Exploit Attempts for Drupal RESTWS Module Vulnerablity https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/ Google France XSS Vulnerability https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/ Pokemon Go Continues to Lead to Malware https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/ VMWare Update Fixes Escape Vulnerablity https://www.vmware.com/security/advisories/VMSA-2016-0014.html
If it's Free, YOU are the Product https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/ Weak MySQL Configurations Can Lead To Privilege Escalation http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html Full Disk Encryption Ransomware https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
Upgrading Security to MacOS Sierra https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/ PCI PIN Transation Security / Point of Interaction Update https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf IMAPS Scans https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
Spikes in SNMP Traffic: Looking for PCAPs https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/ New Version of Wireshark Released https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html XEN Hypervisor Vulnerabilities https://xenbits.xen.org/xsa/ Google Moving Ahead With HTTP Phaseout https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Old Windows Media Player DRM Feature Still Used To Install Malware http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html SEC503 Intrusion Detection in Depth Online Training https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
Google September Android Security Update https://source.android.com/security/bulletin/2016-09-01.html Hard Coded Password / Key Issue Gets Worse http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html Snagging Credentials From Locked Machines (Windows and OS X) https://room362.com/post/2016/snagging-creds-from-locked-machines/
Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities https://support.apple.com/en-us/HT201222 Malware Delivered via ".pub" Files https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/ Sophos Anti Virus False Positive Causes Blue Screen of Death https://community.sophos.com/kb/en-us/125000 Adobe Reviving Flash for Linux https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html Google Patches Nexuse 5X Vulnerability https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
Malware Using Maxmind For Geolocation https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/ Content Security Policy of Limited Use in Real World https://research.google.com/pubs/pub45542.html CryptWare Bitlocker Enhancement Vulnerability https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt Google Releases Chrome 53 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
Abobe ColdFusion Update https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html OS X Bittorrent Client Transmission Backdoored http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/ Vulnerable REDIS Instances Used by Fake Ransomware https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
Today's Locky Variant Arrives as a Windows Script File https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/ OneLogin Breached and Secure Notes Lost https://www.onelogin.com/blog/august-2016-incident USB Memory Stick Can Be Used to Exfiltrate Data Wireless http://cyber.bgu.ac.il/t/USBee.pdf Jail Break App in Apple's App Store https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
CA WoSign Law Validation Policy https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I FBI Warns Of Vulnerabilities in State Election Websites https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords https://bugs.chromium.org/p/project-zero/issues/detail?id=917 Bank ATMs Compromised via Malicious EMV Chip https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
Spam with Obfuscated Javascript https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/ Another Day - Another Ransomware Sample https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/ OpenSSL Update https://www.openssl.org/news/openssl-1.1.0-notes.html Opera Sync Server Breached https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/ Fake Windows Update Delivers Ransomware http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/ Dropbox Resets Old Passwords After Data Leak https://www.dropbox.com/help/9257?oref=e
Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/ Nginx DNS Resolver Issue (Windows Only) http://blog.zorinaq.com/nginx-resolver-vulns/ Wifi Signals Can Be Used for Keystroke Sniffing https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
Multiple Vulnerabilities in BHU Router http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html Smart Socket Vulnerability https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/ Smart Security Cameras are Spying on You http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e Veracrypt 1.18a With Limited UEFI Support https://veracrypt.codeplex.com/releases/view/625477
One Compromised Site - 2 Exploit Campaigns https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/ Shadow Broker Leak Vendor Responses https://blogs.cisco.com/security/shadow-brokers http://fortiguard.com/advisory/FG-IR-16-023 Google Releases OS X Whitelisting Application https://github.com/google/santa/wiki
522 Error Code For the Win https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/ Short PGP Keys Abused in the Wild https://news.ycombinator.com/item?id=12296974 HTTP "FalseConnect" Vulnerability http://www.kb.cert.org/vuls/id/905344