Oracle Patches, Project Zero, and Password Problems
Another week, another big batch of InfoSec news. If your IT job is already overwhelming you with tasks, leaving you no time to keep up with computer and network security, “I’ve got ya bro.” Check out our weekly security news summary for all the important action.
Today’s episode covers Oracle’s quarterly Critical Patch Update (CPU), a neat security project from Google, and a bevy of password security related news and issues. It’s all in the video, so give it a play. Also, don’t forget the Reference section below for other interesting news.
Enjoy your summer weekend, and stay safe!
(Episode Runtime: 8:59)
Direct YouTube Link: https://www.youtube.com/watch?v=yOtbuwhqZVo
Episode References:
- Oracle’s July Critical Patch Update – Oracle
- Oracle’s statement on EOLing Java on XP – ZDNet
- Google launches Project Zero to protect the Internet – The Guardian
- Password Stories
Extras:
- Latest Zeus variant uses DGA to generate C&Cs – Slashdot
- Tinba botnet source code leaked on a Russian underground forum – Security Affairs
- Glenn Beck’s website was serving malicious ads – Invincea
- Researchers show you can still extract photos from factory reset phones – BBC
- Russian hacker pwns CNET and gains database access – NewsFactor
- vBulletins suffers from SQLi vulnerability – Softpedia
- Searching for superheroes might get you infected – Help Net Security
- HP researcher hacks PoS machines for fun and profit – HP
- Usenix researchers show how to attack the Internet with SmartTVs – Network World
- Ebay’s breach affected second quarter earnings – Forbes
- Amazon’s cloud used often by attackers – The Register
- Some Cisco home networking products suffer vulnerabilities – Network World
- Chinese researchers claim to have hacked the Tesla Model S – CNET
- More details on alleged Russian NASDAQ hack from 2010 – Bloomberg
— Corey Nachreiner, CISSP (@SecAdept)
Alexander Kushnarev says
Regarding “Pass-the-hash”. It’s quite interesting method, and I’ve found the detailed technical paper about it from Microsoft (“Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft”). Would like to share it:
http://www.microsoft.com/en-us/download/details.aspx?id=36036