Archive | Editorial Articles RSS feed for this section

EFF Watering Hole Attack – Daily Security Byte EP.133

Today, the EFF warned the world that advanced attackers have been using their name in vain. A targeted spear phishing email is linking to a fake version of the EFF site, which forces malware via a recent cross-platform Java exploit. Learn more about this attack and how to protect yourself by watching the video below.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=ZQXOgjC3gTg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Backdoor in Multiple DSL Routers – Daily Security Byte EP.132

A few months ago, researchers found a backdoor in an LTE consumer router. Today, we learned that his hole exists in a number of DSL routers, including ones given to customers by ISPs. Watch the video to learn about this secret admin account, and what you can do to mitigate access to it.

(Episode Runtime: 2:25)

Direct YouTube Link: https://www.youtube.com/watch?v=7RCigiLt8gI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Yosemite 0day – Daily Security Byte EP.130

It’s pretty impressive to know an 18 year old Italian teenager is already finding vulnerabilities in OS X. However, I hope he learns to disclose them responsibly, and starts informing vendors first. This week, news surfaced of a zero day privileges escalation flaw in the latest version of OS X Yosemite. Click play below to learn all about it.

(Episode Runtime: 1:30)

Direct YouTube Link: https://www.youtube.com/watch?v=6WmdmY9kHks

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Ashley Madison Hemorrhaging Data – Daily Security Byte EP.129

As if yesterday’s Ashley Madison data dump wasn’t bad enough, the attackers have released new stolen data. Learn what new information is at stake, and what you can do to protect your data in today’s video.

(Episode Runtime: 1:39)

Direct YouTube Link: https://www.youtube.com/watch?v=4Yk7OOST1ag

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

How to Save Yourself an 802.11ac Wave 2 Headache

The latest Wi-Fi standard to hit the market is 802.11ac and it’s been split up into two flavors; Wave 1 and Wave 2. Wave 1 has been out for awhile, but Wave 2 consumer routers and business access points have recently become available. With that in mind, what do you need to know about these new standards?

It’s important to know the two main differences between Wave 2 versus Wave 1:

  1. Multi-User MIMO (MU-MIMO) essentially allows a Wave 2 router or access point (AP) to communicate with more than one client at a time. Until Wave 2, APs served wireless clients one at a time. That means each wireless device had to wait its turn among all the other clients. MU-MIMO has the effect of occupying the radio waves for a shorter time (known as airtime demand). The lower airtime demand, the faster your neighbor across the café gets his email attachment, and the faster you get your important Instagram pictures, which means the happier all Wi-Fi users will be.
  2. 160MHz bandwidth channels are supported in Wave 2. Without diving into the weeds, the wider the bandwidth, the faster your downloads complete.

Should you rush to buy Wave 2 routers and access points?

I highly recommend you don’t yet. Why not? Consider the following:

  • Routers and access points are infrastructure (like a cellular base station is for our smart phones). Infrastructure needs friends to play with, or client devices. To realize Wave 2 benefits, our laptops, smart phones, tablets, game consoles, and other gear have to use Wave 2 wireless chips. I don’t expect many Wave 2 clients to show up on the market until 2016, and even then it will take a year longer before the majority of clients support Wave 2.
  • For the home userespecially gamersthe bandwidth provided by the 160MHz channel could be a win. For everyone else, it’s a yawn. That’s because even though it provides faster speed to single clients, it also translates to less overall speed for the combined group. Think of it like the width of your shopping cart at the grocery store. If we’re all wheeling around a 6ft. wide monster cart, only one of us could cruise a shopping isle at a time, which slows down shopping for everyone. However, if we all sported 2ft. wide carts, we could fit three of them in the isle at a time, allowing everyone to get their shopping done in a reasonable period.

In summary, to avoid an unnecessary 802.11ac Wave 2 headache, I recommend you go ahead and buy Wave 1 routers or APs today. You can rest easy and not worry, because doing so won’t put you behind the times.

-Ryan Orsi, Product Manager (@RyanOrsi)

IE 0day & AM Hack Update – Daily Security Byte EP.128

I missed yesterday’s daily video due to an offsite meeting, so today’s episode contains two important stories; an emergency update to fix a zero day vulnerability in Internet Explorer (IE) and the latest update to the Ashley Madison breach. If you run a Microsoft network, or you know anyone that had an account on Ashley Madison, you’ll want to watch the video below to learn what you can do to protect yourself from attackers.

(Episode Runtime: 2:18)

Direct YouTube Link: https://www.youtube.com/watch?v=w9CI3Fk5NiE

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Global Mobile Hack – Daily Security Byte EP.127

The Australian 60 Minutes unveiled a piece on how attackers can track and intercept the calls from any mobile, as long as they know its number. However, others say the researchers demonstrating this attack had special access to carrier networks. Watch today’s video to learn how real this threat is, and whether or not you can do something about it.

(Episode Runtime: 3:34)

Direct YouTube Link: https://www.youtube.com/watch?v=G63kB987kyg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Black Hat & DEF CON Aftermath – WSWiR Episode 160

Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that.

Last week’s stories included many car hacks, a OS X firmware worm, a big UK breach, tons of patches, and more. If you don’t watch my Daily Bytes, you can catch up all at once with the weekly video below. More importantly, I couldn’t cover many other interesting stories from last week, so if you are interested in those, check out the Reference section below.

(Episode Runtime: 15:10)

Direct YouTube Link: https://www.youtube.com/watch?v=AAIiPp3os1k

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Cisco iOS ROMMON hacks – Daily Security Byte EP.126

Cisco is warning its customers that attackers have been overwriting the iOS ROMMON firmware of some of their customers routers, replacing it with a malicious firmware trojan. Watch today’s video to learn more about this attack, and what Cisco says you can do.

(Episode Runtime: 2:09)

Direct YouTube Link: https://www.youtube.com/watch?v=49hPCvBygiE

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 8,029 other followers

%d bloggers like this: