sec

Naked Security

• At IP EXPO Europe 2016 this week? You’re in for a treat
• Monday review – the hot 23 stories of the week
• Pssst! Want a backdated web certificate? [Chet Chat Podcast 253]
• No-one wants to buy the Shadow Brokers’ stolen NSA tools
• Should we soon expect to be sending passwords through our bodies, not the air?
• Welcome to Cybersecurity Awareness Month 2016!

Office of Inadequate Security

• FTC v. LabMD: Brace for the Ripple Effect
• Illegal pot dispensary customers fume over email privacy breach
• Leet.cc data hacked in February publicly dumped
• Simple Website Flaw Exposed Data Of Charter Internet Customers
• Surgeon General warns staff that personal information may have been stolen

SANS Internet Storm Center, InfoCON: green

• The Short Life of a Vulnerable DVR Connected to the Internet, (Sun, Oct 2nd)
• Password Buddies: A Better Way To Reset Passwords, (Tue, Oct 4th)
• ISC Stormcast For Tuesday, October 4th 2016 https://isc.sans.edu/podcastdetail.html?id=5193, (Tue, Oct 4th)

Full Disclosure

• Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP
• Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG
• Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
• Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging
• CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
• Re: Critical Vulnerability in Ubiquiti UniFi
• Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV
• Re: Critical Vulnerability in Ubiquiti UniFi
• [RootedHONGKONG 2016] Call for papers opened today!
• Re: Critical Vulnerability in Ubiquiti UniFi

Dark Reading:

• Hackers Attacked Voter Registration Systems Of 20 US States, Says Official
• Microsoft Execs Talk Public Policy Changes For Cloud
• IoT DDoS Attack Code Released
• 16 Innovative Cybersecurity Technologies Of 2016
• Grading Obama: C+ Administration Missed Key Opportunities To Civilize Cyberspace
• Grading Obama: D- President Failed To Protect Us From The Bad Guys
• Insider Threats To Data Have Gone Up In Past Year