Table of Contents

• Security
  • Awesome Security Lists
  • CVE Common Vulnerabilities and Exposures
  • OWASP Open Web Application Security Project
  • Seguridad Web
  • OpenSCAP and Lynis. Open Source security auditing tools
  • Cisco Security Advisories and Responses
  • Security Blogs - Security articles
    • Blogs de Seguridad Informática
    • Network Security
  • Security on Twitter
    • Seguridad en Twitter
  • Security Podcasts
  • Security Toolkits and Policies. Penetration Testing
  • Antivirus and malware
  • Mobile Security
  • Private Browsing
  • HTTPs and HSTS
  • Database encryption
  • Identity Management
  • Big Data Security
  • Application Security: Web App Firewall. Blocking bots
  • Breaking Firewalls, Shellcode Injection, SQL Injection
  • Email security. Anti Spam protection
  • Server Hardening
  • Next Generation Firewalls
  • Security Checklist
  • Major Security Vulnerabilities
    • Keyloggers
    • Red Hat Vulnerabilities Catalog. Red Hat CVE Database.
    • SQL injection
    • Windows Vulnerabilities
    • Linux Vulnerabilities
    • Heartbleed. April 2014
    • Shellshock. September 2014
    • Java Serialization Vulnerability. November 2015
    • HTTPS Bicycle Attack. December 2015
    • Backdoors. December 2015
    • LastPass. January 2016
    • OpenSSH Roaming Bug. January 2016
    • OpenSSL. January 2016
    • Linode SSH. February 2016
    • glibc stack based buffer overflow. February 2016
    • DROWN Attack. Cross protocol attack on TLS using SSLv2. March 2016
    • OpenSSH Security Advisory. March 2016
    • SSH attempts
    • Bad Tunnel. June 2016
    • DDos
    • Shadow IT security risks
  • Top security initiatives for 2016
    • Container security. Who’s fixing containers? February 2016
    • DDos and Project Shield. February 2016
    • Disk Encryption

RT @cloudsa: Want to know what the future holds for #cloudsecurity? Listen to @EMEACloudGuy's & @jimreavis's chat: https://t.co/R9GYrRr2ix

— Red Hat EMEA (@RedHatEMEA) 5 de marzo de 2016

Dave vs Security: This is why you automate security into your process. #cybersecurity #devops #secops pic.twitter.com/H3Nn0GAGt5

— Greg Bledsoe (@geek_king) 31 de mayo de 2016

How to Apply DevOps Culture to Security#DevOpshttps://t.co/8UMlDqKahE

via #MVB @petecheslock pic.twitter.com/RBpCxGDsTQ

— DZone (@DZone) 27 de junio de 2016

Josh, how does Red Hat deal with security issues?#CUBEgems @joshbressers @RedHatNews #RHSummit #theCUBE pic.twitter.com/nvCSCG1pT6

— theCUBE (@theCUBE) 29 de junio de 2016

Cover up your laptop camera right nowhttps://t.co/3Orx88WqEH

— Tech Insider (@techinsider) 29 de junio de 2016

• awesome security
• awesome security talks
• awesome penetration testing
• awesome android security

• Common Vulnerability Enumeration is a repository of security software flaws managed by NIST in the National Vulnerability Database (NVD) as part of SCAP (Security Content Automation Protocol)
• CVE database: Common Vulnerabilities and Exposures 🌟🌟🌟 The Standard for Information Security Vulnerability Names
  • CVE List Main Page
• National Vulnerability Database 🌟
  • Search CVE and CCE Vulnerability Database 🌟
• SCAP (Security Content Automation Protocol)

• owasp.org 🌟🌟 The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
• OWASP Testing Project
• Guía de pruebas de OWASP 3.0
• OWASP Testing Guide v4.0. Guia de seguridad en aplicaciones Web
• OWASP Testing Guide v4 Table of Contents 🌟🌟

• acens.com - White Paper: Mejora la seguridad web con estas 10 recomendaciones 🌟🌟

• OpenSCAP and Lynis. Open Source security auditing tools 🌟🌟🌟🌟

• Cisco Security Advisories and Responses 🌟🌟🌟

• HaCoder.com 🌟
• seclists.org 🌟
• ehacking.net 🌟
• Sucuri Blog 🌟
• linux-audit.com 🌟🌟 Linux security: Auditing, Hardening and Compliance
• Blackmoreops.com 🌟
• Red Hat Security Blog 🌟
• k4linux.com Kali Linux 2.0 tutorials Technology and News of penetration testing and security Hacking Wifi Facebook Website.
• net-security.org
• livesshattack.net 🌟
• arstechnica.com/security
• foxglovesecurity.com
• securityzap.com
• Dark Reading
• Red Hat Security
• Security Intelligence
• hackershandbook.org
• Hacker News
• Guido Vranken
• seancassidy.me
• youtube playlist: Dell Security
• blog.cryptographyengineering.com
• eweek.com/security
• CSO: Security news, features and analysis about prevention, protection and business innovation
• peerlyst Professional Community platform for Information Security
• Network Security - NetSecNow
  • NetSecNow on Youtube
• hacking-etico.com
• Hack In The Box Security Conference 🌟
• infosecurity-magazine.com 🌟🌟

6 cybersecurity and emergency situations every IT depart should train for https://t.co/bXt7mDf9BA by @patgrayjr pic.twitter.com/gvGygVZGVc

— TechRepublic (@TechRepublic) 27 de junio de 2016

• Cybersecurity isn’t Rocket Science!

• elladodelmal.com - Chema Alonso
• hackplayers.com
• seguridadapple.com

• tunnelsup.com
• Why Choose Bro?

• twitter.com/LinuxSec
• twitter.com/linuxs3c
• twitter.com/HackerNews

• twitter.com/Cryptodata Informático enamorado del software libre. Seguridad, administración de sistemas.
• twitter.com/chemaalonso

Facebook, Google, and WhatsApp are all planning to increase encryption https://t.co/K0Roq7nENd pic.twitter.com/fK9xhW3jx5

— BI Tech (@SAI) 14 de marzo de 2016

#Linux Webserver #Security is out! https://t.co/UcwrNmJIEm Stories via @Dinosn @sidekickhelps @Akwelz

— Linux Security News (@LinuxSec) febrero 15, 2016

El lado del mal - ¿Por qué sale el candado rojo en los mensajes de Gmail? https://t.co/Qd1sxGy87E #Gmail }:) pic.twitter.com/EwQZUYPOuB

— Chema Alonso (@chemaalonso) febrero 11, 2016

.@chemaalonso @LaVanguardia "internet es tan seguro como lo es el mundo hoy en día " pic.twitter.com/aFMen7nErc

— Diego Ruiz Moreno (@diegodron) 12 de marzo de 2016

SMShing para robar tu 2nd Factor Authentication en tus cuentas Google o Apple #SMShing https://t.co/IujqX1ZZOb }:) pic.twitter.com/U6TrIMFZdO

— Chema Alonso (@chemaalonso) 5 de junio de 2016

Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC

— Alex MacCaw (@maccaw) 4 de junio de 2016

For you Wi-Fi nerds: A visual representation of WEP security on WLAN's. pic.twitter.com/Q5Sh9t7x3I

— Michael Dorman (@_mdorman) 3 de junio de 2016

New SonicAlert: Microsoft Windows™ OS HTTP User-Agents (1/29/2016) by @DellSecurity Threats Research: https://t.co/hkm4abXYd4

— Dell Security (@DellSecurity) febrero 1, 2016

The best way to visualize encryption to those who don't understand it over the Internet. Key Exchange https://t.co/6fwikgx9jc #security

— nixCraft (@nixcraft) febrero 19, 2016

Who's fixing containers? https://t.co/vltcct17s7 #glibc #ITsecurity #containers

— Open Source Way (@opensourceway) febrero 19, 2016

Why we use adblockers: 'We need to have more control over what we're exposed to' https://t.co/TvMoWgAExA pic.twitter.com/s6uwF5cPqh

— The Guardian (@guardian) 10 de marzo de 2016

3 months and 1 Million SSH attempts later https://t.co/3Mst0W0K44 #openssh #openbsd #unix #linux #opensource #linux #infosec #security

— nixCraft (@nixcraft) 21 de marzo de 2016

Security Virtualisation - what is it? https://t.co/agayoDZlvR #sdn #nfv @NatilikSEC

— James Talbot (@jamesrtalbot) 25 de mayo de 2016

"Securing Your Virtual Environment" https://t.co/IJXr5RfNnZ #RedHatConsulting #RedHat

— Jose Simonelli (@ubercloud) 14 de junio de 2016

• phoneboy.com

• Security Toolkits and Policies. Penetration Testing

• Bitdefender
• GData
• Avast
• Independent Tests of Antivirus Software
• wikipedia: Comparison of antivirus software
• tomsguide.com: Best Antivirus Software and Apps 2016
• Here is the 2015 list of the top 50 software products in order of total distinct vulnerabilities
• For the first time, Mac users have to worry about malware that locks their computer and demands a ransom
• Eastern European Cyber Crooks Raid US Banks For $4 Million In Just 3 Days
• Microsoft’s Windows 10 Wants To Replace Your PC Antivirus With WDATP
• nakedsecurity.sophos.com
  • nakedsecurity.sophos.com - Anatomy of an exploit: the Microsoft Word bug that just won’t die
• Trendmicro: ¿Qué es el ransomware? 🌟🌟🌟
• Malware hits millions of Android phones

More info on Transmission app and new Mac ransomware https://t.co/z54gbNicbi via @aallan

VirusTotal has more info https://t.co/s4LWzSTfsG

— nixCraft (@nixcraft) 6 de marzo de 2016

Los 8 tipos de #malware más peligrosos para pymes y autónomos. https://t.co/6KuN7ti8L8 pic.twitter.com/v73IsCes0U via @ticbeat

— Derecho de la Red (@DerechodelaRed) 25 de junio de 2016

• Zeef: Mobile Security

• Private Browsing - Use Firefox without saving history
• Qué saben de ti las ‘cookies’ y nueve preguntas más

• HTTPs and HSTS

• Wikipedia: Database encryption
• dba.stackexchange.com - encryption tag

• FreeIPA.org – an open-source project sponsored by Red Hat 🌟🌟
  • Wikipedia FreeIPA
• rhelblog.redhat.com - Ten New Identity Management (IdM) Features in Red Hat Enterprise Linux 7.1
• redhat.com - Improvements to Identity Management (IdM) in RHEL 7.1
• Dell Authentication Services
• Centrify
• Employees have no qualms in selling corporate passwords
• Are their any valid Active Directory Alternatives?
• Active Directory Single Sign-On (SSO) on AWS with Bitium
• Announcing Managed Microsoft Active Directory in the AWS Cloud
• Apache Syncope, Open Source Identity Management software
• Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management
• Open source identity management 20121106 - apache con eu
• community.dell.com: Is there anything that is a bigger waste of IT time than password resets?
• cityam.com: "Password", "123456" and "qwerty": These are the world's 25 worst passwords of 2015
• linux.com: 5 SSH Hardening Tips 🌟🌟🌟
• Most IT pros have seen potentially embarrassing information about their colleagues
• techvisionresearch.com: The future of Identity Management
• nixCraft: How to paste password easily when pasting into password input fields disabled on Google Chrome 🌟
• Single sign-on improvements in Fedora 24 🌟
• Visionary Trends of Identity Access Management (IAM) Security
• DZone: 11 Steps to Secure Your Servers Part 3 & 4: Login and Securing Passwords 🌟 Parts 3 and 4 of a series of posts on server security from Inversoft's 2016 Guide to User Data Security.

Red Hat Identity Manager: Part 1 – Overview and Getting started https://t.co/b6HOQO4dVU

— RHELdevelop (@RHELdevelop) 29 de abril de 2016

Forcing users to change their passwords may do more harm than good https://t.co/7F4SjQDQMF @jackschofield pic.twitter.com/cyTv9smkpH

— ZDNet (@ZDNet) 5 de marzo de 2016

Top 11 AWS IAM Best Practices https://t.co/VnLgDpCo5c

— Gin soaked boy (@integralist) enero 28, 2016

Big news: We acquired Critical Path making us undisputed leader in white-label messaging systems #acquisition #pe http://t.co/ekq2da5Thr

— Openwave Messaging (@owMessaging) 4 de diciembre de 2013

Cable/broadband operators fear losing content to OTT players but still take the risk says Incognito Software survey http://t.co/VjVL3DRorO

— Openwave Messaging (@owMessaging) 2 de agosto de 2013

• [2014] Big Data y Privacidad por Chema Alonso
• Panopticlick.eff.org: Is your browser safe against tracking?

