Security Headers da F ad A: Cookie Flags e Cookie Prefix youtu.be/3LM3BP7aqY0 via @rev3rsesecurity@twitter.com

RT @PrivacyProject@twitter.com
"We must ban facial recognition in both public and private sectors, before we grow so dependent on it that we accept its inevitable harms as necessary for 'progress,'" write @EvanSelinger@twitter.com and @hartzog@twitter.com nyti.ms/2MSM09B

RT @inj3ct0r@twitter.com
2.19.216 - Remote Code Execution Exploit CVE-2019-11932 [remote ] dlvr.it/RGQp86

Threat Modelling Stories From The Trenches - David Johannson and Andrew Lee-Thorp

youtube.com/watch?v=Xgrq4fBBvC

Security Vulnerabilities Decomposition: Another Way To Look At Vulnerabilities - Katy Anton

youtube.com/watch?v=5Ee_mWgRRQ

How To Find And Prevent Entire Classes Of Security Vulnerabilities with Variant Analysis
youtube.com/watch?v=1wbt1xM9jU

Banca d'Italia - Banca d'Italia - N. 517 - Sviluppo di un sistema di cyber threat intelligence in una banca centrale bancaditalia.it/pubblicazioni/

Mozilla will change security and privacy indicators in upcoming Firefox :firefox: 70:

blog.mozilla.org/security/2019

So it is time to change the "look for the green padlock icon" security tips that are around for years (and were actually never sufficient as written in infosec-handbook.eu/blog/web-s).

#mozilla #firefox #security #privacy #indicator #padlock #infosec #cybersecurity

RT @ORARiccardo@twitter.com
"Dance like no one is watching, encrypt like everyone is." Ho parlato con @edok_lotosov@twitter.com dei TransCyberian CryptoParty vice.com/it/article/vb5xbd/tra

RT @Secjuice@twitter.com
Security researcher and OSINT practioner @n0mad42@twitter.com has put together this awesome beginner guide to detecting firewalls and gateways.

secjuice.com/osint-detecting-e

Working on compiling a Ryuk/Grim Spider layer for the MITRE ATT&CK navigator, based on available OSINT, in case anyone wants to help out.

~Open Source Security Tool of the Day~

Nebulo is a free, open-source, non-root and small sized DNS changer utilizing dns-over-https and dns-over-tls to bring privacy and security to your phone.
It is fast, contains no ads or tracking and offers a lot of flexibility.

git.frostnerd.com/PublicAndroi

Blog post: CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins - iwantmore.pizza/posts/cve-2019
Reading: 3 min
Published: 09/12/2019

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.