# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • Beware of Security by Press Release Thu, 10 Aug 2017 15:40:30 +0000
    On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it "Security by press release." It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor's product; members of the trade press uncritically republish the claims without adding much clarity or waiting for responses from the affected vendor; blindsided vendor responds in a blog post showing how the issue is considerably less dire than originally claimed.At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response -- a suite of security tools sold by competitor Carbon Black (formerly Bit9) -- was leaking potentially sensitive and proprietary data from customers who use its product.
  • Alleged vDOS Operators Arrested, Charged Wed, 09 Aug 2017 15:43:24 +0000
    Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges.
  • Critical Security Fixes from Adobe, Microsoft Tue, 08 Aug 2017 20:35:17 +0000
    Adobe has released updates to fix at least 67 vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it's time once again to get your patches on.More than two dozen of the vulnerabilities fixed in today's Windows patch bundle address "critical" flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. According to Microsoft, none of flaws in August's Patch Tuesday are being actively exploited in the wild, although Bleeping Computer notes that three of the bugs were publicly detailed before today's patch release.

# Bruce Schneier's blog

# WIRED Threat Level

# exploit-db.com

# Securiteam