An Interview with Alex Heid about the Upcoming HackMiami Security Conference on May 15 – 17, 2015
An Interview with Alex Heid about the Upcoming HackMiami Security Conference
[ca_audio url_mp3=”/Podcast/AlexHeid_HackMiami.mp3″ url_ogg=”OGGURL” css_class=”codeart-google-mp3-player” autoplay=”false” This is a collection of some of the best segments of The SecurityOrb Show in 2013, you can list to the full interviews on the SecurityOrb.com Website.download=”false” html5=”false”]
The HackMiami 2015 Hackers Conference will take place May 15 – 17, 2015 in Miami Beach, FL and featured presentations Team Cymru and HackMiami CEO Alexander Heid.
Hackers and information security professionals all around the globe will descend upon South Florida for the 3rd annual HackMiami Security Conference taking place May 15 – 17, 2015, at the Miami Beach Holiday Inn Oceanfront Hotel.
HackMiami Conference 2015 is notorious for gathering the brightest minds in the information security industry and the digital underground, together, under one roof. The HMC 2015 line-up will showcase the hottest penetration testing tools, techniques, and methodologies, which are at the forefront of the global digital threatscape.
Our first conference, in May of 2013, was covered by Rolling Stone Magazine in the publication titled, “The Geeks on the Front Lines”. This article covered the various educational training seminars, legal counsel, bleeding-edge research, and even employment opportunities, which HackMiami proudly facilitates every year!
IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials
IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials
Original release date: April 21, 2015
The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking collectives may exploit publicly available information identifying officers or officials, their employers, and their families. These target groups should protect their online presence and exposure.
Users are encouraged to review the IC3 Alert for details and refer to US-CERT Tip ST06-003 for information on staying safe on social network sites.
Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex
Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex
Original release date: April 15, 2015
Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack.
Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06(link is external), APSB15-07(link is external), and APSB15-08 (link is external)and apply the necessary updates.
WordPress Releases Security Update
WordPress Releases Security Update
WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability.
US-CERT recommends users and administrators review the WordPress Security Release and apply the necessary updates.
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.
We also fixed three other security issues:
- In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
- In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
- Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.
We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.
We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 4.1.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.
Thanks to everyone who contributed to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, and Mike Adams.
A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue. Thank you to all of the plugin authors who worked closely with our security team to ensure a coordinated response.
Already testing WordPress 4.2? The third release candidate is now available (zip) and it contains these fixes. For more on 4.2, see the RC 1 announcement post.
Apple Releases Security Updates for Safari Browser
Original release date: March 18, 2015
Original release date: March 18, 2015
Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system.
Updates include:
• Safari 8.0.4 for OS X Mountain Lion v10.8.5
• Safari 7.1.4 for OS X Mavericks v10.9.5
• Safari 6.2.4 for OS X Yosemite v10.10.2
US-CERT encourages users and administrators to review Apple security update HT204560 and apply the necessary updates.
Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system.
Updates include:
- Safari 8.0.4 for OS X Mountain Lion v10.8.5
- Safari 7.1.4 for OS X Mavericks v10.9.5
- Safari 6.2.4 for OS X Yosemite v10.10.2
US-CERT encourages users and administrators to review Apple security update HT204560 and apply the necessary updates.
