TrustedSec Security Podcast Episode 19 for August 20, 2015. This podcast is hosted by Rick Hayes, Scott White, Martin Bos and Justin Elze.
Visit the show notes page to download the Podcast or check us out on iTunes!
Download Page https://www.trustedsec.com/podcasts/trustedsec-security-podcast-episode-19.mp3
XML Page https://www.trustedsec.com/podcasts/trustedsecsecuritypodcast.xml
Announcements:
Bsides Augusta
When: Sept 12, 2015
Where: Augusta, GA
http://www.securitybsides.com/w/page/92419092/BSidesAugusta%202015
Derbycon Training
When: September 23-24, 2015
Where: Louisville, KY
https://www.derbycon.com/training-courses
Derbycon 5.0 “Unity”
When: September 25-27, 2015
Where: Louisville, KY
http://www.derbycon.com
Grrcon *
When: Oct 9-10, 2015
Where: Grand Rapids, MI
http://grrcon.com
HouSecCon
When: October 15, 2015
Where: Houston, TX
http://houstonseccon.com/v6
Skydogcon
When: Oct 16-18, 2015
Where: Nashville, TN
http://www.skydogcon.com
SecureWV
When: Nov 6-9, 2015
Where: Charleston, WV
http://securewv.com
BSides Delaware
When: Nov 13-14, 2015
Where: New Castle, DE
http://www.bsidesdelaware.com
Stories:
Source: http://www.cnet.com/news/you-can-look-but-ashley-madison-information-is-hard-to-verify/
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
The release of stolen data from Ashley Madison by Impact Team was released as promised because the AM site wasn’t shut down as requested.
The hackers said they were upset about Ashley Madison’s policy for deleting user data when requested. The company has long offered members the ability to scrub their profiles and information from the site for $19, a feature that BuzzFeed News said generated nearly $2 million in 2014. But, as the breach showed, the data remained.
“We have explained the fraud, deceit, and stupidity of A.L.M. and their members,” Impact Team wrote, referring to Avid Life Media. “Now everyone gets to see their data.”
On Tuesday, hackers appeared to make good on a threat to release what they said was 9.7 gigabytes of account and credit card information from 37 million users of the site.
Source: https://www.rawstory.com/2015/08/hacked-ashley-madison-data-reveals-accounts-listed-in-josh-duggars-name-report
Former reality show star and anti-LGBT activist Josh Duggar had two paid accounts on the infidelity-based match-making website Ashley Madison, Gawker reported on Wednesday.
Data posted after the website was hacked shows accounts listed under the name “Joshua J. Duggar,” with one listing an address matching the home that was featured on the Learning Channel program 19 Kids and Counting. Another address, which was opened in July 2014, was listed under an address in Oxon Hill, Maryland.
Source: http://motherboard.vice.com/read/hackers-dump-more-ashley-madison-data
Looks like there may be an additional dump that allegedly belongs to AM that has been released.
Source: https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-750000-for-disabling-conference-hotspots
The US Federal Communications Commission (FCC) has fined a telecommunications company a whopping $750,000 (nearly £500,000) for blocking consumers’ Wi-Fi “personal hotspots” at convention centers around the country.
The FCC announced the fine on Tuesday, saying that Smart City Networks had been blocking personal hotspots being used by convention visitors and exhibitors who used their own data plans rather than paying Smart City “substantial fees” to use its Wi-Fi service.
Source: http://www.spamfighter.com/News-19789-Cyber-Espionage-Gang-Employing-Exploits-after-Repurposing-them-Caution-Security-Specialists.htm
According to security specialists, one prominent cyber-espionage gang that steals attack codes of Hacking Team has been making newer uses of them in assaults against corporate executives halting in luxury hotels, thus reported wired.co.uk, August 10, 2015.
The gang, which’s nicknamed “Darkhotel,” is known to attack since 2007 utilizing different spear-phishing mechanisms.
Darkhotel’s hacking assaults presently rely on zero-day security flaw within Flash Player of Adobe which earlier was used in the spyware services of Hacking Team. By utilizing certain hijacked website, Darkhotel hackers have been contaminating target PCs with aid of the Adobe flaw.
Source: http://ir.web.com/releasedetail.cfm?ReleaseID=928078
Web.com, a Florida-based web hosting company with up to 3.3 Million customers, has suffered a data breach and may have compromised personal information and credit card data belonging to 93,000 of its clients.
The company on Tuesday confirmed that some unknown hackers had breached one of its computer systems on August 13, 2015, and accessed personal information of nearly 93,000 customers.
Web.com, with the goal to help small businesses succeed online, uncovered the unauthorized activity as part of its ongoing security monitoring and shutdown process.
The stolen information includes:
Credit Card information
Actual Names associated with the payment cards
Residential Addresses
Source: https://threatpost.com/lenovo-hit-with-criticism-over-second-rootkit-like-utility/114261
Lenovo is under fire again for installing a covert utility on laptops and desktops that some users have compared to a rootkit. The issue stems from a utility called the Lenovo Service Engine, that is designed to collect some system information and send it to Lenovo at the time the machine connects to the Internet. But some Lenovo users discovered that even after reinstalling a fresh version of Windows, the LSE software reinstalls itself and prompts users to install another piece of software.
“Lenovo Service Engine (LSE) is a utility in the BIOS for certain Lenovo desktop systems. It automatically sends non-personally identifiable system data to a Lenovo server one time when the system is first connected to the internet and then does not send any additional data,” Lenovo says in an advisory.
The post TrustedSec Security Podcast Episode 19 – AM, More AM, FCC Fine, Darkhotel, Web.com, Lenovo appeared first on TrustedSec - Information Security.