More news than usual today.
There is a new WebLogic RCE. I'll be adding it to Nikto this week.
https://github.com/brianwrf/CVE-2018-2628
Android is adding DNS over TLS. As a user I am happy about this. As a tester, @#$%&#$%@^.
https://security.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html
There are 100 devs for every appsec specialist. We have out work cut out for us.
https://www.infosecurity-magazine.com/news/developers-outnumber-security-pros/
The thermometer in a fishtank was the pivot point for hackers to pwn a casino. Noice.
http://www.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4?r=UK&IR=T
Holy crap I forgot about this one. The RSA custom Android application had the API keys stored in the source code, so someone downloaded the attendee list.
https://twitter.com/svblxyz/status/987044025122336774
Verizon last week, Microsoft this week. Annual security report.
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/15/microsoft-security-intelligence-report-volume-23-is-now-available/
Finally, a teen found some documents on a web server, downloaded them, and now is going to jail. Stay safe out there kids!
http://www.cbc.ca/news/canada/nova-scotia/freedom-of-information-request-privacy-breach-teen-speaks-out-1.4621970
And that's the news.