Security Alerts & News
by Tymoteusz A. Góral

#1666 10 gadgets every white hat hacker needs in their toolkit
Sometimes, during security audits, we may encounter a situation where everything is being managed correctly. In other words security patches, policies, network segmentation, antivirus, and user awareness, to name just a few measures, are being applied properly. That’s when, in order to continue the analysis from the perspective of a security researcher or consultant, social engineering and a number of other tools, some of which we will look at in this post, start to play more importance, being perhaps the only ones that can allow an attacker to penetrate the target system.

The tools in question are mainly pieces of hardware designed for security research or projects. So here’s a list of the 10 tools every white hat hacker needs.
#1665 NSS Labs tests leading web browsers for secure end user experience
Socially engineered malware (SEM) remains one of the most common security threats facing Internet users today, claiming as much as one third of Internet users as victims. These attacks pose a significant risk to individuals and organizations by threatening to compromise, damage, or acquire sensitive personal and corporate information. Europeans and Americans have increasingly found themselves targets of ransomware over the last 12 months.

Phishing attacks pose a significant risk to individuals and organizations alike, by threatening to compromise or acquire sensitive personal and corporate information. In 2016, over 145,000 unique email phishing campaigns were reported each month, and 125,000 unique phishing websites were detected each month— the highest ever recorded. Phishing attacks are becoming more complex and sophisticated, making these attacks harder to detect and difficult to prevent.
#1664 LastPass brings free password management to all your devices
LastPass now allows users to set up password vaults across multiple devices and browsers for free.

On November 2, the password management company said that starting today, LastPass has upgraded the firm's free solution to include synchronization to multiple devices.

While users have always been able to use certain features for free -- such as password generation, secure notes, automatic saving, and password filling on one device -- this information can now be spread across any internet-connected device, which was once a premium-only feature.
#1663 Critical MySQL vulnerabilities can lead to server compromise
Critical vulnerabilities in MySQL and vendor deployments by database servers MariaDB and PerconaDB have been identified that can lead to arbitrary code execution, root privilege escalation and server compromise.

Dawid Golunski of Legal Hackers published details around two proof-of-concept exploits for the vulnerabilities on Tuesday.

Both vulnerabilities affect MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier, along with MySQL database forks such as Percona Server and MariaDB.

The first vulnerability, a privilege escalation/race condition bug (CVE-2016-6663) is the more severe of the two. It can allow a local system user that has access to a database to escalate their privileges and execute arbitrary code as the database system user, Golunski said in an advisory. From there, an attacker could successfully access all of the databases on the affected database server.
#1662 Three ways hackers can invade your home (VIDEO)
Even your kettle could give them a way in, as cyber security expert Ken Munro explains as the chancellor announces plans to improve cybersecurity.
#1661 Another internet outage takes down services in US and UK
Parts of the internet went down across the U.S. and in the U.K. Wednesday morning as service provider Level 3 Communications reported an outage.

Level 3, which provides internet and voice services to businesses, said the company did not yet know the cause of the outage, which temporarily disrupted or slowed service to some customers.

By early afternoon, the company said the network was "operating under normal conditions."

"We continue to monitor for any residual issues stemming from this morning's incident," Nikki Wheeler, senior director of media relations, wrote in an email.

Some users complained on Twitter and Reddit about continued service interruptions into Wednesday afternoon.

As of Wednesday evening, Wheeler said they'd found the issue, which they believed to be "a configuration error."
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12