Critical crypto flaw in Facebook’s WhatsApp for Android exposes chats
Tread carefully when allowing apps access to features on your phone like access to the SD card.
The Android version of WhatsApp, the cross-platform instant messaging app purchased by Facebook for $16 billion, has a loophole that leaves chat histories wide open to other apps installed on the same smartphone, a security consultant says.
162,000 WordPress instances abused for DDoS attack
Security researchers have uncovered a recent distributed denial-of-service (DDoS) attack that used at least 162,000 WordPress-powered websites to knock another site offline.Source
If you use wordpress, it must be updated as soon as updates are released. Standard security practices should be followed including:
- Using logins other than the admin account and disabling or reducing privileges of that account.
- If possible changing the default wp- prefix to a different prefix for virtual directories.
- Installing logging plugins to monitor logins.
- Keeping plugins up to date.
- If possible, putting a web application firewall in front of the WordPress installation.
Security updates available for Adobe Flash Player
Today’s release does not include critical updates, but Adobe should be updated as soon as updates are released. Adobe is often the target of phishing attacks.
Release date: March 11, 2014
Vulnerability identifier: APSB14-08
CVE number: CVE-2014-0503, CVE-2014-0504
Platform: All Platforms
290k+ users possibly affected in North Dakota University breach
The affected server contained the name, Social Security number, and other student information for 291,465 current and former students including some Fall 2014 applicants, as well as the SS number and employee ID number for 784 faculty and staff members.
Apparently, the compromised dates back to October 2013.
Again, as another breach has been reported we find out that it has been ongoing for a significant amount of time. Logging alone is no longer a viable option for discovering and preventing attacks. SIEM solutions that can analyze and interpret logs and correlate them from many systems are necessary in today’s data driven, fast paced environments.