Vulnerability management

Apache, Dirty Cow, & Edge – Paul’s Security Weekly #582

November 12, 2018
Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, and some of these vibrating apps turn your phone into a sex toy!

Paul's Stories

  1. These Vibrating Apps Turn Your Phone Into A Sex Toy
  2. Cisco Accidentally Released Dirty Cow Exploit Code in Software
  3. Drone Vulnerability Could Compromise Enterprise Data
  4. Several Vulnerabilities Patched in nginx
  5. Top 5 New Open Source Security Vulnerabilities in October 2018
  6. Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
  7. IoT Botnet Infects 100,000 Routers To Send Spam
  8. Apache Struts Vulnerability Would Allow System Takeover
  9. Flaws In Self-Encrypting SSDs Let Attackers Bypass Encryption
  10. Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
  11. On eve of US elections, Facebook blocked 115 accounts engaged in coordinated inauthentic behavior
  12. U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
  13. XSS flaw in Evernote allows attackers to execute commands and steal files
  14. Users Stop Engaging With Brands After Data Breaches, Report Finds
  15. U.S. Secret Service Warns ID Thieves are Abusing USPSs Mail Scanning Service
  16. Busting SIM Swappers and SIM Swap Myths

Larry's Stories

  1. Public Virtualbox 0-day VM escape - Technical details here
  2. Security flaws in encrypted SSDs
  3. SSD flaw leads to Bitlocker compromise
  4. upcoming Edge 0-day
  5. US Cyber command uploading unclassified ATP to VirusTotal - from @k8em0, "I wonder how much intel sharing is needed to ensure the US Cyber Command doesn't inadvertently blow an ally's operation when uploading malware samples to @virustotal? Someone should ask the 5 eyes at the #AspenCyber conference. Because friends don't burn friends' ops.”
  6. Hacking Microsoft Live accounts via subdomain hijacking - poor DNS hygiene...

Jeff's Stories

  1. Cyber security relics: 4 older technologies still plaguing the infosec world
  2. Feature Article on my "Does DoD Level Security Work in the Real World?"
  3. HSBC Suffers Data Breach
Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly [audio src="http://traffic.libsyn.com/sw-all/Apache_Dirty_Cow__Edge_-_Pauls_Security_Weekly_582_converted.mp3" ]
prestitial ad