October 6, Securityweek – (International) Google patches Stagefright 2.0 flaws on Nexus devices. Google released a security update for Nexus devices resolving 20 recently discovered critical security vulnerabilities in the libstagefright and libutils Android media playback engine, dubbed Stagefright 2.0, in which an attacker could push a specially crafted file to cause memory corruption and remote code execution. Source
October 6, Softpedia – (International) Hackers breach Microsoft OWA server, steal 11,000 user passwords. Security researchers from Cybereason discovered that hackers placed a malicious dynamic link library (DLL) file via an unnamed company’s Microsoft Outlook Web Application (OWA), allowing them to steal usernames and passwords of 11,000 employees off the company’s server. The hackers replaced the OWAAUTH.dll with one containing a backdoor, and collected user login and password information in clear text against the Active Directory server. Source