In case you haven’t been online much over the past week, here’s a quick summary of the most important information security news.
Last week, we learned that PayPal made some changes to its bug bounty program. This week, Barracuda Networks provided us with the changes they’ve made to their own bug bounty, and Microsoft announced the launch of three bug bounty programs.
We’ve reached out to several security experts to find out what they think about Microsoft’s bug bounty. Experts applaud Microsoft’s decision, but most of them hope the Redmond giant will include web vulnerabilities as well in its bug bounty program.
When it comes to addressing vulnerabilities, several major companies rolled out updates this week to fix some more or less critical security holes.
Oracle addressed 40 Java vulnerabilities with the June 2013 Java SE critical patch update. The company noted that 27 of the flaws could be remotely exploited without authentication, but experts still say that Oracle might be trying to downplay the importance of some of the bugs.
JustSystems is also advising Ichitaro customers to update their installations since cybercriminals are using a vulnerability in the Japanese word processor in targeted attacks.
WordPress has released a maintenance and security update for WordPress 3.5 to address 7 vulnerabilities and 5 bugs.
Google has addressed a Flash plugin clickjacking vulnerability in Chrome that could have been leveraged by cybercriminals to hijack their target’s webcam and microphone.
Other hacktivists have launched OpPetrol, a campaign aimed at governments and oil companies. Just before the operation was initiated, on June 20, Symantec and Trend Micro issued advisories to help organizations protect themselves against cyberattacks.
However, so far, the damage caused by OpPetrol seems to be limited. In addition, the data leaked by the hacktivists is suspicious.
The list of organizations that suffered distributed denial-of-service (DDOS) attacks this week includes DNS provider Zerigo, Networks Solutions, domain name registrar Moniker, and car manufacturer Toyota.
It’s worth noting that the attack on Network Solutions caused problems for several companies, including LinkedIn.
Another noteworthy hack is the one in which the Uganda domains of Sony, PayPal, Yahoo and other high-profile firms were defaced. The Uganda domain registry has provided Softpedia with an explanation for the incident.
The hacker Guccifer also made a couple of headlines this week. After hacking into the email and Facebook accounts of Neile Miller, acting administrator for the National Nuclear Security Administration (NNSA), he leaked what he claimed to be the complete “Journolist” archives.
Here are some other interesting stories, in case you’ve missed them: