Ebay Data Breach, IE8 0Day, and Alleged Chinese Hackers
With all the information security (InfoSec) news coming out each week, it’s hard to believe anyone can keep up with it; let alone an already busy IT professional with other things on his plate. If that sounds like you, rather than worrying about finding the most important security news you can let my weekly summary video fill you in.
Today’s episode covers the 145M record Ebay breach, and new zero day Internet Explorer (IE) 8 vulnerability released early by the supposedly good guys, and the Department of Justice’s official charges against five alleged Chinese government hackers. Check out the video below for the details, and peruse the Reference section for links to other InfoSec stories.
If you’re in the USA, enjoy your extended holiday weekend. See you next time…
(Episode Runtime: 8:00)
Direct YouTube Link: https://www.youtube.com/watch?v=Ib7nI1H13P8
Episode References:
- Ebay user data stolen in a network breach – Forbes
- ZDI Discloses IE8 0day since MS takes too long to patch – ZDI
- Microsoft’s EMET tool – Microsoft
- US charges Chinese PLA members with hacking
- US Accuses Chinese Military of Hacking… Hypocrisy? – The Register
- Another view on the subject – TechCrunch
- Meet the alleged Chinese PLA hackers – Telegraph
- The actual DoJ release – Justice.gov
Extras:
- DHS warns of a successful SCADA attack to a US Public Utility – ICS Cert
- FBI cracks down on Blackshades (used for webcam peeping) trojan users – Malwaretech
- Apple release security update for Safari – Apple
- Remode code execution flaw fixed in MSN, Oragne, and Yahoo – CyberDefense Magazine
- Sweet Orange exploit kit distributing from GoDaddy subdomains in Russia – Dynamoo Blog
- Watch out for a somewhat sophisticated Google Drive phishing campaign – Help Net Security
- Hackers rumored to have defeated “Find my iPhone” – Intego
- Red Bull’s Racing website hacked and defaced – CyberWar Zone
- Miniduke (APT) still duking it out – WeLiveSecurity
- Filipino Anonymous hacktivists deface many Chinese sites – The Hacker News
- FBI wants to hire hackers, but too many smoke pot – WSJ
- Global botnet infecting POS systems – Computer World
- Pentagon announces “Hacker proof” drone (bad omen… nothing is hacker proof) – Naked Security
— Corey Nachreiner, CISSP (@SecAdept)
Gotta love 0Day vulns!
The ebay hack again shows how no online entity is invulnerable to hacks. As long as human beings are involved, there’s a vulnerability!