Denard.me
  • Blog
  • Dashboard
    • Dashboard
    • - Security Experts
    • - Security Operations
    • - Application Security
    • - Sysadmin
    • - Tech News
  • Services
  • Archives
  • Résumé
  • Contact

Security Experts

Anthony Ferrara

  • Wiring a Home Network
  • A PHP Compiler, aka The FFI Rabbit Hole
  • Protecting Against XSS In RAILS - JavaScript Contexts
  • Disclosure: WordPress WPDB SQL Injection - Technical
  • Disclosure: WordPress WPDB SQL Injection - Background
  • Ponderings on Odoriferous Syntactical Constructifications
  • Building an 8-bit Computer
  • Trust
  • All About Middleware
  • Simple, Easy, Risk and Change

Chris Hoff

  • On building fire extinguishers and fighting fires…
  • The 3 Immutable Rules Of Presentations…
  • Looking Forward to Catching Up At RSA…
  • Attribution is the new black…what’s in a name, anyway?
  • The Active Response Continuum & The Right To Cyber Self Defense…
  • Incomplete Thought: The Time Is Now For OCP-like White Box Security Appliances
  • J-Law Nudie Pics, Jeremiah, Privacy and Dropbox – An Epic FAIL of Mutual Distraction
  • How To Be a Cloud Mogul(l) – Our 2014 RSA “Dueling Banjos/Cloud/DevOps” Talk
  • On the Topic Of ‘Stopping’ DDoS.
  • The Easiest $20 I ever saved…

Cryptanalysis

  • Bypassing certificate checks in OpenSSL 1.0.2c (CVE-2015-1793)
  • SSLv3 considered to be insucure – How the POODLE attack works in detail
  • SSL/TLS broken again – A weakness in the RC4 stream cipher
  • Secure Function Evaluation – There is an issue with OTR and plausible denability
  • Ron was wrong, Whit is right – Weak keys in the internet
  • GMR-1 cipher specifications are now public
  • Don’t trust satellite phones – The GMR-1 and GMR-2 ciphers have been broken [UPDATE]
  • Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC
  • Bitcoin – An Analysis
  • Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web

Dan Kaminsky: Blog

  • Hacking the Universe with Quantum Encraption
  • Read My Lips: Let’s Kill 0Day
  • The Cryptographically Provable Con Man
  • Validating Satoshi (Or Not)
  • “The Feds Have Let The Cyber World Burn. Let’s Put the Fires Out.”
  • I Might Be Afraid Of This Ghost
  • A Skeleton Key of Unknown Strength
  • Defcon 23: Let’s End Clickjacking
  • Safe Computing In An Unsafe World: Die Zeit Interview
  • Talking with Stewart Baker

Elliptic News

  • New cryptanalysis of M-SIDH isogeny cryptography
  • SIAM Conference on Applied Algebraic Geometry (AG23)
  • Some comments on the CSIDH group action
  • Equivalence between CDH and DLP
  • EdDSA standardized
  • Attacks on SIDH/SIKE
  • Breaking supersingular isogeny Diffie-Hellman (SIDH)
  • Hertzbleed Attack
  • Eurocrypt 2021 – Zagreb, Zoom and Zulip
  • Report by Luca de Feo on the 3rd PQC Standardization Conference

Fillipio

  • Enough Polynomials and Linear Algebra to Implement Kyber
  • Why We Don’t Generate Elliptic Curves Every Day
  • Announcing the $12k NIST Elliptic Curves Seeds Bounty
  • I want XAES-256-GCM/11
  • A Cryptographic Near Miss
  • Planning Go 1.21 Cryptography Work
  • Avoid The Randomness From The Sky
  • I’m Now a Full-Time Professional Open Source Maintainer
  • ssh whoami.filippo.io
  • Go 1.20 Cryptography

Graham Cluley

  • iOS 17 NameDrop privacy scare: What you need to know
  • Securing the software supply chain webinar
  • The crazy world of ransomware
  • Why IT teams should champion AI in the workplace, and deploy secure AI tools safely …
  • Ethyrial: Echoes of Yore hacked! 17,000 game accounts “lost”
  • $9 million seized from “pig butchering” scammers who preyed on lonely hearts
  • Smashing Security podcast #349: Ransomware gang reports its own crime, and what happened at OpenAI?
  • Hackers pose as officials to steal secrets and cryptocurrency for North Korea
  • Smashing Security podcast #348: Hacking for chimp change, and AI chatbot birthday
  • World’s biggest bank hit by ransomware, forced to trade via USB stick

Ivan Ristic

  • Bulletproof TLS and PKI, Second Edition is out
  • OpenSSL Cookbook 3rd Edition now available
  • Second edition of Bulletproof SSL and TLS now in preview
  • Announcing Bulletproof SSL and TLS, the 2017 revision
  • Bulletproof SSL and TLS, three years later
  • SSL Labs Grading Redesign (Preview 1)
  • SSL Labs Distrusts WoSign and StartCom certificates
  • CAA Mandated by CA/Browser Forum
  • Ticketbleed detection added to SSL Labs
  • What’s new in SSL Labs 1.26.5

Krebs on Security

  • Okta: Breach Affected All Customer Support Users
  • ID Theft Service Resold Access to USInfoSearch Data
  • Alleged Extortioner of Psychotherapy Patients Faces Trial
  • Microsoft Patch Tuesday, November 2023 Edition
  • It’s Still Easy for Anyone to Become You at Experian
  • Who’s Behind the SWAT USA Reshipping Service?
  • Russian Reshipping Service ‘SWAT USA Drop’ Exposed
  • .US Harbors Prolific Malicious Link Shortening Service
  • NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison
  • Hackers Stole Access Tokens from Okta’s Support Unit

Lenny Zeltser

  • Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind
  • How Security Can Better Support Software Engineering Teams
  • A Report Template for Incident Response
  • Security Leaders Can Lower Expenses While Reducing Risk
  • Withholding Single Sign-On from SaaS Customers is Bad for Business and Security
  • Three Ways CISOs Can Drive More Meaningful Collaboration
  • Let’s Address the Cybersecurity Careers Gap
  • As a CISO, Are You a Builder, Fixer, or Scale Operator?
  • Untangling the Complexity of SaaS Ownership in the Enterprise
  • Shift Your Mindset from Conflict to Collaboration to Succeed in Security

Moxie Marlinspike

  • GPG And Me
  • We Should All Have Something To Hide
  • A Saudi Arabia Telecom's Surveillance Pitch
  • Career Advice
  • The Worst
  • The Cryptographic Doom Principle
  • Your app shouldn't suffer SSL's problems
  • sslsniff: Anniversary Edition
  • SSL And The Future Of Authenticity

The MPC Lounge

  • 5th Bar-Ilan Winter School 2015: Advances in Practical Multiparty Computation
  • Publicly Auditable Secure Multiparty Computation
  • Faster Maliciously Secure Two-Party Computation Using the GPU
  • Adapt, adapt, adapt
  • MiniTrix for MiniMacs
  • Categorizing MPC
  • Communication-Efficient MPC for General Adversary Structures
  • Fair enough
  • How to use bitcoin to design fair protocols
  • Round-efficient black-box constructions of composable multi-party computation

Root Labs rdist

  • Rebooting
  • In Which You Get a Chance to Save Democracy
  • Was the past better than now?
  • Thought experiment on protocols and noise
  • Timing-safe memcmp and API parity
  • In Defense of JavaScript Crypto

Russ McRee

  • Moving blog to HolisticInfoSec.io
  • toolsmith #133 - Anomaly Detection & Threat Hunting with Anomalize
  • toolsmith #132 - The HELK vs APTSimulator - Part 2
  • toolsmith #131 - The HELK vs APTSimulator - Part 1
  • toolsmith #130 - OSINT with Buscador
  • toolsmith #129 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 2
  • McRee added to ISSA's Honor Roll for Lifetime Achievement
  • toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1
  • Toolsmith Tidbit: Windows Auditing with WINspect
  • Toolsmith Release Advisory: Magic Unicorn v2.8

Schneier on Security

  • Breaking Laptop Fingerprint Sensors
  • Digital Car Keys Are Coming
  • Secret White House Warrantless Surveillance Program
  • Friday Squid Blogging: Squid Nebula
  • Chocolate Swiss Army Knife
  • LitterDrifter USB Worm
  • Apple to Add Manual Authentication to iMessage
  • Email Security Flaw Found in the Wild
  • Using Generative AI for Surveillance
  • Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy

Shtetl-Optimized

  • More Updates!
  • Updates!
  • New travel/podcast/speaking policy
  • The Tragedy of SBF
  • The floorboard test
  • Bring the Brodutch family home
  • Shtetl-Optimized’s First-Ever “Profile in Courage”
  • To all those who’ve emailed me…
  • Quantum miscellany
  • Palate cleanser

Troy Hunt

  • Weekly Update 375
  • Weekly Update 374
  • Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data
  • Weekly Update 373
  • Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset
  • Weekly Update 372
  • Weekly Update 371
  • Weekly Update 370
  • Weekly Update 369
  • Weekly Update 368

Xavier Mertens

  • Hack.lu 2023 Wrap-Up
  • [SANS ISC] macOS: Who’s Behind This Network Connection?
  • [SANS ISC] Python Malware Using Postgresql for C2 Communications
  • [SANS ISC] More Exotic Excel Files Dropping AgentTesla
  • [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?
  • [SANS ISC] Quick Malware Triage With Inotify Tools
  • [SANS ISC] From a Zalando Phishing to a RAT
  • [SANS ISC] Show me All Your Windows!
  • [SANS ISC] Are Leaked Credentials Dumps Used by Attackers?
  • [SANS ISC] Do Attackers Pay More Attention to IPv6?

Sec Ops

Checkpoint

  • What You Need to Know about the Pennsylvania Water Authority’s Breach
  • Reasons Your WAN is Failing You, and What You Can Do About It
  • CRN Names Check Point’s Christina Ruth to its 2023 Channel Women on the Rise List
  • Check Point CloudGuard: A Leader and Fast Mover in GigaOm’s Radar Report for CSPM
  • Unlocking a World of Cybersecurity Insights with the CISO’s Secrets Podcast
  • Check Point enhances AWS security—see it in action at AWS re:Invent!
  • Comparative Study Results on Linux and Windows Ransomware Attacks, Exploring Notable Trends and Surge in …
  • Zero Trust Security in Action: Meet the New Check Point CloudGuard
  • The Human Factor of Cyber Security
  • New ThreatCloud AI engine designed to prevent IPFS attacks

Cloudflare

  • Cyber Week: Analyzing Internet traffic and e-commerce trends
  • Better debugging for Cloudflare Workers, now with breakpoints
  • Steve Bray: Why I joined Cloudflare
  • Cloudflare named a leader in Forrester Edge Development Platforms Wave, Q4 2023
  • Do hackers eat turkey? And other Thanksgiving Internet trends
  • Workers AI Update: Stable Diffusion, Code Llama + Workers AI in 100 cities
  • Workers AI Update: Hello Mistral 7B
  • 2024, the year of elections
  • How to execute an object file: Part 4, AArch64 edition
  • Introducing advanced session audit capabilities in Cloudflare One

CSO Online

  • BrandPost: Priorities in preparing for a ransomware attack: people, processes, and technology
  • SEC notice to SolarWinds CISO and CFO roils cybersecurity industry
  • Bionic integrations offer context-based vulnerability management
  • Fortanix adds confidential data search for encrypted enterprise data
  • New Android banking trojan targets US, UK, and Germany
  • Fileless attacks surge as cybercriminals evade cloud security defenses
  • Survey reveals mass concern over generative AI security risks
  • BrandPost: Effective security training programs are vital to creating a cyber-aware workforce
  • Critical flaw in VMware Aria Operations for Networks sees mass exploitation
  • Latest MOVEit exploit hits thousands of NYC school students and staff

Dark Reading

  • The Role of the CISO in Digital Transformation
  • Cyber Threats to Watch Out for in 2024
  • CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
  • Ardent Health Hospitals Disrupted After Ransomware Attack
  • General Electric, DARPA Hack Claims Raise National Security Concerns
  • Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
  • Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
  • Balancing Simplicity and Security in the Digital Experience
  • Hack The Box Launches 5th Annual University CTF Competition
  • Fake Browser Updates Targeting Mac Systems With Infostealer

FireEye

  • BIOS Boots What? Finding Evil in Boot Code at Scale!
  • Bypassing Antivirus for Your Antivirus Bypass
  • FLARE Script Series: Recovering Stackstrings Using Emulation with ironstrings
  • Extending Linux Executable Logging With The Integrity Measurement Architecture
  • Surge in Spam Campaign Delivering Locky Ransomware Downloaders
  • New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks
  • Going To Ground with The Windows Scripting Host (WSH)
  • ELFant in the Room – capa v3
  • Announcing the Eighth Annual Flare-On Challenge
  • capa 2.0: Better, Faster, Stronger

Google Online Security Blog

  • Evolving the App Defense Alliance
  • MTE - The promising path forward for memory safety
  • Qualified certificates with qualified risks
  • More ways for users to identify independently security tested apps on Google Play
  • Increasing transparency in AI security
  • Google’s reward criteria for reporting bugs in AI products
  • Joint Industry statement of support for Consumer IoT Security Principles
  • Enhanced Google Play Protect real-time scanning for app installs
  • Scaling BeyondCorp with AI-Assisted Access Control Policies
  • Bare-metal Rust in Android

