Week 48 In Review – 2014

Resources

• Cyberspectrum: Bay Area Software Defined Radio #1 (Nov 2014) HD – youtube.com
  A video of DSP topics relevant to implementation of simple software-defined radios. Focuses on visual explanations of fundamental manipulations of digital signals, including analytic signals, frequency shifting, sampling rates, filtering, and the discrete Fourier transform.

Tools

• HDD firmware tools – github.com
  This repository contains tools for HDD firmware extraction. Tools for viewing and extracting HDD firmware files.

Techniques

• Magnitude Exploit Kit Backend Infrastructure Insight – Part II – blog.spiderlabs.com
  This is another edition of “exposing Magnitude exploit-kit internals”! Trustwave’s SpiderLabs will expose additional features and cool tricks that Magnitude uses, reveal more information about its infrastructure and talk about its implementation in the wild.

Vendor/Software patches

• Adobe Releases Emergency Flash Player Patch – threatpost.com
  Adobe revised a security bulletin it released more than a month ago, adding a patch for a code-execution vulnerability in Flash Player already included in some exploit kits.
  • Adobe Security Bulletin -helpx.adobe.com

Vulnerabilities

• DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS – theregister.co.uk
  An estimated 86 per cent of WordPress websites harbour a dangerous cross-site scripting (XSS) hole in the popular comment system plugin, in what researcher Jouko Pynnonen calls the most serious flaw in five years. The bug could provide a pathway for attacking visitors’ machines.
• Protecting Against Unknown Software Vulnerabilities – blog.sucuri.net
  Once a vulnerability is found and a patch is available, the solution is simple: Apply the patch (by doing an update) and you are now protected. What if you do not know about a specific vulnerability, how do you patch and protect your website?

Other News

• Sony just got hacked, doxxed, and shut down – geek.com
  This didn’t just impact Sony’s Culver City, California offices either. Sony Pictures operations around the globe were taken offline, but not before the hackers made off with huge haul of internal documents.