Reader 0Day, Zombie Broadcast, and Bit9 Breach
Due to a busy work week, I was unable to create a fully produced InfoSec news summary video this week. I did post a very brief video (which you can find below), mostly to warn our YouTube subscribers about the missing episode. It contains very minimal detail about this week’s top security stories.
However, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bullet-list, which quickly summarizes many of this week’s most interesting Infosec news. See you next week.
- Zero day Adobe Reader vulnerability - A security company, FireEye, discovered attackers exploiting a previously unknown vulnerability in Adobe Reader to install malware. Adobe hasn’t had time to fix it yet, but recommends you use “Protected View” mode to mitigate the issue. We’ll post more details when they patch.
- President Obama signs cyber security executive order - As many expected, President Obama signed a cyber security executive order this week that allows government organizations to share security intelligence with some private organizations and asks critical infrastructure providers to up their security.
- Bit9 breached and digital certificates stolen - A security company, Bit9, confirmed they were breached this week, and that attackers had stolen their digital certificates and used them to sign malware. Their excuse for the breach? They didn’t use their own product enough.
- Hacked emergency broadcast system warns of zombie attack - Folks in some Montana counties were surprise when their television emergency broadcast system warned of a zombie attack. Unsurprisingly, it turns out the system was hacked.
- More Ruby on Rail vulnerabilities - Researchers have found more vulnerabilities, like SQL injections, in Ruby on Rails. If you are a web developer who uses this package, go patch.
- Microsoft’s February Patch Day- As always, Microsoft released a bunch of security updates this week. They fixed flaws in Windows, Exchange, Internet Explorer, and a few lesser known products. I released details about the updates here, so hopefully you’ve already patched.
- Adobe Flash and Shockwave updates – Adobe also released important Shockwave and Flash Player updates during Microsoft’s Patch Day. I talked about those earlier, too. Make sure to patch!
- The dangers of losing your master password - A well-known security researcher, Jeremiah Grossman, shares a great anecdote on how very strong security practices can come back and bite you due to user error.
Direct YouTube Link: http://www.youtube.com/watch?v=wQP_5bXgHbg (Runtime: 2:08)
- Company offers high-end social network spying solutions - Computer Weekly
- VMWare update fixed elevations of privilege vulnerability - The Register
- Congress re-introducing the CISPA legislation – CNET
- Jawbone MyLife service breached, account data stolen - CNET
- Flash 0day exploited to spread “legitimate” government malware - PC World
- iOS lockscreen vulnerabilities discovered - ZDNet