Sat.Dec 01, 2018

What the Marriott Breach Says About Security

Krebs on Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties.

MITRE evaluates Enterprise security products using the ATT&CK Framework

Security Affairs

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors.

Weekly Update 115

Troy Hunt

I'm pushing this out a day late so firstly, apologies for the break in what's otherwise a pretty steady cadence. But having said that, as I say at the start of this video I've really been struggling with work / life balance lately.

IoT 67

ETERNALSILENCE – 270K+ devices vulnerable to UPnProxy Botnet build using NSA hacking tools

Security Affairs

Over 270,000 connected devices run vulnerable implementations of UPnP, threat actors are attempting to recruit them in a multi-purpose botnet. In April, Akamai reported that threat actors compromised 65,000 home routers by exploiting vulnerabilities in Universal Plug’N’Play (UPnP) , experts tracked the botnet as UPnProxy. Now the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Tools 82

A Dunkin' Donuts Hack, a Fake FedEx Site, and More Security News This Week

WIRED Threat Level

Scam centers, exposed massage company data, and more of the week's top security news. Security

Data 61

Hanzo goes to New Orleans to participate in the FBI Criminal Justice Information Services Process

Hanzo Learning Center

Hanzo is pleased to be attending the FBI's Criminal Justice Information Services (CJIS) Advisory Policy Board Meeting in New Orleans December 5th and 6th.