This year marked the 23rd DefCon, the hacker conference that began as an informal gathering for hackers to meet in person and party in the desert.
- Imploding Barrels and Other Highlights From Hackfest DefCon – www.wired.com
- I spent the week with over 20,000 hackers in Las Vegas — here’s what I saw – www.techinsider.io
- Here is how you learn to hack a car – www.washingtonpost.com
- The End of the Internet Dream – medium.com
In 20 years, the Web might complete its shift from liberator to oppressor. It’s up to us to prevent that.
- Modern Windows Exploit Development – expdev-kiuhnm.rhcloud.com
- BinNavi – github.com
BinNavi is a binary analysis IDE – an environment that allows users to inspect, navigate, edit, and annotate control-flow-graphs of disassembled code, do the same for the callgraph of the executable, collect and combine execution traces, and generally keep track of analysis results among a group of analysts.
- The PenTesters Framework (PTF) 1.0 Released – www.trustedsec.com
If you are new to PTF, it is a framework that is designed to keep all of your penetration testing tools up-to-date.
- Bad AS – More on Broken JBoss Configurations – breenmachine.blogspot.com
It’s been a while since I’ve posted anything about JBoss. Once in a while I still get an email or IM about someone trying to use the exploit code released here or in the “clusterd” framework against a JBoss instance that should be vulnerable, but seems to fail when the payload attempts to deploy.
Vendor / Software Patches
- Microsoft Patch for IE.
Microsoft has issued an emergency update for its Internet Explorer browser to patch a critical vulnerability attackers are actively exploiting to install malware on targeted computers.
- MS15-093 – OOB fix for Internet Explorer – community.qualys.com
- Microsoft issues emergency patch for critical IE bug under active exploit – arstechnica.com
- Microsoft Pushes Emergency Patch for IE – krebsonsecurity.com
- iOS storing enterprise credentials in directory anyone can read – www.theregister.co.uk
Security bod Kevin Watkins says Apple is storing enterprise credentials in a readable-by-anybody directory that is ripe for data theft.
- Nasty Cisco Attack – www.schneier.com
Cisco Systems officials are warning customers of a series of attacks that completely hijack critical networking gear by swapping out the valid ROMMON firmware image with one that’s been maliciously altered.
- WordPress Compromises Behind Spike in Neutrino EK Traffic – threatpost.com
Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said. In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlier.
- One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation – googleprojectzero.blogspot.com
This is the final part #4 of the “One font vulnerability to rule them all” blog post series.
- Ashley Madison Hack
Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.
- Hackers Finally Post Stolen Ashley Madison Data – www.wired.com
- Ashley Madison hack is not only real, it’s worse than we thought – arstechnica.com
- Ashley Madison Hackers Speak Out: ‘Nobody Was Watching’ – motherboard.vice.com
- 10 years after his epic MySpace hack, Samy Kamkar is trying to turn hackers into heroes – fusion.net
Kamkar may seem overly confident in his hacking abilities. But he’s got a history to back up his bravado.
- com Hacked! Credit Card information of 93,000 Customers Compromised – thehackernews.com
The company on Tuesday confirmed that some unknown hackers had breached one of its computer systems on August 13, 2015, and accessed personal information of nearly 93,000 customers.