A take on the security news, week 51

A take on the security news, week 51

Tue 16 December 2014

A take on the security news, week 51 / 2014. I summarize some of the news that I considered noteworthy related to information security this week.

Docker security update, FreeBSD buffer overflow vulnerability, 10.000+ Wordpress sites infected,

and more to come...

  • Monday

Docker 1.3.3 security advisory

Three CVE's are addressed in this update. Its recommended to upgrade to get the security patches. Upgrade to Docker engine 1.3.3 for security patches or 1.4.0 for security patches and over 180 new features.

https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

FreeBSD buffer overflow vulnerability

A buffer overflow vulnerability was privately disclosed to the FreeBSD team by Norse. The error is in stdio's __sflush() function and can in worst case lead to code executed with the privligies of the abused process.

Remedies are available from the links below.

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

http://blog.norsecorp.com/2014/12/10/buffer-overflow-vulnerability-in-freebsd-discovered-by-norse/

  • Tuesday

Serbia's national-ID database stolen

Hackers claim to have broken into Serbian State's network and stolen the national ID records of all Serbian citizens. The breach is not confirmed by the Government of Serbia at this time.

http://securityaffairs.co/wordpress/31068/cyber-crime/serbia-hackers-stolen-national-database.html

10.000+ Wordpress sites infected

Google blacklisted over 10.000 different websites due to SoakSoak malware. The malware is loading instructions from a russian site. Sites that are using older versions of the "Slider revolution" plugin is vulnerable. This plugin comes bundled with many themes, and users/admins might not be aware that they even have the plugin installed.

http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-malware/109884

Snort 3.0 alpha

The new version of Snort is a total rewrite, and the ball is now rolling. The team will providing blogposts, whitepapers, webinars, documentation and code that need testing.

If you are interested, get involved and help testing.

http://blog.snort.org/2014/12/introducing-snort-30.html

  • Wednesday
  • Thursday
  • Friday
Tagged as : security