Burp Suite 2.0, DNC, and NotPetya – Paul’s Security Weekly #572 | SC Media

Burp Suite 2.0, DNC, and NotPetya – Paul’s Security Weekly #572

August 27, 2018
The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up.

Paul's Stories

  1. Artificial whiskey is coming, and one company is betting youll drink up
  2. Internet of Things (IoT): Cheat sheet
  3. 14 Of The Best Sex Toys For Treating Yourself (And Also Your Partner)
  4. The Untold Story of NotPetya, the Most Devastating Cyberattack in History
  5. How doorbell cameras are creating dilemmas for police, neighborhoods
  6. Spyware Company Leaves Terabytes of Selfies, Text Messages, and Location Data Exposed Online
  7. New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
  8. Apple Forces Facebook VPN App Out of iOS Store for Stealing Users' Data
  9. Google sued for tracking you, even when 'location history' is off | ZDNet
  10. New Mirai Variants Leverage Open Source Project
  11. 6 Reasons Security Awareness Programs Go Wrong
  12. ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day

Jeff's Stories

  1. Verizon Throttled CA Firefighters’ Internet Speeds Amid Blaze (They Were Out of Data)
  2. Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
  3. Study Shows Lax Security Leaves Ride-Sharing Apps Vulnerable to Attack
  4. Smart Kids Thermometer Coughs Up Digital Health Data to Hackers
  5. Malware Targeting Cash Machines Fetches Top Dollar on Dark Web

Jason's Stories

  1. Burp Suite 2.0 beta now available - And there is much rejoicing!
  2. Coffee delivery drone patented by IBM
  3. Facebook pulls its VPN from the iOS App Store after data-harvesting accusations
  4. Do we really need a CSO?

Kevin's Stories

  1. The DNC False Alarm Hack Is Good Cybersecurity, Bad PR "The DNC thought it was getting hacked again, but it was just a false alarm set off by a security test. It's a sign that the organization is taking its cybersecurity seriously."
  2. Enumerating registered BlackHat attendees with the BCard API " I simply guessed that those values corresponded to the eventID and badgeID parameters by sending the request in Firefox. To my surprise, I was able to pull my attendee data completely unauthenticated over this API."
  3. Win! Landmark Seventh Circuit Decision Says Fourth Amendment Applies to Smart Meter Data "This is critical precedent. Last year, roughly 65 million smart meters had been installed in the United States in recent years, with 88% of them—over 57 million—in homes of American consumers; more than 40% of American households had a smart meter. Experts predict that number will reach about 80% by 2020. And law enforcement agencies are already trying to get access to data from energy companies without a warrant."
  4. NSA leaker who mailed doc outlining Russian hacking gets 5 years in prison "Reality was a dedicated public servant and veteran who made a poor decision."
Full Show Notes; https://wiki.securityweekly.com/Episode572 Subscribe to YouTube Channel [audio src="http://traffic.libsyn.com/pauldotcom/Burp_Suite_2.0_DNC_and_NotPetya_-_Pauls_Security_Weekly_572_converted.mp3" ]
prestitial ad