Adobe Patches Critiical Flash Vulnerability https://helpx.adobe.com/security/products/flash-player/apsb16-18.html Teamviewer Users May be Compromised by Trojaned Client http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/ Siemens ICS Equipment Transmits Credentials Over the Network https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02 GitHub Resets User Accounts Compromissed In 3rd Party Incident https://github.com/blog/2190-github-security-update-reused-password-attack HTTP Header Injection in Python urllib http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
Group Policy Issues After Applying MS16-072 (KB3159398) https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP Apple Will Reject Apps Using HTTP https://developer.apple.com/videos/play/wwdc2016/706/ Rising AntiVirus Includes Malware (article only in german) http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html SAP Patch https://erpscan.com/press-center/blog/sap-security-notes-june-2016/ Breached RDP Servers For Rent https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
Microsoft Updates https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14 Adobe Updates (Incl. active exploitation of Flash Vuln.) https://helpx.adobe.com/security.html
Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched http://blog.talosintel.com/2016/06/pdfium.html Google Continues to Remove SSLv3 Support http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html Vibration Sensor Can Be Used As Microphone http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf Keypass Fixes Vulnerable Update Procedure http://keepass.info/help/kb/sec_issues.html#updsig
CryptXXX Switches From Angler to Neutrino EK https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/ Android Flah Keyboard Uses Excessive Permissions https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf Firefox 47 Released https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47 D-Link Camera Vulnerable To Remote Exploit http://blog.senr.io/blog/home-secure-home BITS used to make malware more persistent https://www.secureworks.com/blog/malware-lingers-with-bits
Various Internet Sites Flag Password Reuse http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/ Facebook Chat Vulnerability Patched https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/ DNS Cookies: Making DNS More Security https://www.rfc-editor.org/rfc/rfc7873.txt
LinkedIn Data Used to Personalize Malicious E-Mail https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw Android Patches https://source.android.com/security/bulletin/2016-06-01.html Mitsubishi Outlander Wifi Hack https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/ Using NTP to Calibrate Time Stamps in PCAP https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/ BING Adds Malware Warning https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
A Recent MySQL Honeypot Compromise https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/ Team Viewer Improves Security http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/ Black Shades Ransomware http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/ NTP Update http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
KeePass Insecure Update https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/ Possible TeamViewer Breach http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/ Windows 10 Exploit Offered For Sale https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0 Intrusion Detection in Depth Minneapolis (July 18-23rd) https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
Increase in Telnet Scans https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/ Bloatware Introducing Security Flaws in Laptops https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters Exploit Released for Unpatchable SCADA Controller https://www.exploit-db.com/exploits/37154/ Fail2Ban Adding IPv6 Support https://www.slightfuture.com/security/fail2ban-ipv6 Critical LG Phone Security Flaws http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
Hardcoded Password in Medical Software https://www.kb.cert.org/vuls/id/482135 Google Chorme Update http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates PA DSS Update https://www.pcisecuritystandards.org/document_library JetPack WordPress Plugin XSS vulnerabilties https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/ Tor Browser Fingerprinting Site https://tor.triop.se Anti-Pastejacking Browser Plugin https://github.com/rocketshipapps/hardenedpaste
Analysis of a Distributed Denial of Service Attack https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/ Bluecoat CA http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/ Google Requires Symantec CAs to Comply With Certificate Transparency https://cabforum.org/pipermail/public/2016-May/007573.html
Keeping an Eye on Tor Traffic https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/ Next Generation Tor Passed First Test https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services DDoS Prives Drop https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html Older Microsoft Office Vulnerabilities Still Used by "APT" Actors https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
DNS Covert Channel Used in Targeted Attacks http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/ Genius Web Annotation Serivce Is Removing Security Headers http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability Canary Tokens For Windows Binaries http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html Cisco Patches IPv6 ND DoS Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
Verisign/US-Cert Warn of The Use of Local TLDs for WPAD http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf Proposal To Use TLS for DNS https://www.rfc-editor.org/rfc/rfc7858.txt Azure Blacklists Common Password https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/ Google Attempts to Eliminate Passwords http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
Detailed Technical Report Released About Targeted Attack Against RUAG https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/ New Variation of PastJacking Exploit Affecting vim https://github.com/dxa4481/Pastejacking Xen qemu Patch Released to Limit Log File Size http://xenbits.xen.org/xsa/advisory-180.html