Events Related

Resources

  • Calculating the score – androidvulnerabilities.org
    We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.

Tools

  • XSSTracer – github.com
    XSSTracer is a small python script that checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection.

Vendor/Software Patches

  • Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
    Adobe and Microsoft on Tuesday each released security updates to remedy critical vulnerabilities in their software. Adobe pushed patches to plug at least 56 security holes present in Adobe Reader and Acrobat, as well as a fix for Flash Player that corrects 13 flaws.

Vulnerabilities

  • Hackers Can Silently Control Siri From 16 Feet Away – www.wired.com
    SIRI MAY BE your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.
  • Reverse shell over SMS (Exploiting CVE-2015-5897) – blog.gdssecurity.com
    In our previous post, we looked at a bug that allowed malware running on OS X to make calls on a user’s iPhone without their knowledge. Apple released a patch to fix this bug in OS X 10.10.5 by adding a check for an entitlement that could only be granted by Apple.

Other News

  • How to become a pentester – www.corelan.be
    Depending on whom you ask this question, you may get different results or may be told to take a specific approach.  With this post, I am trying to formulate my views on this question (with a focus on the process and not so much on the technical aspect), in an attempt to hopefully provide a good starting point for those that find themselves in a similar situation.

 

2017-03-12T17:39:19-07:00 October 18th, 2015|Security Conferences, Security Tools, Security Training, Security Vulnerabilities, Site News, Vendor News, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment