sec

Naked Security

• BlackNurse DDoS attack can ‘overload firewalls from a laptop’
• Privacy stripped bare as hackers breach 412 million Adult Friend Finder accounts
• Shanghai surprise as cheap Android devices ‘phone home’ to China

Office of Inadequate Security

• Convicted computer hacker who contributed to £27 million fraud jailed for not declaring laptop
• Emblem Health notifies GHI members whose SSN was exposed in mailing labels
• Follow-up: Investigation Confirms No Patient or Employee Information Compromised in Cyberattack on Appalachian Regional Health system
• Horizon says privacy breach could affect up to 170K N.J. customers
• In: Data of 34 million Keralites leaked in massive data breach; govt had ignored vulnerability reports
• NHS patients being put ‘at risk’ because of cybersecurity flaws
• UK: Ealing Council loses ‘sensitive’ personal data after social worker leaves court documents on roof of car and drives off
• UK signs order to extradite Lauri Love to U.S.
• UK: Teenager admits to seven hacking offences in Talk Talk data breach
• Wang Chau consultants got off easy over confidential leak, Hong Kong lawmakers tell officials

SANS Internet Storm Center, InfoCON: green

• Infocon: green
• ISC Stormcast For Wednesday, November 16th 2016 https://isc.sans.edu/podcastdetail.html?id=5255, (Wed, Nov 16th)
• Malspam distributing Troldesh ransomware, (Wed, Nov 16th)

Full Disclosure

• Microsoft Edge edgehtml CAttr­Array::Destroy use-after-free details
• CVE-2016-4484: - Cryptsetup Initrd root Shell
• Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable
• Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
• OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read
• OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctl
• New VMSA-2016-0020 - VMware product updates address multiple information disclosure issues
• Nginx (Debian-based distros) - Root Privilege Escalation Vulnerability (CVE-2016-1247)

Dark Reading:

• The 7 Most Significant Government Data Breaches
• Internet Of Things 'Pollutants' & The Case For A Cyber EPA
• Symantec Study Shows Consumers Suffer From Security Overload
• Firmware Secretly Sent Text, Call Data On Android Users To China
• More Than Half Of Android Devices Run Outdated Browsers
• Back To Basics: Maximizing Cybersecurity Capabilities
• Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
• TAG Unveils Anti-Malware Certification For Online Ad Industry