Events Related

  • Pwn2Own 2015: Day One results – h30499.www3.hp.com
    The first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers during today’s competition.

    • Pwn2Own 2015: Day Two results – h30499.www3.hp.com
      The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets and collecting a total of $240,000.
  • Feelin’ good about the future: BSides Austin & SXSW 2015 roundup – community.rapid7.com
    The debate was two hours long so Maria Varmazis is not going to try to summarize everything they said, but instead a highlight.

Resources

  • TROOPERScon – youtube.com
    These are the videos from TROOPERScon2015. Presentations Slides and more from the conference are available here.
  • Central Ohio Infosec Summit 2015 Videos – irongeek.com
    These are the videos from the Central Ohio Infosec Summit conference. You can watch and download the videos from here.

Techniques

Vendor/Software patches

Vulnerabilities

  • Rush To Release Resulting In Vulnerable Mobile Apps – darkreading.com
    IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds. IT organizations at large companies on average spend about $34 million on developing mobile applications for their customers. But because of the rush to get them into the hands of users as quickly as possible, many companies fail to first scan the products for security vulnerabilities.
  • Target To Settle Data Breach Lawsuit For $10 Million – darkreading.com
    Individuals who can prove financial damage can receive up to $10,000 under proposed deal.
  • Premera Hacked – 4 Key Takeaways From Another Healthcare Data Grab – blog.fortinet.com
    Bank account information. Physical addresses. Email addresses. Social Security numbers. Clinical information…All exposed in the latest healthcare cyberattack. This time the target was Premera Blue Cross, a Pacific Northwest health insurer, which reported Tuesday that up to 11 million patient records had been breached.
  • Cross-Site Scripting Vulnerability Discovered In WordPress Photo Gallery Plugin – blog.fortinet.com
    FortiGuard Labs disclosed a vulnerability in the WordPress Photo Gallery plugin that could potentially be used to gather information from system administrators.