Word of the week “Halloween Big Data” Link HERE and HERE
Word of the week special Cloud Security, or as I like to call it: “Pay us to store your files online, we promise to store them securely!” Employing Obscurity as an Enhancement to Security Link HERE AND Link HERE
Bonus … Link HERE Link HERE Which team are you? Link HERE Link HERE Link HERE The Illustrated Children’s Guide to Kubernetes Link HERE – thanks to Alvin Reimaging visuals for cybersecurity Link HERE Link HERE
Crypto challenge of the week ELF x86 – CrackPass Can you bypass the algorithm?
Dates
Leakproof by law: Previewing the 2020 data protection landscape Link HERE
Book of the month “Inferno” In September 2016, Anchor Books released a movie-tie-in edition of Dan Brown’s 2013 best-seller “Inferno,” to accompany Ron Howard’s adaptation of the novel, which came out in theatres last weekend. “Inferno,” the movie, grossed just fifteen million dollars in its first three days, falling below Tyler Perry’s “Boo! A Madea Halloween,” which was in its second weekend, and earning its place as Howard’s fourth consecutive domestic flop. “Inferno,” the book, is the fourth of Brown’s novels featuring Robert Langdon, a professor of “symbology” (an imaginary discipline) and a general charisma vacuum who solves vast historical conspiracies by declaiming his way through the art and history of Western Europe
Link HERE
Comic of the week Thanks to Mithun
##Some OWASP stuff first -Why OWASP’s Threat Dragon will change the game on threat modeling Link HERE -OWASP API Security Top 10: Get your dev team up to speed Link HERE -Kawaiicon 2019 – Liar, Liar: a first-timer “red-teaming” under unusual restrictions Link HERE -Race Condition in Web Applications Link HERE -10 Methods to Bypass Cross Site Request Forgery (CSRF) Link HERE -EP04: All About OWASP with Sam Stepanyan Link HERE
Events OWASP events HERE All InfoSec events HERE The complete Security Events calendar – Peerlyst Link HERE 14-15 November 2019 DevSecCon London Link HERE 2-5 December 2019 BlackHat London Link HERE
Incidents Global ALERT level BLUE or GUARDED indicates a general risk of increased hacking, virus, or other malicious activity. The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred. Incident data HERE Find your country Link HERE NCSC Weekly Threat Report
Esports tournaments at risk from cyber security threats Cyber security researchers have warned of the increasing threat to the Esports industry. This week Trend Micro issued a report, Cheats, Hacks and Cyber attacks, looking at the threats posed to professional online games, tournaments and game companies Facebook accept ICO fine An agreement has been reached this week between Facebook and the Information Commissioner’s Office (ICO), related to the Cambridge Analytica scandal. The penalty of £500,000 has been paid by the social media giant although it does mean that they accept no liability relating to the penalty notice. This conclusion follows an appeal by Facebook against the ICO and then a further appeal from the ICO itself after a tribunal in June NCSA report highlights breach risk to small business A report issued by the National Cyber Security Alliance (NCSA) in the US has highlighted the risk to small businesses. The survey worked with more than 1,000 SMEs and reports that 10% went out of business, 25% suffered bankruptcy and a further 37% experienced financial losses. Almost half of those surveyed believe they are a likely target for cyber criminals Link HERE – Report Vulns to NCSC HERE API Security Issue 55 – Vulnerabilities in eIDAS and Cisco routers, Instagram API program locked down Link HERE Troy Hunt Newsletter 163
Link HERE
Incidents & events detail NordVPN and TorGuard VPN Breaches: What You Need to Know NordVPN and TorGuard VPN have suffered security breaches. Here’s what happened and what it means for you Link HERE Windows BlueKeep RDP Attacks Are Here, Infecting with Miners Link HERE New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed Link HERE Big game hunting: How Ryuk ransomware takes down its imposing targets Link HERE Mark Zuckerberg claimed Facebook was founded with political expression in mind. A former Facebook exec called that ‘pretty obviously incorrect.’ Link HERE AND How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them Link HERE Coalfire CEO Tom McAndrew statement on “the two Coalfire employees at the center of the Dallas County Courthouse incident on September 11, 2019, have been reduced from felony accusations of Burglary in the third-degree and possession of burglary tools to criminal trespass” Link HERE – thanks to Gustavo Link HERE Johannesburg’s network shut down after second attack in 3 months Attackers claim to have full control of network and demand $32,000 to give it back Link HERE Trojan malware infecting 17 apps on the iOS App store Link HERE Five months after returning rental car, man still has remote control Man can still track vehicle, lock and unlock it, and start and stop its engine Link HERE
Research of the week Featuring – The Curious Case of a Kibana Compromise The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one of our toy target instances (one with exploitable software on it for demo purposes), we noticed alerts firing from components which weren’t part of our normal demo. With a penchant for the paranoid (many of us are former black hats, after all), our suspicions flared at this irregularity. Was there exploitable software on this instance beyond that which we pre-installed? Indeed, dear reader, there was Link HERE What NIST recommends for cybersecurity and applications Link HERE World Quality Report 2019-2020: Quality drives business growth – Challenges encountered in developing applications
Link HERE The state of JavaScript frameworks security report 2019 Link HERE
Tool of the week Practical Approaches for Testing and Breaking JWT Authentication What to Do? Penetration Testers and Security Researchers Test your organization’s JWT implementation via jwt-pwn, and report any weaknesses identified. Developers and Defenders
Exploit Prediction Scoring System Calculator EPSS is the first open, data-driven framework for assessing vulnerability threat: that is, the probability that a vulnerability will be exploited in the wild within the first twelve months after public disclosure. This scoring system has been designed to be simple enough to be implemented without specialized tools or software. Below you will find a simple-to-use calculator Link HERE More on DNS Archeology (with PowerShell) Link HERE
Other interesting articles ##How a double-free bug in WhatsApp turns to RCE In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. Facebook reserved CVE-2019-11932 for this issue. WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug Link HERE and another link HERE
##Untitled Goose Game Vulnerability Allows Hackers to Sow Chaos Only a Goose Could Love Link HERE
##And finally, How they hacked NASA? The traditional way of hacking is continued even for the biggest giants in the world such as NASA. There are many groups of hackers who worked together for money, reputation and revenge to breach NASA and bringing the reputation down and the data. The following narration will show how they performed attack phases and how they have achieved the goal in the 2015/2016 by the group called An0nSec group and what are all the lessons we can learn from this hack after analysing the document which was released by the An0nSec Links HERE and HERE and HERE and HERE and HERE AND Link HERE
##HACKING, TOOLS and FUN – CHECK BELOW! AppSec Ezine Must see URL: https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ Description: A Tale of Exploitation in Spreadsheet File Conversions. URL: https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/ Description: Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack. Links HERE and credits to HERE |
. |