Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

Reboot It! Episode 73 with Bill Gardner, Justin Rogosky, and Benny Karnes

 

Upcoming Conferences

 BSides London

June 7

London, UK

https://www.securitybsides.org.uk/

 

CircleCityCon

June 9-11

Sheraton Indianapolis City Centre Hotel

Indianapolis, IN

https://circlecitycon.com/

 

BSides Pittsburgh

June 9

Pittsburgh, PA

https://www.bsidespgh.com/

 

B-Sides Cleveland

June 23- June 24

B Side Liquor Lounge & The Grog Shop

Cleveland, OH

https://bsidescle.com/

 

Cyber Security World

June 28-29

Magnolia Hotel

Denver, Co

http://cybersecurityworld.misti.com/

 

 

Black Hat USA 2017

Trainings: July 22-25

Conference: July 26-27

Mandalay Bay

Las Vegas, NV

https://www.blackhat.com/us-17/

 

BSidesLV

July 25-26

The Tuscany Suites

Las Vegas, NV

https://www.bsideslv.org

 

DEFCON 25

Caesar's

Las Vegas, NV

July 27-30

https://www.defcon.org/

 

DerbyCon 7.0  “Legacy”

Training: September 20-21

Conference: September 22-24

Hyatt Regency

Louisville, KY

SOLD OUT

CFP is open

https://www.derbycon.com

 

Bsides DC

October 6-8

Renaissance

Washington, DC

CFP is open

http://www.bsidesdc.org/

 

SkyDogCon

October 20-22

Embassy Suites - Nashville South Cool Springs

Franklin, TN

http://www.skydogcon.com/

 

GrrCON

October 26-27

DeVos Place

Grand Rapids, MI

CFP is open

http://grrcon.com/

 

Bsides Raleigh

October 28

Wells Fargo IMAX Theater

Raleigh, NC

CFP is open

http://www.bsidesraleigh.ninja/home.html

 

BSides Charleston

November 11

College of Charleston

Charleston, SC

http://www.bsidescharleston.com/

 

 

Hack3rCon 8

The “Ocho”

November 17-19

South Charleston, WV

CFP is open

CFP closes Sept 1

http://securewv.com/

  

Stories

Booz Allen Hamilton Leaves U.S. Government Files On Unprotected Amazon Server

http://www.ibtimes.com/booz-allen-hamilton-leaves-us-government-files-unprotected-amazon-server-2545935

 

Silk Road Founder Ross Ulbricht Loses Appeal In Trial Connected To Dark Web

http://www.ibtimes.com/silk-road-founder-ross-ulbricht-loses-appeal-trial-connected-dark-web-2546059

 

2017 Has Already Racked Up 1,200 Breaches--On Pace for Worst Year Ever

https://www.infosecurity-magazine.com/news/2017-has-already-racked-up-1200/

 

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

http://www.theregister.co.uk/2017/05/30/shadow_brokers_subscription_service/

 

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems.

https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/

 

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

 

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions or gain root shell.

https://www.cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/

 

Comcast Wi-Fi serving self-promotional ads via JavaScript injection

Comcast has begun serving Comcast ads to devices connected to one of its 3.5 million publicly accessible Wi-Fi hotspots across the US. Comcast's decision to inject data into websites raises security concerns and arguably cuts to the core of the ongoing net neutrality debate.

https://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

 

 

Google debuts a new way to follow your footsteps around the web

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

 To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

https://nakedsecurity.sophos.com/2017/05/25/google-debuts-a-new-way-to-follow-your-footsteps-around-the-web/

 

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/