• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Weak Passwords are Good? – WSWiR Episode 113

July 18, 2014 By Corey Nachreiner

Oracle Patches, Project Zero, and Password Problems

Another week, another big batch of InfoSec news. If your IT job is already overwhelming you with tasks, leaving you no time to keep up with computer and network security, “I’ve got ya bro.” Check out our weekly security news summary for all the important action.

Today’s episode covers Oracle’s quarterly Critical Patch Update (CPU), a neat security project from Google, and a bevy of password security related news and issues. It’s all in the video, so give it a play. Also, don’t forget the Reference section below for other interesting news.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 8:59)

Direct YouTube Link: https://www.youtube.com/watch?v=yOtbuwhqZVo

Episode References:

  • Oracle’s July Critical Patch Update – Oracle
  • Oracle’s statement on EOLing Java on XP – ZDNet
  • Google launches Project Zero to protect the Internet – The Guardian
  • Password Stories
    • UC Berkeley finds vulnerabilities in five password managers – Tech Spot
    • Another twist on the “pash the hash” issue – Aorato
    • Microsoft research shows it’s good to use weak passwords (sometimes) – Microsoft

Extras:

  • Latest Zeus variant uses DGA to generate C&Cs – Slashdot
  • Tinba botnet source code leaked on a Russian underground forum – Security Affairs
  • Glenn Beck’s website was serving malicious ads – Invincea
  • Researchers show you can still extract photos from factory reset phones – BBC
  • Russian hacker pwns CNET and gains database access – NewsFactor
  • vBulletins suffers from SQLi vulnerability – Softpedia
  • Searching for superheroes might get you infected – Help Net Security
  • HP researcher hacks PoS machines for fun and profit – HP
  • Usenix researchers show how to attack the Internet with SmartTVs – Network World
  • Ebay’s breach affected second quarter earnings – Forbes
  • Amazon’s cloud used often by attackers – The Register
  • Some Cisco home networking products suffer vulnerabilities – Network World
  • Chinese researchers claim to have hacked the Tesla Model S – CNET
  • More details on alleged Russian NASDAQ hack from 2010 – Bloomberg

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Hacking, Infosec news, Kerberos, lastpass, Microsoft, MySQL, Oracle, Oracle Middleware, pass the hash, password managers, passwords, Software vulnerabilities, Updates and patches, weak passwords

Comments

  1. Alexander Kushnarev says

    July 23, 2014 at 2:31 am

    Regarding “Pass-the-hash”. It’s quite interesting method, and I’ve found the detailed technical paper about it from Microsoft (“Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft”). Would like to share it:
    http://www.microsoft.com/en-us/download/details.aspx?id=36036

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use