From Security Weekly WikiJump to navigationJump to search
#[https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html/ CCTV DVR systems Hacked, Used in DDoS Attack
#[http://www.v3.co.uk/v3-uk/news/2463269/the-top-5-security-threats-and-how-to-defend-against-them "The Top 5 Security Threats] - TL;DL: XSS, SQLi, social engineering, "APTs", Insider Threat. More fluff from a news site that wants me to disable my ad blocker to read the rest of the article.
#[http://www.bbc.com/news/technology-36661557 Facebook 'Hack' Victim Exposes Passport Scam] - Apparently you can fake a photo of a Passport, anduse that to gain access to someone's Facebook account. No matter how much OPSEC you got, you are vulnerable to this. This is clearly Facebook's problem, however, I will give shout outs to Facebook's internal security and incident response team for helping us this week.
#[http://www.theinquirer.net/inquirer/news/2463219/symantec-security-flaws-are-as-bad-as-it-gets-claims-googles-project-zero "Symantec Flaws As Bad As It Gets] - ''Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers. An attacker could easily compromise an entire enterprise fleet using a vulnerability like this.'' Whoa. Turns out the unpacking of executables is really error prone and vulnerable.
#[http://www.theregister.co.uk/2016/06/30/hackers_ditch_malware_to_move_around_networks/ Hackers Note That Most Breaches Just Need Normal Admin Tools] - Oh, captain obvious reports that after attackers break into networks they use Nmap, Angry IP scanner, TeamViewer and VNC. Not sure why this is news... Begs the question though, do you blend if you use the same tools as the local admins?