Have I Been Owned

  • Estante Virtual - 5,412,603 breached accounts
  • Bleach Anime Forum - 143,711 breached accounts
  • IndiHome - 12,629,245 breached accounts
  • Jam Tangan - 434,784 breached accounts
  • KitchenPal - 98,726 breached accounts
  • OMGPOP - 7,071,293 breached accounts
  • Acuity - 14,055,729 breached accounts
  • Avito - 2,721,835 breached accounts
  • Chess - 827,620 breached accounts
  • LinkedIn Scraped and Faked Data (2023) - 19,788,753 breached accounts

Kaspersky

  • Vulnerability in crypto wallets created online in the early 2010s | Kaspersky official blog
  • How to protect corporate routers and firewalls against hacking | Kaspersky official blog
  • Reptar: a vulnerability in Intel processors | Kaspersky official blog
  • Why Nothing Chats is unsafe | Kaspersky official blog
  • How to update Android without bugs, data loss, security risks or other nuisances | Kaspersky …
  • Transatlantic Cable podcast, episode 325 | Kaspersky official blog
  • How Ducktail steals Facebook accounts | Kaspersky official blog
  • Understanding the Kaspersky Compromise Assessment Service
  • Transatlantic Cable podcast, episode 324 | Kaspersky official blog
  • WhatsApp spyware modifications in Telegram | Kaspersky official blog

NYT Bits

  • Man Arrested in VTech Breach of Children’s Data
  • Daily Report: Tech Companies Pressured on Terrorist Content
  • Kazakhstan Moves to Tighten Control of Internet Traffic
  • Researchers Track Tricky Payment Theft Scheme
  • Daily Report: Microsoft Finds Its Security Groove
  • Daily Report: Fear and Loathing in the Tech Industry
  • Hacking for Security, and Getting Paid for It
  • Hackers Prove They Can ‘Pwn’ the Lives of Those Not Hyperconnected
  • Q.&A.: Guarding Personal Data From Abuse by Insiders
  • Firms Pit Artificial Intelligence Against Hacking Threats

Reddit: /r/netsec

  • /r/netsec's Q4 2023 Information Security Hiring Thread
  • Welcome New Moderators!
  • DICOM Protocol Vulnerabilities and Attack Surface
  • Decompilation Debugging - Pretending All Binaries Come With Source Code
  • Pentest Muse: an Open Source AI-Powered Tool for Ethical Hacking
  • New RCE popchain in WordPress
  • Fuzzer-V: New project for Fuzzing Hyper-V VSP's using Intel Processor Trace (IPT) for code coverage …
  • BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
  • I made a tool to analyze incoming HTTP/DNS requests. Let me know how it is
  • Big update to my Semgrep C/C++ ruleset

Reddit: /r/pwned

  • University of Manchester announces cyber incident, says data ‘likely’ copied
  • Don't Let Reddit Kill 3rd Party Apps!
  • /r/pwned will be going dark from June 12 in protest against Reddit's API changes which …
  • KFC, Pizza Hut owner discloses data breach after ransomware attack
  • Western Digital says criminals stole data in 'network security' breach; led to disruption of business …
  • Fresh produce giant Dole discloses employee data breach after February ransomware attack that resulted in …
  • Automaker Ferrari discloses data breach after receiving ransom demand
  • CISA: Multiple APTs exploited U.S. Government IIS Server, had access to a "federal civilian agency" …
  • Colorado city of Denver Public Schools hit by data breach; includes employee fingerprints, bank account …
  • California City of Oakland's ransomware: employees' personal information released by cyberthieves - including data on …

Securosis Blog

  • The THIRTEENTH Annual Disaster Recovery Breakfast: Changing of the Guard

Shodan

  • Changelog: www.shodan.io
  • Developer Access to Shodan Trends
  • Accepting Crypto: A Vendor Perspective
  • Historical IP Information
  • nrich: A Tool for Fast IP enrichment
  • Introducing Data Feeds for Search Results
  • Introducing the InternetDB API
  • Introducing the GeoNet API
  • Upgraded Look and Feel
  • Don't Search by Port

Sophos

  • Update on Naked Security
  • Mom’s Meals issues “Notice of Data Event”: What to know and what to do
  • S3 Ep149: How many cryptographers does it take to change a light bulb?
  • Using WinRAR? Be sure to patch against these code execution bugs…
  • Smart light bulbs could give away your password secrets
  • “Snakes in airplane mode” – what if your phone says it’s offline but isn’t?
  • S3 Ep148: Remembering crypto heroes
  • FBI warns about scams that lure you in as a mobile beta-tester
  • “Grab hold and give it a wiggle” – ATM card skimming is still a thing
  • Crimeware server used by NetWalker ransomware seized and shut down

Tenable

  • AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security
  • Identities: The Connective Tissue for Security in the Cloud
  • Tenable Cyber Watch: NCSC Offers Guidance for Quantum Threat, SBOM Adoption for Securing the Software …
  • Cybersecurity Snapshot: U.S. Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors
  • Decrypting CNAPP: Moving Beyond the Acronyms and Analyst Jargon to a Unified Approach to Cloud …
  • Frequently Asked Questions for CitrixBleed (CVE-2023-4966)
  • Tenable Cyber Watch: November Declared Critical Infrastructure Security and Resilience Month, and more
  • Cybersecurity Snapshot: Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations …
  • Tenable Nessus Scanner Capabilities Receive Red Hat Recognition
  • Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)

Threatpost

  • Student Loan Breach Exposes 2.5M Records
  • Watering Hole Attacks Push ScanBox Keylogger
  • Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
  • Ransomware Attacks are on the Rise
  • Cybercriminals Are Selling Access to Chinese Surveillance Cameras
  • Twitter Whistleblower Complaint: The TL;DR Version
  • Firewall Bug Under Active Attack Triggers CISA Warning
  • Fake Reservation Links Prey on Weary Travelers
  • iPhone Users Urged to Update to Patch 2 Zero-Days
  • Google Patches Chrome’s Fifth Zero-Day of the Year

Tools Watch

  • ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools …
  • Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA
  • Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact …
  • Black Hat Arsenal MEA Riyadh 2023 – Call For Tools Open
  • Unhacked! Armory Edition 1 London 2023 – Call For Tools is Open
  • Unhacked! Conference Partners with ToolsWatch to Launch Dedicated Security Tools Demo Area
  • Black Hat Singapore 2023 : ToolsWatch Academy Training “Practical IoT Hacking”
  • Introducing ToolsWatch Academy: The Ultimate Cyber Security Training Service
  • Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020
  • Top 10 Most Exploited Vulnerabilities in 2020

Trip Wire

  • Holiday Shopping: Tips and Best Practices to Help you Stay Secure
  • Building Fortra as Your Cybersecurity Ally
  • QR Code Phishing –What Is It?
  • How Does NIST's AI Risk Management Framework Affect You?
  • Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
  • NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks
  • $9 million seized from "pig butchering" scammers who preyed on lonely hearts
  • The Cybersecurity Skills Gap: You’re Looking at the Wrong Gap
  • UK Finance Reports Slight Decrease in FinTech Cyberattacks
  • AI-Enabled Information Manipulation Poses Threat to EU Elections: ENISA Report

Trusted Sec

  • What is Hackvertor (and why should I care)?
  • Clickjacking: Not Just for the Clicks
  • Book Review - The Definitive Guide to PCI DSS Version 4
  • The Triforce of Initial Access
  • JS-Tap: Weaponizing JavaScript for Red Teams
  • A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
  • A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
  • A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
  • A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
  • Okta for Red Teamers

App Sec

Checkmarx

  • Kudos to the Unsung Heroes in our Current Times: Software Developers
  • Deliver Secure Software from Home: Checkmarx Offers Free 45-Day Codebashing Trial
  • Why “Shift Left” in DevOps is really “Shift Center”
  • Recommendations for Friends and Family on Staying Cyber Safe While Working Remotely
  • A Message From Our CEO: Checkmarx’s Acquisition & The Road Ahead
  • Discussing AppSec Policies within DevSecOps
  • RSA Conference 2020 Wrap-Up: From Software Security to SoulCycle
  • Free your Developers from Mundane Tasks
  • Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed
  • Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

iSec Partners

  • Introducing opinel: Scout2's favorite tool
  • IAM user management strategy (part 2)
  • iSEC audit of MediaWiki
  • Work daily with enforced MFA-protected API access
  • Use and enforce Multi-Factor Authentication
  • iSEC reviews SecureDrop
  • Recognizing and Preventing TOCTOU Whitepaper
  • IAM user management strategy
  • Do not use your AWS root account
  • Announcing the AWS blog post series

Mozilla Security

  • Version 2.9 of the Mozilla Root Store Policy
  • Updated GPG key for signing Firefox Releases
  • Upgrading Mozilla’s Root Store Policy to Version 2.8
  • Revocation Reason Codes for TLS Server Certificates
  • Preventing secrets from leaking through Clipboard
  • Improving the Quality of Publicly Trusted Intermediate CA Certificates with Enhanced Oversight and Automation
  • Securing the proxy API for Firefox add-ons
  • Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections
  • Firefox 93 protects against Insecure Downloads
  • Securing Connections: Disabling 3DES in Firefox 93

