Events Related

  • Kaminsky Creates Clickjacking-Killer –
    Renowned security expert Dan Kaminsky here this week unveiled his latest project: a solution to eradicate so-called clickjacking attacks that plague the Web.
  • Black Hat USA 2015 Highlights –
    The 18th annual Black Hat USA conference gathered thousands of professionals, researchers and enthusiasts to discuss not only the industry’s current trends and threats but also what we, as a community, can do to improve the security of ourselves, and of those around us.
  • The Lifecycle of a Revolution (Keynote) –
    In the early days of the public internet, we believed that we were helping build something totally new, a world that would leave behind the shackles of age, of race, of gender, of class, even of law. Twenty years on, “cyberspace” looks a lot less revolutionary than it once did. Hackers have become information security professionals


  • Thunderstrike 2: Mac firmware worm details –
    This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple’s Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system’s motherboard.
  • Project Bitfl1p –
    Detect and analyze the frequency of bit flips for an average internet user through the use of bitsquatting.


  • Hackers Cut a Corvette’s Brakes Via a Common Car Gadget –
    Car hacking demos like last month’s over-the-internet hijacking of a Jeep have shown it’s possible for digital attackers to cross the gap between a car’s cellular-connected infotainment system and its steering and brakes.
  • OwnStar Wi-Fi attack now grabs BMW, Mercedes, and Chrysler cars’ virtual keys –
    Remember OwnStar? Earlier this month, security researcher and NSA Playset contributor Samy Kamkar demonstrated a Wi-Fi based attack that allowed his device to intercept OnStar credentials from the RemoteLink mobile application—giving an attacker the ability to clone them and use them to track, unlock, and even remote start the vehicle.
  • QARK –
    Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
  • tpwn –


  • Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part II – Supremacy –
    In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.
  • Domain Administrator in 17 seconds –
    Obtaining domain administrative privileges on a security assessment is a goal that many assessors seek. It is what fills us with excitement, as we know that the real fun is about to begin.
  • Black Hat USA 2015: The full story of how that Jeep was hacked –
    Recently we wrote about the now-famous hack of a Jeep Cherokee. At Black Hat USA 2015, a large security conference, researchers Charlie Miller and Chris Valasek finally explained in detail, how exactly that hack happened.

Vendor / Software Patches

  • Adobe, MS Push Patches, Oracle Drops Drama –
    Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system.


Other News

  • .COM.COM Used For Malicious Typo Squatting –
    Our reader Jeff noted how domains ending in “” are being redirected to what looks like malicious content. Back in 2013, A blog by Whitehat Security pointed out that the famous “” domain name was sold by CNET to known typo squatter
  • IoT Working Group Crafts Framework For Security, Privacy –
    An industry working group that includes members from Microsoft, Symantec, Target, and home security system vendor ADT today issued draft recommendations for locking down the privacy and security of home automation and consumer health and fitness wearable devices with security practices such as unique passwords, end-to-end encryption of sensitive and personal information, and a coordinated patching and update mechanism, as well as other measures.
  • S. Identifies Insider Trading Ring With Ukraine Hackers –
    Exposing a new front in cybercrime, U.S. authorities broke up an alleged insider trading ring that relied on computer hackers to pilfer corporate press announcements and then profited by trading on the sensitive information before it became public.
  • ‘Banned’ article about faulty immobiliser chip published after two years –
    In 2012, three computer security researchers at Radboud University discovered weaknesses in the Megamos chip, which is widely used in immobilisers for various brands of cars. Based on responsible disclosure guidelines, the scientists informed the manufacturer immediately, and they wrote a scientific article on the topic that was accepted for publication at a prestigious digital security symposium (USENIX 2013).

Leave A Comment