Resources
- Typosquatting programming language package managers – incolumitas.com
Typosquatting is the malicious registering of a domain that is lexically similar to another, often highly frequented, website. Typosquatters would for instance register a domain named Gooogle.com instead of the well known Google.com. Then they hope that people mistype the website name in the browser and accidentally arrive on the wrong site.
- Practical Reverse Engineering Part 4 – Dumping the Flash – news.ycombinator.com
Techniques
- Vulnerability Disclosure Info: Symantec Encryption Management Server – blog.gdssecurity.com
During a security assessment project in 2015 GDS encountered a fully patched Symantec Encryption Management Server appliance. This product provides secure messaging both between users of the organization and with external users. Each server is managed via an administrative web interface.
- From radio waves to packets with software defined radio – reaktor.com
Radio waves are used to transfer information all around us. They are used in mobile phones, WLANs, all kinds of remote controls, traditional AM/FM radio stations, satellite communications, and numerous other places. Utilising radio technology is one of those things we take for granted in our everyday life, but we don’t necessarily know how everything works under the hood.
- Window hijacking – github.com
A demo of altering an opened tab after a timer
- DeadUpdate: Kickin’ it bigtime – gist.github.com
I would like to stress something: I’m not saying “Don’t buy an ASUS device” — I see a lot of people who want to lambaste ASUS for this and boycott their hardware. This isn’t what I want people to be doing by any stretch. Stupidly, I like the ASUS hardware I have (it’s nice for the price) and I would rather see a pressure on ASUS as an OEM to stop shipping “value added software” to consumers.
Vulnerabilities
- Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely – www.helpnetsecurity.com
Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app.
- EMET-evading Exploit
Angler EK uses complex multi-layered code obfuscation and leverages multiple exploits, as seen in Figure 1 and Figure 2. These capabilities make Angler EK one of the more sophisticated exploit kits in use at this time.- Angler Exploit Kit Evading EMET – www.fireeye.com
- Protecting your PC from ransomware gets harder with EMET-evading exploit – arstechnica.com
Other News
- LinkedIn data breach leads to hacking of Zuckerberg’s social network accounts – thestack.com
Facebook founder Mark Zuckerberg has proven to be the highest-profile victim of the recent LinkedIn data breach, as his Twitter and Pinterest accounts were hacked and defaced on Sunday.
- Password Re-user? Get Ready to Get Busy – com
In the wake of megabreaches at some of the Internet’s most-recognized destinations, don’t be surprised if you receive password reset requests from numerous companies that didn’texperience a breach: Some big name companies — including Facebook and Netflix — are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users.
- Email Address Disclosures, Preliminary Report, June 11 2016 – community.letsencrypt.org
On June 11 2016 (UTC), we started sending an email to all active subscribers who provided an email address, informing them of an update to our subscriber agreement. This was done via an automated system which contained a bug that mistakenly prepended between 0 and 7,618 other email addresses to the body of the email.
Leave A Comment