Take these steps to adopt a big data approach to security | https://t.co/YeanSkcT8R pic.twitter.com/vrsnN3luTA

— Red Hat Training (@RedHat_Training) March 8, 2016

• dzone.com - The 2015 DZone Guide to Application Security
• The 10 Most Common Application Attacks in Action (April 2015)
• JBossDeveloper - Theft-Proof Java EE - Securing Your Java EE Enterprise Applications
• pyvideo.org: Let's Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulnerabilities
• What is Baiduspider?
• Estándar de exclusión de robots
• Robots Database

Sawef - Send Attack Web Forms https://t.co/G2r90ecge6 pic.twitter.com/lxTp8HC4xY

— DevOps Guy (@DevopsG) 8 de marzo de 2016

Plecost - Wordpress Vulnerabilities Finder https://t.co/Dc2tOgOP9R pic.twitter.com/DprDrRxvOm

— DevOps Guy (@DevopsG) 8 de marzo de 2016

• Breaking Firewalls with OpenSSH and PuTTY
  • PuTTY: 10 consejos útiles para conexiones SSH
• Punching holes into firewalls. Why firewalls shouldn't be considered a ultimate weapon for network security. Secure TCP-into-HTTP tunnelling guide
• Shellcode Injection: Think twice before granting a shell access

• spamhaus.org
  • Verizon Routing Millions of IP Addresses for Cybercrime Gangs
• The Enigmail project. OpenPGP security for mozilla applications

• LinuxJournal.com: Server Hardening
• tecmint.com: 25 Hardening Security Tips for Linux Servers
• CentOS 7 Server Hardening Guide
• 20 Linux Server Hardening Security Tips
• 20 Linux Server Hardening Security Tips
• Top 20 OpenSSH Server Best Security Practices
• Consejos para endurecer un servidor SSH y hacerlo más seguro

• Next Generation Firewalls

• securitychecklist.org

Security Checklist For Unix and Linux server #infosec #sysadmin https://t.co/QTwAlEQHOQ

— nixCraft (@nixcraft) 20 de marzo de 2016

• PuTTY vulnerability vuln-ech-overflow. November 2015
• Drupal Hardens Its Security in Response to Criticism. January 2016
• New attacks on Network Time Protocol can defeat HTTPS and create chaos. October 2015
• seguridadapple.com: Las apps bancarias en iOS siguen teniendo debilidades respecto a 2013

PuTTY version 0.67 is released. This is a security update. https://t.co/7MXHcveBM6 #SSH #sysadmin #unix #linux

— nixCraft (@nixcraft) 5 de marzo de 2016

• How I Cracked a Keylogger and Ended Up in Someone's Inbox

• Vulnerability Responses 🌟🌟 Large scale security vulnerabilities like the ones below receive special attention from Red Hat Product Security. In order to create the best experience possible for our customers during these critical moments, a specialized vulnerability page is created within the Red Hat Product Security Center which aggregates information, diagnostic tools, and updates in one easy-to-use interface. This list is a catalog of these pages.

• SQL injection 🌟

• Hot Potato – Windows Privilege Escalation - January 2016

• Patching the GHOST glibc gethostbyname CVE-2015-0235 bug - January 2015
• Analysis and exploitation of a Linux Kernel vulnerability (CVE-2016-0728) - January 2016
• Serious 0-day Linux kernel vulnerability released. Apply fix ASAP. How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728 (19/Jan/2016)

• Heartbleed Detector 🌟
• OpenSSL CVE-2014-0160 Heartbleed bug and Red Hat Enterprise Linux 🌟🌟
• Fixing Heartbleed with Ansible

• Shellshock: Bash bug 'bigger than Heartbleed' could undermine security of millions of websites – and there's nothing you can do to protect yourself 🌟
• Ansible.com shellshock
• Patch Shellshock with Ansible
• servercheck.in: Secure your servers from Shellshock Bash vulnerability using Ansible
• aroundthecode.org: Ansible - massively fix bash shellshock
• shellshock CVE-2014-6271 fix for ubuntu bash
• community.redhat.com: Critical Bash Security Vulnerability: Update Your Systems Today
• Lynda.com: Protect Your System from the Shellshock Bash Exploit
• Red Hat security blog: Frequently Asked Questions about the Shellshock Bash flaws

• dzone.com - Java Serialization Vulnerability Threatens Millions of Applications . Contrast security is promoting their solution for a vulnerability that affects WebLogic, WebSphere, JBoss, Jenkins, and OpenNMS.
• zdnet.com: Oracle ordered to blitz users with Java security warnings
• dzone.com - This Java Vulnerability Makes Heartbleed Look Tame.Find out what the big deal is with the Java serialization security flaw that the community is buzzing about

• guidovranken.wordpress.com: HTTPS Bicycle Attack
• New HTTPS Bicycle Attack Reveals Details About Passwords, GPS Coordinates

• On the Juniper backdoor
• CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
• Juniper drops NSA-developed code following new backdoor revelations
• SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
• arstechnica.com: Most software already has a “golden key” backdoor: the system update

• LastPass I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass. I call this attack LostPass.
• ZDNet: LastPass phishing attack avoids two-factor authentication in data theft The exploited security flaw is severe enough that successful attacks compromise two-factor authentication codes.

• scriptrock.com: Fixing The New OpenSSH Roaming Bug A bug in a test feature of the OpenSSH client was found to be highly vulnerable to exploitation today, potentially leaking cryptographic keys to malicious attackers. First discovered and announced by the Qualys Security Team, the vulnerability affects OpenSSH versions 5.4 through 7.1.
• OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
• redhat.com: OpenSSH: Information-leak vulnerability (CVE-2016-0777)
• Using Puppet to address the new SSH client vulnerability

• High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic OpenSSL maintainers release update that fixes key-recovery bug. Patch now. People using OpenSSL version 1.0.2 should upgrade to 1.0.2f, while those still using version 1.0.1 should install 1.0.1r.
• New High Severity OpenSSL Vulnerabilities Announced: CVE-2015-0291 & CVE-2015-0204
• OpenSSL 1.0.2g and 1.0.1s security releases due 1st Mar 2016

• Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months

• redhat.com: Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547) 🌟
• Linux Vulnerability Rattles Open Source Community
• cisco.com: Vulnerability in GNU glibc Affecting Cisco Products: February 2016

• DROWN: Decrypting RSA using Obsolete and Weakened eNcryption
• DROWN is a new cross-protocol attack that can be used to passively decrypt collected TLS sessions from up-to-date clients by using a server which supports SSLv2text.
• drownattack.com 🌟
• Red Hat Article - DROWN: Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800)
• Red Hat Vulnerability Article
• Patching your systems for DROWN doesn’t have to be a big deal thanks to Ansible
• Don’t DROWN in OpenSSL — use Puppet

• X11Forwarding - OpenSSH Security Advisory All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled.
• OpenSSH Implementations with X11Forwarding Enabled Should Heed Recent Security Update

• livesshattack.net
• livesshattack.net: 3 months and 1 Million SSH attempts later

• nakedsecurity.sophos.com - BadTunnel: a vulnerability all Windows users need to patch

• En alza los ataques DDoS y los relacionados con aplicaciones web

• techcrunch.com: It’s Time To Embrace, Not Fear, Shadow IT
• Shadow IT: The Challenge of Efficiency vs Security

Shadow IT is a real risk for #ITsecurity. And if you don’t think it’s happening in your organization, you’re wrong. https://t.co/CfUa5AabP7

— SAP Labs LA (@saplabsla) 4 de marzo de 2016

• Top 10 Data Breaches Of 2015 — A New Year’s Day Retrospective The majority of these (and most) security mishaps are due to misconfigurations and unpatched software — flaws that can be hard to detect in large, heterogeneous environments
• techpageone.co.uk: Top security initiatives for 2016. Encryption is the new “minimum” security
• techpageone.co.uk: The top 5 IT security threats for 2016

• Container scanning: The thinnest of paper tigers
• App Containers Get a Needed Security Boost
• Red Hat Insider: Securing containers before they take over the world
• Containers and security: Docker, Red Hat & Linux: How containers can boost business and save time for developers 🌟
• Adopt Continuous Security With OpenShift – Save Yourself From The Next glibc 🌟

.@joshbressers discusses #Linux #security as a fundamental tenet, not a feature (and certainly not an option): https://t.co/Ks8cJMwFin

— Red Hat, Inc. (@RedHatNews) 17 de mayo de 2016

• Project Shield 🌟 Google Releases Project Shield To Fight Against DDoS Attacks

• VeraCrypt
• TrueCrypt
• How to Enable Full-Disk Encryption on Windows 10