• HackerOne Connects Hackers With Companies, and Hopes for a Win-Win –
    HackerOne is a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers who are looking to solve problems rather than cause them. They hope their outfit can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
  • A DBIR Attack Graph Web App! –
    The DBIR Attack Graph Web App is meant to make analyzing DBIR attack graphs simple enough anyone can do it! To learn about the DBIR Attack Graph Web App, watch the tutorial video here.
  • AppSecEU 2015 –
    These are the videos from AppSec Europe 2015 in Amsterdam, Netherlands. You can watch and download the videos from here.
  • ShowMeCon 2015 Videos –
    These are the videos ShowMeCon 2015. You can watch and download the videos from here.
  • What exactly is Duqu 2.0? –
    Duqu, a very complex and modular malware platform thought to have gone dark in late 2012, has made its appearance within the environment of Kaspersky Labs. Dubbed “Duqu 2.0” by Kaspersky, the level of complexity found within the malware represents a high level of sophistication, skill, funding and motivation seen by nation-sponsored actors.
  • Wassenaar Arrangement – Frequently Asked Questions –
    The purpose of this post is to help answer questions about the Wassenaar Arrangement. You can find the US proposal for implementing the Arrangement and an accompanying FAQ from the Bureau of Industry and Security (BIS) here.


  • NOPC version 0.4.5 released –
    NOPC, the Nessus-based offline Unix patch checker has had some changes made and been made available in the tools section. This article discusses the new features in detail and provides some working examples.


  • Blind Return Oriented Programming –
    In this blog post you will have a look at some important steps of the Blind Return Oriented Programming (BROP), a state-of-the-art exploitation technique.

Vendor/Software patches

  • Escaping VMware Workstation through COM1 –
    These bugs are subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will be made available to the public.
  • PowerShell ♥ the Blue Team –
    In this post, PowerShell Team will discuss some important advances they have made in scripting security and protection in the preview versions of PowerShell version 5, and Windows 10.
  • Adobe, Microsoft Issue Critical Security Fixes –
    Adobe released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.


  • This code can hack nearly every credit card machine in the country –
    An attacker can gain complete control of a store’s credit card readers, potentially allowing them to hack into the machines and steal customer’s payment data. This latest discovery comes from researchers at Trustwave, a cybersecurity firm.
  • Kaspersky Lab cybersecurity firm is hacked –
    One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers. Kaspersky Lab said it believed the attack was designed to spy on its newest technologies.
  • Security Advisory: Object Injection Vulnerability in WooCommerce –
    During a routine audit for Sucuriblog’s WAF, they discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server.
  • Serious iOS bug makes it easy to steal users’ iCloud passwords –
    A security researcher has published attack code he said makes it easy to steal the iCloud passwords of people using the latest version of Apple iOS for iPhones and iPads. Researcher publishes proof-of-concept code demonstrating how attack works.

Other News


  1. […] post Week 24 In Review – 2015 appeared first on Infosec […]

  2. […] post Week 24 In Review – 2015 appeared first on Infosec […]

  3. konya düğün salonu July 27, 2015 at 4:22 am

    thank you. great sharing.

Leave A Comment