BF-SIRT Newsletter 2016-34

The top stories from this week consist of stories such as Apple releasing important out of band security fix for iOS after 3 zero-day vulnerabilities was used in the wild to attack a human rights defender, and the GnuPG project fixes a critical problem in the random number generator used by GnuPG and libgcrypt.

You can also read about keystroke recognition using WiFi signals.

Top 5 Security links
Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System
Nginx resolver vulnerabilities allow cache poisoning attack
Example of Targeted Attack Through a Proxy PAC File
vBulletin vulnerabilities expose 27 million accounts
SWEET32, a new attack on Tripple-DES

BF-SIRT Newsletter 2016-33

The top stories from this week consist of stories such as Visa Alert and Update on the Oracle Breach, and Trouble In the Cloud: More Than Half Of Organizations Facing Security Woes. You can also read a story about Major NSA/Equation Group Leak, and The Evolution of Hacking.

And did you know that:
If this headline was a security warning, 90% of you would ignore it?

Top 5 Security links
Cisco confirms two of the Shadow Brokers’ ‘NSA’ vulns are real
Address Bar Spoofing Vulnerability Found in Several Browsers
Running a DNSSec responder? Make sure it doesn’t help the black hats
Latest Windows UAC Bypass Permits Code Execution
Is Apple’s Cloud Key Vault a crypto backdoor?

Top 5 Business Intelligence links
Security Must Become Driving Force For Auto Industry
The business of hacking: A government perspective
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
Security Sense: Mandatory Password Changes Are a Social Challenge as Much as a Technical One
$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered.

BF-SIRT Newsletter 2016-32

The top stories from this week consist of stories such as Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot and a flaw in the Linux kernel lets hackers inject malware into downloads and webpages.

Read about Flip Feng Shui (FFS), a new exploitation vector that allows an attacker virtual machine (VM) to flip a bit in a memory page of a victim VM that runs on the same host as the attacker VM.

There are also two interesting reports about APTs – ProjectSauron and MONSOON.

Top 5 Security Links
Data Breach At Oracle’s MICROS Point-of-Sale Division
A New Wireless Hack Can Unlock 100 Million Volkswagens
Abusing Kerberos to NTLM fallback to defeat BitLocker FDE
Vulnerability Exposes 900M Android Devices—and Fixing Them Won’t Be Easy
Hitler ‘ransomware’ offers to sell you back access to your files – but just deletes them