sec

Office of Inadequate Security

• Eastern Health Employee Fired for ‘Deliberate’ Privacy Breach
• Member Of Large-Scale, $5 Million ATM Skimming Scheme Sentenced To More Than Seven Years In Prison
• Michigan electricity utility downed by ransomware attack
• RI: Guilty Plea in Scheme to Steal & Use Personal Identifying Information from ATMs
• Union League Club fires employee, investigates customer credit card breach

Naked Security

• Car hackers could get a life sentence under proposed anti-hacking law
• The ‘spying billboards’ that track you as you walk by
• WhatsApp blocked by judge for failing to hand over data
• “Windows 10 – Upgrade Now!” – How to avoid embarrassing popups in presentations
• Is your website or blog at risk from this ImageMagick security hole?

Penetration Testing

• Mobile Security Framework (MobSF) v0.9.2 Released

Full Disclosure

• CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*
• CONFidence - May, 19-20th, Krakow - join the biggest hacker meeting in Poland!
• CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)
• LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability
• Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
• New BlackArch Linux ISOs (2016.04.28) and Installer released
• Garage4hackers Ranchoddas Webcast Series CTF Challenge
• Observium Commercial - CSRF & Authenticated Code Execution
• real dangers of gsm setups
• Moxa MiiNePort - Multiple Vulnerabilities
• Mobile Security Framework (MobSF) v0.9.2 Released
• CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection

SANS Internet Storm Center, InfoCON: green

• OpenSSL Updates, (Tue, May 3rd)
• Neutrino exploit kit sends Cerber ransomware, (Wed, May 4th)
• ISC Stormcast For Wednesday, May 4th 2016 http://isc.sans.edu/podcastdetail.html?id=4981, (Wed, May 4th)