This blogpost details a flaw in Lastpass' Google auth-like app (not their main vault application). They took over 6 months to fix it. In a blogpostLastpass says that's because this app isn't part of the standard bug bounty program, which means no process was available for vulnerability reports. Way to go guys.
It was found that 300,000 passwords, email addresses and usernames were leaked. They've taken the site offline for now until they can fix it.
The speakers expose their status and configuration pages to the outside world, meaning someone on your Wifi or online (if you expose your speaker to the Internet for some weird reason) could use it for reconnaissance. Or pranks apparently, by playing ghost noises for example ^^
It's an app that alerts you of things like movement and sound. It's meant, for example, to monitor the safety of the hardware you left in your hotel room.
More and more websites embed scripts that trigger the visitor to mine cryptocurrencies for them (also known as 'cryptojacking'). Opera will add a feature, dubbed 'NoCoin', to prevent this.
Good news, as they previously only supported SMS-based 2fa, which can be subject to spoofing.
He makes the excellent point that even if your login page is HTTPS secured, your landing page needs to be as well if you don't want a man-in-the-middle attack to redirect the 'login' button to a phishing site. Seems obvious, because it is, but easy to neglect.
Great list of security measures one can take in GSuite to prevent phishing attacks. Including some I didn't know about yet, like a Chrome extension that detects the use of Google credentials on non-Google sites.
An older article, but I found it a fun read to get an idea how one tackles a CTF (Capture The Flag) exercise in a hacker conference.
This seems like a pretty cool thing to try out. It's a framework where you essentially write feature tests for your application, but focused on security. Things like "when I launch an nmap scan, I should see <x>".
Watch this technical demo by Netsparker's CEO Ferruh Mavituna, during which he explains the blind XSS and second order vulnerabilities and also shows how attackers can exploit them.