Hack Naked TV April 7 2016
From Paul's Security Weekly
Welcome to another episode of Hack Naked TV recorded April 7th 2016. Paul covers Car malware, Ubuntu Kernel Vulns patched, OSVDB shut down, Flash Zero days, and CEO phishing scams.
- Your car's computers might soon get malware protection - Anti-Virus software is coming to to your car! Okay, well, more like whitelisting software for ECUs as the anti-malware technology prevents any code that's not part of the factory settings from running on the ECU. the technology builds a whitelist of all the binaries, processes, scripts and network behavior that the ECU manufacturer intended blocks everything else. So, make sure you update the A/V software on your car at your next oil change. (http://www.jokesoftheday.net/jokes-archive/2012/05/16/joke-funny-photo-Car-Security-Overkill.jpg)
- Ubuntu Patches Kernel Vulnerabilities - Kernel vulnerabilities in Ubuntu's implementation of the Linux Kernel were patched today. Version 12, 14 and 15 should be updated to the latest versions to avoid 2 denial of service conditions and 1 DOS bug with the potential for remote code execution. If you're running Ubunto 15.10 on a Raspberry PI 2, there are some additional patches just for you! (http://www.mindskin.com/p/141/ubun.jpg)
- OSVDB Shuts Down For Good - OSVDB was a great resource for the security community, but due to lack of participation and support from the community, they have made the decision to shut down. I'd like to thank all those involved for keeping the project going for so long. The OSVDB blog will continue, and hopefully provide snarky commentary to the security vulnerabilities being released. (https://vulndb.files.wordpress.com/2013/04/mascot-bug-transparent.png?w=600&h=576)
- Flash zero-day in the wild to be fixed by Adobe - A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 184.108.40.206 and earlier. Exploits in the wild are for Windows platforms, but if you do use Flash you'll want to be on the latest version regardless of platform. However, who knows just how many more vulnerabilities are going to be exposed in Flash, so better not to use it at all or heavily restrict your browser from loading Flash objects.(http://www.pmslweb.com/the-blog/wp-content/uploads/2012/03/2-time-spent-on-Adobe-graph.gif)
- FBI: $2.3 Billion Lost to CEO Email Scams - Krebs is reporting an increase in CEO impersonation phishing attacks. Acting as the CEO they request a wire transfer and wire themselves some money. Apparently its working as the total is now $2.3 billion. Make certain you have a business process in place to approve wire transfers in person rather than email! (http://s2.quickmeme.com/img/74/74df3a4b9cafac8e278462dbc7350cdd2f3426cf2e9f948acfb2f36ead935106.jpg)