Java 0days, Hacktivist Data Breaches, and Dropbox Improvements
Though I cover four stories in this week’s security recap video, one incident far outweighed all the others this week. If you use Java—and almost everyone does—you’ll want to check out today’s episode.
The video below covers, Dropbox’s two-token authentication update, a Firefox security update, a new hacktivist data breach, and two zero day Java vulnerabilities that attackers have exploited in the wild throughout the week. If you want to protect yourself from the latest drive-by download attacks, watch the video for tips.
For more details on any of the stories in the video, see the references below. In the meantime, surf safe and if you’re in the US, enjoy your holiday weekend.
As an aside, if there are any Radio Free Security (RFS) listeners out there, I recorded August’s episode and will complete final edits today. However, I don’t intend on posting it till never Tuesday, due to the holiday weekend. If you’re looking for RFS, check back next week.
(Episode Runtime: 6:22)
Direct YouTube Link: http://www.youtube.com/watch?v=jTf7_5NA8Rg
Episode References:
- Java Zero Day Flaws
- WGSC alert – WatchGuard Security Center
- Original FireEye post – FireEye Blog
- Deep End Research Analysis – DER Blog
- One of many PoC exploits – Pastie
- Second 0day Java vulnerability discovered – Network World
- Oracle Emergency Java Alert – Oracle
- Only 9/22 AV engines catch it – Heise
- EXTRA: Vulnerabilities found in Oracle’s Patch – Infoworld
- Dropbox adds experimental two-token authentication – Computer World
- Firefox 15 fixes 16 security vulnerabilities – Mozilla
- Hacktivist leak millions of accounts in Project Hellfire – Network World
- Extra Stories
- Middle Eastern gas Co. taken offline by virus – The Register
- Anonymous Hacks Seimens and Fujitsu web sites – Softpedia
- Wirenet trojan targets Linux and OS X users – Tech World
- Middle Eastern gas Co. taken offline by virus – The Register
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply