Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь!

Incident report on memory leak caused by Cloudflare parser bug https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/
NSA-leaking Shadow Brokers just dumped its most damaging release yet https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/
New ransomware, old techniques: Petya adds worm capabilities https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
The MeDoc Connection http://blog.talosintelligence.com/2017/07/the-medoc-connection.html
Threat Spotlight: Follow the Bad Rabbit http://blog.talosintelligence.com/2017/10/bad-rabbit.html
Equifax website hack exposes data for ~143 million US consumers https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/
We have broken SHA-1 in practice http://shattered.io/
ROCA: Vulnerable RSA Key Generation https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
KRACK Attacks: Breaking WPA2 https://www.krackattacks.com/
Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) https://motherboard.vice.com/en_us/article/53847a/camera-dildo-svakom-siime-eye-hacked-livestream
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Блокування веб-русурсів в Україні
МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру” http://life.pravda.com.ua/society/2017/12/29/228234/
Мінінформ оприлюднить доповнення до списку заборонених сайтів http://www.pravda.com.ua/news/2017/12/29/7167028/
#FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 91.mp3
Category:Technology -- posted at: 8:06pm CEST
Comments[0]

Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите!

00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend https://www.facebook.com/ruheight
https://informnapalm.org/uca/
http://usa.mfa.gov.ua/ua/consular-affairs/services/passport
00:07:26 Apple и все все все
Why 'blank' Gets You Root https://objective-see.com/blog/blog_0x24.html
As Apple fixes macOS root password hole, here's what went wrong http://www.theregister.co.uk/2017/11/29/apple_macos_high_sierra_root_bug_patch/
https://forums.developer.apple.com/thread/79235
https://twitter.com/fristle/status/935670476214378496
Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1 https://support.apple.com/en-us/HT208317
MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/
Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' https://www.theregister.co.uk/2017/11/13/iphone_x_face_id/
Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out https://9to5mac.com/2017/12/07/homekit-vulnerability/
00:12:50 John McAfee https://twitter.com/officialmcafee/status/935900326007328768/photo/1
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin https://www.darkreading.com/cloud/bitcoin-miner-nicehash-hacked-possibly-losing-$62-million-in-bitcoin/d/d-id/1330585
Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными https://forklog.com/sajt-blokchejn-proekta-confido-nedostupen-vse-profili-komandy-proekta-okazalis-poddelnymi/
00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine http://securityaffairs.co/wordpress/66475/hacking/cve-2017-11937-malware-protection-engine.html
00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
00:18:28 Intel Management Engine pwned by buffer overflow https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/
00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts http://securityaffairs.co/wordpress/66432/hacking/keylogger.html
Websites use your CPU to mine cryptocurrency even when you close your browser https://arstechnica.com/information-technology/2017/11/sneakier-more-persistent-drive-by-cryptomining-comes-to-a-browser-near-you/
00:19:09 Android flaw lets attack code slip into signed apps https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/
00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters http://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 90_1.mp3
Category:Technology -- posted at: 12:20pm CEST
Comments[0]

1