Resources
- Circle City Con 2015 Videos – irongeek.com
These are the Circle City Con videos. You can watch and download the videos from here. - LastPass Security Notice – blog.lastpass.com
LastPass want to assure their users that their cyberattack response worked as designed. They have received many questions so they want to take a moment and provide additional clarifications. - CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root – seclists.org
This is CVE-2015-1328 which allows a local root privilege escalation in the default configuration on all currently supported versions of Ubuntu. - Why you should fear the new regulations more than you think – lists.immunityinc.com
There were a few very telling moments in the BIS phone call on June 17 about the new proposed “Cyber” regulations. Some major strategic problems are still there, which you should be worried about. - Who Has Your Back?Protecting your data from Government requests – eff.org
Download the complete Who Has Your Back? 2015: Protecting Your Data From Government Requests report as a PDF from here. - BSides Cleveland 2015 Videos – irongeek.com
These are the videos from the Bsides Cleveland conference. You can watch and download the videos from here.
Vulnerabilities
- How to hijack MILLIONS of Samsung mobes with man-in-the-middle diddle – theregister.co.uk
Samsung smartphones can be hijacked, infected with malware, and remotely controlled by malicious Wi-Fi hotspots in cafes, hotels, and so on, security researchers claim. According to the bods at NowSecure, millions of handsets have a remote-code execution vulnerability that is a software design flaw. - Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X – theregister.co.uk
Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months. Six university researchers have revealed deadly zero-day flaws in Apple’s iOS and OS X, claiming it is possible to crack Apple’s password-storing keychain, break app sandboxes, and bypass its App Store security checks. - OPM’s Database for Sale? Nope, It Came from Another US .Gov – krebsonsecurity.com
A database supposedly from a sample of information stolen in the much publicized hack at the Office of Personnel Management (OPM) has been making the rounds in the cybercrime underground, with some ne’er-do-wells even offering to sell it as part of a larger package.
Other News
- Cardinals Investigated for Hacking Into Astros’ Database – nytimes.com
Front-office personnel for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, are under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of the Houston Astros to steal closely guarded information about players.- St. Louis Cardinals probed by FBI for hacking Astros, stealing baseball info -arstechnica.com
Cardinals allegedly exploited weak passwords to obtain rival’s secret documents. When contacted by Ars, the FBI would not confirm or deny the investigation.
- St. Louis Cardinals probed by FBI for hacking Astros, stealing baseball info -arstechnica.com
- Encryption “would not have helped” at OPM, says DHS official – arstechnica.com
Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency’s computer security. Attackers had valid user credentials and run of network, bypassing security. - RBS payment failure could last days – bbc.com
About 600,000 payments that failed to enter the accounts of RBS customers overnight may not be completed until the end of the week, the bank has said.
[…] post Week 25 In Review – 2015 appeared first on Infosec […]