Router Hacks, WordPress Attack, and Huge Oracle Update
During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.
In this week’s InfoSec news summary, I cover Oracle’s quarterly Critical Patch Update (CPU), a research project that uncovered vulnerabilities in consumer routers, a WordPress password cracking botnet, and how scammers are exploiting this week’s tragedies in their spam campaigns. Watch the video below for the highlights and some defensive tips.
As an aside, I will be traveling next week so I may not post the weekly video at its normal time.
(Episode Runtime: 7:38)
Direct YouTube Link: http://www.youtube.com/watch?v=Mvikhwg12k8
Episode References:
- WordPress password cracking campaign – Softpedia
- One of Microsoft’s April patches broken – CRN
- Oracle Critical Patch Update April 2013
- Oracle April 2013 CPU alert – Oracle
- Oracle April 2013 Java SE update – Oracle
- Apple Java update associated with Oracle CPU – Apple
- Article on Oracle CPU for April – ZDNet
- Research on exploiting SOHO routers – Security Evaluators
- Spammers exploit news of Boston Bombing – Information Week
- Spammers exploit news of accidental fertilizer plant explosion – Naked Security blog
Extras:
- House passes the latest version of CISPA – InfoWorld
- “Badnews” android botnet found on Google Play – TechWorld
- Reddit suffers DDoS attack – Express
- Syrian Electronic Army hacks NPR – Huffington Post
- Password security hits primetime (on Ellen Degeneres Show) – Softpedia
- New “magic code” trojan – Seculert
- US and China create cyber security working group – IT News
- LulzSec hacker gets a year in prison – The Inquirer