June 28, Softpedia – (International) Ruby updated to address hostname check bypass flaw in SSL client. Ruby released several patches addressing a hostname check bypassing security hole in the SSL client that was discovered by an iSEC Partners researcher allowing cybercriminals to potentially launch man-in-the-middle attacks to spoof SSL servers. Source: http://news.softpedia.com/news/Ruby-Updated-to-Address-Hostname-Check-Bypass-Flaw-in-SSL-Client-364057.shtml
June 27, Krebs on Security – (International) Carberp code leak stokes copycat fears. The botnet creation kit, Carberp, coded by a team of hackers that used it to take an estimated $250 million from banks, was posted online on multiple forums for anyone to download. Experts worry that its publication will create new hybrid strains of sophisticated banking malware.
June 27, IDG News Service – (International) Cisco fixes serious vulnerabilities in email, Web and content security appliances. Cisco Systems released email, Web, and content security appliances patches addressing vulnerabilities in prior releases that could allow attackers to execute commands on the underlying operating system or disrupt critical processes.