sec

Naked Security

• Alternative social network Ello in plaintext password glitch
• Campaigners bid to delay Rule 41 ‘legal hacking’ bill
• Monday review – the hot 16 stories of the week
• Privacy boost for iOS users as Mozilla launches Firefox Focus

Office of Inadequate Security

• Atlantis, Paradise Island Provides Notice of Data Security Incident
• Briar Hill Management notifies 2,000 nursing facilities residents of lost laptop
• CPNRD computers system hacked by Russians
• Former Owner of Florida Pharmacy Convicted at Trial of $700,000 Medicare Fraud Scheme
• IG: IRS Employees Sent Unencrypted Emails Containing Personal Data of Thousands of Taxpayers
• Pentester Kapustkiy leaks data from Indian Regional Council Server
• Two ‘computer hackers’ accused of breaking into TalkTalk’s servers in a data breach that cost the firm £42m will stand trial next year
• Wentworth-Douglass reports insider breach at business associate, Ambucor

SANS Internet Storm Center, InfoCON: green

• Infocon: green
• How many “Epoch” times? Epocalypse.py timestamp converter, (Sun, Nov 20th)
• ISC Stormcast For Monday, November 21st 2016 https://isc.sans.edu/podcastdetail.html?id=5261, (Mon, Nov 21st)
• ZIP With Comment, (Mon, Nov 21st)
• ISC Stormcast For Tuesday, November 22nd 2016 https://isc.sans.edu/podcastdetail.html?id=5263, (Mon, Nov 21st)

Full Disclosure

• Joomla plugin K2 RCE via CSRF or WCI
• Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
• Re: Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
• [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
• [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
• [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
• Multiple issues in OpManager 12100 & 12200

Dark Reading:

• Hackers Attack Canada Army Site, Redirect Visitors To China
• Millions Exposed In Data Breach At UK Telecom Three
• Balancing The Risk & Promise Of The Internet Of Things
• 5 Ways Retailers Can Stay Safe Over the Holidays
• Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic
• WindTalker Attack Finds New Vulnerabilities in Wi-Fi Networks