NCC Group Crypto Services

  • Implementing Optimized Cryptography for Embedded Systems
  • Fast and Secure Implementations of the Falcon Post-Quantum Cryptography Signature Algorithm
  • The Longest Blockchain is not the Strongest Blockchain
  • The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
  • Bitcoin Orphan Transactions and CVE-2012-3789
  • Undefined Behavior Is Really Undefined
  • Ethereum Top 10 Security Vulnerabilities For Smart Contracts
  • Confidential Transactions from Basic Principles
  • New Practical Attacks on 64-bit Block Ciphers (3DES, Blowfish)
  • What are State-sized adversaries doing to spy on us? Or how to backdoor Diffie-Hellman

Offensive Security

  • Advanced Persistent Threats: OffSec’s Comprehensive Guide
  • Put Your Skills to the Test in OffSec’s 2023 EOY CTF
  • Build Your Cybersecurity Career Path with Learn One
  • Elevating the standard for cybersecurity education
  • Mentorship Programs: A Crucial Element in Retaining Cybersecurity Talent
  • How to Build Elite Technical Teams Internally with Cybersecurity Training
  • SOC-200 OSDA Review — Offensive Security Defense Analyst
  • The Role of Continuous Learning in Retaining Cybersecurity Experts
  • How Paidy is securing the future of fintech through a strategic alliance with OffSec
  • OffSec Cyber Range Blue Webinar Recap

Qualys

  • Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground
  • Atlassian Confluence Broken Access Control Vulnerability (CVE-2023-22515)
  • Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
  • Oracle Patch Tuesday, October 2023 Security Update Review
  • CVE-2023-44487 HTTP/2 Rapid Reset Attack
  • Microsoft and Adobe Patch Tuesday, October 2023 Security Update Review
  • Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
  • CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so
  • Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
  • Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

SANS Application Security

  • Linux Incident Response - A Guide to syslog-ng
  • Linux Incident Response - Using ss for Network Analysis
  • Linux Incident Response - Introduction to Rootkits
  • Linux Intrusions – A Growing Problem
  • Five Startling Findings In 2023’s ICS Cybersecurity Data
  • 4 Tips to Successfully Prepare for the SSAP Exam
  • Which Human-Focused Cybersecurity Course is Best for Me?
  • A Visual Summary of SANS HackFest Summit 2023
  • Leveraging Artificial Intelligence (AI) to Manage Human Risk: Part 5 – Generating Images
  • SANS Cloud Security Curriculum

Websec.io

  • Securing Credentials for PHP with Docker
  • Keeping Credentials Secure in PHP
  • Package Protection with Roave/SecurityAdvisories
  • Using Canaries for Input Detection and Response
  • Does This Null Padding Make my Hash Look Big?
  • Building a Secure API - Part 5
  • Building a Secure API - Part 4
  • Building a Secure API - Part 3
  • Building a Secure API - Part 2
  • Building a Secure API - Part 1

The Hacker News

  • Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
  • 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn
  • Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions
  • Okta Discloses Broader Impact Linked to October 2023 Support System Breach
  • DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software
  • GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
  • Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
  • Transform Your Data Security Posture – Learn from SoFi's DSPM Success
  • Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
  • How Hackers Phish for Your Users' Credentials and Sell Them

Sysadmin

AWS Blog

  • Easily deploy SaaS products with new Quick Launch in AWS Marketplace
  • Package and deploy models faster with new tools and guided workflows in Amazon SageMaker
  • Use natural language to explore and prepare data with a new capability of Amazon SageMaker …
  • Amazon SageMaker adds new inference capabilities to help reduce foundation model deployment costs and latency
  • Leverage foundation models for business analysis at scale with Amazon SageMaker Canvas
  • Introducing highly durable Amazon OpenSearch Service clusters with 30% price/performance improvement
  • Amazon SageMaker Clarify makes it easier to evaluate and select foundation models (preview)
  • Evaluate, compare, and select the best foundation models for your use case in Amazon Bedrock …
  • Amazon Redshift adds new AI capabilities, including Amazon Q, to boost efficiency and productivity
  • AWS Clean Rooms Differential Privacy enhances privacy protection of your users’ data (preview)

Cyberciti

  • How to block AI Crawler Bots using robots.txt file
  • Debian Linux 12.1 released with Security Updates
  • Setting up VSCode for Ansible Lightspeed AI in Ubuntu 22.04 desktop
  • How to upgrade FreeBSD 13.1 to 13.2 release
  • nvtop – Awesome Linux task monitor for NVIDIA, AMD & Intel GPUs
  • How to skip ChatGPT from WireGuard or OpenVPN on Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • DNS settings to avoid email spoofing and phishing for unused domain
  • How to protect Linux against rogue USB devices using USBGuard
  • A cautionary tale about locking Linux & FreeBSD user accounts

