Security Roundup - 2016-04-27
Apparently, the Bangladash Bank was hacked recently, and almost taken for $1 billion dollars! The attack vector? Cheap network switches, providing neither a firewall or the ability to logically separate network traffic.
The personal info of 93.4 Million Mexicans recently occurred due to a publicly exposed database.
In security, humans are the weakest element. In order to make security training more interesting and memorable, one company has started ‘Game Of Threats’ where teams compete against each other in a game to learn more about what threats organizations face.
AV products are introducing ‘sandboxing’, where they isolate a process from the rest of the system and monitor for bad behavior before allowing it to be run. Nettitude has an interesting write up on how they broke out of Avast’s Sandbox.
PeerLyst goes over some lesser known options to unregister windows functions actually allows you to trigger remote code execution.
Or how about one hackers journey to claim a Facebook bug bounty led them to find a number of vulnerabilities in a product Facebook uses? Also found: Webshells from previous attackers.
Ars has an interesting article on the ‘Nuclear’ Exploit Kit. I found it interesting about how it uses user agents to tailor payload and/or to evade detection.