Weekly Cyber Security News

For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

General

Lots of issues with Flash as a result of the Hacker Team dump. This raises the question of should we end Flash?

• Adobe fixes Flash Player zero-day vulnerabilities, bugs in other products (SC Magazine)
• Adobe working to patch two critical zero-day vulnerabilities in Flash Player (SC Magazine)
• All versions of Firefox are blocking Flash by default. No-one cries (Reddit) –
• It’s time to kill Flash, says Facebook’s new security chief (ZDNet)
• Facebook CSO Calls for End to Flash (June 13, 2015) (SANS Newsbites)
• No, seriously: Its time for Adobe Flash to die (Yahoo Security) –
• One more Flash 0day from HackingTeam. Works against 18.0.0.203 (Reddit) –
• Two new Flash exploits surface from Hacking Team, combine with Java 0-day (ArsTechnica) –

 

Of course can’t avoid something about them specifically:

• Hacking Team orchestrated brazen BGP hack to hijack IPs it didnt own (ArsTechnica) –
• Hacking Team Says Not All Code was Compromised (July 13, 2015) (SANS Newsbites) –
• Hacking Team touts new spyware suite, calls leaks now obsolete (ArsTechnica) –
• Italian cyber-security firm suspects foreign government was behind mass attack (Yahoo Security) –

In other news, its not all about Hacker Team:

• Apple Pay launches in Britain as hold-out Barclays signs up (Yahoo Security) –

• BACKRONYM, Other Vulnerabilities Patched in PHP (SecurityWeek) –

• Daybreak Games Hit By Lizard Squad After CEO Threatens Hacker, Surprising Absolutely Nobody (Forbes) –

• Dozens Nabbed in Takedown of Cybercrime Forum Darkode (WIRED) –

• Epic Games forums compromised, passwords to be reset (SC Magazine) –

• Google Uses Artificial Neural Network to Detect Sneaky Spam (SecurityWeek) –

• Hacking Forum Darkode Dismantled in Multi-Nation Operation

• Inside A Vicious DDoS Attack (Dark Reading) –

• Java Zero-Day Used in Attacks on NATO Member, US Defense Organization (SecurityWeek) –

• Malwarebytes goes Mac with new adware removal tool (ZDNet) –

• Microsoft Patches Hacking Team Zero-Days, Other Vulnerabilities (SecurityWeek) –

• Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support (SC Magazine) –

• Multiple Evernote (ActiveX) vulnerabilities (Reddit) –

• Oracle Patches Java Zero-Day, 192 Other Security Bugs (SecurityWeek) –

• Oracle’s critical security update: 193 problems fixed in latest patch (ZDNet) –

• PHP 5.x Security Updates, (Sun, Jul 12th)

• Recovered USB stick contains Barclays data, customers offered compensation (SC Magazine) –

• Researchers To Offer Free BGP Security Alert Tool Via Twitter (Dark Reading) –

• Symantec split necessary for focus, changing market dynamics (ZDNet) –

• Tesla Model S Digital Weaknesses To Be Exposed By Hackers Next Month (Forbes) –

• United Airlines showers air miles on bug bounty researchers (ZDNet) –

• Vietnamese man sentenced to 13 years for scheme that affected 200M (SC Magazine) –

• Walmart Canada’s Online Photocentre down after potential breach (SC Magazine) –

• Popular Android games on Google Play observed stealing Facebook credentials (SC Magazine) –