Collaborate Disseminate
Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks,resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Continue reading VU#598349: Automatic DNS registration and proxy autodiscovery allow spoofing of network services
Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC. Continue reading Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices“. It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use
[The post [SANS ISC Diary] Collecting Users Credentials from Locked Devices has been first published on /dev/random]
Continue reading [SANS ISC Diary] Collecting Users Credentials from Locked Devices
Snowden Thinks Russia Hacked The NSA, How to disable WPAD on Windows so hackers can’t hijack your computer, and People Ignore Security Alerts Up To 90% Of The Time. All that and more, so stay Tuned! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Security_Weekly_-_477_-_Security_News_converted.mp3 Continue reading Security Weekly #477 – Security News
Web proxy auto-config(PAC)files are passed the full HTTPS URL in GET requests which may expose sensitive data. Continue reading VU#877625: Proxy auto-config (PAC) files have access to full HTTPS URLs