July 24, Securityweek – (International) Red Hat patches “libuser” library vulnerabilities. Red Hat patched two vulnerabilities in its “libuser” library, including a race condition flaw that could lead to a denial-of-service (DoS) condition and a bug in the chfn function of the userhelper utility that an attacker could leverage to create a DoS condition and achieve privilege escalation on the system. Source
July 24, SC Magazine – (International) Sophos moves to patch Web Security Appliance flaws. A security researcher from Info-Assure Ltd discovered two vulnerabilities in Sophos Security’s Web Appliance prior to version 4.0.4 that could allow unauthenticated users to read files from the device and inject arbitrary JavaScript via its management interface. Source
July 23, FierceGovernmentIT – (National) Census Bureau confirms ‘unauthorized access’ to system; Anonymous members claim responsibility. The online activist group Anonymous claimed responsibility July 22 for a cyber-attack on the U.S. Census Bureau, which leaked non-confidential information including email addresses, phone numbers, and job titles of the organization’s 4,200 employees. The organization’s internal systems were not affected, and the compromised servers have been locked down. Source
July 24, Autoblog – (National) FCA issuing software update for 1.4M vehicles to prevent hacking. Fiat Chrysler Automobiles U.S. issued a voluntary recall and software update for 1.4 million model year 2013 – 2015 Chrysler 200 and 300, Dodge Charger, Challenger, Viper, Ram, Durango, and Jeep Cherokee and Grand Cherokee vehicles with 8.4-inch touchscreen Uconnect systems to protect vehicles from remote manipulation, following reports that a security expert remotely hacked a vehicle via a cellular connection. Source
July 24, Computerworld – (International) Firewalls can’t protect today’s connected cars. Security and automotive experts reported on the risks associated with Internet-enabled vehicles, including a lack of operational security and multiple access wireless access points to vehicles’ controller area networks (CAN). The researchers recommended alternate approaches to vehicle security such as encrypted CAN messaging or detection-software. Source