Difference between revisions of "Template:PSWPaul626"

From Paul's Security Weekly
Jump to: navigation, search
(Added With Paul's Craptastic Python Script)
 
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
#[https://futurism.com/neoscope/people-posting-their-genitals-reddit-sti-diagnoses People are posting their genitals on Reddit to get STI diagnoses]
+
#[https://www.helpnetsecurity.com/2019/11/06/active-directory-security/ Who is responsible for Active Directory security within your organization? - Help Net Security] - ''But 24% said that they don’t know who is responsible for Active Directory security within their organization – showing that sometimes this important function can fall through the cracks between IT and security teams.'' If you are one of these companies, we need to chat :)
#[https://www.helpnetsecurity.com/2019/11/06/active-directory-security/ Who is responsible for Active Directory security within your organization? - Help Net Security]
+
#[https://threatpost.com/presentation-template-build-your-2020-security-plan/149905/ Presentation Template: Build Your 2020 Security Plan] - Just one slide, big letters: ''We're Screwed''.
#[https://threatpost.com/presentation-template-build-your-2020-security-plan/149905/ Presentation Template: Build Your 2020 Security Plan]
+
#[https://www.darkreading.com/edge/theedge/a-warning-about-viruses-from-weird-al/b/d-id/1336281 A Warning About Viruses From Weird Al] - Thanks for burning my best email phishing campaign, "Stinky Cheese" was so successful!
#[https://www.darkreading.com/edge/theedge/a-warning-about-viruses-from-weird-al/b/d-id/1336281 A Warning About Viruses From Weird Al]
+
#[https://www.reuters.com/article/us-apple-privacy-idUSKBN1XG21J Apple publishes new technical details on privacy features] - ''Apple also outlined steps it has taken to cut off app developers that circumvent its rules. For example, even when users have turned off location-based services that use an iPhone’s GPS chips, app developers can scan for nearby Wi-Fi networks and Bluetooth devices to approximate the user’s location. Developers now must ask permission for Bluetooth access, for example, and explain why it is needed, Apple’s guides said.'' Googles respons is classic: ''Google Chief Executive Sundar Pichai said in a New York Times op-ed that “privacy cannot be a luxury good offered only to people who can afford to buy premium products.”'' Says the company with a $1k phone with less feature's than the iPhone 11...
#[https://www.reuters.com/article/us-apple-privacy-idUSKBN1XG21J Apple publishes new technical details on privacy features]
+
#[https://www.bbc.com/news/technology-50315540 Facebook reveals privacy flaw in Groups] - Crap, now they know where I get my memes: ''With permission, app developers could access a group's name, the number of members and the content of posts. However, they could only access member names and photos if people explicitly opted in. But on Tuesday, the company revealed that about 100 "partners" retained access following the change.''
#[https://www.bbc.com/news/technology-50315540 Facebook reveals privacy flaw in Groups]
 
 
#[https://www.securityweek.com/bug-hunters-earn-195000-hacking-tvs-routers-phones-pwn2own Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own | SecurityWeek.Com]
 
#[https://www.securityweek.com/bug-hunters-earn-195000-hacking-tvs-routers-phones-pwn2own Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own | SecurityWeek.Com]
 
#[https://securityaffairs.co/wordpress/93498/data-breach/camgirl-sites-compromised.html Camgirl sites expose millions of members and users]
 
#[https://securityaffairs.co/wordpress/93498/data-breach/camgirl-sites-compromised.html Camgirl sites expose millions of members and users]
 
#[https://medium.com/@daniel.dan/how-to-ensure-online-safety-with-dns-over-https-9095ce17a98f How to ensure online safety with DNS over HTTPS]
 
#[https://medium.com/@daniel.dan/how-to-ensure-online-safety-with-dns-over-https-9095ce17a98f How to ensure online safety with DNS over HTTPS]
 
#[https://www.helpnetsecurity.com/2019/11/07/protect-google-play/ Mobile security firms will help protect Google Play - Help Net Security]
 
#[https://www.helpnetsecurity.com/2019/11/07/protect-google-play/ Mobile security firms will help protect Google Play - Help Net Security]
#[https://www.csoonline.com/video/99247/printers-the-overlooked-security-threat-in-your-enterprise-techtalk Printers: The overlooked security threat in your enterprise | TECHtalk]
+
#[https://www.csoonline.com/video/99247/printers-the-overlooked-security-threat-in-your-enterprise-techtalk Printers: The overlooked security threat in your enterprise | TECHtalk] - Overlooked for sure, but attackers don't need to hack your printer. Largely we've observed attackers using other methods to obtain data, and printer attacks are not popular, yet. Email phishing and lateral movement within the domain using credentials wins almost every time. When we force attackers to step outside this technique, they may turn to printers, however its still an opportunistic attack.
 
#[https://www.darkreading.com/capital-one-shifts-its-ciso-to-new-role/d/d-id/1336296 Capital One Shifts Its CISO to New Role - Dark Reading]
 
#[https://www.darkreading.com/capital-one-shifts-its-ciso-to-new-role/d/d-id/1336296 Capital One Shifts Its CISO to New Role - Dark Reading]
#[https://securityaffairs.co/wordpress/93550/hacking/amazon-amazons-ring-video-doorbell-hack.html Amazons Ring Video Doorbell could open the door of your home to hackers]
+
#[https://securityaffairs.co/wordpress/93550/hacking/amazon-amazons-ring-video-doorbell-hack.html Amazons Ring Video Doorbell could open the door of your home to hackers] - The controversial title is beyond irresponsible, which I am shocked as this site is typically pretty good. First, you'd have to have a smart lock on your front door, and not use any other type of lock as a backup. Also, if you have smart locks, be certain you have cameras. And yes, an attacker could use the Doorbell vulnerability to get the Wifi password, open the door and then delete the recordings from the camera. But holy crap, how did we get here? In any case, in order for the vulnerability to be exploitable, the Ring doorbell must be re-configured. The article suggests that a constant de-auth attack could then, in turn, cause the user to re-configure the device, leaving it exposed to the vulnerability that will cough up the Wifi password.  All of this will likely just go away once Ring pushes an update. Every IoT security flaw is not the end of the world or even deserves an article to be written about it.
#[https://www.cnbc.com/2019/11/06/bill-gates-people-would-use-windows-mobile-if-not-for-antitrust-case.html Bill Gates says people would be using Windows Mobile if not for the Microsoft antitrust case]
+
#[https://www.cnbc.com/2019/11/06/bill-gates-people-would-use-windows-mobile-if-not-for-antitrust-case.html Bill Gates says people would be using Windows Mobile if not for the Microsoft antitrust case] - ''“There’s no doubt the antitrust lawsuit was bad for Microsoft, and we would have been more focused on creating the phone operating system, and so instead of using Android today, you would be using Windows Mobile if it hadn’t been for the antitrust case,” Gates, a Microsoft co-founder and board member, said at the New York Times’ DealBook conference in New York.'' Really? Somone send Bill a copy of "Extreme Ownership".
 
#[https://opensource.com/article/19/10/know-about-sudo What you probably didnt know about sudo]
 
#[https://opensource.com/article/19/10/know-about-sudo What you probably didnt know about sudo]
 
#[https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/ New 'unremovable' xHelper malware has infected 45,000 Android devices | ZDNet]
 
#[https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/ New 'unremovable' xHelper malware has infected 45,000 Android devices | ZDNet]
 +
 +
WTF:
 +
 +
#[https://futurism.com/neoscope/people-posting-their-genitals-reddit-sti-diagnoses People are posting their genitals on Reddit to get STI diagnoses] - ''“Social media was not built to deliver health care,” UC San Diego scientist and study co-author Alicia Nobles told CNBC.''

Latest revision as of 22:07, 7 November 2019

  1. Who is responsible for Active Directory security within your organization? - Help Net Security - But 24% said that they don’t know who is responsible for Active Directory security within their organization – showing that sometimes this important function can fall through the cracks between IT and security teams. If you are one of these companies, we need to chat :)
  2. Presentation Template: Build Your 2020 Security Plan - Just one slide, big letters: We're Screwed.
  3. A Warning About Viruses From Weird Al - Thanks for burning my best email phishing campaign, "Stinky Cheese" was so successful!
  4. Apple publishes new technical details on privacy features - Apple also outlined steps it has taken to cut off app developers that circumvent its rules. For example, even when users have turned off location-based services that use an iPhone’s GPS chips, app developers can scan for nearby Wi-Fi networks and Bluetooth devices to approximate the user’s location. Developers now must ask permission for Bluetooth access, for example, and explain why it is needed, Apple’s guides said. Googles respons is classic: Google Chief Executive Sundar Pichai said in a New York Times op-ed that “privacy cannot be a luxury good offered only to people who can afford to buy premium products.” Says the company with a $1k phone with less feature's than the iPhone 11...
  5. Facebook reveals privacy flaw in Groups - Crap, now they know where I get my memes: With permission, app developers could access a group's name, the number of members and the content of posts. However, they could only access member names and photos if people explicitly opted in. But on Tuesday, the company revealed that about 100 "partners" retained access following the change.
  6. Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own | SecurityWeek.Com
  7. Camgirl sites expose millions of members and users
  8. How to ensure online safety with DNS over HTTPS
  9. Mobile security firms will help protect Google Play - Help Net Security
  10. Printers: The overlooked security threat in your enterprise | TECHtalk - Overlooked for sure, but attackers don't need to hack your printer. Largely we've observed attackers using other methods to obtain data, and printer attacks are not popular, yet. Email phishing and lateral movement within the domain using credentials wins almost every time. When we force attackers to step outside this technique, they may turn to printers, however its still an opportunistic attack.
  11. Capital One Shifts Its CISO to New Role - Dark Reading
  12. Amazons Ring Video Doorbell could open the door of your home to hackers - The controversial title is beyond irresponsible, which I am shocked as this site is typically pretty good. First, you'd have to have a smart lock on your front door, and not use any other type of lock as a backup. Also, if you have smart locks, be certain you have cameras. And yes, an attacker could use the Doorbell vulnerability to get the Wifi password, open the door and then delete the recordings from the camera. But holy crap, how did we get here? In any case, in order for the vulnerability to be exploitable, the Ring doorbell must be re-configured. The article suggests that a constant de-auth attack could then, in turn, cause the user to re-configure the device, leaving it exposed to the vulnerability that will cough up the Wifi password. All of this will likely just go away once Ring pushes an update. Every IoT security flaw is not the end of the world or even deserves an article to be written about it.
  13. Bill Gates says people would be using Windows Mobile if not for the Microsoft antitrust case - “There’s no doubt the antitrust lawsuit was bad for Microsoft, and we would have been more focused on creating the phone operating system, and so instead of using Android today, you would be using Windows Mobile if it hadn’t been for the antitrust case,” Gates, a Microsoft co-founder and board member, said at the New York Times’ DealBook conference in New York. Really? Somone send Bill a copy of "Extreme Ownership".
  14. What you probably didnt know about sudo
  15. New 'unremovable' xHelper malware has infected 45,000 Android devices | ZDNet

WTF:

  1. People are posting their genitals on Reddit to get STI diagnoses - “Social media was not built to deliver health care,” UC San Diego scientist and study co-author Alicia Nobles told CNBC.