Tools
- WiFi-Pumpkin – github.com
Framework for Rogue Wi-Fi Access Point Attack
- Python tools for penetration testers – github.com
Python tools for penetration testers
- Nmap 7.25BETA2 Birthday Release – nmap.org
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and new features.
Vulnerabilities
- Meet USBee, the malware that uses USB drives to covertly jump airgaps – arstechnica.com
The USBee—so named because it behaves like a bee that flies through the air taking bits from one place to another—is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth.
- Patched ColdFusion Flaw Exposes Applications to Attack – threatpost.com
Golunski said that ColdFusion 10 and 11 suffered from an XML External Entities (XXE) injection vulnerability, CVE-2016-4264, when processing certain types of Office Open XML documents. These functions, Golunski said, are used by web applications built in ColdFusion to open Word, Excel, PowerPoint and other document types that use XML structure.
Other News
- DoD Taps DEF CON Hacker Traits For Cybersecurity Training Program – www.darkreading.com
The DEF CON research is part of DiGiovanni’s mission to develop a state-of-the-art cyber training program that ultimately helps staff the military as well as private industry with the best possible cybersecurity experts and to fill the infamous cybersecurity skills gap today.
- SWIFT Discloses New Cyber-Heists, Urges Banks to Boost Security Measures – www.tripwire.com
SWIFT, the messaging network used by financial institutions to complete transactions, announced on Tuesday it has discovered new cyber-theft attempts against its member banks.
[…] post Week 36 In Review – 2016 appeared first on Infosec […]