Information concerning number of devices vulnerable to Heartbleed vulnerability has appeared in the news during September. Given that the existence of Heartbleed was made public almost a year and a half ago it may be surprising that the number of vulnerable devices exceeds 200.000.
Affair concerning the Stagefright vulnerability (which was mentioned in the last Looking back) continued in September when Zimperium – the company which discovered Stagefright – released a proof-of-concept code which exploits the vulnerability.
A stealth malware hidden in modified Cisco IOS images and named SYNful knock has been discovered on tens of Cisco routers around the world. The malware functions as a backdoor and besides the (persistent) IOS-embedded main component uses tens of modules which provide further functionality which it loads into volatile memory.
It should be mentioned that Google, Microsoft and Mozzila made a press release announcing that their browsers will stop supporting the RC4 encryption algorithm early next year.
One final piece of interesting news we will mention has been the discovery of a malware targeted at online poker players. The trojan horse is named Odlanor and captures screenshots of applications used for playing poker online and then sends them to the attacker.