Tag Archives: Update

OpenSSL DSA Vulnerability – Daily Security Byte EP. 209

Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected.

(Episode Runtime: 3:17)

Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

OpenSSH Client Flaws – Daily Security Byte EP. 203

Today, Qualys disclosed two new vulnerabilities in the popular secure shell application, OpenSSH. One of the flaws is pretty serious, but only affects the OpenSSH client. Watch today’s episode to learn more about these issues, and learn what other products might be affected.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=EQlJLOXCNZ4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Joomla Attack in Wild – Daily Security Byte EP. 192

If you use Joomla to manage content on your website, you’re going to want to patch immediately. Today’s daily video covers a new zero day flaw in the open source content management system (CMS) that attackers are actively exploiting in the wild.

(Episode Runtime: 1:42)

Direct YouTube Link: https://www.youtube.com/watch?v=oLcHEBQb274

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

IT Pros Get Patches for Xmas? – Daily Security Byte EP. 188

It’s hard to call today, “Microsoft Patch Day,” when both Adobe and Apple piled on with tons of security fixes of their own. Microsoft released a dozen security bulletins today, eight rated Critical; Adobe released a Flash update fixing 78 vulnerabilities; and Apple released fixes for all their OSes and a few other products. If you use software from any of those three vendors, watch today’s episode to learn what to do, and check out the references below for more details on the updates.

(Episode Runtime: 2:54)

Direct YouTube Link: https://www.youtube.com/watch?v=6Of-SSZ7gtc

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

No Security for Old IE – Daily Security Byte EP. 187

Internet Explorer (IE) has been around for ages, but Microsoft is ending support for older version of the popular browser on January 12, 2016, likely to focus on their new Edge browser. They’ll only support the latest version of IE in each of their supported operating systems, which basically means most people will have to use IE 11 or Edge. Watch today’s video to learn about the security implications of this change.

(Episode Runtime: 2:14)

Direct YouTube Link: https://www.youtube.com/watch?v=aZpbpgAKbTA

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

vBulletin Breach and 0day – Daily Security Byte EP. 171

The creators of vBulletin are having a bad week. Not only did they have a data breach that resulted in around 400,00 stolen user records, but it sounds like the attacker leveraged a zero day vulnerability in their own software to compromise their network. Watch today’s Daily Byte to learn more about this story, and what you should do if you use vBulletin software.

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=5XIwY4seah0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Emergency Shockwave Update – Daily Security Byte EP. 167

If you use Adobe Shockwave, it’s time to patch. This week, Adobe released an out-of-cycle update fixing a critical flaw in the popular multimedia player. Watch the video to learn more, including why I recommend against Shockwave.

(Episode Runtime: 1:10)

Direct YouTube Link: https://www.youtube.com/watch?v=LFKIM8k8nf8

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day Surfaces – Daily Security Byte EP.159

Adobe just released a new Flash update Tuesday, but researchers have already found sophisticated threat actors leveraging a new zero day Flash exploit in the wild. Trend Micro, one of our security partners, found the Pawn Storm attackers leveraging this new Flash exploit. Watch today’s video to learn when the next patch will come out, and what to do in the meantime.

UPDATE: Adobe actually sped up their schedule to release a fix. Go get it now.

(Episode Runtime: 1:27)

Direct YouTube Link: https://www.youtube.com/watch?v=_HFC6VFBdu0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

iOS 9 Lockscreen Bypass – Daily Security Byte EP.149

Apple’s not having a great security week. First the XcodeGhost issue, which infected their App Store with malware, now a new iOS 9 lockscreen bypass vulnerability. A Spanish speaking YouTuber disclosed a new lockscreen bypass flaw this week. Today’s episode covers how an attacker might exploit this flaw, and what you can do to mitigate it until Apple patches.

(Episode Runtime: 2:29)

Direct YouTube Link: https://www.youtube.com/watch?v=umKip1ZpS6I

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Critical Flash Patch – Daily Security Byte EP.148

Adobe usually follows Microsoft Patch Tuesday, and releases updates on the second Tuesday of each month. However, yesterday they released a critical, out-of-cycle Flash update fixing 23 vulnerabilities. Watch today’s video to learn how severe these vulnerabilities are, and what you should do.

(Episode Runtime: 1:45)

Direct YouTube Link: https://www.youtube.com/watch?v=ybNfQajHGhI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 8,241 other followers

%d bloggers like this: