Patch Day, P.F. Changs Hack, and TweetDeck XSS
This week delivered a lot of infosec news and a ton of software security updates. If you didn’t have time to follow it all, check out our weekly computer security video to fill in the blanks.
During today’s episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. restaurant chain, and talk about the cross-site scripting worm spreading via TweetDeck. Click play below to learn more, and check out the References for other interesting infosec stories.
Before wishing you a great weekend, here are a couple of quick show notes. First, I’m starting a vacation during the middle of next week, so I won’t be publishing this weekly video for the next two weeks. It will return in July.
Second, if you are a WatchGuard customer curious about our OpenSSL updates, we are in the process of posting new versions of software for many of our products. Keep your eye on this blog, as those will likely start coming out early next week.
(Episode Runtime: 7:37)
Direct YouTube Link: https://www.youtube.com/watch?v=hbGqdrxvOyA
Episode References:
- Adobe & Microsoft Patch Day
- Microsoft’s June Summary – WGSC
- Huge IE Update– WGSC
- Consolidated Windows Bulletin for June– WGSC
- Microsoft fixes Word Flaw – WGSC
- Adobe patches Flash – WGSC
- Mozilla fixes seven flaws in Firefox 30 vulnerabilities – Threatpost
- TweetDeck suffers from new XSS flaw – Wired
- P.F. Changs suffers a credit card breach – Krebs on Security
- UPDATE: P.F. Changs confirms their network breach – Krebs on Security
Extras:
- Feedly and Evernote suffer from DDoS attack extortion – Slate
- New Pandemiya trojan (botnet) sold on underground for around 2K – RSA Blog
- Russian iOS ransomers arrested (related to last week’s iOS ransom) – The Guardian
- Mobiles phones used to hack air-gapped networks with acoustic and electromagnetic emanations – SoftPedia
- Great Motherboard video on hacking mobile phones – Motherboard
- President Bush’s email hacker sent to prison for four years – IBTimes
- ICS-CERT warns of pranksters hacking traffic road signs – CBR Online
- Cryptolocker like ransomware hit’s Android devices (Android/Simplelocker) – Ars Technica
- Aether vulnerability may allow attackers to hijack SmartTVs – Yossi Oren’s Blog
- Anonymous threatens #OpHackingCup hacktivist campaign against World Cup sponsers – The Register
- Latest report claims annual loss of $445M due to cyber crime – Mcafee
- Two teens (14) use operator’s manual and default password to hack ATM – Ars Technica
- Phishme warns of a Dropbox phishing scheme – Phishme
- Yet another iOS lockscreen bypass flaw (yawn) – BGR
- Play Google’s game to test your XSS skills – Appspot.com
- Use F-Secure’s “one click” test to find Zeus on your computer – F-Secure
- Hackers use bad passwords too – Technology Tell
- New video game, Watch Dogs, already used as hacking scapegoat – Techdirt
- Spam campaign preying on the public’s fear of CryptoLocker – Betanews
- Older Android banking trojan (Svpeng) adds ransomware – Securelist blog
- TED talk on Hacker’s being the “immune system” of the Internet – TED
— Corey Nachreiner, CISSP (@SecAdept)
Obvously i never been affected by tweet deck security issue but i do not like credit card breaches