Issue 30

Stack Clash: memory management Linux vulnerability

The vulnerability allows for local privilege escalation on Linux and *BSD systems, and potentially for remote execution as well. You'll want to patch asap.
Take a look at Qualys' blogpost here.

sophos.com

198 million US voter records exposed by analysis firm

An analyst at security firm Upguard found an unsecured S3 bucket holding the information of 198 million voters.

wired.com

EU draft to mandate end-to-end encryption

The EU released a draft proposal which also, among other things, would forbid EU nations to try and backdoor encrypted traffic.

tomshardware.com

OpenVPN patches critical remote code execution vulnerability

A Dutch researcher called Guido Vranken found four vulnerabilities (different ones than OpenVPN's audit turned up last month), which he disclosed privately until the patches were out.

threatpost.com

SMBv1 to be disabled in Windows Fall Creators Update

SMBv1 will be removed from Windows 10, starting with the upcoming RedStone 3 update due in September. They say this has been the plan for a long time, and not a reaction to WannaCry. Still, good news.

threatpost.com

Maintaining productivity while moving to a zero-trust network

This is the fourth installment in a set of research papers by Google on how they moved from a VPN-based model to a zero-trust network, which they call 'BeyondCorp'. In this setup you get access to services based on who you are and what machine you use, no matter where you are.

blog.google

Banks to reveal cyber security breaches to European Central Bank

Started this summer all European banks will have to reveal all incidents to the ECB, in an effort to map how many breaches occur and how they occur.

v3.co.uk

Honda was forced to shut down plant because of WannaCry infection

They missed the production of about 1000 scheduled cars, but were back up and running a few days later.

threatpost.com

Web-hosting firm pays over $1 million to ransomware

A South Korean hosting firm paid over a million in ransom to regain access to its 153 Linux servers, which were encrypted by a Linux variant of the Erebus malware.

welivesecurity.com

Following the money on the vDOS attack-for-hire service

Very interesting article on how researchers teamed up with Paypal to impede the DDoS-for-hire subscription service vDOS. The service was responsible for launching about 915.000 DDoS attacks, and at its peak earned its creators $42,000 per month.

krebsonsecurity.com

Reverse engineering guide for beginners: methodology and tools

Fun and short introduction to reverse engineering, by taking a look from a beginner point of view at both a static and dynamic analysis tool.

0x00sec.org

Sponsorship

Full Stack Fest 2017: Barcelona, 4-8 Sept.

Week-long conference based in the amazing city of Barcelona that peeks into the web of tomorrow. Serverless, blockchain, WebVR, distributed web, progressive web apps, and more. Use the code SECNEWS for a 10% discount.

fullstackfest.com