Lost+Found: From fake phishing to a Fortinet facepalm
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Fake phishing, textbook SQL injections, security 101 for app developers, reverse engineering malware, a Fortinet faceplam, a pentester edition of Firefox and further news on the QNAP vulnerabilities.
- US media firm Atlantic Media caught its staff red-faced and red-handed in a phishing test – 58 per cent clicked on a link to verify their Google Apps accounts included in a fake phishing email. A sad reality.
- As we are talking about sad realities, a wide range of GitHub projects provide textbook examples of how to construct an SQL injection vulnerability.
- FX has struck again and (in conjunction with Greg from phenolit) has notified Cisco of a whole series of security problems in its cloud products, in particular the Cisco Nexus 1000V.
- The iMAS libraries are aimed at helping iOS app developers avoid major security pitfalls. They include data encryption and password protection functions.
- If you want to report a security vulnerability in Chrome to Google, don't follow the example of the Fortinet security team and post your entire complete browser profile, including stored passwords.
- QBurst PenQ adds a preconfigured edition of Firefox, which includes all major penetration testing extensions, to security Linux distributions such as Kali.
- There are now two OpenVAS modules for checking the security vulnerabilities in Qnap's NAS and NVR systems, one for CVE-2013-0143 and one for CVE-2013-0142 & CVE-2013-014.