Top 10 Security News for last week( 21st Jan - 27th Jan)

Top 10 Breaking News for last week

Latest Java Update Broken

"Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure from a Java  security researcher, Adam Gowdiak of Security Explorations in Poland, indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code.



Google Looking Into Hardware to Help Kill the Password

Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time.



Twitter Bug Allowed Apps to Access Direct Messages Without Permission

IOActive researcher Cesar Cerrudo,recently discovered a Twitter bug that allowed third-party applications to access Direct Messages of users who signed in to the apps by using their Twitter account.



Sony Fined £250,000 By ICO for PlayStation Network Data Breach

Sony has been hit with a £250,000 fine by the Information Commissioner's Office (ICO) for a breach of its systems in 2011.The attack left millions of customers' detail exposed, including their addresses, email addresses, dates of birth and account passwords. The ICO said customers' payment card details were also at risk.



Backdoors Root log-ins in a Number of Barracuda Networks Products

A 'super-user' root-access account has been found in a number of Barracuda security and networking products, which may allow hackers to easily access company networks, albeit if their attacks are launched from a specific set of IP addresses.



Android MDK Trojan Found in 11K Apps, Using AES algorithm

Symantec detects this MDK botnet as Android.Backscript. Our detection has caught more than 11,000 malicious apps. The infections appear to be confined to China as the Trojanized apps are mostly found on Chinese third-party markets.



US charges Three over Creating and Distributing Gozi Banking Malware

US authorities have charged three men with creating and distributing the Gozi computer virus, which infected more than a million computers, accessing banking details and stealing millions of dollars.Prosecutors say the Gozi malware has infected over a million computers, among them at least 40,000 in the US - including some belonging to Nasa - causing tens of millions of dollars in losses.



Security Firms Warn Users of Fake Java Updates

It’s really starting to feel like we’re piling on the perennially vulnerable, industry punching bag that is Java. That said, GFI Labs and other security firms are warning their users to be wary of malicious fake Java updaters taking advantage of all the patches Oracle had to ship last week.



SCADA Password Cracker Targets Siemens S7 PLCs

SCADA vulnerabilities are once again making their frightening selves known with the revelation that a new password-cracker is specifically targeting industrial control systems.ICS-CERT  has issued a warning  about an offline brute-force password tool discovered by Russian researchers , which uses a proof-of-concept (PoC) exploit code targeting Siemens S7 programmable logic controllers .



Reporters without Borders’ website misused in wateringhole attack

Web site was booby-trapped to deliver a backdoor to vulnerable computers using the latest Java vulnerabilities. It seems, Reporters Without Borders , a French-based international non-governmental organization that advocates freedom of the press and freedom of information, is the new web site used for the watering hole campaign.


Join the Discussion ...

You need to be a member of Top 10 Security News-weekly to join the discussion!

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service