Events Related:
- T2’09 Challenge – f-secure.com
Solve the puzzle and win; you can win with Speed or Style.
Tools:
- Dranzer v1.9.1 – sourceforge.net/projects/dranzer/
CERT developed this open source tool so that software developers can test ActiveX controls for vulnerabilities.
Techniques:
- Web Application Scanning Using Nessus Video – tenablesecurity.com
Scanning web applications with Nessus offers the end user several new configuration options in the Nessus client. - SubSeven is back after hiatus – vrt-sourcefire.blogspot.com
The infamous backdoor SubSeven is back. - Pass the Hash Metasploit Demo – room362.com
Here is a quick no nonsense PTH video I made for the guys over at SecurityAegis. - MonSoen.py – sensepost.com
WinGate proxy includes a remote management agent which is accessed via a client utility called GateKeeper. - Cross-protocol XSS with non-standard service ports – i8jesus.com
If the input contains JavaScript, the browser will execute it in the target origin.
Vendor/Software Patches:
- Google patches severe Chrome vulnerabilities – cnet.com
Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person’s computer.
Other News:
- How Hackers Snatch Real-Time Security ID Numbers – nytimes.com
By going real time, hackers now can get around some of the roadblocks that companies have put in their way. - A Lawsuit Tries to Get at Hackers Through the Banks They Attack – nytimes.com
The suit by Unspam Technologies was filed in United States District Court for the Eastern District of Virginia. - Voters Attack Chicago’s Billion Dollar Deal – courthousenews.com
A voter group has challenged Chicago’s $1 billion, 75-year lease of its parking meters to a Morgan Stanley private investment group. - Google Safe-Browsing and Chrome Privacy Leak – ha.ckers.org
Safe Browsing is designed to protect you from phishing and malware sites by using a blacklist approach that gets downloaded to your browser on a regular basis. - Cisco Wireless LANs vulnerable to attack.
Researchers at AirMagnet discovered the vulnerability, which affects all lightweight Cisco wireless access points.- Cisco wireless LANs at risk of attack, ‘skyjacking’ – cnet.com
- Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs – darkreading.com
- Tighter Security Urged for Businesses Banking Online – washingtonpost.com
An industry group sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. - Twitter security hole can snatch your data.
Found by David Naylor, the vulnerability exploits an issue with a recently added an HTML tag to all of their links.- The Twitter Exploit That Could Have Stolen Your Info and Much, Much More – ivonson.com
- Twitter fails to block Cross Site Scripting flaw – h-online.com
- Attack Of The Tweets: Major Twitter Flaw Exposed – darkreading.com
- Massive Twitter Cross-Site Scripting Vulnerability – davidnaylor.co.uk
- The New Threat to Oil Supplies: Hackers – foreignpolicy.com
Prosecutors say a contractor hacked into a shore-to-rig communications network that detected oil leaks. - WPA can now be broken
The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA encryption system.- New attack cracks common Wi-Fi encryption in a minute – networkworld.com
- Attack on WPA refined – h-online.com
- Credit unions getting suspicious letters and CDs
Member credit unions evidently are reporting receiving letters which include two CDs.- Malicious CD ROMs mailed to banks – isc.sans.org
- Hackers mailing malware-infested CDs to banks – zdnet.com
- Apache Site Hacked Through SSH Key Compromise – threatpost.com
The main site of the Apache Software Foundation was compromised on Friday through an attack using a compromised SSH key. - Yahoo! Local was hacked – slaviks-blog.com
It turns out that Yahoo! Local was using MySQL 5 and was not securely configured (allowing load_file).
Leave A Comment