AP Twitter Hack, Serial Offenders, and InfoSec UK
This week’s security highlights video comes a bit early due to my travels in London to attend InfoSec UK.
If you’re looking for a quick summary of the week’s top security news, this is the vlog for you. In today’s video, I share a few themes from the biggest security conferences in Europe, news of the AP twitter feed hijack, warnings of a new Java exploit, and information about industry-wide flaws affecting serial port servers. Watch for all the details, and check the Reference section below for other interesting stories from the week.
(Episode Runtime: 7:35)
Direct YouTube Link: http://www.youtube.com/watch?v=pWAMN7j0yyg
Episode References:
- AP Twitter feed hijacked – The Age
- Newly patch Java flaw exploited in the Wild – Ars Technica
- HD Moore uncovers serial port service vulnerabilities – Rapid7 blog
- Moore’s Serial Offenders presentation – Speaker Deck
- InfoSec UK 2013 News
- Security Policy must align with business goals – Tech World
- All businesses at risk of cyber attack – ITPro
- Cyber Intelligence sharing helps security – Computer Weekly
Extras:
- Hacking laws used to convict someone who didn’t hack – The Verge
- FBI legally denied Strickback capability (installing malware to spy on criminal) – Ars Technica
- My article on why Strickback will strick out – Network World
- Major Lulzsec hacker arrested in Australia – ReadWrite
- World of Tanks servers breached – Kotaku
- CISPA dies again in Senate – ZDNet
— Corey Nachreiner, CISSP (@SecAdept)
Kushnarev Alexander (Rainbow Security) says
I have not studied the nature of the attacks on JDK and JRE before, but sequence of links from “Newly patch Java flaw exploited in the Wild” led me to an article, which explained a lot to me about “type confusion” vulnerabilities and their worklogic. It seems, that “type confusion” exploitation became classic type of hacking for Java (sine 2008-2009), just like buffer overflow attacks for different HTTP or SMTP service implementations.
So, if someone is curious about the overview of nature of these type of attacks – “Exploiting Type Confusion Vulnerabilities in Oracle JRE” article is here:
http://schierlm.users.sourceforge.net/TypeConfusion.html