Security News: September 26, 2019 – PSW #621 – Digitalmunition

News Security News: September 26, 2019 - PSW #621

Published on September 27th, 2019 📆 | 8098 Views ⚑


Security News: September 26, 2019 – PSW #621

DigitalMunition Productions



How a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints of people without their say-so, Selfie Android Apps push ads and can record audio, and how adopting DevOps leads to an improved security posture!

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The DigitalMunition Sponsor’s Page

Paul’s Stories

  1. Top 5 Git Security Mistakes – Security Boulevard
  2. CrowdStrike-Ukraine Explained
  3. Security capabilities are lagging behind cloud adoption – Help Net Security
  4. Rise of RDP as a target vector – Help Net Security
  5. Google wins landmark case: Right to be forgotten only applies in EU
  6. Honeywell Launches New Industrial Cybersecurity Platform | SecurityWeek.Com
  7. Slideshows – DigitalMunition
  8. What Is CrowdStrike and Why Is Donald Trump Blabbering About It to Ukraine
  9. Think You Don’t Need a VPN? Use One Anyway
  10. Confused why Trump fingered CrowdStrike in that Ukraine call? You’re not the only one…
  11. Magecart Targets Routers For Commercial Wi-Fi Networks
  12. Adopting DevOps practices leads to improved security posture – Help Net Security
  13. How can we thwart email-based social engineering attacks? – Help Net Security
  14. USBsamurai for Dummies: How To Make a Malicious USB Implant & Bypass Air-Gapped Environments for 10$. The Dumb-Proof Guide.
  15. Vimeo sued for storing faceprints of people without their say-so
  16. Cylance Founder Stuart McClure Leaves BlackBerry | SecurityWeek.Com
  17. There Is Life for the CISO After a Breach | SecurityWeek.Com
  18. Cisco Patches 13 High-Severity Router and Switch Bugs
  19. Most of Ecuadors Population gets hacked
  20. Botnet exploits recent vBulletin flaw to protect its bots
  21. Help! My AWS Server Has Been Hacked!

Larry’s Stories

  1. Github Acquires Semmle – does that mean we now get free code audits?
  2. Snowden sued for his memoir – because he did not submit it to the publications office first…
  3. MITRE updates the top CWE 25

Jeff’s Stories

  1. 24 hours.150 speakers. FREE. Online. 150 practitioner-led sessions across 5 tracks, followed by live Q&A on Slack. not technically a story, but looks kinda cool…and it’s FREE!
  2. Hacker Takes Over Couple’s Smart Home, Plays Vulgar Music And Raises Temperature to 90 Degrees
  3. Security Warning For 23 Million YouTube Creators Following ‘Massive’ Hack Attack
  4. What kind of information do hackers get from hospital data breaches?
  5. How Trump’s Ukraine Mess Entangled CrowdStrike Trump? Ukraine? CrowdStrike? NSA? Hmmm….
  6. Here’s what it’s like being a hacker millionaire under the age of 25
  7. Cisco releases guides for incident responders handling hacked Cisco gear

Lee’s Stories

  1. Selfie Android Apps Push Ads, Can Record Audio Two Android apps with 1.5 million installs aggressively push adware to targeted devices. Include “SYSTEM_ALERT_WINDOW” permission which can be used for clickjacking attacks and “RECORD_AUDIO” permission which allows audio recording without user permission.
  2. Mattress Company Leaks Data Records of 387K Customers Wis.-based Verlo Matteress Factory leaked PII, purportedly only from a single store, through non-password protected database. Users may lose sleep as it also included information about the victim’s systems, IP, ports, pathways and storage.
  3. Edge Computing will become more important than Cloud Computing by 2025 Linux Foundations’ Baetyl and Fledge projects designed to make edge computing ecosystem open and interoperable without ties to specific hardware, chip, cloud or OS.
  4. Google wins EU privacy case Ruling that right to be forgotten only applies for searches within the 28 country EU block.
  5. Thinkful resets passwords after breach exposes coders Company credentials used by developers were exposed. Most likely source was a phishing attack aginst sysetm administrator. Speculation is that acquisition by Chegg, increased the attack surface, and market position and provided opportunity.
  6. vBulletin Zero-Day Exploited in the Wild after Exploit Release CVE-2019-16759 allows RCE from remote unauthenticated user to via HTTP POST request. Sample Python code exploit released. No vendor fix. Mitigation: firewall or offline.
  7. Magecart Web Skimming Group targets Public Hotspots and Mobile UsersWeb Skimming, targeting card not present vulnerabilities, using “Swiper” javascript library. Not a single group, L7 controls and checking your third-party code advised.
Jeff Man
Jeff Man – Sr. InfoSec Consultant
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Matt Alderman
Matt Alderman – CEO
Paul Asadoorian
Paul Asadoorian – Founder & CTO
  • We have exciting news about the DigitalMunition webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at
  • DigitalMunition will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!

Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *