Week 46 In Review – 2015

Events Related

  • SecureWV2015 Videos – www.irongeek.com
    These are the videos of the presentations from Secure West Virginia 2015.

Resources

  • EMV Protocol Fuzzer – labs.mwrinfosecurity.com
    As a result of this research we are pleased to present an EMV protocol fuzzer that can be used as a tool to evaluate the security integrity of a device under test (DUT). This solution includes a Python interface to facilitate control of the EMV fuzzer, in effect allowing on-the-fly monitoring and emulation of an EMV stream with the DUT.
  • New Research: Encouraging trends and emerging threats in email security – googleonlinesecurity.blogspot.com
    We’re constantly working to help make email more secure for everyone. These efforts are reflected in security protections like default HTTPS in Gmail as well as our Safer Email Transparency report, which includes information about email security beyond just Gmail.

Tools

  • fathomless – github.com
    A collection of different programs that work together, related to infosec.
  • PowerCat – github.com
    A PowerShell TCP/IP swiss army knife that works with Netcat & Ncat.

Vendors / Software Patches

  • Critical Fixes for Windows, Adobe Flash Player – krebsonsecurity.com
    For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software. The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software.

Vulnerabilities

  • Adobe Flash Vulnerability CVE-2015-7663 and Mitigating Exploits – www.endgame.com
    The vulnerability exists due to the improper tracking of freed allocations associated with a “Renderer” object when handling multiple progress bar additions. This can be forced to overflow a Bitmap object corrupting adjacent memory.
  • Comodo Issues Eight Forbidden Certificates – threatpost.com
    Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
  • Hidden Virus Discovered in Martel Police Body Camera – www.goipower.com
    iPower Technologies, a Boca Raton based network integrator, discovered the following security vulnerability in the Martel Frontline Camera with GPS.  This product is sold and marketed as a body camera for official police department use.
  • Mac App Store apps ‘damaged’ following security certificate bug – thestack.com
    Overnight Mac users experienced trouble when using apps bought or downloaded from the App Store, after the security certificate Apple uses as an anti-piracy measure expired. Five years after the certificate’s creation, the tech giant had not prepared an immediate alternative.
  • Latest Android phones hijacked with tidy one-stop-Chrome-pop – www.theregister.co.uk
    PacSec Google’s Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine.
  • One BadBarcode Spoils Whole Bunch – threatpost.com
    Barcodes’ pervasiveness in retail, health care and other service industries notwithstanding, hackers really haven’t paid much attention to these tiny lines of data.

Other News

  • It’s Way Too Easy to Hack the Hospital – www.bloomberg.com
    In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minn., for an assignment at the Mayo Clinic, the largest integrated nonprofit medical group practice in the world. Rios is a “white hat” hacker, which means customers hire him to break into their own computers.
  • Clearing the Air on Wi-Fi Software Updates – www.fcc.gov
    The comments and replies are largely supportive of the Commission’s proposals, but one particular element generated thousands of comments from individuals concerned that the proposal would encourage manufacturers to prevent modifications or updates to the software used in devices such as wireless local area networks (e.g., Wi-Fi routers).

 

 

 

Leave A Comment