Events Related
- Pwn2Own 2015: Day One results – h30499.www3.hp.com
The first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers during today’s competition.- Pwn2Own 2015: Day Two results – h30499.www3.hp.com
The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets and collecting a total of $240,000.
- Pwn2Own 2015: Day Two results – h30499.www3.hp.com
- Feelin’ good about the future: BSides Austin & SXSW 2015 roundup – community.rapid7.com
The debate was two hours long so Maria Varmazis is not going to try to summarize everything they said, but instead a highlight.
Resources
- TROOPERScon – youtube.com
These are the videos from TROOPERScon2015. Presentations Slides and more from the conference are available here. - Central Ohio Infosec Summit 2015 Videos – irongeek.com
These are the videos from the Central Ohio Infosec Summit conference. You can watch and download the videos from here.
Techniques
- Weekly Metasploit Wrapup: Stageless Meterpreter and the Revenge of Stuxnet – community.rapid7.com
If you’re fine with a much larger file size, these Stageless Metepreters should come in pretty handy. There’s quite a few upsides to this technique, but Tod Beardsley doesn’t want to give away any spoilers there quite yet.
Vendor/Software patches
- Yoast Google Analytics Plugin Patches XSS Vulnerability – threatpost.com
Yoast on Thursday patched a cross-site scripting vulnerability in its Google Analytics WordPress plugin that was ripe for remote code execution.
Vulnerabilities
- Rush To Release Resulting In Vulnerable Mobile Apps – darkreading.com
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds. IT organizations at large companies on average spend about $34 million on developing mobile applications for their customers. But because of the rush to get them into the hands of users as quickly as possible, many companies fail to first scan the products for security vulnerabilities. - Target To Settle Data Breach Lawsuit For $10 Million – darkreading.com
Individuals who can prove financial damage can receive up to $10,000 under proposed deal. - Premera Hacked – 4 Key Takeaways From Another Healthcare Data Grab – blog.fortinet.com
Bank account information. Physical addresses. Email addresses. Social Security numbers. Clinical information…All exposed in the latest healthcare cyberattack. This time the target was Premera Blue Cross, a Pacific Northwest health insurer, which reported Tuesday that up to 11 million patient records had been breached. - Cross-Site Scripting Vulnerability Discovered In WordPress Photo Gallery Plugin – blog.fortinet.com
FortiGuard Labs disclosed a vulnerability in the WordPress Photo Gallery plugin that could potentially be used to gather information from system administrators.
[…] post Week 13 In Review – 2015 appeared first on Infosec […]