We’ve seen some interesting things over this past week, but most of them appear to revolve around the Red October cyber espionage campaign, the death of Aaron Swartz and the subsequent OpAngel launched by Anonymous, and Java vulnerabilities.
The security firm has published a detailed analysis of the operation, which still appears to be active. In order to perform a thorough investigation, Kaspersky has set up a number of fake victims around the world.
Oracle has released Java 7 Update 11 to make sure that users are protected against cyberattacks leveraging the recently uncovered Java exploit. However, our friends from Security Explorations revealed that the zero-day was only possible because Oracle didn’t properly address a security hole which they reported in August 2012.
In the meantime, Security Explorations has uncovered a couple of new vulnerabilities that affect Java 7 Update 11. A zero-day affecting the latest version of Java 7 was also being sold on underground hacker forums for $5,000 (3,750 EUR).
The suicide of Reddit co-founder Aaron Swartz has also made headlines over the past week. Shortly after the news of his death came to light, Anonymous defaced a couple of MIT subdomains in memory of Swartz.
Once this goal was accomplished, the second phase was initiated. The hacktivists are determined to get the US government to make some serious changes in legislation.
Some government websites have also been hacked over this past week, including the ones of Mexico’s Ministry of Defense, Thailand’s Ministry of Culture, Sri Lanka National Security Media Center, the Army of Chile, and the Peruvian Army.
Here are some other stories worth reading, in case you’ve missed them: