Tag Archives: drive-by download

Hackers Leverage Let’s Encrypt – Daily Security Byte EP. 197

Let’s Encrypt is an organization that wants to help encrypt the web by offering CA validated SSL/TLS certificates for free. Unfortunately, attackers can also benefit from easy encryption. I support HTTPS everywhere, but you need to plan a way to secure your HTTPS traffic. Watch today’s episode to learn how malvertisers are exploiting easy encryption to hide, and how you can protect yourself.

(Episode Runtime: 3:30)

Direct YouTube Link: https://www.youtube.com/watch?v=9cWUGNbLXdc


— Corey Nachreiner, CISSP (@SecAdept)

Ironic Watering Hole Attack – Daily Security Byte EP. 191

Cybercrime; Is it out of control?

Yes! When attackers hijack your news site to serve malware from your cyber crime article, it probably is a bit out of control. Watch today’s video to learn what I’m talking about, and how you might protect yourself from legitimate web sites unknowingly spreading malware.

(Episode Runtime: 3:28)

Direct YouTube Link: https://www.youtube.com/watch?v=20jp-teI5no


— Corey Nachreiner, CISSP (@SecAdept)

Fantasy Football Malvertising – Daily Security Byte EP. 175

Whether you’re talking about soccer in Europe, or U.S. football in the states, fantasy football leagues have become very popular lately, which is why criminal hackers have noticed and might start targeting them. Today’s video talks about how a popular UK fantasy football site has become infecting with evil malvertising. Watch below to learn how you can protect yourself from these sorts of ad-based drive-by downloads.

(Episode Runtime: 2:42)

Direct YouTube Link: https://www.youtube.com/watch?v=-tlHgUko21c


— Corey Nachreiner, CISSP (@SecAdept)

A Dozen Microsoft Updates – Daily Security Byte EP. 174

If you use Microsoft or Adobe productsas the majority of computer users do—it’s that time again… Patch Day.

For November’s Patch Day, Microsoft released a dozen bulletins fixing many flaws in their most popular products. Watch today’s video for the quick highlights about these and Adobe’s updates.

UPDATE: As gung-ho as I am about applying patches quickly, there have been reports that some of the Windows 10 updates can cause problems. You may want to test these updates before deploying them throughout your network.

(Episode Runtime: 1:43)

Direct YouTube Link: https://www.youtube.com/watch?v=xGj2grkLQfk


— Corey Nachreiner, CISSP (@SecAdept)

Emergency Shockwave Update – Daily Security Byte EP. 167

If you use Adobe Shockwave, it’s time to patch. This week, Adobe released an out-of-cycle update fixing a critical flaw in the popular multimedia player. Watch the video to learn more, including why I recommend against Shockwave.

(Episode Runtime: 1:10)

Direct YouTube Link: https://www.youtube.com/watch?v=LFKIM8k8nf8


— Corey Nachreiner, CISSP (@SecAdept)

Critical Flash Patch – Daily Security Byte EP.148

Adobe usually follows Microsoft Patch Tuesday, and releases updates on the second Tuesday of each month. However, yesterday they released a critical, out-of-cycle Flash update fixing 23 vulnerabilities. Watch today’s video to learn how severe these vulnerabilities are, and what you should do.

(Episode Runtime: 1:45)

Direct YouTube Link: https://www.youtube.com/watch?v=ybNfQajHGhI


— Corey Nachreiner, CISSP (@SecAdept)

Backdoors and Watering Holes – WSWiR Episode 162

Cyber security has become mainstream. Nowadays, there’s more information security (infosec) stories each week than the average IT professional can keep up with. If you find yourself falling behind, let our daily and weekly videos keep you informed. If you watch my Daily Security Bytes, you can probably skip this weekly summary. However, if you prefer to recap the week in one go, this video is for you.

This week’s episode includes surprising new updates to the Ashley Madison hack, a backdoor in a bunch of consumer routers, and a watering hole attack targeting the EFF. Watch the video below for the scoop, and check out the references section for more.

(Episode Runtime: 8:41)

Direct YouTube Link: https://www.youtube.com/watch?v=DkcT9sFEfWc

Show Note: A couple notes this episode. First, while I posted last week’s summary video to YouTube, I was not able to blog about it due to my early week travel. If you missed it, you can view it here, or just subscribe to my YouTube channel to see my videos right when they come out. 

Also, I will be traveling in Europe all week to attend WatchGuard partner conferences. I will try to post some videos, but I probably won’t get to one every day, and will post them at unusual times. 



— Corey Nachreiner, CISSP (@SecAdept)

EFF Watering Hole Attack – Daily Security Byte EP.133

Today, the EFF warned the world that advanced attackers have been using their name in vain. A targeted spear phishing email is linking to a fake version of the EFF site, which forces malware via a recent cross-platform Java exploit. Learn more about this attack and how to protect yourself by watching the video below.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=ZQXOgjC3gTg


— Corey Nachreiner, CISSP (@SecAdept)

IE 0day & AM Hack Update – Daily Security Byte EP.128

I missed yesterday’s daily video due to an offsite meeting, so today’s episode contains two important stories; an emergency update to fix a zero day vulnerability in Internet Explorer (IE) and the latest update to the Ashley Madison breach. If you run a Microsoft network, or you know anyone that had an account on Ashley Madison, you’ll want to watch the video below to learn what you can do to protect yourself from attackers.

(Episode Runtime: 2:18)

Direct YouTube Link: https://www.youtube.com/watch?v=w9CI3Fk5NiE


— Corey Nachreiner, CISSP (@SecAdept)

Hacking Team Updates and RC4 Insecurity – WSWiR Text Edition

 RC4’s Dead and White House On Security

Last week, I was in the UK attending a WatchGuard Partner conference, and as a result I only shot two videos and skipped my weekly summary. Nonetheless, there was still plenty of interesting information security (infosec) news, which I don’t want you to miss. So to make up for it, let me quickly share three infosec stories I would have covered if I had had more time:

  1. Lots of The Hacking Team breach updates: Through the week, we learned a lot more about The Hacking Team organization from the 400GBs of data made public by their network breach. For instance, they had more zero day exploits that first suspected; They leveraged BGP flaws to launch man-in-the-middle attacks, and they worked with both the FBI and DEA to snoop out TOR users. If you’re following this infosec drama, Wikileaks has made all The Hacking Team’s stolen email public. Check out the links below to learn the latest Hacking Team gossip.
  2. The White House brags about cybersecurity: Last week, the White House released a CyberSecurity Fact Sheet detailing everything the US government has done this year to improve the nation’s cybersecurity stance. Highlights include creating a new office in charge of the problem, and encouraging the government and private industry to share threat intelligence. Check out the references if you’d like more details.
  3. RC4 gets another nail in its coffin: RC4 is a very popular hashing algorithm we’ve used for decades. Unfortunately, over the years it has been proven weak due to many vulnerabilities in this old function. Most security experts already consider RC4 dead, that said, new research [PDF] has proven RC4 even weaker. Without going into the details, this new discovery mean bad guys can break RC4 in days instead of months. If you are using RC4, it’s time to move on.

Those are the stories I missed, but the week included many others. If you are interested in all of them, feel free to peruse the Reference section below. I’ll get back to my regularly scheduled videos this week.



— Corey Nachreiner, CISSP (@SecAdept)


Get every new post delivered to your Inbox.

Join 8,246 other followers

%d bloggers like this: