“Pen Test Poster: \”White Board\” – Python – Python Reverse Shell!”

In SEC573: Automating Information Security with Python, we teach defenders to build tools that root out the signs of compromise in your sea of logs and network traffic. We teach forensicators to build tools to find that crucial piece of evidence with no other tools exist. We teach penetration testers how to build a few … Continue reading Pen Test Poster: “White Board" – Python – Python Reverse Shell!

Link: http://pen-testing.sans.org/blog/2017/01/31/pen-test-poster-white-board-python-python-reverse-shell

Shopping for W2s, Tax Data on the Dark Web

The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans. But for those lazy identity thieves who can’t be bothered to phish or steal the needed data, there is now another option: Buying stolen W-2 tax forms from other crooks who have phished the documents wholesale from corporations.

Link: https://krebsonsecurity.com/2017/01/shopping-for-w2s-tax-data-on-the-dark-web/

High – DSA-3777 – libgd2 security update

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of…

Link: http://feeds.security-database.com/~r/Last100Alerts/~3/aiMrL-qXKfk/detail.php

NA – DSA-3778 – ruby-archive-tar-minitar security update

Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker…

Link: http://feeds.security-database.com/~r/Last100Alerts/~3/z76A9iXHfgc/detail.php