Infosec Weekly Round-up September 23 – 30, 2012

Data breach at 100k plaintext passwords

“Due to several undoubtedly grave mistakes, the account username and plaintext password of around 100,000 IEEE members were publicly available on the IEEE FTP server for at least one month. Furthermore, all the actions these users performed on the website were also available. Separately, visitor activity is also publicly available. “

Russian DIY DDOS bot appears in the wild

“Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem.”

JPMorgan Chase Bank Servers “Hacked,” Tiffany Employee Details Exposed

“Computer servers owned by JPMorgan Chase Bank have been breached. The financial institution alerted high-end jewelry company Tiffany & Co because the affected machines contained the personal details of some employees.”

Critical security issue affecting Java SE 5/6/7

“We’ve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The impact of this issue is critical – we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7.”

Spain’s National Police Site Down as Anonymous Joins Anti-Government Protests

“Spain’s citizens are protesting these days against the government’s austerity plans. Anonymous hackers joined the protests, their first target being the official website of the country’s National Police (”

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.