Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Last Call for One Day $80 Level 1 Pen Testing Class”, 2) “The Washington Free Beacon Compromised”, and 1) “2013 OWASP Top 10 Released”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
The Washington Free Beacon Compromised: Invincea is at it again … this time pointing out another local news site that was compromised and serving up malware. It should be all cleaned up by now but earlier this week visitors to The Washington Free Beacon might have been infected with either a Java-based exploit kit or redirected to another site serving up Fiesta EK. (continued here)
2013 OWASP Top 10 Released: The Open Web Application Security Project (OWASP) recently released the 2013 version of their listing of the top 10 risks facing web application developers. As expected the list didn’t change much … just some swapping of places and merging of several items. The most significant changes we noticed were the dropping of “Cross-Site Request Forgery (CSRF)” from fifth to eighth and a new “Using Known Vulnerable Components” entry. (continued here)
Last Call for One Day $80 Level 1 Pen Testing Class: This is just a final reminder that Bulb Security will be giving a one day online class covering the basics of pen testing this coming Saturday on June 22nd starting at 11:00 PM EST for only $100. (continued here)
Decrypting iMessages at Rest, Questioning NSA Access to Apple Network Devices, and NSLs: The other day Apple released a privacy transparency statement discussing, among other things, how they can not decrypt iMessage content sent (or Facetime sessions) between two iOS devices. See their full statement below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!