This week in Security – Week 4 2016

Facebook

A UK based security consultant disclosed details this week of a vulnerability he was paid 7,500 USD for discovering in July 2015 which was fixed within 6 hours afterwards. It involved the uploading of a payload embedded in an image file that could grant access to a users Facebook account.

Read more about it here

Lenovo

Lenovo fixes hard coded password in its SHAREit software, not sure which is more frightening, the fact it was hard coded or the incredibly low complexity of the password “12345678”.

Read more about it here

HSBC

HSBC suffered another distributed denial of service attack this week. The bank stated that it was successfully defended but if users were affected then service was successfully denied. The statement leaves me a little perplexed.

Read more about the HSBC attack here

PayPal

PayPal patches remote code execution vulnerability caused by Java deserialization flaw. It was discovered in December and fixed soon afterwards.

Read more about this on the register

Open SSL

OpenSSL have release a fix to a high severity bug that allowed hackers to obtain the key used to secure communications over HTTPS.

Read the OpenSSL advisory here

Mozilla

Mozilla has released Firefox 44 which fixes 11 security vulnerabilities predominantly related to memory access.

Read more about the release here

Be the first to comment on "This week in Security – Week 4 2016"

Leave a Reply

%d bloggers like this: