A test hack, don’t let Ghostscript haunt you, and a helpful hacker

Weekly Security Mashup - August 28, 2018

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.

DevOps Connect:DevSecOps @ RSAC 2022

Not a real hack, but maybe a test hack, don’t let Ghostscript haunt you, and a helpful hacker. Watch this week’s episode below:

Why the DNC thought a phishing test was a real attack 

via Louise Matsakis, WIRED: It would hardly be news that the Democratic National Committee (DNC) was the target of an attempted cyber attack this past week. After all, the DNC got hacked in 2016 during the presidential campaign. That’s how a trove of thousands of emails ended up in the hands of WikiLeaks. And for a couple of days last week, it looked like there had been a similar effort by “a foreign adversary” to penetrate the party, this time with a fake log-in page—but this time it was discovered and thwarted. Watch this trending election insecurity segment here:

Critical flaws in Ghostscript could leave many systems at risk of hacking

via Mohit Kumar, The Hacker News: Ghostscript, an open source interpreter for Adobe Systems’ PostScript and PDF page description languages, is a popular software package. Ghostscript offers a -dSAFER sandbox option to protect against unsafe operations by untrusted documents. But last week, Google’s Project Zero found that Ghostscript contains multiple -dSAFER bypass vulnerabilities that could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Watch this trending security segment here:

Legacy system exposes contact info of Black Hat 2018 attendees

via Ionut Ilascu, BleepingComputer: Black Hat, the security conference that draws more than 20,000 to Las Vegas annually, is a paradise for hackers. Companies warn employees who are attending to leave their personal computers and mobile devices at home. The heads of information security of the host hotels advise employees not to connect to Wi-Fi. So it’s a bit ironic that one attendee, a researcher and pen tester who goes by the handle NinjaStyle, discovered that the full contact info of everybody attending was available—in plaintext—through their conference badges. Watch it here:

Stay up-to-date on the latest security news.

Subscribe to the blog today!

*** This is a Security Bloggers Network syndicated blog from Software Integrity authored by Taylor Armerding. Read the original post at: