Tag Archives: Anonymous

IE & Flash 0day – WSWiR Episode 105

White House Cyber Disclosure, Traffic Light Hacking, and Zero Day Exploits

There was a ton of Information Security news this week. More than most people can keep up with; especially busy IT administrators who are already putting out other fires. If you have little time to read the latest news, but want a quick recap of the most important infosec stories each week, this is the vlog for you.

In this episode, I react to the White House talking about their zero day disclosure policy, I share news about a researcher hijacking traffic lights across the US, and I warn you about two critical zero day flaws in very popular software products. If you want to stay informed and get the latest security advice, watch the video below. You can also explore the Reference section for links to more stories.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 8:04)

Direct YouTube Link: https://www.youtube.com/watch?v=UxQoInvMBcw

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

iOS Malware- WSWiR Episode 104

Apple Updates, Reappearing Backdoors, and iOS Malware

If you looking for a quick security news round up, subscribe to this weekly Infosec vlog. Today, I cover a number of Apple stories, from the latests patches to iOS malware; I warn about a supposedly fixed router backdoor that has re-appeared; and I talk about the trend of governments withholding zero day exploits. Watch the video below for the details, and check out the References for more information and news. Here’s a bonus security tip;  If you jump out a plane (like I did), take a parachute! Have a great weekend. (Episode Runtime: 7:38) Direct YouTube Link: https://www.youtube.com/watch?v=JfJbCaLlFns

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 53 – RSA 2013

RSA 2013: Big Data, Chinese APT, and User Awareness

This week’s InfoSec news video comes from the 2013 RSA Security Conference in San Francisco. As such, much of the episode covers the major themes from the show flow. However, cyber attackers don’t take a break just because the security industry is having a pow-wow. I also cover other big stories from the week, including an emergency Flash update, a cPanel breach, new nation-state malware, and even an HTML5 trick than can fill you hard drive. Check out the episode below.

As always, feel free to browse the Reference section for more details on any of these stories, and thanks for watching. Comment if you have any suggestions.

(Episode Runtime: 10:11)

Direct YouTube Link: http://www.youtube.com/watch?v=AJbDQnkUToE

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 52 – China APT1

China APT1 Attackers and Java 0day Breaches

Welcome to another week of InfoSec news. If you’re subscribed to the YouTube channel directly, you probably noticed I posted last week’s video late last Friday. Unfortunately, I was catching a plane at the time, so I decided to wait until today to post the video blog entry. If you missed any of last week’s big information and network security news, you’ve come to the right place.

This week’s “on the road” episode covers Apple and Facebook network compromises, the zero day Java exploit that caused them, and one security company’s research alleging the Chinese government is behind many recents advanced persistent threat (APT) attacks. I also recommend some critical updates for Windows, Linux, and OS X users, so make sure to watch below.

This week I’ll be attending the RSA security conference, and recording another episode on the go, which means I may also post next week’s episode earlier or later than normal depending on my travel and event schedule. Until then, thanks for watching and stay frosty out there.

(Episode Runtime: 6:39)

Direct YouTube Link: http://www.youtube.com/watch?v=MolGboEK7nE

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Reader 0day

Reader 0Day, Zombie Broadcast, and Bit9 Breach

Due to a busy work week, I was unable to create a fully produced InfoSec news summary video this week. I did post a very brief video (which you can find below), mostly to warn our YouTube subscribers about the missing episode. It contains very minimal detail about this week’s top security stories.

However, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bullet-list, which quickly summarizes many of this week’s most interesting Infosec news. See you next week.

  • Zero day Adobe Reader vulnerability - A security company, FireEye, discovered attackers exploiting a previously unknown vulnerability in Adobe Reader to install malware. Adobe hasn’t had time to fix it yet, but recommends you use “Protected View” mode to mitigate the issue. We’ll post more details when they patch.
  • President Obama signs cyber security executive order  - As many expected, President Obama signed a cyber security executive order this week that allows government organizations to share security intelligence with some private organizations  and asks critical infrastructure providers to up their security.
  • Bit9 breached and digital certificates stolen - A security company, Bit9, confirmed they were breached this week, and that attackers had stolen their digital certificates and used them to sign malware. Their excuse for the breach? They didn’t use their own product enough.
  • Hacked emergency broadcast system warns of zombie attack  - Folks in some Montana counties were surprise when their television emergency broadcast system warned of a zombie attack. Unsurprisingly, it turns out the system was hacked.
  • More Ruby on Rail vulnerabilities - Researchers have found more vulnerabilities, like SQL injections, in Ruby on Rails. If you are a web developer who uses this package, go patch.
  • Microsoft’s February Patch Day- As always, Microsoft released a bunch of security updates this week. They fixed flaws in Windows, Exchange, Internet Explorer, and a few lesser known products. I released details about the updates here, so hopefully you’ve already patched.
  • Adobe Flash and Shockwave updates – Adobe also released important Shockwave and Flash Player updates during Microsoft’s Patch Day. I talked about those earlier, too. Make sure to patch!
  • The dangers of losing your master password - A well-known security researcher, Jeremiah Grossman, shares a great anecdote on how very strong security practices can come back and bite you due to user error.

Direct YouTube Link: http://www.youtube.com/watch?v=wQP_5bXgHbg (Runtime: 2:08)

Extra Stories:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 51 – Flash 0day

Flash Exploit, ICS Hacks, and Federal Reserve Bank Breach

We’ve had another busy week of security news, with more stories than I can cover in a short video. So I’ll stick to the highlights. Today’s episode talks about a couple Adobe Flash zero day vulnerabilities, the latest Anonymous hijinks, some cross-platform mobile malware, and more. If you missed this week’s InfoSec news, and want to learn about the biggest stories (including how to defend against the latest attacks), click the play button below. Also, check out the Reference section for links to some other interesting security stories I skipped.

Enjoy your weekend, and stay frosty out there.

(Episode Runtime: 8:03)

Direct YouTube Link: http://www.youtube.com/watch?v=B6YdI3NGwlg

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 45 – OpWestboro

Hacktivists Against Hate, SMS Spam Bots, and Exynos Exploits

Hey! Look at that. The world hasn’t ended.

I guess that means my decision to prepare my weekly security news video rather than my apocalyptical fallout shelter wasn’t a tragic mistake. If you are in the mood for some information security (infosec) news on the last Mayan calendar day of the, well, er…ever…then you’ve come to the right place.

In this week’s show, I cover some important software update news, an android SMS botnet, a mobile  zero day flaw, and the latest Anonymous operation, which I suspect many people might appreciate despite its illegal nature. If you’d like to learn how to avoid the latest malware and attacks, or just want to follow the latest infosec drama, play the video below.

Also, don’t forget to check out the Reference section if you’d like to read more details about any of these stories. As always, I’ll include a few extras for those looking for bonus material.

Speaking of end of times, this will be the last WatchGuard Security Week in Review episode for 2012. Enjoy your holiday. I’ll see you next year.

(Episode Runtime: 10:21)

Direct YouTube Link: http://www.youtube.com/watch?v=ua1FfpZy7qI

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 43 – Tumblr Worm

Tumblr Worm, Spoofed Tweets, and Madcap McAfee

Wow. I knew information security news was picking up over the past few years, but lately it seems like our own little industry reality show; complete with mysterious murders, border-crossing heists, and random heart attacks (not to mention, colorful personalities).

This week’s security news episode covers updates on the John McAfee melodrama, news of a fast-spreading Tumblr worm, and a Twitter SMS spoofing issue that can allow attackers to hijack your tweets. It also informs you about the latest important software vulnerabilities and updates. If you’d like a short video to quickly fill you in on the biggest security headlines from the week, click play below.

Of course if video isn’t your thing, you can also read about these stories using the helpful reference links I’ve provided. I’ve even thrown in a few extra news items for your enjoyment.

Let us know what you think in the comments, and see you next week.

(Episode Runtime: 12:41)

Direct YouTube Link: http://www.youtube.com/watch?v=9Cwvuz_TpXM

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 42 – Vulnerability Markets

Vuln Market 0day, Printer Backdoors, and Downed Internet

We’re back from hiatus. After a two week break, our weekly security news podcast has returned.

This week’s episode covers interesting new malware that leverages new command & control channels or targets specific victims, lots of zero day exploits being sold on vulnerability markets, a security industry murder mystery, and much more. If you’d like the latest information security updates, watch below.

As always, I’ve also included a Reference section, which contains links to all the stories mentioned in the video, as well as a few extra ones. Don’t forget to leave your feedback in our comments section.

Enjoy the show, and see you next week.

(Episode Runtime: 11:41)

Direct YouTube Link: http://www.youtube.com/watch?v=_DW3EcXbFlM

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 41 – Coke Cracked

Coca-Cola Cracked, Fawkes Day Fail, and Lots of Updates

This week’s security news round-up includes a story about an old Coca-Cola network breach, the results of Anonymous’ Fawkes Day fiasco, a little Twitter password hiccup, and lots of software security updates. If you have a little extra time on Fridays to catch up on the latest information security news, watch the video below.

Of course, if you have no time for videos, and would prefer to pick and choose your news items, see the Reference section below for link to all this week’s security headlines.

Show Note: I will be out for vacation starting the middle of next week, so will not be posting any WatchGuard Security Week in Review videos for the next couple of weeks. See you again at the end of November, and stay frosty out there.

(Episode Runtime: 10:42)

Direct YouTube Link: http://www.youtube.com/watch?v=S3LyJUK3MLw

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,520 other followers

%d bloggers like this: