Hijacked vBulletins, Harvested Email, and Router Backdoors
Do you remember the days where we might learn about one, maybe two, big Infosec stories a month? Well those days are long gone. Nowadays, it seems like more network and information security stories break each week than one person could follow. So why not let me do it for you in my weekly Infosec news summary.
This week, the episode covers a number of important software security patches (including one for WatchGuard customers), an unpatched vulnerability that resulted in 31,000 hijacked web sites, the NSA’s email harvesting campaign, and a backdoor in a popular consumer-brand router. Watch the video below to learn the details, and how to protect your network… and if you’re looking for extra credit, check the Reference section for a bunch of additional security stories.
Have a great weekend, and stay safe online.
(Episode Runtime: 7:41)
Direct YouTube Link: http://www.youtube.com/watch?v=ellxQ5xmt8E
Episode References:
- Software Updates
- Oracle’s October CPU – WGSC
- Critical Chrome Update – Threatpost
- WatchGuard releases XTM 11.8 and WatchGuard Dimension – WGSC
- WatchGuard XTM buffer overflow and XSS – WGSC
- Botherders exploit vBulletin flaw to hijack 35000 sites – Krebs on Security
- vBulletin developer describes serious vulnerability – vBulletin Forum
- NSA harvests private citizen’s email addresses – Washington Post
- Backdoor in D-Link consumer routers – ComputerWorld
Extras:
- Greenwald, the Snowden journalist, leaves The Guardian – The Guardian
- Lavabit gets new keys, allowing customers to get email – Ars Technica
- Researchers can fingerprint smartphones based on their sensors – Information Week
- Advanced attackers spear-phish Mandiant CEO with limo receipts – Softpedia
- Researchers find 25 ICS and SCADA vulnerabilities – Threatpost
- iMessage is not unbreakable – Macworld
- DDoS attacks continue to grow – Techworld
- Snowden did not share sensitive documents with China or Russia – New York Times