Black Hat & DEF CON Aftermath – WSWiR Episode 160

Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that.

Last week’s stories included many car hacks, a OS X firmware worm, a big UK breach, tons of patches, and more. If you don’t watch my Daily Bytes, you can catch up all at once with the weekly video below. More importantly, I couldn’t cover many other interesting stories from last week, so if you are interested in those, check out the Reference section below.

(Episode Runtime: 15:10)

Direct YouTube Link: https://www.youtube.com/watch?v=AAIiPp3os1k

EPISODE REFERENCES:

• Monday: Carphone Warehouse Gets Robbed – Daily Security Byte EP.122
  • Attackers steal 2.4M records from Carphone Warehouse – BBC
  • Carphone Warehouse releases breach FAQ for customers – CarPhone Warehouse
  • Talk Talk stored unprotected passwords – Computing
• Tuesday: Thunder Strikes Mac Firmware Again – Daily Security Byte EP.123
  • A new Black Hat 0day can brick your Mac – TechCrunch
  • Thunderstrike 2 infects Mac firmware – Ars Technica
  • Researcher’s post on Thunderstrike 2 – TRMM.net
  • ThunderStrike 2 detailed presentation – TRMM.net
• Wednesday: Piles of August Patches – Daily Security Byte EP.124
  • Microsoft Patch Day Summary for August 2015 – Microsoft
  • Adobe Flash security bulletin for August 2015 – Adobe
  • Get the latest Firefox security update, it’s big  – US-CERT
  • Apple’s security page, including August patches – Apple
• Thursday: Car Hacking Revolution – Daily Security Byte EP.125
  • The full detailed white paper on the Uconnect hack – Illmatics
  • After 2yrs, researchers can finally release a vulnerability Volkswagen sued to suppress – Ars Technica
  • Text message hacks a Corvette via an “insurance dongle”  – Wired
  • Tesla Model S hackable [Link removed due to reports of malicious ads] – Mashable 
  • Tesla already fixed this – Bloomberg
  • The OwnStar attack allows hackers to unlock many cars – Engadget
• Friday: Cisco iOS ROMMON hacks – Daily Security Byte EP.126
  • Cisco’s advisory on the mysterious iOS ROMMON attack – Cisco
  • Article covering this Cisco router attack – Ars Technica

EXTRAS:

• My episode 8 analysis of Mr. Robot’s Hacking accuracy – GeekWire
• Hacktivists deface Trump site to say Goodbye to Jon Stewart
  • Hacktivists hijack a Trump site to say goodbye to Jon Stewart – Motherboard
  • Archive post of Telecomix’s Stewart post at Trump – Archive.is
  • Interview with the Trump site defacers – Vice
  • Telecomix’s Pastebin post on the “operation” – Pastebin
• Watch out for Windows 10 related social engineering scams – Tech Radar
• Windows 10 spies on you unless you Opt-Out
  • How Win10 monitors you – BGR
  • Wired details Win10 security privacy settings – Wired
  • Win10 privacy tips – BGR
• Attackers exploiting the Mac DYLD vulnerability in the wild – Fox News
• Def Con is cancelled again(regular joke) – Motherboard
• ICANN was breached again – Motherboard
• A “Fed” does a Def Con talk right – Motherboard
• Rolljam plays back codes to hack keyless entry systems – BGR
• ApplePay is more security than US Chip & Pin? – PCMag
• WiFi Sense makes no sense! – CNet
• Hackers pull of real Oceans 11 heist at Def Con – Gizmodo
• The gas pump honeypots – Motherboard
• Pentagon email hacked (again) allegedly by Russia – The Register
• Zeus author associated with Russian nation state actors – Forbes
• Faceplant: An Electronic skateboard hack – Time
• How a popular author dealt with his hijacked account – Ars Technica
• Quick news video on DEF CON – NBC News
• Patch for serious Android flaw now sufficient – Ars Technica
• More news of foreign nation-states hacking UK gov email – The Guardian
• The Hacking Team was using the old iOS Masque attack – Silicon Republic
• Attacker’s hacked early press releases to get a leg up on trades – BGR
• ATM skimmers get smaller and stealthier – Tech Crunch
• Black Hat founder thinks vendor liability for flaws is inevitable – Threat Post
• Oracle’s CSO tell white hat’s that vulnerability research breaks EULA – Mashable
  • Archived copy of the offending post – Archive.org
• Researchers turn Square into CC skimmer – Mashable
• Blackhat researcher pokes at GPS satellites – Time
• CISA/CISPA keeps coming back, and getting tweaked – The Guardian
• Researchers awarded for finding a new class of vulnerability in browsers – Phys.org
• A pen-testing drone previewed at DEF CON – PDDNet
• Using sound for two-factor auth – Wired
• Hacker steals $46M from Ubiquiti – Krebs on Security
• ProxyHAM: DEF CON hackers extend WiFi via radio proxies – TechHive
• Researchers turn a computer into a cellular antenna to leak info – Computer World
• Kaspersky accused of faking malware to weaken competitors – Reuters
• Lenovo is still using tricks to install bloatware – Ars Technica
• Stock hacker ring busted for insider trading – Reuters
• Highlights article for DEF CON 23 – Wired
• Malicious Ads on Weather.com – Ars Technica
• The Android Stagefright patch doesn’t work – Ars Technica
• Android vulnerabilities could leak fingerprints – Ars Technica

— Corey Nachreiner, CISSP (@SecAdept)

Share This: