Weekly Cyber Security News

For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

Android took a big hit the past week so watch out.

• Android Users: This Simple Fix Will Help Keep You Safe From The Stagefright Exploit (Forbes)
• Android’s Fatal Flaw Exposed In Stagefright Security Shambles (Forbes)
• 950 million Android phones can be hijacked by malicious text messages (ArsTechnica)
• 950 million Android users at risk as researcher uncovers massive security flaw (Yahoo Security)
• Android Vulnerability Allows Attackers to Crash Smartphones
• Critical Android bugs can be exploited via MMS, 950M users affected (SC Magazine)
• Critical Stagefright Vulnerabilities Expose 950 Million Android Devices
• Majority of Android devices vulnerable to denial-of-service bug (SC Magazine)
• Most Android phones at risk from simple text hack, researcher says (CNET)
• Most Android phones can be hacked with one text (CNET)
• New flaw can render most Android phones unresponsive and useless (ZDNet)
• New vulnerability can put Android phones into permanent vegetative state (ArsTechnica)
• Russian Zero Day Hunter Has Android Stagefright Bugs Primed For One-Text Hacks (Forbes)
• Serious Android Flaw: Devices At Risk (InfoRiskToday)
• Stagefright Android Bug: ‘Heartbleed for Mobile’ But Harder To Patch (Dark Reading)
• Stagefright Vulnerability in Android Phones (Schneier blog)
• Stagefright: It Only Takes One Text To Hack 950 Million Android Phones (Forbes)
• Stagefright: Just how scary is it for Android users? (ZDNet)
• Trend Micro Discovers Vulnerability That Renders Android Devices Silent (Reddit)
• Warning: Crazy new Android security flaw can render your phone completely lifeless (Yahoo Security)

Breaches in some interesting places too:

• Steam flaw fixed, Valve resetting passwords (SC Magazine)
• Steam hit by major security breach; many accounts compromised (Reddit)
• Valve patches security hole that enabled takeovers of Steam accounts (ArsTechnica)
• Vulnerability Allowed Hackers to Hijack Steam Accounts (SecurityWeek)
• PagerDuty Breached (Reddit)

Car hacks appear all the rage coming up to DEFCON:

• This Gadget Hacks GM Cars to Locate, Unlock, and Start Them (WIRED)
• U.S. auto safety regulator to fine Fiat Chrysler $105 million: report (Yahoo Security)
• Fiat Chrysler to recall more than 1.6 million vehicles in US (Yahoo Security)
• Fiat Chrysler could spend billions to buy back unrepaired trucks (Yahoo Security)
• Not a breach (yet), lets hope there they look closely before release. Get an early look at VW’s new Android Auto, Apple CarPlay ready dashboard (CNET)
• Researchers find vulnerability in Skoda vehicles (SC Magazine)

 

Other news

• Vulnerability Warning: Hackers Can Haunt Homes Hitting Horrible Honeywell Security Holes (Forbes)
• 50% Of Your Emails Are Tracked And Trackbuster Want To Stop It (Forbes)
• Windows 10’s Wi-Fi Sense is not a security risk. Here’s why (ZDNet)
• Windows 10 Shares Your Wi-Fi With Contacts
• One in every 600 websites has .git exposed (Reddit) –
• Noscript XSS filter bypass (Reddit) –
• Nokia’s purchase of Alcatel-Lucent gets the green light in Europe (CNET) –
• Many High-Profile Firms Using Vulnerable PHP File Manager: Researcher (SecurityWeek) –
• How the way you type can shatter anonymityeven on Tor (ArsTechnica) –
• Google Is Giving Customers Control Of Cloud Encryption Keys (Forbes) –
• Google Drive influences new phishing campaign (SC Magazine) –
• Drones and Spyware: The Bizarre Tale of a Brutal Kidnapping (WIRED) –
• Brinks Super-Secure Smart Safes: Not So Secure (WIRED) –
• Brinks safe hacked with USB stick and 100 lines of code (Yahoo Security) –