The news of the week is discussed, including the ShadowBrokers’ farewell, GoDaddy’s buggy domain validation issue, MongoDB ransoms, and the latest with St. Jude Medical.
An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.
Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network.
Researchers at Endgame are expected at Black Hat to introduce Hardware Assisted Control Flow Integrity (HA-CFI), which leverages features in the micro-architecture of Intel processors for security.
Kaspersky Lab researchers participated in a Reddit AMA, touching on topics such as attack attribution, critical infrastructure security, attacker and researcher tradecraft, and the shortage of security talent.
Pen-tester Chris Nickerson will, in his Source Boston keynote, explain simple defensive approaches that can thwart the best red-teamers and advanced attackers alike.
The search for an ideal state of security should be a constant pursuit. Continuous vulnerability assessments are therefore a highly recommended practice.
The post Why continuous vulnerability assessments are necessary appeared first on We Live Security.
Citing vendor pressure, a researcher pulled a talk at HITB GSEC Singapore on the security of IP-enabled surveillance cameras.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.