Microsoft releases an advisory and fix-it tool to disable SSL3 in Internet Explorer, recommends SSL 3 is disabled on all systems. It appears they are also disabling SSL3 on all their hosted internet services. I recommend we all do likewise.
South Korea’s National Intelligence Service claims North Korea hacked up to 20,000 smart phones with a simple app, allowing them to eavesdrop on conversations. - via InfoSecNews.
NIST warns Samsung’s “Find My Phone” app is vulnerable to an easy exploit - via InfoSecNews
It seems that lawfirms are the latest “victim” of enforced security, this time enforced by big banks! - Wall Street Journal (requires login)
SecurityWeek reports the tnftp FTP client is vulnerable to a remote code exploit.
ICS-CERT warns SCADA systems from GE, Siemens, and Advantech/Broadwin are being targetted by the BlackEnergy malware. The original ICS-CERT post contains several Yara rules and MD5 hashes to scan for. I suspect most of the major antivirus vendors are looking for these too.
Last but not least, the White House was hacked. Only the unclassified networks tho…no important things there. Wait…isn’t all the best information unclassified anyway? Uh Oh….