Down the Security Rabbithole Podcast (DtSR) DtSR Episode 193 - NewsCast for May 10th, 2016
May 10, 2016
57:27
Send the hosts a message - try it now!
In this episode..
ImageTragick - major flaw in open source image processing toolkit
- ImageTragick is CVE-2016-3714
- Logo & Website: https://imagetragick.com
- Has a logo, so it must be yuge
- Is this really that big of a deal? How many are impacted potentially?
- https://blog.sucuri.net/2016/05/imagemagick-remote-command-execution-vulnerability.html
- Remote code execution, with minor caveats - likely darn near everywhere
Detroit company loses $495k to wire fraud
- Source was a faked email to make a wire transfer
- Why didn’t someone verify this?!
- http://www.detroitnews.com/story/news/local/oakland-county/2016/05/03/troy-investment-company-hacked/83879240/
- Will insurance pay out?
- Is the policy change too little too late? How can other companies learn from this?
The Ransomware Epidemic (Optiv blog)
- Is there an epidemic at play here?
- Why the switch to ransoming people’s data
- Is this a viable business model for cyber criminals?
- https://www.optiv.com/blog/ransomware-part-1-is-this-an-epidemic
Undetectable flaw in Qualcomm-powered Android phones is a huge deal
- Input sanitization flaw (again?!)
- At risk is 34% users running Android 4.3 and earlier
- Text messages and call histories accessible in plain text
- An "undetectable" software flaw in Qualcomm Snapdragon-powered Android smartphones could lay bare users' text messages and call histories to hackers
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast