• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 60 – Oracle CPU

April 19, 2013 By Corey Nachreiner

Router Hacks, WordPress Attack, and Huge Oracle Update

During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.

In this week’s InfoSec news summary, I cover Oracle’s quarterly Critical Patch Update (CPU), a research project that uncovered vulnerabilities in consumer routers, a WordPress password cracking botnet, and how scammers are exploiting this week’s tragedies in their spam campaigns. Watch the video below for the highlights and some defensive tips.

As an aside, I will be traveling next week so I may not post the weekly video at its normal time.

(Episode Runtime: 7:38)

Direct YouTube Link: http://www.youtube.com/watch?v=Mvikhwg12k8

Episode References:

  • WordPress password cracking campaign – Softpedia
  • One of Microsoft’s April patches broken – CRN
  • Oracle Critical Patch Update April 2013
    • Oracle April 2013 CPU alert – Oracle
    • Oracle April 2013 Java SE update – Oracle
    • Apple Java update associated with Oracle CPU – Apple
    • Article on Oracle CPU for April – ZDNet
  • Research on exploiting SOHO routers – Security Evaluators
  • Spammers exploit news of Boston Bombing – Information Week
  • Spammers exploit news of accidental fertilizer plant explosion – Naked Security blog

Extras:

  • House passes the latest version of CISPA – InfoWorld
  • “Badnews” android botnet found on Google Play – TechWorld
  • Reddit suffers DDoS attack – Express
  • Syrian Electronic Army hacks NPR – Huffington Post
  • Password security hits primetime (on Ellen Degeneres Show) – Softpedia
  • New “magic code” trojan – Seculert
  • US and China create cyber security working group – IT News
  • LulzSec hacker gets a year in prison – The Inquirer

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: botnet, CISPA, Hacked, Hacking, Infosec news, Malware, Oracle, Oracle CPU, password cracking, router hacks, Software vulnerabilities, spam, Spammers, Texas explosion, Updates and patches, Wordpress

Comments

  1. Kushnarev Alexander (Rainbow Security) says

    April 24, 2013 at 7:55 pm

    Deep analyze of “Exploiting SOHO Routers” and, especially, understanding of related content from exploit-db.com and sekurak.pl sites allowed me to draw following conclusion:
    Most methods of rooting described SOHO routers are more simple, than you can expect.
    – No need to use BackTrack or BackBox;
    – All you need – just freeware tftp/ftp client and notebook with OS;
    – Do not need to worry about common “hard script modifying”, “calculating address space”, “add some NOOPs” etc. Just need to know the correct file names in router’s OS;
    – There is NO shellcode in a couple if exploits, just “ready to use” http URL to send to router, set of “ready to use” http commands, set of “ready to use” Linux commands.
    Amazing how things work…

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use