Resources

Tools

  • New Tool: The PenTesters Framework (PTF) Released – trustedsec.com
    TrustedSec is proud to announce the release of the PenTesters Framework (PTF). PTF is a Python script designed for Debian/Ubuntu (plans on expanding to more) based distributions to create a similar and familiar distribution for Penetration Testing.

Vendor/Software patches

  • Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
    Microsoft issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat.

Vulnerabilities

  • CVE-2015-1701 – github.com
    Win32k LPE vulnerability used in APT attack. FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows.
  • VENOM, CVE-2015-3456 – venom.crowdstrike.com
    VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.

Other News

  • FBI Hacker Hunt Goes ‘Wild West’ – bankinfosecurity.com
    How much money would it take for you to rat out a member of a Russian organized crime gang? The U.S. government is currently offering “a reward of up to $3 million for information leading to the arrest and/or conviction of Evgeniy Mikhailovich Bogachev.