Table of Contents

• Security
  • Awesome Security Lists
  • CVE Common Vulnerabilities and Exposures
  • OWASP Open Web Application Security Project
  • Seguridad Web
  • PHP Security
  • OpenSCAP and Lynis. Open Source security auditing tools
  • Cisco Security Advisories and Responses
  • Security Blogs - Security articles
    • Blogs de Seguridad Informática
    • Network Security
  • Security on Twitter
    • Seguridad en Twitter
  • Security Podcasts
  • Security Toolkits and Policies. Penetration Testing
  • Antivirus and malware
    • XSS and CSRF attacks
  • Mobile Security
  • Private Browsing
  • HTTPs and HSTS
  • Database encryption and security
  • Identity Management
  • Session Hijacking Detection
  • Big Data Security
  • Application Security: Web App Firewall. Blocking bots
  • Breaking Firewalls, Shellcode Injection, SQL Injection
  • Email security. Anti Spam protection
  • Server Hardening
  • Next Generation Firewalls
  • NTP
  • Security Checklist
  • Major Security Vulnerabilities
    • Keyloggers
    • Red Hat Vulnerabilities Catalog. Red Hat CVE Database.
    • SQL injection
    • Windows Vulnerabilities
    • Linux Vulnerabilities
    • Heartbleed. April 2014
    • Shellshock. September 2014
    • Java Serialization Vulnerability. November 2015
    • HTTPS Bicycle Attack. December 2015
    • Backdoors. December 2015
    • LastPass. January 2016
    • OpenSSH Roaming Bug. January 2016
    • OpenSSL. January 2016
    • Linode SSH. February 2016
    • glibc stack based buffer overflow. February 2016
    • DROWN Attack. Cross protocol attack on TLS using SSLv2. March 2016
    • OpenSSH Security Advisory. March 2016
    • SSH attempts
    • Bad Tunnel. June 2016
    • HTTP/2. August 2016
    • DDos
      • DNS Attack Analysis
    • Shadow IT security risks
    • httpoxy. July 2016
    • Flip Feng Shui SSH Cross VM Exploit. August 2016
  • Top security initiatives for 2016
    • HEIST technique
    • Container security. Who’s fixing containers? February 2016
    • DDos and Project Shield. February 2016
    • Disk Encryption

RT @cloudsa: Want to know what the future holds for #cloudsecurity? Listen to @EMEACloudGuy's & @jimreavis's chat: https://t.co/R9GYrRr2ix

— Red Hat EMEA (@RedHatEMEA) 5 de marzo de 2016

Dave vs Security: This is why you automate security into your process. #cybersecurity #devops #secops pic.twitter.com/H3Nn0GAGt5

— Greg Bledsoe (@geek_king) 31 de mayo de 2016

How to Apply DevOps Culture to Security#DevOpshttps://t.co/8UMlDqKahE

via #MVB @petecheslock pic.twitter.com/RBpCxGDsTQ

— DZone (@DZone) 27 de junio de 2016

Josh, how does Red Hat deal with security issues?#CUBEgems @joshbressers @RedHatNews #RHSummit #theCUBE pic.twitter.com/nvCSCG1pT6

— theCUBE (@theCUBE) 29 de junio de 2016

Cover up your laptop camera right nowhttps://t.co/3Orx88WqEH

— Tech Insider (@techinsider) 29 de junio de 2016

• csoonline.com: How to get a job as a security engineer
• Does Security Need DevOps?
• martinfowler.com: The Basics of Web Application Security 🌟🌟🌟 Modern web development has many challenges, and of those security is both very important and often under-emphasized. While such techniques as threat analysis are increasingly recognized as essential to any serious development, there are also some basic practices which every developer can and should be doing as a matter of course.
• blog.modis.com: WHAT’S YOUR BUSINESS’S GREATEST CYBER THREAT? 🌟🌟🌟

• awesome security
• awesome security talks
• awesome penetration testing
• awesome android security
• Awesome Windows Exploitation 🌟🌟