Distro Watch

  • Distribution Release: 4MLinux 44.0
  • Distribution Release: Armbian 23.11
  • Development Release: Univention Corporate Server 5.2-0 Alpha
  • Distribution Release: Nitrux fefc905b
  • Development Release: Qubes OS 4.2.0 RC5
  • DistroWatch Weekly, Issue 1047
  • Distribution Release: OpenMandriva Lx 5.0
  • Distribution Release: Ultramarine Linux 39
  • Distribution Release: rlxos 2023.11
  • Distribution Release: Proxmox 8.1 "Virtual Environment"

Netflix Techblog

  • All of Netflix’s HDR video streaming is now dynamically optimized
  • Netflix Original Research: MIT CODE 2023
  • Causal Machine Learning for Creative Insights
  • Incremental Processing using Netflix Maestro and Apache Iceberg
  • Psyberg: Automated end to end catch up
  • Diving Deeper into Psyberg: Stateless vs Stateful Data Processing
  • 1. Streamlining Membership Data Engineering at Netflix with Psyberg
  • Detecting Speech and Music in Audio Content
  • The Next Step in Personalization: Dynamic Sizzles
  • Building In-Video Search

Reddit: /r/linux

  • linux is a rabbit hole
  • Didn’t know that there are ads for Ubuntu
  • run macOS software on Linux
  • The cost of maintaining Xorg , according to a Engineering manager at Red Hat
  • Fedora Workstation 39 Update - blog post
  • [Mesa-announce] [ANNOUNCE] mesa 23.3.0
  • OCuLink and Thunderbolt 3/USB4 eGPU on Linux with GPD Win Max 2
  • Benchmarking Five Linux Distros Against Windows 11 On The Threadripper PRO 7995WX / HP Z6 …
  • Open source email pioneer Roundcube joins the Nextcloud family
  • How do people make their own custom distros?

Reddit: /r/linuxadmin

  • [ADVICE] If you are wanting to go into DevOps, please take this advice from a …
  • How should this sub respond to reddit's api changes, part 2
  • Internal Error: libxenlight failed to create new domain "FreeBSD-13.2"
  • Most Of The Jobs That We Do As A Sysadmin In A Large Company Can …
  • Why would you store SSH keys in active directory? What sort of workflow would that …
  • Forcing Linux passwords to have between 1 and 3 digits using pwquality
  • Docker containers gone docker package upgrade
  • Permission Denied error when I try to open the image file stored on the ZFS …
  • Securing Rsyslog
  • How do I learn to troubleshoot networks in Linux servers?

Reddit: /r/sysadmin

  • Singles sysadmin, network and helpdesk
  • Need help replacing windows 11 help file winhlp32
  • I have a security group in Azure AD that I want a couple of users …
  • Recently hired junior starting with higher salary
  • Best Practices for Organizing
  • Any major diff between OpenSSH feature on Windows Server 2019 vs. Windows Server 2022
  • Newbie trying to help a small company with O365 setup
  • How worried should we be regarding migration from tenant to tenant cloude based
  • Managed to avoid a land war in Asia…
  • Cloud Storage Solution for Macs!

Reddit: /r/homelab

  • How to SSH into a Linux server that is connected to NordVPN?
  • Connection is not private on WIFI
  • My LACKRACK garage homelab
  • My seeding bix
  • Can I run DDR4 memory higher than 2400 MT/s in a dell R630 server?
  • Share your homelab power usage and energy cost! mine is ~50W and less than $3 …
  • Share your homelab uptime! mine is 30 days again!
  • Should I get Xeon E5-2680 v4 or E5-2697 v3 ?
  • How to handle VMs and Storage
  • Looking for a NAS for my homelab

Standalone Sysadmin

  • Debian Jessie Preseed – Yes, please
  • How I approach a new python project
  • Debian Jessie and Puppet
  • Great Open Positions at Northeastern CCIS
  • Ad Astra Per Aspera – Leaving Boston
  • Stop Hating Your Work
  • So…containers. Why? How? What? Start here if you haven’t.
  • Are you monitoring your switchports the right way?
  • New Blog Theme is Up
  • Reminder (to self, too): Use Python virtualenv!

