• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

TweetDeck XSS – WSWiR Episode 111

June 13, 2014 By Corey Nachreiner

Patch Day, P.F. Changs Hack, and TweetDeck XSS

This week delivered a lot of infosec news and a ton of software security updates. If you didn’t have time to follow it all, check out our weekly computer security video to fill in the blanks.

During today’s episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. restaurant chain, and talk about the cross-site scripting worm spreading via TweetDeck. Click play below to learn more, and check out the References for other interesting infosec stories.

Before wishing you a great weekend, here are a couple of quick show notes. First, I’m starting a vacation during the middle of next week, so I won’t be publishing this weekly video for the next two weeks. It will return in July.

Second, if you are a WatchGuard customer curious about our OpenSSL updates, we are in the process of posting new versions of software for many of our products. Keep your eye on this blog, as those will likely start coming out early next week.

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=hbGqdrxvOyA

Episode References:

  • Adobe & Microsoft Patch Day
    • Microsoft’s June Summary – WGSC
    • Huge IE Update– WGSC
    • Consolidated Windows Bulletin for June– WGSC
    • Microsoft fixes Word Flaw – WGSC
    • Adobe patches Flash – WGSC
    • Mozilla fixes seven flaws in Firefox 30 vulnerabilities – Threatpost
  • TweetDeck suffers from new XSS flaw – Wired
  • P.F. Changs suffers a credit card breach – Krebs on Security
    • UPDATE: P.F. Changs confirms their network breach – Krebs on Security

Extras:

  • Feedly and Evernote suffer from DDoS attack extortion – Slate
  • New Pandemiya trojan (botnet) sold on underground for around 2K – RSA Blog
  • Russian iOS ransomers arrested (related to last week’s iOS ransom) – The Guardian
  • Mobiles phones used to hack air-gapped networks with acoustic and electromagnetic emanations – SoftPedia
  • Great Motherboard video on hacking mobile phones – Motherboard
  • President Bush’s email hacker sent to prison for four years – IBTimes
  • ICS-CERT warns of pranksters hacking traffic road signs – CBR Online
  • Cryptolocker like ransomware hit’s Android devices (Android/Simplelocker) – Ars Technica
  • Aether vulnerability may allow attackers to hijack SmartTVs – Yossi Oren’s Blog
  • Anonymous threatens #OpHackingCup hacktivist campaign against World Cup sponsers – The Register
  • Latest report claims annual loss of $445M due to cyber crime – Mcafee
  • Two teens (14) use operator’s manual and default password to hack ATM – Ars Technica
  • Phishme warns of a Dropbox phishing scheme – Phishme
  • Yet another iOS lockscreen bypass flaw (yawn) – BGR
  • Play Google’s game to test your XSS skills – Appspot.com
  • Use F-Secure’s “one click” test to find Zeus on your computer – F-Secure
  • Hackers use bad passwords too – Technology Tell
  • New video game, Watch Dogs, already used as hacking scapegoat – Techdirt
  • Spam campaign preying on the public’s fear of CryptoLocker – Betanews
  • Older Android banking trojan (Svpeng) adds ransomware – Securelist blog
  • TED talk on Hacker’s being the “immune system” of the Internet – TED

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Brian Krebs, Cross-site Scripting (Ranked Item), firefox, Hacking, Infosec news, Internet Explorer, Krebs on Security, Lync, Microsoft, mozilla, P.F. Changs, Security breach, Software vulnerabilities, Tweekdeck, Twitter, Updates and patches, word, xss

Comments

  1. William Armstrong says

    June 27, 2014 at 7:27 pm

    Obvously i never been affected by tweet deck security issue but i do not like credit card breaches

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use