• Common Vulnerability Enumeration is a repository of security software flaws managed by NIST in the National Vulnerability Database (NVD) as part of SCAP (Security Content Automation Protocol)
• CVE database: Common Vulnerabilities and Exposures 🌟🌟🌟 The Standard for Information Security Vulnerability Names
  • CVE List Main Page
• National Vulnerability Database 🌟
  • Search CVE and CCE Vulnerability Database 🌟
• SCAP (Security Content Automation Protocol)
• ICS-CERT Alerts 🌟🌟🌟 An ICS-CERT Alert is intended to provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.
• cvedetails.com 🌟🌟🌟
  • cvedetails.com: Apache » Http Server : Security Vulnerabilities 🌟

The European Commission to audit Apache HTTP Server & @KeePass https://t.co/IINqtuQSwV #opensource #linux #sysadmin pic.twitter.com/Kg2EJdGyEg

— nixCraft (@nixcraft) 21 de julio de 2016

• owasp.org 🌟🌟 The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
• OWASP Testing Project
• Guía de pruebas de OWASP 3.0
• OWASP Testing Guide v4.0. Guia de seguridad en aplicaciones Web
• OWASP Testing Guide v4 Table of Contents 🌟🌟

• acens.com - White Paper: Mejora la seguridad web con estas 10 recomendaciones 🌟🌟

• phpsecurity.readthedocs.io 🌟🌟🌟

• OpenSCAP and Lynis. Open Source security auditing tools 🌟🌟🌟🌟

• Cisco Security Advisories and Responses 🌟🌟🌟

• HaCoder.com 🌟
• seclists.org 🌟
• ehacking.net 🌟
• Sucuri Blog 🌟
• linux-audit.com 🌟🌟 Linux security: Auditing, Hardening and Compliance
• Blackmoreops.com 🌟
• Red Hat Security Blog 🌟
• k4linux.com Kali Linux 2.0 tutorials Technology and News of penetration testing and security Hacking Wifi Facebook Website.
• net-security.org
• livesshattack.net 🌟
• arstechnica.com/security
• foxglovesecurity.com
• securityzap.com
• Dark Reading
• Red Hat Security
• Security Intelligence
• hackershandbook.org
• Hacker News
• Guido Vranken
• seancassidy.me
• youtube playlist: Dell Security
• blog.cryptographyengineering.com
• eweek.com/security
• CSO: Security news, features and analysis about prevention, protection and business innovation
• peerlyst Professional Community platform for Information Security
• Network Security - NetSecNow
  • NetSecNow on Youtube
• hacking-etico.com
• Hack In The Box Security Conference 🌟
• infosecurity-magazine.com 🌟🌟
• hackercool.com 🌟🌟
• krebsonsecurity.com 🌟🌟

6 cybersecurity and emergency situations every IT depart should train for https://t.co/bXt7mDf9BA by @patgrayjr pic.twitter.com/gvGygVZGVc

— TechRepublic (@TechRepublic) 27 de junio de 2016

When someone tells you that a firewall or Linux will solve all of their problems... #truth pic.twitter.com/bhTi0dgLQu

— nixCraft (@nixcraft) 5 de agosto de 2016

I'm trying to get out of server security mess created by incompetent sysadmin. #Truth #Life pic.twitter.com/uYii1k5VKr

— nixCraft (@nixcraft) 21 de agosto de 2016

should I write my own crypto library?

[x] yes
[x] fuck yes

— YOLO Crypto (@yolocrypto) 8 de octubre de 2014

• Cybersecurity isn’t Rocket Science!
• Citibank IT guy deliberately wiped routers, shut down 90% of firm’s networks across America

• elladodelmal.com - Chema Alonso
• hackplayers.com
• seguridadapple.com

• tunnelsup.com
• Why Choose Bro?

