Security Brief: Security Improvements, Bug Bounties and Interesting Hacks

The main events of the week between June 17 and June 23

By on June 23rd, 2013 04:31 GMT

In case you haven’t been online much over the past week, here’s a quick summary of the most important information security news.

Last week, we learned that PayPal made some changes to its bug bounty program. This week, Barracuda Networks provided us with the changes they’ve made to their own bug bounty, and Microsoft announced the launch of three bug bounty programs.

We’ve reached out to several security experts to find out what they think about Microsoft’s bug bounty. Experts applaud Microsoft’s decision, but most of them hope the Redmond giant will include web vulnerabilities as well in its bug bounty program.

When it comes to addressing vulnerabilities, several major companies rolled out updates this week to fix some more or less critical security holes.

Oracle addressed 40 Java vulnerabilities with the June 2013 Java SE critical patch update. The company noted that 27 of the flaws could be remotely exploited without authentication, but experts still say that Oracle might be trying to downplay the importance of some of the bugs.

JustSystems is also advising Ichitaro customers to update their installations since cybercriminals are using a vulnerability in the Japanese word processor in targeted attacks.

WordPress has released a maintenance and security update for WordPress 3.5 to address 7 vulnerabilities and 5 bugs.

Google has addressed a Flash plugin clickjacking vulnerability in Chrome that could have been leveraged by cybercriminals to hijack their target’s webcam and microphone.

As far as Anonymous is concerned, the hacktivist movement has been busy over the past week. Many hackers have become involved in the anti-government protests in Brazil.

Other hacktivists have launched OpPetrol, a campaign aimed at governments and oil companies. Just before the operation was initiated, on June 20, Symantec and Trend Micro issued advisories to help organizations protect themselves against cyberattacks.

However, so far, the damage caused by OpPetrol seems to be limited. In addition, the data leaked by the hacktivists is suspicious.

The list of organizations that suffered distributed denial-of-service (DDOS) attacks this week includes DNS provider Zerigo, Networks Solutions, domain name registrar Moniker, and car manufacturer Toyota. 

It’s worth noting that the attack on Network Solutions caused problems for several companies, including LinkedIn.

Another noteworthy hack is the one in which the Uganda domains of Sony, PayPal, Yahoo and other high-profile firms were defaced. The Uganda domain registry has provided Softpedia with an explanation for the incident.

The hacker Guccifer also made a couple of headlines this week. After hacking into the email and Facebook accounts of Neile Miller, acting administrator for the National Nuclear Security Administration (NNSA), he leaked what he claimed to be the complete “Journolist” archives.

Here are some other interesting stories, in case you’ve missed them:

Highly amusing video from John McAfee: How to uninstall McAfee antivirus from your computer

Anonymous once again threatens North Korea – video

President Obama says China is hacking Apple in an attempt to steal product designs

Criminals relied on hackers to monitor their drug shipments. The gang was disrupted by police in Belgium and the Netherlands

GlobalSign offers free SSL certificates for open source projects

Bill inspired by Aaron Swartz’s suicide introduced to Senate

Federal authorities have seized over 1,700 websites involved in counterfeiting and pirating

TrainACE publishes exam study guide for certified ethical hackers

FBI admits using drones for surveillance in the US

Twitter diet spam now abuses legitimate hijacked accounts

Manchester City football club accuses rival club of hacking into its player scouting database

Carberp source code sold on Russian forum for $50,000 (€37,000)

Comments