July 16, Threatpost – (International) Security support ends for remaining Windows XP machines. Microsoft ended security support for Microsoft Security Essentials customers running Windows XP as part of its July Patch Tuesday roll-out, and released security advisories for a patched race condition flaw in the Malicious Software Removal Tool (MSRT) allowing for privilege escalation, as well as an update enhancing use of Data Encryption Standard (DES) encryption keys. Source
July 16, Securityweek – (International) Siemens patches authentication bypass bug in telecontrol product. Siemens released a firmware update for its SICAM MIC modular telecontrol devices addressing an authentication bypass vulnerability in which an attacker with network access to the device’s web interface could bypass authentication and perform administrative operations. Source
July 16, The Register – (International) Thunder-faced Mozilla lifts Flash Firefox block after 0-days plugged. Mozilla lifted a block on all versions of Adobe Flash in its Firefox Web browser after Adobe released cross-platform updates addressing two zero-day vulnerabilities that were revealed in a recent breach of the Italian surveillance company, Hacking Team. Source
July 16, Securityweek – (International) Vulnerability exposes Cisco Videoscape devices to DoS attacks. Cisco released an advisory warning of a security bug in its Videoscape Distribution Suite for Internet Streaming (VDS-IS) and VDS Service Broker products in which an unauthenticated remote attacker could cause a denial-of-service (DoS) condition by sending specially crafted Hypertext Transfer Protocol (HTTP) packets to trigger device instability. Source
July 15, Threatpost – (International) New RC4 attack dramatically reduces cookie decryption time. Belgian security researchers discovered biases in the Rivest Cipher 4 (RC4) encryption algorithm that could lead to attacks breaking encryption on websites running transport layer security (TLS) with RC4 and Wi-Fi Protected Access (WPA) Temporal Key Integrity Protocol (TKIP) to perform actions under a victim’s name or gain access to personal information. Source