• twitter.com/LinuxSec
• twitter.com/linuxs3c
• twitter.com/HackerNews

I love it when a hotel takes password security seriously. pic.twitter.com/mK9hLEjSGe

— Help Net Security (@helpnetsecurity) 29 de diciembre de 2016

• twitter.com/Cryptodata Informático enamorado del software libre. Seguridad, administración de sistemas.
• twitter.com/chemaalonso

Facebook, Google, and WhatsApp are all planning to increase encryption https://t.co/K0Roq7nENd pic.twitter.com/fK9xhW3jx5

— BI Tech (@SAI) 14 de marzo de 2016

#Linux Webserver #Security is out! https://t.co/UcwrNmJIEm Stories via @Dinosn @sidekickhelps @Akwelz

— Linux Security News (@LinuxSec) febrero 15, 2016

El lado del mal - ¿Por qué sale el candado rojo en los mensajes de Gmail? https://t.co/Qd1sxGy87E #Gmail }:) pic.twitter.com/EwQZUYPOuB

— Chema Alonso (@chemaalonso) febrero 11, 2016

.@chemaalonso @LaVanguardia "internet es tan seguro como lo es el mundo hoy en día " pic.twitter.com/aFMen7nErc

— Diego Ruiz Moreno (@diegodron) 12 de marzo de 2016

SMShing para robar tu 2nd Factor Authentication en tus cuentas Google o Apple #SMShing https://t.co/IujqX1ZZOb }:) pic.twitter.com/U6TrIMFZdO

— Chema Alonso (@chemaalonso) 5 de junio de 2016

Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC

— Alex MacCaw (@maccaw) 4 de junio de 2016

For you Wi-Fi nerds: A visual representation of WEP security on WLAN's. pic.twitter.com/Q5Sh9t7x3I

— Michael Dorman (@_mdorman) 3 de junio de 2016

New SonicAlert: Microsoft Windows™ OS HTTP User-Agents (1/29/2016) by @DellSecurity Threats Research: https://t.co/hkm4abXYd4

— Dell Security (@DellSecurity) febrero 1, 2016

The best way to visualize encryption to those who don't understand it over the Internet. Key Exchange https://t.co/6fwikgx9jc #security

— nixCraft (@nixcraft) febrero 19, 2016

Who's fixing containers? https://t.co/vltcct17s7 #glibc #ITsecurity #containers

— Open Source Way (@opensourceway) febrero 19, 2016

Why we use adblockers: 'We need to have more control over what we're exposed to' https://t.co/TvMoWgAExA pic.twitter.com/s6uwF5cPqh

— The Guardian (@guardian) 10 de marzo de 2016

3 months and 1 Million SSH attempts later https://t.co/3Mst0W0K44 #openssh #openbsd #unix #linux #opensource #linux #infosec #security

— nixCraft (@nixcraft) 21 de marzo de 2016

Security Virtualisation - what is it? https://t.co/agayoDZlvR #sdn #nfv @NatilikSEC

— James Talbot (@jamesrtalbot) 25 de mayo de 2016

"Securing Your Virtual Environment" https://t.co/IJXr5RfNnZ #RedHatConsulting #RedHat

— Jose Simonelli (@ubercloud) 14 de junio de 2016

Citibank IT guy deliberately wiped routers, shut down 90% of networks https://t.co/go9nfo936x pic.twitter.com/Df4ZMtccUF

— Graham Cluley (@gcluley) 28 de julio de 2016

What Is Fork Bomb And How Can You Prevent This Danger? | Unixmen https://t.co/zR64RHQlpI

— Unixmen (@unixmen) 16 de octubre de 2016

• phoneboy.com

• Security Toolkits and Policies. Penetration Testing

• Bitdefender
• GData
• Avast
• Independent Tests of Antivirus Software
• wikipedia: Comparison of antivirus software
• tomsguide.com: Best Antivirus Software and Apps 2016
• Here is the 2015 list of the top 50 software products in order of total distinct vulnerabilities
• For the first time, Mac users have to worry about malware that locks their computer and demands a ransom
• Eastern European Cyber Crooks Raid US Banks For $4 Million In Just 3 Days
• Microsoft’s Windows 10 Wants To Replace Your PC Antivirus With WDATP
• nakedsecurity.sophos.com
  • nakedsecurity.sophos.com - Anatomy of an exploit: the Microsoft Word bug that just won’t die
• Trendmicro: ¿Qué es el ransomware? 🌟🌟🌟
• Malware hits millions of Android phones
• Cisco report says growing ransomware attacks are costing people and businesses millions 🌟
• The rise of ransomware (in more than one way)
• software.dell.com: The Top 6 Ways to Protect Your Organization from Malware
• software.dell.com - Ransomware: The Cost of Doing Nothing
• medium.com: How a malware could infect digitally signed files without altering hashes on macOS
• Situation: scary. #APT #malware, probably state-sponsored, invading many large, secure networks. Scientists Just Discovered Something Awful for IT Workers Everywhere The new, advanced malware researchers found forces business IT specialists to acknowledge the long reach of state-sponsored cyber attacks.
• sophos.com: Antivirus for Linux (free)
• Beware of all-powerful DDoS malware infecting cellular gateways, feds warn
• ics-cert.us-cert.gov/alerts: Mirai Botnet Is Now Threat To Cellular Modems Made By Sierra. Sierra Wireless Mitigations Against Mirai Malware
• nomoreransom.org 🌟🌟🌟🌟

