Paulo Laureano

761 Flips | 4 Magazines | 56 Likes | 1 Following | 133 Followers | @plaureano | Keep up with Paulo Laureano on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Paulo Laureano”

Meet 'Bro': The Best-Kept Secret of Network Security

This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for …

Information Security

Backdoored images downloaded 5 million times finally removed from Docker Hub

17 images posted by a single account over 10 months may have generated $90,000.<p>A single person or group may have made as much as $90,000 over 10 …

Docker

Detectify at OWASP AppSec 2018 | Detectify

Detectify is a website security scanner that performs fully automated tests to identify security issues on your website. We leverage the knowledge of …

Scanners

How To: Hack SAML Single Sign-on with Burp Suite

Single sign-on (SSO) lets users login across different sites without having to manage multiple accounts. I'm sure most of us appreciate the …

Linux admins: Dire vulnerability gives attackers root access in RHEL, CentOS, Fedora

A flaw related to a NetworkManager integration script is trivially easy for attackers to leverage.<p>A command injection vulnerability has been …

New Microsoft Edge security features were just bypassed, opening door for exploits

A security mitigation in Microsoft Edge was cracked by researchers at Google Project Zero, specifically targeting out-of-process JIT …

Severe Bug Discovered in Signal Messaging App for Windows and Linux

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops …

Information Security

Email No Longer a Secure Method of Communication After Critical Flaw Discovered in PGP

If you use PGP or S/MIME for email encryption you should immediately disable it in your email client. Researchers have discovered a critical …

Hacking macOS: How to Configure a Backdoor on Anyone's MacBook

The conversation of which operating system is most secure, macOS vs. Windows, is an ongoing debate. Most will say macOS is more secure, but I'd like …

Airbash - Fully Automated WPA PSK Handshake Capture Script

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android …

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

<b>Updated</b> Grab those patches as Chipzilla updates manualsLinux, Windows, macOS, FreeBSD, and some implementations of Xen have a design flaw that could …

Patch your Windows 10 PC, now! Hackers are exploiting a zero-day flaw

Patch your Windows 10 device quick, as hackers are currently taking advantage of a zero-day “Double Kill” flaw in Internet Explorer to infect PCs …

Information Security

[Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

<b>OK, here is something really scary.</b>KnowBe4's Chief Hacking Officer Kevin Mitnick now and then calls me with some chilling news. This time, Kuba …

Over 55,000 security camera DVRs are vulnerable to an exploit so simple it fits in a tweet

Last month, Argentinian security researcher Ezequiel Fernandez published CVE-2018-9995, a vulnerability he discovered in dozens of brands of DVR that …

Ransomware like WannaCry, NotPetya, and SamSam threatens global finances and security

Imagine that in a few days, or maybe a few years, the United States suffers an unprecedented ransomware attack.<p>Maybe it begins 30 days after tax day …

SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack

Know thy enemy — wise words that can be applied to many different situations, including database hacking. It is essential to performing adequate …

Comment on 350,000 cardiac devices need a security patch by chez

I have a St Jude’s pacemaker and I am dependant on it. I didn’t need it before I was admitted to hospital with problems with my aortic valve but I …

Hacking Windows 10: How to Intercept & Decrypt Windows Passwords on a Local Network

Hashes containing login passwords are transmitted between Windows computers on local Wi-Fi networks. By intercepting and decrypting these hashes …

Incident Response: Methodology and Case Study – Part II

In this article, I will continue with the memory / malware analysis which have been started in the previous post. At the end of the post, you will be …

Incident Response: Methodology and Case Study

We all encounter incidence in our day-to-day life. It can happen in very common places that we might be visiting regularly like road, home, forest …

The Default SAP Configuration That Every Enterprise Needs to Fix

Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal …

PDF Files Can Be Abused to Steal Windows Credentials

PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, …

Data Protection, Security, and the GDPR: A fraught and fuzzy relationship

<i>There can be no security without data protection</i><p><i>There can be no data protection without security</i><p>Of course neither is true. These kind of click-baity …

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders

October 4, 2005, dawned cold and clear--somewhere in the world, anyway. Bleary-eyed MySpace users woke from their slumber to log onto the world's …

GDPR Without the Hype

The key principles underlying the European Union's General Data Protection Regulation are: have minimal data, secure it, make sure it's accurate, and …

Microsoft jiggles — but doesn’t fix — buggy Win7 patches KB 4088875, KB 4088878

Last night we were treated to new versions of the badly banged-up March Win7 patches. It looks like the new ones are the same as the old ones, but …

Facebook: If you have an account, your information was likely compromised

It was only a matter of time. After raising its estimates for the number of people affected by the Cambridge Analytica scandal, Facebook outright …

Hacking Windows 10: How to Capture Keystrokes & Passwords Remotely

Using a keylogger to intercept keys pressed on an infected computer can circumvent encryption used by email and secure chat clients. The collected …

Is Application Security Dead?

The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.<p>Spoiler alert: If application …

Hunting Cybercriminals with AWS Honey Tokens

Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.<p>BLACK HAT ASIA - Singapore - Security …