- SecureWV2015 Videos – www.irongeek.com
These are the videos of the presentations from Secure West Virginia 2015.
- HouSecCon v6 2015 Videos – www.irongeek.com
- New 4G LTE Hacks Punch Holes In Privacy – www.darkreading.com
Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.
- Black Hat Europe 2015
- Jailbreak or Root Detection: A False Sense of Security, Part 2 – bluebox.com
In this post, we take a closer look at threats posed by non-jailbroken and non-rooted devices. We focus primarily on iOS devices because many organizations assume that these devices provide higher security.
- Microsoft Security Bulletin Summary for November 2015 – technet.microsoft.com
- EMV Protocol Fuzzer – labs.mwrinfosecurity.com
As a result of this research we are pleased to present an EMV protocol fuzzer that can be used as a tool to evaluate the security integrity of a device under test (DUT). This solution includes a Python interface to facilitate control of the EMV fuzzer, in effect allowing on-the-fly monitoring and emulation of an EMV stream with the DUT.
- New Research: Encouraging trends and emerging threats in email security – googleonlinesecurity.blogspot.com
We’re constantly working to help make email more secure for everyone. These efforts are reflected in security protections like default HTTPS in Gmail as well as our Safer Email Transparency report, which includes information about email security beyond just Gmail.
- fathomless – github.com
A collection of different programs that work together, related to infosec.
- PowerCat – github.com
A PowerShell TCP/IP swiss army knife that works with Netcat & Ncat.
Vendors / Software Patches
- Critical Fixes for Windows, Adobe Flash Player – krebsonsecurity.com
For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software. The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software.
- Adobe Flash Vulnerability CVE-2015-7663 and Mitigating Exploits – www.endgame.com
The vulnerability exists due to the improper tracking of freed allocations associated with a “Renderer” object when handling multiple progress bar additions. This can be forced to overflow a Bitmap object corrupting adjacent memory.
- Comodo Issues Eight Forbidden Certificates – threatpost.com
Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.
- Hidden Virus Discovered in Martel Police Body Camera – www.goipower.com
iPower Technologies, a Boca Raton based network integrator, discovered the following security vulnerability in the Martel Frontline Camera with GPS. This product is sold and marketed as a body camera for official police department use.
- Self-encrypting drives are hardly any better than software-based encryption – www.cio.com
Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees’ laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.
- Mac App Store apps ‘damaged’ following security certificate bug – thestack.com
Overnight Mac users experienced trouble when using apps bought or downloaded from the App Store, after the security certificate Apple uses as an anti-piracy measure expired. Five years after the certificate’s creation, the tech giant had not prepared an immediate alternative.
- Latest Android phones hijacked with tidy one-stop-Chrome-pop – www.theregister.co.uk
- One BadBarcode Spoils Whole Bunch – threatpost.com
Barcodes’ pervasiveness in retail, health care and other service industries notwithstanding, hackers really haven’t paid much attention to these tiny lines of data.
- It’s Way Too Easy to Hack the Hospital – www.bloomberg.com
In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minn., for an assignment at the Mayo Clinic, the largest integrated nonprofit medical group practice in the world. Rios is a “white hat” hacker, which means customers hire him to break into their own computers.
- How Paris ISIS Terrorists May Have Used PlayStation 4 To Discuss And Plan Attacks – www.forbes.com
Following Friday night’s terrorist attacks in Paris which killed at least 127 people and left more than 300 injured, authorities are discovering just how the massacre was planned. And it may involve the most popular gaming console in the world, Sony ’s PlayStation 4.
- Clearing the Air on Wi-Fi Software Updates – www.fcc.gov
The comments and replies are largely supportive of the Commission’s proposals, but one particular element generated thousands of comments from individuals concerned that the proposal would encourage manufacturers to prevent modifications or updates to the software used in devices such as wireless local area networks (e.g., Wi-Fi routers).