Tag Archives: apple

Yosemite 0day – Daily Security Byte EP.130

It’s pretty impressive to know an 18 year old Italian teenager is already finding vulnerabilities in OS X. However, I hope he learns to disclose them responsibly, and starts informing vendors first. This week, news surfaced of a zero day privileges escalation flaw in the latest version of OS X Yosemite. Click play below to learn all about it.

(Episode Runtime: 1:30)

Direct YouTube Link: https://www.youtube.com/watch?v=6WmdmY9kHks

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Black Hat & DEF CON Aftermath – WSWiR Episode 160

Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that.

Last week’s stories included many car hacks, a OS X firmware worm, a big UK breach, tons of patches, and more. If you don’t watch my Daily Bytes, you can catch up all at once with the weekly video below. More importantly, I couldn’t cover many other interesting stories from last week, so if you are interested in those, check out the Reference section below.

(Episode Runtime: 15:10)

Direct YouTube Link: https://www.youtube.com/watch?v=AAIiPp3os1k

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Piles of August Patches – Daily Security Byte EP.124

While there’s lots of interesting security stories I could share today, one of the most practical infosec actions you can take is to keep your software patched. Yesterday was Microsoft and Adobe patch day, and Mozilla also recently released a pretty important Firefox update. Watch the video to learn about these important fixes, and more importantly, follow the links below to learn how to apply the relevant updates.

UPDATE: On Thursday, Apple released a hand full of security advisories and updates as well, fixing flaws in iOS, OS X, and Safari. This wasn’t covered in the video, but check the links below for more info on those updates.

(Episode Runtime: 2:25)

Direct YouTube Link: https://www.youtube.com/watch?v=yZ6A09t5oWA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Thunder Strikes Mac Firmware Again – Daily Security Byte EP.123

You probably know that USB devices can be malicious, but did you know that infected Thunderbolt devices could spread a firmware worm to all your Macbooks? In today’s security video, I cover the ThunderStrike 2 attack that researchers disclosed at this year’s Black Hat and DEF CON conferences. Watch to learn what this attack does, and how the industry can fix it.

(Episode Runtime: 4:01)

Direct YouTube Link: https://www.youtube.com/watch?v=1kF9T4Ugz8Q

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Team Updates and RC4 Insecurity – WSWiR Text Edition

 RC4’s Dead and White House On Security

Last week, I was in the UK attending a WatchGuard Partner conference, and as a result I only shot two videos and skipped my weekly summary. Nonetheless, there was still plenty of interesting information security (infosec) news, which I don’t want you to miss. So to make up for it, let me quickly share three infosec stories I would have covered if I had had more time:

  1. Lots of The Hacking Team breach updates: Through the week, we learned a lot more about The Hacking Team organization from the 400GBs of data made public by their network breach. For instance, they had more zero day exploits that first suspected; They leveraged BGP flaws to launch man-in-the-middle attacks, and they worked with both the FBI and DEA to snoop out TOR users. If you’re following this infosec drama, Wikileaks has made all The Hacking Team’s stolen email public. Check out the links below to learn the latest Hacking Team gossip.
  2. The White House brags about cybersecurity: Last week, the White House released a CyberSecurity Fact Sheet detailing everything the US government has done this year to improve the nation’s cybersecurity stance. Highlights include creating a new office in charge of the problem, and encouraging the government and private industry to share threat intelligence. Check out the references if you’d like more details.
  3. RC4 gets another nail in its coffin: RC4 is a very popular hashing algorithm we’ve used for decades. Unfortunately, over the years it has been proven weak due to many vulnerabilities in this old function. Most security experts already consider RC4 dead, that said, new research [PDF] has proven RC4 even weaker. Without going into the details, this new discovery mean bad guys can break RC4 in days instead of months. If you are using RC4, it’s time to move on.

Those are the stories I missed, but the week included many others. If you are interested in all of them, feel free to peruse the Reference section below. I’ll get back to my regularly scheduled videos this week.

References:

 

— Corey Nachreiner, CISSP (@SecAdept)

June Apple Patch Day – Daily Security Byte EP.107

If you use Apple productson Mac or PCknow that today is Apple Patch Day. The popular software company released six security advisories (originally five, but they had a late breaking advisory) fixing many security flaws in most of their most popular products. Watch today’s video to learn which products are affected, and what you should patch (or check the Reference section for a link to the page with all the details).

As an aside: Sorry about the bad links yesterday, and thanks for those that informed me. If you go to the blog, the link for yesterday’s video is corrected there.

(Episode Runtime: 1:24)

Direct YouTube Link: https://www.youtube.com/watch?v=KwyHlFUPga4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Nation States & Crashing iPhones – WSWiR Episode 154

Unfortunately, lots of security news suggests lots of cyber crime. If you want to stay protected, you need to keep up to date; but who has time? Hopefully our weekly InfoSec video can help.

Last Friday’s episode covered an IRS data leak, a mysterious text message that crashed iPhones, some scary new crowd-sourced ransomware, and more. Watch the YouTube video below for all the details, and check out the References for other stories.

(Episode Runtime: 11:53)

Direct YouTube Link: https://www.youtube.com/watch?v=85fEsnnTf7E

Show Note: I’ll be traveling for the next two weeks to attend various security conference. I’ll try to keep up with semi-daily videos, but will not post as regularly, or at the normal times. 

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

iOS Crash Text – Daily Security Byte EP.89

High schoolers around the nation likely woke up to randomly rebooting iPhones due to pranksters exploiting a mysterious new flaw triggered by a simple text message. The news of this malicious text started on Reddit, but quickly spread as security researchers and the press jumped on the issue. Learn more about it in today’s video.

 

(Episode Runtime: 2:20)

Direct YouTube Link: https://www.youtube.com/watch?v=td8mOon5nVw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 8,031 other followers

%d bloggers like this: