This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level.

Source: jdow.io

…

In order to ensure the economic sustainability of the platform under the widest possible variety of circumstances, and in light of the fact that issuing new coins to proof of work miners is no longer an effective way of promoting an egalitarian coin distribution or any other significant policy goal, I propose that we agree on a hard cap for the total quantity of ETH.

…

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.

Source: 1.1

…

When Under Armour announced that its nutrition app MyFitnessPal had suffered a data breach impacting the information of roughly 150 million users, things actually didn’t seem so bad. Of course, it’s never good when personal data ends up online, much less that of so many people, but it seemed like Under Armour had at least taken reasonable precautions. But it turns out Under Armour only sort of got things right.

…

The five-year-old company, which has attracted users by touting its encrypted-messaging service, raised $850 million from 94 accredited investors in a Securities and Exchange Commission filing late Thursday. That doubles a previous raise first disclosed in mid-February, adding up to a total of $1.7 billion raised by the firm incorporated in the British Virgin Islands.

Source: fortune.com

…

As some solution providers explore the market for cryptocurrency mining rigs, Intel is looking into making a Bitcoin mining hardware accelerator that could reduce energy use and make the process more profitable.

Source: crn.com

…

Consider this a shot across the bow of the entire ICO and blockchain-related sector: email marketing service Mailchimp recently enacted a policy shutting off Blockchain and ICO related accounts. Now, the first victims of this policy are getting the news, and responding in kind by attempting to read the riot act toa Twitter account whose avatar is a monkey with a hat.

…

The nutrition and exercise tracking app, MyFitnessPal, has suffered a data breach, exposing 150 million users. Owned by Under Armour, the app alerted users of the breach on March 29th, but the company first learned of the breach a month ago. According to the company, the data exposed by the breach includes usernames, email addresses, and encrypted passwords.

But it is unclear is any biometric data was compromised by the security breach. Under Armour added that no payment data was exposed because it is collected and processed separately.

…

The FBI’s Remote Operations Unit has hacking tools typically reserved for protecting national security. But an overlooked section of a new report says ROU has used these secret techniques in criminal cases.

Source: vice.com

…

In what may be the most meta and nerdy application of the blockchain yet, artist Max Dovey has created a set of ‘Magic: The Gathering’ style trading cards featuring Ethereum mining rigs that can be traded on the Ethereum blockchain.

Source: vice.com

…

Grindr, a gay-dating app, suffers from a security issue that can expose the information of its more than 3 million daily users, including the location data of people who have opted out of sharing such information, according to cybersecurity experts.

Source: nbcnews.com

…

You may have heard of the death cross, because news outlets have grabbed onto it likely because it sounds awesome and people click on awesome things. The reality is less exciting: A death cross is when an asset’s short-term movement average crosses below its long-term average, indicating way more downward action in the market than usual, and apparently Bitcoin is nearing one. Sounds bad!

…

The malware stores encrypted buffers, “hidden” directly within the text section. The address of each encrypted buffer is retrieved thanks to a trick commonly used by malware. Since a call instruction pushes on the stack the address of the instruction to execute when returning from the callee, a call instruction (0xE8) with an operand of 0x00000000 leads to a jump at the address following the call.

…

Wall Street has been much more excited about the system underpinning bitcoin than the cryptocurrency itself, but the global financial industry has not yet been able to do much with the technology known as blockchain.

Source: reuters.com

…

Under the proposed law, ISPs would be required to filter all pornography or face a $500 per infraction fine. Users who wanted to access pornography would then been subject to a $20 per device “digital access fee” if they wanted to access pornography.

Source: vice.com

…

Chambers said the user who visited that domain told him that after typing in espn.com he quickly had his computer screen filled with alerts about malware and countless other pop-ups. Security logs for that user’s system revealed the user had actually typed espn[dot]cm, but when Chambers reviewed the source code at that Web page he found an innocuous placeholder content page instead.

…

According to the Baltimore Sun, the breach was confirmed by Mayor Catherine Pugh’s office, the FBI (which is helping with the investigation), Baltimore Police Commissioner Darryl De Sousa, and CIO Frank Johnson from the Mayor’s Office of Information Technology.

Source: sophos.com

…

According to areport from theSeattle Times, the dreaded WannaCry ransomware hit a Boeing production plant in Charleston, South Carolina on Wednesday.

Source: securityaffairs.co

…

In its “active defense” military strategy, China was very clear about the importance of outer space, identifying it as a critical security domain, along with the oceans, cyberspace, and nuclear force. Outer space was also singled out as a command post along with cyberspace. In Japan, as the country began to orient its national space strategy on the basis of a new Basic Space Law in 2008, there is evidence to suggest that the defense policymakers already thought of outer space as the fourth domain, after land, sea, and air.

…

All versions of the Drupal content management system are affected by a highly critical vulnerability that can be easily exploited to take complete control of affected websites in what may turn out to be Drupalgeddon 2.0.

Source: securityweek.com

…