Events Related
- PhreakNIC20-2016 – www.youtube.com
Tools
- GRASSMARLIN – github.com
GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security.
Techniques
- Secure Rom extraction on iPhone 6s – ramtin-amin.fr
Secure ROM, also knows as bootrom, is the very first piece of software that a CPU will run in order to get initialized, and run find a way to boot on the next stage. This same ROM, in a trusted environment, could verify the signature of the next stages it loads, in order to check its integrity.
- Research Diary: Bluetooth. Part 2 – insinuator.net
Recently we posted first part of our Bluetooth research diary. Today, we want to continue on that topic and tell you about Bluetooth proxying and packet replay with a new tool.
- Passwordreq No – A hacker prospective – room362.com
I was having one of those moments in a recent conversation on the NoVA Hackers mailing list. The question came up as to what effect “Password Required: No” means in a net user UserName is.
Vulnerabilities
- Tesco Bank cyber attack involved guesswork, study claims – www.theguardian.com
A team of academics claims an unsophisticated type of cyber attack that exploits “flaws” in the Visa card payment system was probably used to defraud Tesco Bank customers of £2.5m last month.
- The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean – thehackerblog.com
Originally I had assumed that this issue was specific to Digital Ocean but this couldn’t be farther from the truth as I’ve now learned. It turns out this vulnerability affects just about every popular managed DNS provider on the web. If you run a managed DNS service, it likely affects you too.
- New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 – www.recordedfuture.com
According to updated Recorded Future analysis, Adobe (Flash Player) and Microsoft products (Internet Explorer, Silverlight, Windows) continue to provide the primary avenue of access for criminal exploit kits. While nation-state targeting of political efforts has dominated information security headlines in 2016, criminals continue to deliver ransomware and banking trojans using new exploit kits targeting new vulnerabilities.
- Backdoor accounts found in 80 Sony IP security camera models – www.pcworld.com
Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price.
- Yahoo fixes flaw allowing an attacker to read any user’s emails – www.zdnet.com
Yahoo has fixed a severe security vulnerability in its consumer email service that could have allowed an attacker to read a victim’s email inbox. The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail.
- Multiple Netgear routers are vulnerable to arbitrary command injection – kb.cert.org
Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability. By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.
Other News
- These Toys Don’t Just Listen To Your Kid; They Send What They Hear To A Defense Contractor – consumerist.com
According to a coalition of consumer-interest organizations, the makers of two “smart” kids toys — the My Friend Cayla doll and the i-Que Intelligent Robot — are allegedly violating laws in the U.S. and overseas by collecting this sort of voice data without obtaining consent.
- American And British Spy Agencies Targeted In-Flight Mobile Phone Use – theintercept.com
In the trove of documents provided by former National Security Agency contractor Edward Snowden is a treasure. It begins with a riddle: “What do the President of Pakistan, a cigar smuggler, an arms dealer, a counterterrorism target, and a combatting proliferation target have in common? They all used their everyday GSM phone during a flight.”
Leave A Comment