Android Stagefright vulnerability

ClickSSL Weekly Infosec Snipper August 3, 2015

This entry is part 65 of 155 in the series Weekly Infosec Snipper

Android’s Stagefright vulnerability caused serious Security Threat

Seven “Stagefright” vulnerabilities have spread havoc among Android users as the vulnerability sends an MMS, which extracts exploits on Android devices. The seven vulnerabilities named CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, and CVE-2015-3829. The vulnerability mainly affected “stagefright” component that handles media playback. The vulnerability allows attackers to perform remote code execution.

Facebook is going to roll out Security Checkup Tool

To keep users’ account safe, Facebook will launch a security checkup tool. Within a few weeks, Facebook is going to enable this tool and the users will find it on top of the news feed at the time of login. Users can surf a tour once they click on the Get started button. Users can see the number of devices connected to the Facebook and users can disable them, which are not in use for a while. Users can set an alert if some person tries to log into a Facebook account.

The US Census Bureau revealed about the Data Breach

John Thompson – a director at The US Census Bureau revealed about the data breach in which attackers got access of the database belong to the Federal Audit Clearinghouse. The database contains details of individuals who report to the US Census Bureau, phone numbers, email addresses, organization address, and other non-confidential data. Anonymous hackers have breached the institutions to protest the TTIP agreements (Transatlantic Trade and Investment Partnership) and TTP (Trans-Pacific Partnership).

Cheap SSL

The United Airline suffered from hacking

The United Airline was hacked and it is believed that a Chinese APT group behind this data breach. The data breach has affected high profile personnel of the US office, the united airlines, and the anthem (health insurer). The United Airlines revealed about the data breach in the end of May or in near the beginning of June. The investigator suspects that, Chinese APT is in search of the information of millions of Americans for further attacks. If Chinese APT were behind this breach, it would make disaster as they have already data of federal personnel office, therefore they can monitor movements of personnel who are working in defense and intelligence.

PHP File Manager was affected with Several Vulnerabilities

The PHP file manager was affected with several vulnerabilities that could be exploited. A security consultant Sijmen Ruwhof has discovered these vulnerabilities. However, this security consultant tried to contact the owner of PHP file manager, but failed so he decided to make these vulnerabilities public. Along with the PHP file manager, the companies like Eneco, Nintendo, Danone, Nestle, Loreal, EON, Siemens, Vattenfall, Oracle, Oxford, Hilton, T-mobile, CBS, UPC, and 3M have been also exposed.

The NSA will cease Massive Metadata Surveillance

The NSA is going to lose control on metadata, collected during its investigation. The court has passed the order and deemed this surveillance as illegal. The whole process will take 6 months of time in destroying millions of data. Earlier, the NSA has authority under section 215 of the Patriot Act to collect huge numbers of metadata of US citizens. The NSA claimed that the authority has only collected phone call metadata, but has not accessed their conversations. The law strictly ordered the NSA to end massive surveillance and decided that the NSA is not authorized under the Patriot Act.

Series Navigation<< ClickSSL Weekly Infosec Snipper July 27, 2015ClickSSL Weekly Infosec Snipper August 10, 2015 >>