June 19, Threatpost – (International) Static encryption key found in SAP HANA database. Security researchers from ERPScan discovered a vulnerability in SAP’s HANA in-memory relational database management system in which an attacker could use various web-based external attacks to remotely execute code, and then leverage static encryption keys to read encrypted passwords, stored data, and backups. Source
June 18, International Business Times – (International) Samsung to issue fix for SwiftKey keyboard bug affecting Galaxy S6 in ‘coming days’. Samsung officials announced plans June 18 to send out an update addressing a plaintext connection vulnerability in the SwiftKey-developed keyboard technology used in up to 600 million devices, including the Galaxy S6. SwiftKey developers reported that the issue is limited to devices running Samsung software, and that the SwiftKey app is not affected. Source
June 18, SC Magazine – (International) Report: average botnet in Q1 2015 made up of 1,700 infected hosts per C&C server. Findings from a recently released Level 3 Botnet Research Report for the first quarter of 2015 revealed that the average botnet was made up of 1,700 hosts per command and control (C&C) server, a server’s average lifespan was 38 days, the U.S. generated the most server traffic and was targeted by 56 percent of distributed denial-of-service (DDoS) attacks, and 600 of the servers analyzed were being used for malicious communications targeting corporate environments, among other findings. Source