sec

Office of Inadequate Security

• BesaMafia hitman site hacked again
• Cryptocurrency-Backed Venture Capital Fund Hacked; Ether Plunges
• ENT and Allergy Center of Arkansas notifying patients of Bizmatics security incident
• How Hired Hackers Got “Complete Control” Of Palantir
• International identity-theft ring victimized hundreds, including Hollywood actress, authorities say
• Military families victimized by a McDonald’s employee taking orders
• MN: Virus hits city server; resident data not likely breached
• Screwing up the basics of incident response, Friday edition

Naked Security

• Apple: iOS to require HTTPS for apps by January
• Flash zero-day fix is out, get it ASAP
• Islamic State hacker admits to hacking, sharing US military PII

Penetration Testing

• [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
• [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability
• [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

SANS Internet Storm Center, InfoCON: green

• Controlling JavaScript Malware Before it Runs, (Sat, Jun 18th)