June 18, Help Net Security – (International) Reddit announces switch to HTTPS-only. Reddit Web site developers reported that starting June 29, the site will only be accessible over hypertext transfer protocol secure (HTTPS) encrypted connections served via the company’s CloudFlare content delivery network (CDN). Source
June 18, Securityweek – (International) Drupal security updates patch several vulnerabilities. Drupal developers released updates patching open redirect, information disclosure, and access bypass vulnerabilities in versions 6 and 7 of its open source content management software (CMS). Source
June 17, Help Net Security – (International) Unpatched OS X, iOS flaws allow password, token theft from keychain, apps. Researchers from three universities identified critical inter-app interaction services and cross-app resource access (XARA) vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use sandboxed malware to bypass protections and steal confidential information from affected devices. Source
June 17, CNN – (National) OPM inspector general questioned over hacking report. The U.S. Office of Personnel Management’s (OPM) inspector general released testimony to the House Oversight Committee June 15 revealing that large portions of OPM’s critical and sensitive databases had failed to meet Federal security standards in audits completed months before the breach all the way back to 2007. Source