• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Black Hat & DEF CON Aftermath – WSWiR Episode 160

August 17, 2015 By Corey Nachreiner

Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that.

Last week’s stories included many car hacks, a OS X firmware worm, a big UK breach, tons of patches, and more. If you don’t watch my Daily Bytes, you can catch up all at once with the weekly video below. More importantly, I couldn’t cover many other interesting stories from last week, so if you are interested in those, check out the Reference section below.

(Episode Runtime: 15:10)

Direct YouTube Link: https://www.youtube.com/watch?v=AAIiPp3os1k

EPISODE REFERENCES:

  • Monday: Carphone Warehouse Gets Robbed – Daily Security Byte EP.122
    • Attackers steal 2.4M records from Carphone Warehouse – BBC
    • Carphone Warehouse releases breach FAQ for customers – CarPhone Warehouse
    • Talk Talk stored unprotected passwords – Computing
  • Tuesday: Thunder Strikes Mac Firmware Again – Daily Security Byte EP.123
    • A new Black Hat 0day can brick your Mac – TechCrunch
    • Thunderstrike 2 infects Mac firmware – Ars Technica
    • Researcher’s post on Thunderstrike 2 – TRMM.net
    • ThunderStrike 2 detailed presentation – TRMM.net
  • Wednesday: Piles of August Patches – Daily Security Byte EP.124
    • Microsoft Patch Day Summary for August 2015 – Microsoft
    • Adobe Flash security bulletin for August 2015 – Adobe
    • Get the latest Firefox security update, it’s big  – US-CERT
    • Apple’s security page, including August patches – Apple
  • Thursday: Car Hacking Revolution – Daily Security Byte EP.125
    • The full detailed white paper on the Uconnect hack – Illmatics
    • After 2yrs, researchers can finally release a vulnerability Volkswagen sued to suppress – Ars Technica
    • Text message hacks a Corvette via an “insurance dongle”  – Wired
    • Tesla Model S hackable [Link removed due to reports of malicious ads] – Mashable 
    • Tesla already fixed this – Bloomberg
    • The OwnStar attack allows hackers to unlock many cars – Engadget
  • Friday: Cisco iOS ROMMON hacks – Daily Security Byte EP.126
    • Cisco’s advisory on the mysterious iOS ROMMON attack – Cisco
    • Article covering this Cisco router attack – Ars Technica

EXTRAS:

  • My episode 8 analysis of Mr. Robot’s Hacking accuracy – GeekWire
  • Hacktivists deface Trump site to say Goodbye to Jon Stewart
    • Hacktivists hijack a Trump site to say goodbye to Jon Stewart – Motherboard
    • Archive post of Telecomix’s Stewart post at Trump – Archive.is
    • Interview with the Trump site defacers – Vice
    • Telecomix’s Pastebin post on the “operation” – Pastebin
  • Watch out for Windows 10 related social engineering scams – Tech Radar
  • Windows 10 spies on you unless you Opt-Out
    • How Win10 monitors you – BGR
    • Wired details Win10 security privacy settings – Wired
    • Win10 privacy tips – BGR
  • Attackers exploiting the Mac DYLD vulnerability in the wild – Fox News
  • Def Con is cancelled again(regular joke) – Motherboard
  • ICANN was breached again – Motherboard
  • A “Fed” does a Def Con talk right – Motherboard
  • Rolljam plays back codes to hack keyless entry systems – BGR
  • ApplePay is more security than US Chip & Pin? – PCMag
  • WiFi Sense makes no sense! – CNet
  • Hackers pull of real Oceans 11 heist at Def Con – Gizmodo
  • The gas pump honeypots – Motherboard
  • Pentagon email hacked (again) allegedly by Russia – The Register
  • Zeus author associated with Russian nation state actors – Forbes
  • Faceplant: An Electronic skateboard hack – Time
  • How a popular author dealt with his hijacked account – Ars Technica
  • Quick news video on DEF CON – NBC News
  • Patch for serious Android flaw now sufficient – Ars Technica
  • More news of foreign nation-states hacking UK gov email – The Guardian
  • The Hacking Team was using the old iOS Masque attack – Silicon Republic
  • Attacker’s hacked early press releases to get a leg up on trades – BGR
  • ATM skimmers get smaller and stealthier – Tech Crunch
  • Black Hat founder thinks vendor liability for flaws is inevitable – Threat Post
  • Oracle’s CSO tell white hat’s that vulnerability research breaks EULA – Mashable
    • Archived copy of the offending post – Archive.org
  • Researchers turn Square into CC skimmer – Mashable
  • Blackhat researcher pokes at GPS satellites – Time
  • CISA/CISPA keeps coming back, and getting tweaked – The Guardian
  • Researchers awarded for finding a new class of vulnerability in browsers – Phys.org
  • A pen-testing drone previewed at DEF CON – PDDNet
  • Using sound for two-factor auth – Wired
  • Hacker steals $46M from Ubiquiti – Krebs on Security
  • ProxyHAM: DEF CON hackers extend WiFi via radio proxies – TechHive
  • Researchers turn a computer into a cellular antenna to leak info – Computer World
  • Kaspersky accused of faking malware to weaken competitors – Reuters
  • Lenovo is still using tricks to install bloatware – Ars Technica
  • Stock hacker ring busted for insider trading – Reuters
  • Highlights article for DEF CON 23 – Wired
  • Malicious Ads on Weather.com – Ars Technica
  • The Android Stagefright patch doesn’t work – Ars Technica
  • Android vulnerabilities could leak fingerprints – Ars Technica

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Apple, Black Hat, car hacks, cisco, DEF CON, EFI, firefox, firmware, Hacking, Infosec news, Internet Explorer, Jeep, Microsoft, microsoft office, passwords, ROMMON, Router, Safari, Security breach, silverlight, Software vulnerabilities, Tesla Model S, Thunderstrike 2, Uconnect, Updates and patches, Usenix, Volkswagen

Comments

  1. Jacob Anderson says

    August 17, 2015 at 2:21 pm

    The Tesla article on Mashable hosts some malware in the form of a bad flash advertisement. My IE just reported a zillion:

    SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://static.adsafeprotected.com/detector3.pix cannot access .

    at flash.external::ExternalInterface$/_initJS()

    at flash.external::ExternalInterface$/addCallback()

    at detector3_fla::MainTimeline/registerExternalCallbacks()

    Yeah, Flash!

    Reply
    • Corey Nachreiner says

      August 17, 2015 at 2:28 pm

      Jacob,

      Thanks so the head up. It must be “dynamic ad” related as I scanned a few times with a few URL scanners (including our own) and I didn’t get any hits. However, since ads are dynamic to the visitor, perhaps I didn’t receive the Flash ad in question. In either case, I’ll kill the link for safety. Thanks for pointing it out!

      Corey

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use