More info on Transmission app and new Mac ransomware https://t.co/z54gbNicbi via @aallan

VirusTotal has more info https://t.co/s4LWzSTfsG

— nixCraft (@nixcraft) 6 de marzo de 2016

Los 8 tipos de #malware más peligrosos para pymes y autónomos. https://t.co/6KuN7ti8L8 pic.twitter.com/v73IsCes0U via @ticbeat

— Derecho de la Red (@DerechodelaRed) 25 de junio de 2016

Mirai Botnet Is Now Threat To Cellular Modems Made By Sierra https://t.co/WuIgfdYhmP #IoT #DDoS #Infosec #Security

— nixCraft # (@nixcraft) 14 de octubre de 2016

• Cross-site Scripting (XSS) Attack
• CSRF Attacks, XSRF or Sea-Surf – What They Are and How to Defend Against Them
• The True Danger of XSS and CSRF

• Zeef: Mobile Security

• Private Browsing - Use Firefox without saving history
• Qué saben de ti las ‘cookies’ y nueve preguntas más

• HTTPs and HSTS

• Wikipedia: Database encryption
• dba.stackexchange.com - encryption tag
• DZone: Database Security Is Not Being Taken Seriously Enough See where modern database security falls short, ranging from monitoring to credentials, and why that's not a trend that should continue.

• FreeIPA.org – an open-source project sponsored by Red Hat 🌟🌟
  • Wikipedia FreeIPA
• rhelblog.redhat.com - Ten New Identity Management (IdM) Features in Red Hat Enterprise Linux 7.1
• redhat.com - Improvements to Identity Management (IdM) in RHEL 7.1
• Dell Authentication Services
• Centrify
• Employees have no qualms in selling corporate passwords
• Are their any valid Active Directory Alternatives?
• Active Directory Single Sign-On (SSO) on AWS with Bitium
• Announcing Managed Microsoft Active Directory in the AWS Cloud
• Apache Syncope, Open Source Identity Management software
• Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management
• Open source identity management 20121106 - apache con eu
• community.dell.com: Is there anything that is a bigger waste of IT time than password resets?
• cityam.com: "Password", "123456" and "qwerty": These are the world's 25 worst passwords of 2015
• Who needs software vulnerabilities when you can find lame passwords?
• linux.com: 5 SSH Hardening Tips 🌟🌟🌟
• Most IT pros have seen potentially embarrassing information about their colleagues
• techvisionresearch.com: The future of Identity Management
• nixCraft: How to paste password easily when pasting into password input fields disabled on Google Chrome 🌟
• Single sign-on improvements in Fedora 24 🌟
• Visionary Trends of Identity Access Management (IAM) Security
• DZone: 11 Steps to Secure Your Servers Part 3 & 4: Login and Securing Passwords 🌟 Parts 3 and 4 of a series of posts on server security from Inversoft's 2016 Guide to User Data Security.
• opensource.com: Managing passwords in Linux with KeePassX
• unixmen.com: Managing passwords in Linux with KeePassX
• unixmen.com: Reset Your Forgotten Root Password On RHEL 7

Red Hat Identity Manager: Part 1 – Overview and Getting started https://t.co/b6HOQO4dVU

— RHELdevelop (@RHELdevelop) 29 de abril de 2016

Good old admin/password via https://t.co/Mffd04MHFd pic.twitter.com/qONaLnMTAU

— Linux Inside (@tecmint) 15 de octubre de 2016

Forcing users to change their passwords may do more harm than good https://t.co/7F4SjQDQMF @jackschofield pic.twitter.com/cyTv9smkpH

