Infosec Weekly Round-up September 23 – 30, 2012

Data breach at IEEE.org: 100k plaintext passwords

“Due to several undoubtedly grave mistakes, the ieee.org account username and plaintext password of around 100,000 IEEE members were publicly available on the IEEE FTP server for at least one month. Furthermore, all the actions these users performed on the ieee.org website were also available. Separately, spectrum.ieee.org visitor activity is also publicly available. “

http://ieeelog.com/

Russian DIY DDOS bot appears in the wild

“Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem.”

http://blog.webroot.com/2012/09/28/new-russian-diy-ddos-bot-spotted-in-the-wild/

JPMorgan Chase Bank Servers “Hacked,” Tiffany Employee Details Exposed

“Computer servers owned by JPMorgan Chase Bank have been breached. The financial institution alerted high-end jewelry company Tiffany & Co because the affected machines contained the personal details of some employees.”

http://news.softpedia.com/news/JPMorgan-Chase-Bank-Server-Hacked-Tiffany-Employee-Details-Exposed-294557.shtml

Critical security issue affecting Java SE 5/6/7

“We’ve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The impact of this issue is critical – we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7.”

http://seclists.org/fulldisclosure/2012/Sep/170

Spain’s National Police Site Down as Anonymous Joins Anti-Government Protests

“Spain’s citizens are protesting these days against the government’s austerity plans. Anonymous hackers joined the protests, their first target being the official website of the country’s National Police (policia.es).”

http://news.softpedia.com/news/Spain-s-National-Police-Site-Down-as-Anonymous-Joins-Anti-Government-Protests-294850.shtml

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share