HackDig : Dig high-quality web security articles for hacker

TrustedSec Security Podcast Episode 5 – Cryptolocker, WordPress 0-day, Google Glass 2.0, Websense, and OSINT

2015-04-28 21:40

TrustedSec Security Podcast Episode 5 for April 28, 2015.  This podcast is hosted by Rick Hayes and Doug Hiwiller

Visit the show notes page to download the Podcast or check us out on iTunes!
Download Page https://www.trustedsec.com/podcasts/trustedsec-security-podcast-episode-5.mp3
XML Page https://www.trustedsec.com/podcasts/trustedsecsecuritypodcast.xml

Announcements:
Derbycon 5.0 “Unity”
When: September 23rd-27th, 2015
Where: Louisville, KY
http://www.derbycon.com/

Stories:

Source:   http://blogs.cisco.com/security/talos/teslacrypt
After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to many variants and campaigns targeting even localized regions in their own specific languages.

Source: http://arstechnica.com/security/2015/04/27/just-released-wordpress-0day-makes-it-easy-to-hijack-millions-of-websites/
The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.  Both vulnerabilities are known as stored, or persistent, cross-site scripting (XSS) bugs.  WordPress released a critical security update that fixes the 0day vulnerability: https://wordpress.org/news/2015/04/wordpress-4-2-1/.

Source:  http://thehackernews.com/2015/04/google-glass-luxottica.html
The details of the next version of Google Glass has been revealed – the search engine giant is planning to launch Google Glass 2.0 soon.

Massimo Vian, the chief executive officer of Italian eyewear company Luxottica, said his company is working with Google engineers on not just one, but two new versions of the Google’s Internet-connected eyewear device.

Luxottica is better known for its two famous brands owns brands – Oakley and Ray-Ban. It is also the same company that worked with the search engine giant on frames for the original version of Google Glass.
Source: http://www.securityweek.com/websense-employees-targeted-fake-raytheon-acquisition-emails
US defense contractor Raytheon announced earlier this month that it’s prepared to acquire network security firm Websense in a $1.9 billion deal. Malicious actors have leveraged this announcement in an attempt to trick Websense employees into installing a piece of malware on their computers.

According to Websense, malicious emails with the subject line “Welcome to join Raytheon” started landing in employees’ inboxes on April 23, just three days after the announcement was made. The body of the emails read, “Welcome to join Raytheon. The password is 123qwe.”

Source: https://itauditsecurity.wordpress.com/2015/04/27/acl-automate-active-directory-downloads/
Are you looking for a way to automate the download of data from Active Directory?

Source:  http://www.securityweek.com/osint-alone-does-not-equal-threat-intelligence
Many businesses right now think Open Source Intelligence (OSINT) is the totality of threat intelligence and many are willing to pay handsomely for this latest fashion trend without any real notion of how or why to put it to work.

In other words, as I listened to one after another vendor and solution seeker alike, each seemed to convey that gaining usable intelligence on potential cyber threats facing businesses was best accomplished by focusing on data that’s freely available on the uppermost parts of the internet each and every day. And they seemed very willing to pay for tools to exploit it in spades based almost solely on the shiny labels.

 

The post TrustedSec Security Podcast Episode 5 – Cryptolocker, WordPress 0-day, Google Glass 2.0, Websense, and OSINT appeared first on TrustedSec - Information Security.


Source: /seton-wohs-5-edosipe-pst/5102-lirpa/moc.cesdetsurt.www

Read:1939 | Comments:0 | Tags:April 2015

“TrustedSec Security Podcast Episode 5 – Cryptolocker, WordPress 0-day, Google Glass 2.0, Websense, and OSINT”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud