It’s the beginning of February and we’ve already seen three Adobe Flash zero days, an Internet wide-vulnerability in Linux and our first massive data breach of Anthem Inc., an enormous healthcare provider. Threatpost’s Brian Donohue and Chris Brook discuss these headlines and preview Kaspersky Lab’s Security Analyst Summit, set to kick off next week in Cancun, Mexico.
FROM BRIAN AND CHRIS’S READING LIST
It started out as a tale of two Flash zero days, one emerged in the Angler exploit kit, while Adobe rushed to fix a second that was already being exploited in the wild. Then, within ten days of the first two zero days, a third serious Flash vulnerability emerged, which was also incorporated quickly into the Angler exploit kit, leading some to suggest that the crew behind Angler may have also been the first to discover the Flash bugs.
Another Internet-wide bug emerged as well. Similar to Heartbleed and the Bashbug, albeit not as serious, the Glibc vulnerability in Linux systems, known as Ghost, posed a serious threat not only to the various Linux distributions like Ubuntu and Red Hat but also to software packages, applications and websites operating through Linux based systems. Affected systems are at risk of being exploited in distributed denial of service attacks and the Ghost bug could also give attackers the ability to run arbitrary code, installing malware on unpatched systems and ultimately stealing data.
Talk Security: @Threatpost’s @Brokenfuses and @TheBrianDonohue discuss Flash #0days, #Ghost, the Anthem breach and #TheSAS2015Tweet
Then there was the Anthem Inc. mega data breach. Anthem is the largest of BlueCross BlueShield’s affiliates, with some 69 million customers and $62 billion in revenue in 2012. Breached data is said to include Social Security numbers, birth dates, names, employment and income data and other personal information, though there no evidence that credit card or medical information was compromised.
Stay tuned for a bevy of content, including news stories and podcasts from the Security Analyst Summit next week.