InfoSec Weekly Update #224th Week February 2017AungthurhaheinFollowFeb 24, 2017 · 2 min readNews, Threats and AttacksBeware of this new Chrome "font wasn't found" hack!Today while browsing a (compromised) WordPress site that shall remain unnamed, I came across a very interesting "hack…neosmart.netKrebs on SecurityAmid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a…krebsonsecurity.comJava and Python Contain Security Flaws That Allow Attackers to Bypass FirewallsBoth Java and Python contain similar security flaws that allow an attacker to bypass firewalls by injecting malicious…www.bleepingcomputer.comRussian-Speaking Hacker Sells SQLi for Unauthorized Access to Over 60 Universities and Government…Update: February 16, 2017 at 8:33 PM Recorded Future is committed to responsible disclosure and transparency between…www.recordedfuture.comNew Android Downloader Masquerading as Flash Player Update - ESET DiscoveryESET researchers discovered a dangerous new app targeting Android devices is capable of downloading and executing…www.eset.comWeb of vulnerabilitiesSoftware on smartphones, computers, and commercial equipment is riddled with defects. While tech companies regularly…passcode.csmonitor.comMethods & ToolsSoon, You Will Never Lose Your Boarding Pass Because it Will Be Your FaceAirports around the world are rolling out facial-recognition technology in an attempt to improve security and reduce…www.nextgov.comIntroducing Netflix StethoscopeNetflix is pleased to announce the open source release of Stethoscope, our first project following a User Focused…techblog.netflix.comVulnerability Scanning vs Penetration Testing: Which to ChoosePeople usually confuse vulnerability assessments with the penetration tests. Although these two terms are often used…medium.comWhy blockchain for recruitment might be a future HR trendWorking in HR and recruitment can sometimes feel like playing a game of two truths and a lie -- without knowing who's…searchfinancialapplications.techtarget.comCertified MaliceOne unfortunate (albeit entirely predictable) consequence of making HTTPS certificates "fast, open, automated, and free…textslashplain.comReports and EvaluationsAnnouncing the first SHA1 collisionCryptographic hash functions like SHA-1 are a cryptographer's swiss army knife. You'll find that hashes play a role in…security.googleblog.comNew Zealand High Court clears Kim Dotcom extradition to the USMegaupload website founder Kim Dotcom and three associates were on Monday cleared by a court in New Zealand to be…www.itworld.comCheck Point's 2017 Cyber Security Survey Shows Key Concerns and Opportunities among IT…The theme of the 2017 RSA Conference is 'The Power of Opportunity' inspired by an approach to learning taken by the Zen…blog.checkpoint.com1139 - cloudflare: Cloudflare Reverse Proxies are Dumping Uninitialized Memory - project-zero …(It took every ounce of strength not to call this issue "cloudbleed") Corpus distillation is a procedure we use to…bugs.chromium.orgJust For Fundon’t even know what to say… credit to devhumor.com