randomization, Control Flow Integrity (CFI), Stack Canaries and Memory Tagging. On the other hand, video players only need to ensure that frames are rendered at the source framerate; if frames are rendered much faster than the rate at which they are displayed, additional overhead may be more acceptable.

Architecture 101

Architecture Media Engineering Risk 101

Kali Linux

MARCH 28, 2023

As we were scrapping it all and starting from scratch when starting with Kali, we moved to Git and used GPG to tag releases, at the same time, published all our build-scripts allowing anyone to build Kali on any platform. Audio (mp3) , Video (mp4) and Lyrics In case you missed the first songs: OffSec: Uzimon - OffSec Say Try Harder!

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

SecureList

FEBRUARY 25, 2021

Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. In our previous blog about Lazarus group, we mentioned the Bookcode cluster attributed to Lazarus group; and recently the Korea Internet and Security Agency (KISA) also published a report about the operation. Same tunneling tool.

Malware 138

Malware Phishing Passwords Encryption 138