Over a million developers have joined DZone.

This Week in Security - Week 4, 2016

Here are the latest security happenings for the week, including Facebook vulnerability, Lenovo SHAREit, HSBC service attacks, and more fun security news!

· Performance Zone

Download Forrester’s “Vendor Landscape, Application Performance Management” report that examines the evolving role of APM as a key driver of customer satisfaction and business success, brought to you in partnership with BMC.


A UK-based security consultant disclosed details this week of a vulnerability he was paid 7,500 USD for discovering in July 2015 which was fixed within 6 hours afterwards. It involved the uploading of a payload embedded in an image file that could grant access to a user's Facebook account.

Read more about it here


Lenovo fixes hard coded password in its SHAREit software, not sure which is more frightening, the fact it was hard coded or the incredibly low complexity of the password “12345678”.

Read more about it here


HSBC suffered another distributed denial of service attack this week. The bank stated that it was successfully defended but if users were affected then service was successfully denied. The statement leaves me a little perplexed.

Read more about the HSBC attack here


PayPal patches remote code execution vulnerability caused by Java deserialization flaw. It was discovered in December and fixed soon afterwards.

Read more about this on the register

Open SSL

OpenSSL have released a fix to a high severity bug that allowed hackers to obtain the key used to secure communications over HTTPS.

Read the OpenSSL advisory here


Mozilla has released Firefox 44 which fixes 11 security vulnerabilities predominantly related to memory access.

Read more about the release here

See Forrester’s Report, “Vendor Landscape, Application Performance Management” to identify the right vendor to help IT deliver better service at a lower cost, brought to you in partnership with BMC.

facebook,lenovo,openssl,firefox,ddos,password strength

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}