sec

Naked Security

• Monday review – the hot 17 stories of the week
• Oil exec accused of impersonating Elon Musk in an email sues Tesla over Twitter hack
• Tor marketplaces shut down by Operation Hyperion
• Ukrainian hackers ‘snatch huge email cache from Kremlin’
• Worried about the Tesco Bank attack? Here’s our advice
• Hacker used password resets to break into 1,050 university email accounts
• Microsoft to shield world chess champion from Russian hackers
• Who needs a Stingray when Wi-Fi can do the job?

Office of Inadequate Security

• Ca: Eastern Health ordered to tighten procedures after patient privacy breach
• Cisco jobs portal exposed personal data
• Customers for more than a hundred car dealerships across the US were put at risk because of shoddy database security. Zack Whittaker
• Hacker Claims to Take Down Russian Bank Websites on Election Day
• Ottawa city staff scramble after accidentally releasing retirees’ medical information
• Ringleader Of Tampa Credit Card Fraud And Identity Theft Ring Sentenced To More Than 16 Years In Prison
• Seven Indian missions’ websites ‘hacked’, data dumped online: Report
• UK: Missing GP records in Essex, Norfolk and Suffolk ‘total 9,000’

SANS Internet Storm Center, InfoCON: green

• Infocon: green
• ISC Stormcast For Tuesday, November 8th 2016 https://isc.sans.edu/podcastdetail.html?id=5243, (Tue, Nov 8th)
• November 2016 Microsoft Patch Day, (Tue, Nov 8th)

Full Disclosure

• Intel(R) HD Graphics 10 - Unquoted Path Privilege Escalation
• [SYSS-2016-085] Aruba OS Improper Authentication - (CWE-287)
• Several unpatched vulns in OwnCloud
• [RootedCON 2017] Call for Papers open for RootedCON Madrid 2017!
• VBScript CRegExp..Execute use of uninitialized memory details (MSIE 8-11, IIS, CScript.exe/WScript.exe)
• [KIS-2016-13] Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability
• [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
• Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723]
• Cross Site Scripting Vulnerability In Verint Impact 360
• YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability
• Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
• Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin
• Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
• Cross-Site Scripting in Calendar WordPress Plugin
• Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin

Dark Reading:

• Was Theft Of Money From 20,000 Tesco Bank Customers An Inside Job?
• The 7 Types Of Security Jobs, According To NIST
• After Mirai, Hacking Tool Marketplace Shuts Down Web-Attack Section
• Changing IoT Passwords Won't Stop Attacks. Here's What Will.
• Is Fingerprint Authentication Making The Password Problem Worse?
• Stay Vigilant To The Evolving Threat Of Social Engineering
• 4G Cellular Networks At Risk Of DoS Attacks
• Every Minute Of Security Planning Will Save You 10 Minutes In Execution
• Ransomware Doesn't Have To Mean Game Over
• China Passes Controversial Cybersecurity Law
• New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices
• Synopsys Expands Software Security With Cigital, Codiscope Acquisitions
• US Governors Affirm Confidence In Cybersecurity Of Election Systems
• Some SuperPAC Websites Are Not Super-Secure