sec

Naked Security

• Don’t plug it in! Scammers post infected USB sticks through letterboxes
• Google weakens Allo privacy promises
• Hackers take over Tesla Model S while car is moving
• New guidelines: cybersecurity, privacy and your self-driving car

Office of Inadequate Security

• FL: Charlotte deputy misuse of private information leads to concern
• Keck Medical Center of USC discloses ransomware attack
• Lost and Found: Ventura County Health Care Agency notifies patients of breach
• MO: Camden County Acknowledges ‘Possible Security Breach’ Of Courthouse Computers
• North Korea only has 28 websites, according to leak of official data
• Privacy breach shows names and addresses of military personnel’s families
• UK: Former LV= employee in court over data leak
• University of Ottawa missing hard drive with data on 900 students

SANS Internet Storm Center, InfoCON: green

• Those never-ending waves of Locky malspam, (Wed, Sep 21st)
• ISC Stormcast For Thursday, September 22nd 2016 https://isc.sans.edu/podcastdetail.html?id=5177, (Wed, Sep 21st)

Full Disclosure

• XSS Wordpress W3 Total Cache <= 0.9.4.1
• CVE-2016-5725 - JCraft/JSch Java Secure Channel <= 0.1.53 recursive sftp-get path traversal (client-side, windows)

Dark Reading:

• How Windows 10 Stops Script-Based Attacks On The Fly
• A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
• Education Now Suffers The Most Ransomware Attacks
• Majority Of Major Corporations Have User Credentials Stolen And Exposed
• Rand Study: Average Data Breach Costs $200K, Not Millions
• Florida Man Charged With Hacking Linux Servers
• How Cloud, Mobile Are Changing IT, Security Management: Study
• Chinese Researchers Hack Tesla S Models, Expose Bugs
• National Health ISAC Calls For Collaborative Vuln Disclosure