This Week in Cybersecurity News
Highly critical “Ghost” allowing code execution affects most Linux systems by Dan Goodin, Ars Technica
A newly vulnerability in Linux’s GNU C Library (glibc) being called “Ghost” gives attackers the ability to execute malicious code on servers used to deliver email, host webpages and carry out other vital functions. A patch was issued two years ago but most Linux versions used in production systems remained unprotected.
Yet another Emergency Flash Player Patch by Brian Krebs, Krebs on Security
Adobe has issued another emergency update to fix a critical security flaw that is being actively exploited in its Flash Player software. As of January 27, updates are available for Flash Player on Windows and Mac OS X. Adobe is working with its distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.
Malaysia Airlines Attacked, Big Data Dump Threatened by John Ribeiro, IDG News Service
The Malaysia Airlines website was attacked and the company issued a statement saying its DNS was compromised and users were being redirected to fake website on January 26. Malaysia Airlines said its servers were intact and user data was secure. Lizard Squad, one of the groups claiming responsibility claimed it would release data “soon.”
Phishing scam tricks users by acting as fake child sex offender alert by Ashly Carman, SC Magazine
A recently identified phishing email is designed to prey on parents’ fear of their child’s safety. The malicious email’s subject line reads “Alert: There is a child predator living near you!” The email contains a link that brings the victim to a legitimate website while simultaneously infecting the victims’ device with malware.
The end for 1024-bit SSL certificates is near, Mozilla kills a few more by Lucian Constantin, IDG News Service
Mozilla products, including its FireFox browser will soon stop trusting an unknown number of SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. This move is part of Mozilla’s effort to force certificate authorities and their customers to stop using 1024-bit certificates which are cryptographically unsafe because of advances in computing power.