WatchGuard Security Week in Review: Text Version

As you probably noticed, I did not post a WatchGuard Security Week in Review episode this week. An extremely busy travel schedule, and a day off to run a long distance race with the WatchGuard team, made it impossible for me to record and produce my weekly video. But don’t worry… The weekly security recap video will return next week with a special episode.

I am attending the Blackhat Vegas security conference next week. Blackhat Vegas and Defcon (which falls on the same week) are two of the biggest security conferences of the year. Security researchers often disclose major breaking research and vulnerabilities during these exciting shows. You can look forward to an “on the road” edition of my weekly video next Friday, and it’ll likely include some big stories from Blackhat.

In the meantime, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bulleted-list, which quickly summarizes many of this week’s most interesting security stories. See you next week.

• Oracle Quarterly Patch Day, July 2012 – On Tuesday, Oracle posted their quarterly patch update for July. They fixed 87 security vulnerabilities in many of their popular products. If you use Oracle software, you should check their CPU advisory and apply the necessary updates.
• Rumored Android botnet may just be Yahoo MitM attack – Last week’s video, warned you about a potential new botnet might affect Android devices. Microsoft and others noticed spam coming from Android devices via Yahoo, and thought an android botnet may be involved. It turns out these emails may be the result of a Man-in-the-Middle (MitM) attack on Yahoo email from public hotspots.
• Android 4.1 Harder to Hack – Various researchers have pointed out that Google’s upcoming Android Jellybean update (4.1) will make Android devices harder to hack. This new version implements some OS memory protection features like Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to make memory corruption flaws, such as buffer overflows, harder to exploit.
• Anonymous is targeting Oil Companies in the Arctic – Anonymous has pointed their guns at oil companies drilling in the Arctic, such as Exxon and Shell. So far they have stolen a bunch of email account credentials.
• Possible Dropbox breach – Many Dropbox users have complained about spam to their Dropbox accounts, which has the company investigating for a potential network breach. Little else is known yet, but I’ll update you if they find anything relevant.
• Facebook photo tag spam – Attackers are spamming out a new malware campaign on Facebook. It arrives as a message saying someone has tagged a photo of you on Facebook. If you interact with it, it tries to install malware on your computer. Be wary of any unusual Facebook photo tagging messages.
• DHS warns of ICS vulnerabilities – The US Department of Homeland Security has warned of vulnerabilities in a popular Industrial Control System (ICS) application called Niagara. If you work at an organization that uses this software, you need to implement the recommended workarounds (see this article).
• Grum botnet partially disabled – Researchers and authorities have shutdown two of the Command and Control (C&C) servers used by a huge botnet called Grum. The botnet still has two other C&C servers to fallback on, but hasn’t so far. This takedown has significantly lessened email spam, however, botherders often just rebuild their zombie networks. So I wouldn’t expect the spam decrease to last for long.
• ITWallStreet.com data breach – Attackers claimed to have gained access to 50,000 user records from the IT Wall Street web site. If you use this site, you should changed your password, and monitor your accounts for identity fraud.

— Corey Nachreiner, CISSP (@SecAdept)

Share This: