Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

This Week in Security - Week 4, 2016

DZone's Guide to

This Week in Security - Week 4, 2016

Here are the latest security happenings for the week, including Facebook vulnerability, Lenovo SHAREit, HSBC service attacks, and more fun security news!

· Performance Zone
Free Resource

Facebook

A UK-based security consultant disclosed details this week of a vulnerability he was paid 7,500 USD for discovering in July 2015 which was fixed within 6 hours afterwards. It involved the uploading of a payload embedded in an image file that could grant access to a user's Facebook account.

Read more about it here

Lenovo

Lenovo fixes hard coded password in its SHAREit software, not sure which is more frightening, the fact it was hard coded or the incredibly low complexity of the password “12345678”.

Read more about it here

HSBC

HSBC suffered another distributed denial of service attack this week. The bank stated that it was successfully defended but if users were affected then service was successfully denied. The statement leaves me a little perplexed.

Read more about the HSBC attack here

PayPal

PayPal patches remote code execution vulnerability caused by Java deserialization flaw. It was discovered in December and fixed soon afterwards.

Read more about this on the register

Open SSL

OpenSSL have released a fix to a high severity bug that allowed hackers to obtain the key used to secure communications over HTTPS.

Read the OpenSSL advisory here

Mozilla

Mozilla has released Firefox 44 which fixes 11 security vulnerabilities predominantly related to memory access.

Read more about the release here

Topics:
facebook ,lenovo ,openssl ,firefox ,ddos ,password strength

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}