Stack Exchange: Security

  • Difference between running executable from disk vs removable media
  • Web application rate limiting, IP blocking using different cellular networks
  • wireshark captures vpn tun0 smtp as unencrypted, why?
  • How to safely download files from Telegram using Sandboxie?
  • How GitHub Advisory assigns vulnerabilities to same components coming from different package managers?
  • Is Using an Authenticator App on the Same Device as the Passwordless Application a True …
  • RSA vs Shor's Algorithm/Fast Factoring — Server Credentials & MITM
  • Webauthn: Access control for the public key credential uploaded by the user's device
  • VPN over VPN using Amazon EC2 instance [migrated]
  • How do I create a certificate with subject containing Octet string?

Tech News

Ars Technica

  • 2 municipal water facilities report falling to hackers in separate breaches
  • Stable Diffusion XL Turbo can generate AI images as fast as you can type
  • Amazon unleashes Q, an AI assistant for the workplace
  • Report: Apple and Goldman Sachs are breaking up over money-losing Apple Card
  • ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
  • Mother plucker: Steel fingers guided by AI pluck weeds rapidly and autonomously
  • Hackers spent 2+ years looting secrets of chipmaker NXP before being detected
  • New “Stable Video Diffusion” AI model can animate any still image
  • Amazon’s $195 thin clients are repurposed Fire TV Cubes
  • Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Slashdot

  • Amazon Sales Surge But Bezos Says Coronavirus Costs Could Hit $4 Billion
  • US Senator Wants To Know Which Federal Authorities Are Using Clearview AI To Track the …
  • NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service
  • Google Announces Chrome Web Store Crackdown For August 2020
  • HTC's Blockchain Phone Takes Over a Century To Mine Enough Crypto To Pay For Itself
  • Microsoft's Big Xbox Game Pass Bet is Starting To Pay Off
  • Trump's Disinfectant Talk Trips Up Sites' Vows Against Misinformation
  • Amazon To Cut Price of its Ebooks in UK To Reflect Removal of VAT
  • Microsoft's Visual Studio Online Code Editor is Now Visual Studio Codespaces and Gets a Price …
  • This Tech Conference Is Being Held on an Animal Crossing Island

Tech Crunch

  • Top 10 AI Tools in 2023 That Will Make Your Life Easier
  • Top 10 AI Content Generator & Writer Tools in 2022
  • Beginner Guide to CJ Affiliate (Commission Junction) in 2022
  • TOP 11 AI MARKETING TOOLS YOU SHOULD USE (Updated 2022)
  • Most Frequently Asked Questions About Affiliate Marketing
  • What is Blockchain: Everything You Need to Know (2022)
  • ProWritingAid VS Grammarly: Which Grammar Checker is Better in (2022) ?
  • Sellfy Review 2022: How Good Is This Ecommerce Platform?
  • Ahrefs vs SEMrush: Which SEO Tool Should You Use?
  • Top 10 Best PLR(Private Label Rights) Websites | Which One You Should Join in 2022?

The Verge

  • Interview: Sam Altman on being fired and rehired by OpenAI
  • Activision Blizzard had a plan — or ploy — to launch its own Android game …
  • Everything we know so far about OpenAI, Sam Altman’s return, and what happens next
  • Microsoft joins OpenAI’s board with Sam Altman officially back as CEO
  • Elon Musk tells advertisers: ‘Go fuck yourself’
  • Amazon will offer human benchmarking teams to test AI models
  • These ex-Apple employees are bringing AI to the desktop
  • The CEOs of Meta, X, TikTok, Snap, and Discord will testify before the US Senate …
  • Evernote is about to seriously limit its plan for free users
  • Windows 11 tests energy saver mode for both laptops and desktop PCs

AnandTech

  • Amazon Unveils Graviton4: A 96-Core ARM CPU with 536.7 GBps Memory Bandwidth
  • Best Portable SSDs: Holiday 2023
  • The SeaSonic Focus GX-850 ATX 3.0 PSU Review: Cool, Quiet, and Robust
  • Best CPUs for Gaming: Holiday 2023
  • Asus Intros GeForce RTX 4060 Ti Video Card With Integrated M.2 SSD Slot
  • G.Skill and V-Color Unveil Factory Overclocked ECC RDIMMs for Ryzen Threadripper 7000 [UPDATED]
  • Best PC Power Supplies: Cyber Monday 2023
  • Best Internal Hard Drives: Holiday 2023
  • AMD's 96-Core Ryzen Threadripper Pro 7995WX Hits 6.0 GHz on All Cores with LN2
  • AMD Ryzen Threadripper 7980X & 7970X Review: Revived HEDT Brings More Cores of Zen 4
  • Back to top
  • RSS
  • GitHub