Tag Archives: patch

OpenSSL DSA Vulnerability – Daily Security Byte EP. 209

Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected.

(Episode Runtime: 3:17)

Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

OpenSSH Client Flaws – Daily Security Byte EP. 203

Today, Qualys disclosed two new vulnerabilities in the popular secure shell application, OpenSSH. One of the flaws is pretty serious, but only affects the OpenSSH client. Watch today’s episode to learn more about these issues, and learn what other products might be affected.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=EQlJLOXCNZ4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Joomla Attack in Wild – Daily Security Byte EP. 192

If you use Joomla to manage content on your website, you’re going to want to patch immediately. Today’s daily video covers a new zero day flaw in the open source content management system (CMS) that attackers are actively exploiting in the wild.

(Episode Runtime: 1:42)

Direct YouTube Link: https://www.youtube.com/watch?v=oLcHEBQb274

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

IT Pros Get Patches for Xmas? – Daily Security Byte EP. 188

It’s hard to call today, “Microsoft Patch Day,” when both Adobe and Apple piled on with tons of security fixes of their own. Microsoft released a dozen security bulletins today, eight rated Critical; Adobe released a Flash update fixing 78 vulnerabilities; and Apple released fixes for all their OSes and a few other products. If you use software from any of those three vendors, watch today’s episode to learn what to do, and check out the references below for more details on the updates.

(Episode Runtime: 2:54)

Direct YouTube Link: https://www.youtube.com/watch?v=6Of-SSZ7gtc

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

No Security for Old IE – Daily Security Byte EP. 187

Internet Explorer (IE) has been around for ages, but Microsoft is ending support for older version of the popular browser on January 12, 2016, likely to focus on their new Edge browser. They’ll only support the latest version of IE in each of their supported operating systems, which basically means most people will have to use IE 11 or Edge. Watch today’s video to learn about the security implications of this change.

(Episode Runtime: 2:14)

Direct YouTube Link: https://www.youtube.com/watch?v=aZpbpgAKbTA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

UPnP Flaw Helps Pop IoT – Daily Security Byte EP. 186

One of WatchGuard’s partners, Trend Micro, found that many devices are still using an older version of a common Universal Plug-n-Play (UPnP) library that suffers from a very serious vulnerability. This new research is very similar HD Moore’s UPnP disclosures a few years ago; the difference being Trend Micro specifically found the issue affecting many Internet of Things (IoT) devices and mobile apps. Watch my vlog below to learn more about it.

(Episode Runtime: 3:32)

Direct YouTube Link: https://www.youtube.com/watch?v=gjmTGyiyBS0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

vBulletin Breach and 0day – Daily Security Byte EP. 171

The creators of vBulletin are having a bad week. Not only did they have a data breach that resulted in around 400,00 stolen user records, but it sounds like the attacker leveraged a zero day vulnerability in their own software to compromise their network. Watch today’s Daily Byte to learn more about this story, and what you should do if you use vBulletin software.

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=5XIwY4seah0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day Surfaces – Daily Security Byte EP.159

Adobe just released a new Flash update Tuesday, but researchers have already found sophisticated threat actors leveraging a new zero day Flash exploit in the wild. Trend Micro, one of our security partners, found the Pawn Storm attackers leveraging this new Flash exploit. Watch today’s video to learn when the next patch will come out, and what to do in the meantime.

UPDATE: Adobe actually sped up their schedule to release a fix. Go get it now.

(Episode Runtime: 1:27)

Direct YouTube Link: https://www.youtube.com/watch?v=_HFC6VFBdu0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

0day Root Netgear Flaw – Daily Security Byte EP.156

If you use a Netgear router, you’ll want to disable remote administration. In today’s video, I talk about two zero day vulnerabilities the Shellshock Labs found in a line of popular Netgear broadband routers. In a nutshell, if an attacker can access the administrative web page, she can gain complete control of your router. Press play to learn more about these flaws, and what you can do until Netgear patches.

(Episode Runtime: 2:01)

Direct YouTube Link: https://www.youtube.com/watch?v=DPbRUoWqYvg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Researcher Storms Gatekeeper- Daily Security Byte EP.152

Today, Apple fixed a few security flaws but also suffered from a new one. A researcher has found a new way to bypass Gatekeeperthe OS X component that’s supposed to keep suspicious software off Macs. Watch the video below to learn a bit about this flaw.

(Episode Runtime: 2:11)

Direct YouTube Link: https://www.youtube.com/watch?v=LvZ3zN7D4Ng

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 8,243 other followers

%d bloggers like this: