sec
Security Basics
Dark Reading:
- Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
- Business Security Confidence Contradicts High Success Rate Of Attacks
- Google Adwords Malvertising Campaign Targets Apple Macs
- ShadowBrokers Release More Alleged Equation Group Data
- Ex-FBI Chief Reviews Security For Booz Allen After NSA Contractor Arrest
- NullCrew Hacker Gets 45-Month Jail Term
- Tool For Cybersecurity Job Hunters Launched
- 7 Reasons Consumers Don't Take Action on Cybersecurity
- 7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
- Here Are Some Scary Stats About Windows Devices
- Why Enterprise Security Teams Must Grow Their Mac Skills
- WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
- It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
- We Must Become Good Digital Citizens
- Phishing Threat Continues To Loom Large
- Catching Online Scammers, Dealers & Drug Dealers With DNS
- Microsoft Fires Back At Google For Windows 0-Day Disclosure
- New DMCA Exemptions Give White Hats License To Hack Cars, Medical Devices
Office of Inadequate Security
- Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
- Anxiety not a claim for damages in Barnes & Nobles data breach case
- Assemblywoman’s Orange County campaign office burglarized; voter data stolen
- Centrelink apologizes for new privacy breach
- Mapco Data Breach Class-Action: How To Get Your Settlement
- Microsoft Says Russian Hackers Exploited Flaw in Windows
- Nationwide data breach class action to continue after Sixth Circuit ruling
- NC: Two Men Sentenced To Prison On Wire Fraud Conspiracy Charges For Attempting To Steal More Than $1.3 Million Through Unauthorized Wire Transfers
- PA: Blue Bell man admits tampering with Gwynedd Mercy computer system
- Personal health information taken from locked area: Winnipeg Regional Health Authority (UPDATE 1)
SANS Internet Storm Center, InfoCON: green
- Infocon: green
- ISC Stormcast For Wednesday, November 2nd 2016 https://isc.sans.edu/podcastdetail.html?id=5235, (Wed, Nov 2nd)
- What Does a Pentest Look Like?, (Wed, Nov 2nd)
- Using the Cloud Securely: November Edition of Ouch Newsletter: http://securingthehuman.sans.org/u/mUc, (Wed, Nov 2nd)
- As a very timely follow on to today's story, check today's BHIS blog on bypassing 2FA in OWA and O365 Portals - http://www.blackhillsinfosec.com/?p=5396, (Wed, Nov 2nd)
- ISC Stormcast For Thursday, November 3rd 2016 https://isc.sans.edu/podcastdetail.html?id=5237, (Thu, Nov 3rd)
Full Disclosure
- Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
- Vulnerabilities in D-Link DIR-300
- MSIE 11 MSHTML CView::CalculateImageImmunity use-after-free details
- Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
- Disclose [10 * cve] in Exponent CMS
- Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards
- Re: Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
- MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]
- CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS
- Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
- CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability
- CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability
- CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability
Naked Security
- Critical vulnerabilities pose a serious threat to Joomla sites
- No, checking in via Facebook won’t help Standing Rock protestors
- Security All Saints: security is for life, not just for Halloween
- The Clinton emails – from humble iMac to data center
- 86-year-old grandmother billed $5K, accused of pirating zombie game
- Don’t cyber-mess with Britain, warns UK Chancellor
- Facebook halts plan to mine profiles for insurance quotes
- Firefox kills the Battery Status ‘super cookie’
- New FCC ISP privacy rules create more questions than answers