sec

Naked Security

• $15 million fake IRS call center busted by police
• Amazon finds cache of reused passwords: change yours now!
• The EU’s latest idea to secure the Internet of Things? Sticky labels
• Yahoo wants to spy on you through advertising billboards
• Yahoo won’t let you forward your emails to another service – but why?

Office of Inadequate Security

• AU: Attackers exploiting CBA health fund data breach
• BoM was hacked by a ‘foreign power’: report
• Ca: Province says it might have sent tax documents to wrong addresses
• Computer fraud charge against woman involves ID theft of VA workers
• Modern Business Solutions’ leaky bucket provided a field day for downloaders
• University of Central Florida police trace credit card fraud to restaurant malware

SANS Internet Storm Center, InfoCON: green

• Microsoft and Adobe Patch Tuesday, October 2016, (Tue, Oct 11th)
• WiFi Still Remains a Good Attack Vector, (Tue, Oct 11th)
• ISC Stormcast For Wednesday, October 12th 2016 https://isc.sans.edu/podcastdetail.html?id=5205, (Tue, Oct 11th)

Full Disclosure

• Re: Critical Vulnerability in Ubiquiti UniFi
• Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass
• Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL
• Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC
• Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption
• Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption
• Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS)
• Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS)
• Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS)
• Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS)
• Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS)
• NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability

Dark Reading:

• Businesses Sacrifice Security To Get Apps Released Faster
• Cyber Hunters, Incident Response & The Changing Nature Of Network Defense
• France's TV5Monde Was Victim Of Vicious Cyberattack In 2015
• Symantec Warns Of Second Group Targeting SWIFT Network
• UN Watchdog: Nuclear Plants Disrupted By Cyberattack
• Online Gaming Currency Funds Cybercrime In Real Life