— ZDNet (@ZDNet) 5 de marzo de 2016

Top 11 AWS IAM Best Practices https://t.co/VnLgDpCo5c

— Gin soaked boy (@integralist) enero 28, 2016

Big news: We acquired Critical Path making us undisputed leader in white-label messaging systems #acquisition #pe http://t.co/ekq2da5Thr

— Openwave Messaging (@owMessaging) 4 de diciembre de 2013

Cable/broadband operators fear losing content to OTT players but still take the risk says Incognito Software survey http://t.co/VjVL3DRorO

— Openwave Messaging (@owMessaging) 2 de agosto de 2013

• stackoverflow.com: What is the best way to prevent session hijacking?

• [2014] Big Data y Privacidad por Chema Alonso
• Panopticlick.eff.org: Is your browser safe against tracking?

Take these steps to adopt a big data approach to security | https://t.co/YeanSkcT8R pic.twitter.com/vrsnN3luTA

— Red Hat Training (@RedHat_Training) March 8, 2016

• dzone.com - The 2015 DZone Guide to Application Security
• The 10 Most Common Application Attacks in Action (April 2015)
• JBossDeveloper - Theft-Proof Java EE - Securing Your Java EE Enterprise Applications
• pyvideo.org: Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities
• What is Baiduspider?
• Estándar de exclusión de robots
• Robots Database

Sawef - Send Attack Web Forms https://t.co/G2r90ecge6 pic.twitter.com/lxTp8HC4xY

— DevOps Guy (@DevopsG) 8 de marzo de 2016

Plecost - Wordpress Vulnerabilities Finder https://t.co/Dc2tOgOP9R pic.twitter.com/DprDrRxvOm

— DevOps Guy (@DevopsG) 8 de marzo de 2016

• Breaking Firewalls with OpenSSH and PuTTY
  • PuTTY: 10 consejos útiles para conexiones SSH
• Punching holes into firewalls. Why firewalls shouldn't be considered a ultimate weapon for network security. Secure TCP-into-HTTP tunnelling guide
• Shellcode Injection: Think twice before granting a shell access

• spamhaus.org
  • Verizon Routing Millions of IP Addresses for Cybercrime Gangs
• The Enigmail project. OpenPGP security for mozilla applications

• LinuxJournal.com: Server Hardening
• tecmint.com: 25 Hardening Security Tips for Linux Servers
• CentOS 7 Server Hardening Guide
• 20 Linux Server Hardening Security Tips
• 20 Linux Server Hardening Security Tips
• Top 20 OpenSSH Server Best Security Practices
• Consejos para endurecer un servidor SSH y hacerlo más seguro

• Next Generation Firewalls

• NTP is Still a Security Risk

• securitychecklist.org
• github.com/gshaw/security-checklist
• Awesome Security Checklist
• 20 Linux Server Hardening Security Tips 🌟🌟🌟
• RED HAT ENTERPRISE LINUX 7 HARDENING CHECKLIST 🌟🌟🌟

Security Checklist For Unix and Linux server #infosec #sysadmin https://t.co/QTwAlEQHOQ

— nixCraft (@nixcraft) 20 de marzo de 2016

• PuTTY vulnerability vuln-ech-overflow. November 2015
• Drupal Hardens Its Security in Response to Criticism. January 2016
• New attacks on Network Time Protocol can defeat HTTPS and create chaos. October 2015
• seguridadapple.com: Las apps bancarias en iOS siguen teniendo debilidades respecto a 2013

PuTTY version 0.67 is released. This is a security update. https://t.co/7MXHcveBM6 #SSH #sysadmin #unix #linux

— nixCraft (@nixcraft) 5 de marzo de 2016

I noticed there is no good visualization of the real Information Security triad, so i made one. You're welcome. #infosec pic.twitter.com/BAJvOIpVsh

— Daniel Schatz (@virturity) 17 de noviembre de 2016

• How I Cracked a Keylogger and Ended Up in Someone's Inbox

• Vulnerability Responses 🌟🌟 Large scale security vulnerabilities like the ones below receive special attention from Red Hat Product Security. In order to create the best experience possible for our customers during these critical moments, a specialized vulnerability page is created within the Red Hat Product Security Center which aggregates information, diagnostic tools, and updates in one easy-to-use interface. This list is a catalog of these pages.

