sec
Naked Security
- Google hits incorrigible sites with “Repeat Offender” tag
- Infect every TorMail user? That’s not what the FBI’s warrant said
- iPhone autodial bug parties like it’s 2008
- Virus-spreading smart bulbs? Researchers say it’s possible
- Facebook is buying up stolen passwords on the black market
- Yahoo staff knew they were breached two years ago
Office of Inadequate Security
- 15 state attorneys general settle with Adobe over 2013 data breach
- Canadian casino says it was hacked, data was stolen
- Court grants stay in FTC v. LabMD
- Data Privacy Event Affects UFCW Local 655 Food Employers Joint Pension Plan
- DCLeaks was a conspiracy to get Trump elected, but wait until you hear these Russian hackers’ motivation!
- Hacker shows how easy it is to take over a city’s public Wi-Fi network
- IN: Madison County pays ransom on advice of insurer
- Kaiser notifies 8,000 members whose information was briefly exposed online
- Open Database Exposes Millions of Job Seekers’ Personal Information
- TN: Vanderbilt U. Psychological & Counseling Center exposed students’ names in email survey
SANS Internet Storm Center, InfoCON: green
- Infocon: green
- Packet Capture Options, (Thu, Nov 10th)
- ICMP Unreachable DoS Attacks (aka "Black Nurse"), (Thu, Nov 10th)
- ISC Stormcast For Friday, November 11th 2016 https://isc.sans.edu/podcastdetail.html?id=5249, (Fri, Nov 11th)
- Benevolent malware? reincarna/Linux.Wifatch, (Fri, Nov 11th)
Full Disclosure
- MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details
- WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
- Re: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
- CA20161109-02: Security Notice for CA Service Desk Manager
- Vlany: A Linux (LD_PRELOAD) rootkit
- CA20161109-01: Security Notice for CA Unified Infrastructure Management
- Release - Shellcode Compiler
- MyBB 1.8.6: XSS
- e107 CMS <= 2.1.2 Privilege Escalation
- [CT-2016-1110] Unauthenticated RCE in Observium network monitor
- Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF
- Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin
- Information disclosure race condition in W3 Total Cache WordPress Plugin
- Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin
- Teradata Virtual Machine Community Edition v15.10 has insecure file permission
Dark Reading:
- Free Cloud Storage Putting Small Business Data At Risk
- Shoppers Up Their Online Security Game, Survey Says
- The Drug Dealer In Your Web Browser
- How 'Security Scorecards' Advance Security, Reduce Risk
- How To Build A Comprehensive Security Architecture
- Russian Hackers Behind DNC Breach Wage Post-US Election Attacks