Posted by Taylor Armerding on Tuesday, August 28th, 2018
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
Not a real hack, but maybe a test hack, don’t let Ghostscript haunt you, and a helpful hacker. Watch this week’s episode below:
via Louise Matsakis, WIRED: It would hardly be news that the Democratic National Committee (DNC) was the target of an attempted cyber attack this past week. After all, the DNC got hacked in 2016 during the presidential campaign. That’s how a trove of thousands of emails ended up in the hands of WikiLeaks. And for a couple of days last week, it looked like there had been a similar effort by “a foreign adversary” to penetrate the party, this time with a fake log-in page—but this time it was discovered and thwarted. Watch this trending election insecurity segment here:
via Mohit Kumar, The Hacker News: Ghostscript, an open source interpreter for Adobe Systems’ PostScript and PDF page description languages, is a popular software package. Ghostscript offers a -dSAFER sandbox option to protect against unsafe operations by untrusted documents. But last week, Google’s Project Zero found that Ghostscript contains multiple -dSAFER bypass vulnerabilities that could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Watch this trending security segment here:
via Ionut Ilascu, BleepingComputer: Black Hat, the security conference that draws more than 20,000 to Las Vegas annually, is a paradise for hackers. Companies warn employees who are attending to leave their personal computers and mobile devices at home. The heads of information security of the host hotels advise employees not to connect to Wi-Fi. So it’s a bit ironic that one attendee, a researcher and pen tester who goes by the handle NinjaStyle, discovered that the full contact info of everybody attending was available—in plaintext—through their conference badges. Watch it here:
Get the latest AppSec news and trends sent directly to you.