• SQL injection 🌟

• Hot Potato – Windows Privilege Escalation - January 2016
• Stealing your Windows user credentials just with a website 🌟🌟
  • zdnet: Windows flaw lets hackers steal your username and password (video) 🌟🌟
  • zdnet: Microsoft won't fix Windows flaw that lets hackers steal your username and password The flaw, which allows a malicious website to extract user passwords, is made worse if a user is logged in with a Microsoft account.

• Patching the GHOST glibc gethostbyname CVE-2015-0235 bug - January 2015
• Analysis and exploitation of a Linux Kernel vulnerability (CVE-2016-0728) - January 2016
• Serious 0-day CVE-2016-0728 Linux kernel vulnerability released. Apply fix ASAP. How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728 (19/Jan/2016)
• engadget.com: Dirty Cow CVE-2016-5195 Linux exploit gives any user full access in five seconds 🌟🌟🌟 The bug was first spotted by Linus Torvalds 11 years ago, but never patched.

• Heartbleed Detector 🌟
• OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux 🌟🌟
• Fixing Heartbleed with Ansible

• Shellshock: Bash bug 'bigger than Heartbleed' could undermine security of millions of websites – and there's nothing you can do to protect yourself 🌟
• Ansible.com shellshock
• Patch Shellshock with Ansible
• servercheck.in: Secure your servers from Shellshock Bash vulnerability using Ansible
• aroundthecode.org: Ansible - massively fix bash shellshock
• shellshock CVE-2014-6271 fix for ubuntu bash
• community.redhat.com: Critical Bash Security Vulnerability: Update Your Systems Today
• Lynda.com: Protect Your System from the Shellshock Bash Exploit
• Red Hat security blog: Frequently Asked Questions about the Shellshock Bash flaws

• dzone.com - Java Serialization Vulnerability Threatens Millions of Applications . Contrast security is promoting their solution for a vulnerability that affects WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS.
• zdnet.com: Oracle ordered to blitz users with Java security warnings
• dzone.com - This Java Vulnerability Makes Heartbleed Look Tame.Find out what the big deal is with the Java serialization security flaw that the community is buzzing about

• guidovranken.wordpress.com: HTTPS Bicycle Attack
• New HTTPS Bicycle Attack Reveals Details About Passwords, GPS Coordinates

• On the Juniper backdoor
• CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
• Juniper drops NSA-developed code following new backdoor revelations
• SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
• arstechnica.com: Most software already has a “golden key” backdoor: the system update

• LastPass I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass. I call this attack LostPass.
• ZDNet: LastPass phishing attack avoids two-factor authentication in data theft The exploited security flaw is severe enough that successful attacks compromise two-factor authentication codes.

• scriptrock.com: Fixing The New OpenSSH Roaming Bug A bug in a test feature of the OpenSSH client was found to be highly vulnerable to exploitation today, potentially leaking cryptographic keys to malicious attackers. First discovered and announced by the Qualys Security Team, the vulnerability affects OpenSSH versions 5.4 through 7.1.
• OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
• redhat.com: OpenSSH: Information-leak vulnerability (CVE-2016-0777)
• Using Puppet to address the new SSH client vulnerability

• High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic OpenSSL maintainers release update that fixes key-recovery bug. Patch now. People using OpenSSL version 1.0.2 should upgrade to 1.0.2f, while those still using version 1.0.1 should install 1.0.1r.
• New High Severity OpenSSL Vulnerabilities Announced: CVE-2015-0291 & CVE-2015-0204
• OpenSSL 1.0.2g and 1.0.1s security releases due 1st Mar 2016

• Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months

• redhat.com: Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) 🌟
• Linux Vulnerability Rattles Open Source Community
• cisco.com: Vulnerability in GNU glibc Affecting Cisco Products: February 2016

• DROWN: Decrypting RSA using Obsolete and Weakened eNcryption
• DROWN is a new cross-protocol attack that can be used to passively decrypt collected TLS sessions from up-to-date clients by using a server which supports SSLv2text.
• drownattack.com 🌟
• Red Hat Article - DROWN: Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800)
• Red Hat Vulnerability Article
• Patching your systems for DROWN doesn’t have to be a big deal thanks to Ansible
• Don’t DROWN in OpenSSL — use Puppet

• X11Forwarding - OpenSSH Security Advisory All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled.
• OpenSSH Implementations with X11Forwarding Enabled Should Heed Recent Security Update

• livesshattack.net
• livesshattack.net: 3 months and 1 Million SSH attempts later

• nakedsecurity.sophos.com - BadTunnel: a vulnerability all Windows users need to patch

• Severe vulnerabilities discovered in HTTP/2 protocol Four high-profile bugs have been found in the protocol, potentially placing 85 million websites at risk.

• En alza los ataques DDoS y los relacionados con aplicaciones web
• businessinsider.com: Hackers may have just shown how to take down the whole internet

What is a #DDoS attack. As for protecting yourself, put your site on a CDN https://t.co/6y3G7fDsNl pic.twitter.com/g0dBHvyRbt

— Laurent Perche (@Laurent_Perche) 30 de julio de 2016

#DDoSfacts pic.twitter.com/PfCvVvchjh

— Mikko Hypponen (@mikko) 21 de octubre de 2016

• techcrunch.com: It’s Time To Embrace, Not Fear, Shadow IT
• Shadow IT: The Challenge of Efficiency vs Security

Shadow IT is a real risk for #ITsecurity. And if you don’t think it’s happening in your organization, you’re wrong. https://t.co/CfUa5AabP7

— SAP Labs LA (@saplabsla) 4 de marzo de 2016

• httpoxy.org
• redhat: HTTPoxy - CGI "HTTP_PROXY" variable name clash
• nginx: Mitigating the HTTPoxy Vulnerability with NGINX
• nixCraft: How to fix Httpoxy a CGI PHP/Nginx/Apache/Go application vulnerability on Linux or Unix

#httpoxy: A CGI application vulnerability for PHP, Go, Python and others.https://t.co/A7kb7ryIGi

— httpoxy (@httpoxy) 18 de julio de 2016

• Flip Feng Shui
• Paper - Flip Feng Shui: Hammering a Needle in the Software Stack I belive all attacks are targeted at Linux based servers/VMs only. FreeBSD/OpenBSD etc are not affected. The paper talks about KVM. So if you are using Xen or something else you should be safe. Not sure about @CentOS, RHEL & co tho

• Top 10 Data Breaches Of 2015 — A New Year’s Day Retrospective The majority of these (and most) security mishaps are due to misconfigurations and unpatched software — flaws that can be hard to detect in large, heterogeneous environments
• techpageone.co.uk: Top security initiatives for 2016. Encryption is the new “minimum” security
• techpageone.co.uk: The top 5 IT security threats for 2016
• hackercool.com: WordPress version detection with Metasploit

• arstechnica.com: New attack steals SSNs, e-mail addresses, and more from HTTPS pages

• Container scanning: The thinnest of paper tigers
• App Containers Get a Needed Security Boost
• Red Hat Insider: Securing containers before they take over the world
• Containers and security: Docker, Red Hat & Linux: How containers can boost business and save time for developers 🌟
• Adopt Continuous Security With OpenShift – Save Yourself From The Next glibc 🌟
• Linux.com: Fix Bugs, Go Fast, and Update: 3 Approaches to Container Security

.@joshbressers discusses #Linux #security as a fundamental tenet, not a feature (and certainly not an option): https://t.co/Ks8cJMwFin

— Red Hat, Inc. (@RedHatNews) 17 de mayo de 2016

• Project Shield 🌟 Google Releases Project Shield To Fight Against DDoS Attacks
• Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability
• How to mitigate ransomware, DDoS attacks, and other cyber extortion threats

• VeraCrypt
• TrueCrypt
• How to Enable Full-Disk Encryption on Windows 10
• lifehacker.comn - Windows Encryption Showdown: VeraCrypt vs Bitlocker
• Trusted Platform Module (TPM) and BitLocker Drive Encryption
• Trusted Platform Module (TPM) 🌟