This Week in Cybersecurity News
Java Patch Plugs 19 Security Holes by Brian Krebs, Krebs on Security
Oracle released its quarterly patch update for Java which included fixes for at least nineteen security vulnerabilities. Oracle also announced that it has started using the auto-upgrade function to migrate Java 7 users to Java 8.
Over 870K Personal Records Leaked Following Australian Insurer Breach by Marcos Colon, SC Magazine
Information from a data breach that impacted Aussie Travel Cover, an Australian travel insurance company was leaked online. The data stolen contains 870,000 personal records including names, addresses and partial credit card numbers.
Hack on PS and Xbox Attackers Leaks DDoS Customers’ Plaintext Passwords by Dan Goodin, Ars Technica
The customer database of Lizard Squad maintained as part of their DDoS-for-hire service has been breached, compromising the registered names, and plain text passwords of over 14,241 users. The compromised data shows that customers deposited $11,000 in bitcoins to pay for DDoS attacks on thousands of Internet addresses.
Exploit Kit Targeting Zero-day Vulnerability in Flash Player by Steve Ragan, CSO
The Angler Exploit Kit has started targeting a new vulnerability in Adobe Flash Player. The malicious payload isn’t being used by all Angler instances but at least one instance is targeting version 220.127.116.117, the current release. The new payload appears to focus on Internet Explorer.
'123456' & 'Password' Are the 2 Most Common Passwords, Again by Sara Peters, Dark Reading
“123456” and “password” retain the top spot in SplashData’s annual worst password list for the fourth year in a row. The list is created by compiling sets of credentials leaked online. This year’s study looked at more than 3.3 million leaked passwords. The top twenty-five passwords represented 2.2% of exposed passwords.