Tag Archives: drive-by download

Critical Flash Patch – Daily Security Byte EP.148

Adobe usually follows Microsoft Patch Tuesday, and releases updates on the second Tuesday of each month. However, yesterday they released a critical, out-of-cycle Flash update fixing 23 vulnerabilities. Watch today’s video to learn how severe these vulnerabilities are, and what you should do.

(Episode Runtime: 1:45)

Direct YouTube Link: https://www.youtube.com/watch?v=ybNfQajHGhI


— Corey Nachreiner, CISSP (@SecAdept)

Backdoors and Watering Holes – WSWiR Episode 162

Cyber security has become mainstream. Nowadays, there’s more information security (infosec) stories each week than the average IT professional can keep up with. If you find yourself falling behind, let our daily and weekly videos keep you informed. If you watch my Daily Security Bytes, you can probably skip this weekly summary. However, if you prefer to recap the week in one go, this video is for you.

This week’s episode includes surprising new updates to the Ashley Madison hack, a backdoor in a bunch of consumer routers, and a watering hole attack targeting the EFF. Watch the video below for the scoop, and check out the references section for more.

(Episode Runtime: 8:41)

Direct YouTube Link: https://www.youtube.com/watch?v=DkcT9sFEfWc

Show Note: A couple notes this episode. First, while I posted last week’s summary video to YouTube, I was not able to blog about it due to my early week travel. If you missed it, you can view it here, or just subscribe to my YouTube channel to see my videos right when they come out. 

Also, I will be traveling in Europe all week to attend WatchGuard partner conferences. I will try to post some videos, but I probably won’t get to one every day, and will post them at unusual times. 



— Corey Nachreiner, CISSP (@SecAdept)

EFF Watering Hole Attack – Daily Security Byte EP.133

Today, the EFF warned the world that advanced attackers have been using their name in vain. A targeted spear phishing email is linking to a fake version of the EFF site, which forces malware via a recent cross-platform Java exploit. Learn more about this attack and how to protect yourself by watching the video below.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=ZQXOgjC3gTg


— Corey Nachreiner, CISSP (@SecAdept)

IE 0day & AM Hack Update – Daily Security Byte EP.128

I missed yesterday’s daily video due to an offsite meeting, so today’s episode contains two important stories; an emergency update to fix a zero day vulnerability in Internet Explorer (IE) and the latest update to the Ashley Madison breach. If you run a Microsoft network, or you know anyone that had an account on Ashley Madison, you’ll want to watch the video below to learn what you can do to protect yourself from attackers.

(Episode Runtime: 2:18)

Direct YouTube Link: https://www.youtube.com/watch?v=w9CI3Fk5NiE


— Corey Nachreiner, CISSP (@SecAdept)

Hacking Team Updates and RC4 Insecurity – WSWiR Text Edition

 RC4’s Dead and White House On Security

Last week, I was in the UK attending a WatchGuard Partner conference, and as a result I only shot two videos and skipped my weekly summary. Nonetheless, there was still plenty of interesting information security (infosec) news, which I don’t want you to miss. So to make up for it, let me quickly share three infosec stories I would have covered if I had had more time:

  1. Lots of The Hacking Team breach updates: Through the week, we learned a lot more about The Hacking Team organization from the 400GBs of data made public by their network breach. For instance, they had more zero day exploits that first suspected; They leveraged BGP flaws to launch man-in-the-middle attacks, and they worked with both the FBI and DEA to snoop out TOR users. If you’re following this infosec drama, Wikileaks has made all The Hacking Team’s stolen email public. Check out the links below to learn the latest Hacking Team gossip.
  2. The White House brags about cybersecurity: Last week, the White House released a CyberSecurity Fact Sheet detailing everything the US government has done this year to improve the nation’s cybersecurity stance. Highlights include creating a new office in charge of the problem, and encouraging the government and private industry to share threat intelligence. Check out the references if you’d like more details.
  3. RC4 gets another nail in its coffin: RC4 is a very popular hashing algorithm we’ve used for decades. Unfortunately, over the years it has been proven weak due to many vulnerabilities in this old function. Most security experts already consider RC4 dead, that said, new research [PDF] has proven RC4 even weaker. Without going into the details, this new discovery mean bad guys can break RC4 in days instead of months. If you are using RC4, it’s time to move on.

Those are the stories I missed, but the week included many others. If you are interested in all of them, feel free to peruse the Reference section below. I’ll get back to my regularly scheduled videos this week.



— Corey Nachreiner, CISSP (@SecAdept)

Jamie Oliver Hacked Again – Daily Security Byte EP.44

There’s a lot of InfoSec news today, but I’m most fascinated with that fact that Jamie Olivier’s web site has been hijacked yet again. It may provide a perfect example of how not to secure your web site. Check out today’s short video for details, and I threw a few extras in the References below.


(Episode Runtime: 1:48)

Direct YouTube Link: https://www.youtube.com/watch?v=Gq8GL3wsrVo


— Corey Nachreiner, CISSP (@SecAdept)

NSA Get Out of Our Phones – WSWiR Episode 140

According to the news cyber criminals, nation states, and even our own employees are attacking our digital networks. In fact there’s so much information security news each day, it’s hard to keep up. If you find yourself falling behind, perhaps my weekly summary video can help.

Today’s episode covers, nation-state malware, booby-trapped popular web sites, dangerous pre-loaded software, and more. Press play below to get the scoop, and feel free to browse the references for other stories.

(Episode Runtime: 10:30)

Direct YouTube Link: https://www.youtube.com/watch?v=HOWUsT2cWgo



— Corey Nachreiner, CISSP (@SecAdept)

Web Security PSA – Daily Security Byte EP.26

Two more popular and legitimate web sites were hijacked to serve malware. Learn which sites to avoid and how to protect yourself from drive-by downloads in today’s daily video.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=DenX9ZJTH-k


— Corey Nachreiner, CISSP (@SecAdept)

Tax Time Security Woes – WSWiR Episode 139

There’s tons of security news each week. If you can’t keep up, I try to summarize the most important stuff for you in my weekly video.

This week’s show covers a researcher leaking 10M credentials, Forbes’ website getting hacked, a TurboTax security scare, and much more. Watch the video for all the details, or check out the Reference section for other interesting stories.

(Episode Runtime: 9:50)

Direct YouTube Link: https://www.youtube.com/watch?v=mTycl-zSbVA



— Corey Nachreiner, CISSP (@SecAdept)

Latest Flash Update Plugs 18 Security Holes

Do you watch a lot of online video or play interactive web games? Perhaps your organization uses rich, interactive web-based business applications? In either case, you’ve probably installed Adobe Flash, along with the  500 million other device holders who use it. In this case, you better update Flash as soon as you can.

During Microsoft Patch day, Adobe released a security bulletin describing 18 vulnerabilities in the popular rich media web plug-in. There’s no point in covering the flaws individually, as the majority of them share the same scope and impact. In short, most of the flaws involve memory corruption issues that a smart attacker could leverage to execute code on your PC. The attacker would only have to entice you to a web site containing malicious code. In other words, most of them help attackers setup drive-by download attacks.

Though it doesn’t appear attackers are exploiting any of these flaws in the wild yet, Adobe rates there severity a “Priority 1” for Windows and Mac users. This means you should patch within 72 hours. If you use Flash, go get the latest version, and check out Adobe’s security bulletin if you’d like more details. — Corey Nachreiner, CISSP (@SecAdept)


Get every new post delivered to your Inbox.

Join 8,091 other followers

%d bloggers like this: