sec
Naked Security
- Hacker used password resets to break into 1,050 university email accounts
- Microsoft to shield world chess champion from Russian hackers
- Who needs a Stingray when Wi-Fi can do the job?
- Facebook suspends plans to collect WhatsApp user data in the UK
- November Patch Tuesday fixes controversial Windows 0-day hole
- Tech support scammers bite Chrome users with forgotten 2014 bug
- WoT pulls browser extension after privacy failure
- Would your password withstand 100 guesses from a hacker?
Office of Inadequate Security
- Ca: Eastern Health ordered to tighten procedures after patient privacy breach
- Customers for more than a hundred car dealerships across the US were put at risk because of shoddy database security. Zack Whittaker
- Hacker Claims to Take Down Russian Bank Websites on Election Day
- Personal information for thousands of Colorado vets may have been compromised
- Ringleader Of Tampa Credit Card Fraud And Identity Theft Ring Sentenced To More Than 16 Years In Prison
- Update: Tesco Bank refunds £2.5 million to customers after weekend’s security breach
SANS Internet Storm Center, InfoCON: green
- Infocon: green
- November 2016 Microsoft Patch Day, (Tue, Nov 8th)
- ISC Stormcast For Wednesday, November 9th 2016 https://isc.sans.edu/podcastdetail.html?id=5245, (Tue, Nov 8th)
- Special Webcast Today: 8 Ways to Watch the Invisible: Analyzing Encrypted Network Traffic https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277, (Wed, Nov 9th)
- ISC Stormcast For Thursday, November 10th 2016 https://isc.sans.edu/podcastdetail.html?id=5247, (Wed, Nov 9th)
Full Disclosure
- [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
- Crashing Android devices with large Proxy Auto Config (PAC) Files [CVE-2016-6723]
- Cross Site Scripting Vulnerability In Verint Impact 360
- YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability
- Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
- Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin
- Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
- Cross-Site Scripting in Calendar WordPress Plugin
- Stored Cross-Site Scripting vulnerability in 404 to 301 WordPress Plugin
- Adobe Connect & Desktop v9.5.7 - Persistent Vulnerability (APSB16-35) [CVE-2016-7851]
- VBScript RegExpComp::PnodeParse out-of-bounds read details (MSIE 8-11, IIS, CScript.exe/WScript.exe)
- Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM)
Dark Reading:
- Bangladesh Bank Team In Manila To Recover $15 Million Lost In Hack
- ID Theft Ringleader Gets Prison Sentence Of 16+ Years
- 75,000 Data Protection Officers Needed By 2018 To Handle EU Law
- The 7 Types Of Security Jobs, According To NIST
- Is Fingerprint Authentication Making The Password Problem Worse?
- Microsoft November Security Updates Include Fix For Zero-Day Flaw
- Stay Vigilant To The Evolving Threat Of Social Engineering
- The Big Lesson We Must Learn From The Dyn DDoS Attack
- DTCC Survey: Cyber Threat Ranked #1 Risk To Global Financial System
- Every Minute Of Security Planning Will Save You 10 Minutes In Execution
- Ransomware Doesn't Have To Mean Game Over
- China Passes Controversial Cybersecurity Law
- New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices
- Synopsys Expands Software Security With Cigital, Codiscope Acquisitions