Tag Archives: vlog

Critical BIND DoS – Daily Security Byte EP.121

The most popular DNS server on the market, BIND, suffers from a new denial of service (DoS) vulnerability that’s trivial to exploit. Watch today’s episode to learn what to do.

(Episode Runtime: 1:21)

Direct YouTube Link: https://www.youtube.com/watch?v=ZxsRs9Ll2-g

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Sniper Rifles – Daily Security Byte EP.120

When I started in information security, I’d never have guessed hackers would be able to cause sniper rifles to shoot off target. However, the latest research has made that idea a reality. See today’s video to learn about this interesting new hack, and why it should make you aware of the dangers of the “Internet of Thing”.

(Episode Runtime: 1:50)

Direct YouTube Link: https://www.youtube.com/watch?v=LKN5fvxj9ZQ

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

StageFright Affects Most Androids – Daily Security Byte EP.119

Stagefright is a new Android vulnerability that’s serious enough to deserve its fancy marketing name. As one security pundit said, “It’s the Heartbleed of mobile vulnerabilities.” Attackers can leverage this dangerous flaw against 95% of Android devices simply by sending you a text message with a specially crafted file. You don’t even have to interact with the message for the attack to succeed. Watch today’s video to learn what you should do about this issue.

(Episode Runtime: 2:22)

Direct YouTube Link: https://www.youtube.com/watch?v=U9hg5Hx3wRI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Mr Robot Rewind – Daily Security Byte EP.118

Mr Robot keeps getting better. This is the first show that I’ve seen that gets hacking and technology consistently right; down to the tools they show in screen shots. I like it so much that I have partnered with GeekWire to do an article series analyzing each episode. Watch Friday’s video to learn more about it, and have a great weekend.

Show Note: There will not be a video on Monday or Tuesday.

(Episode Runtime: 1:33)

Direct YouTube Link: https://www.youtube.com/watch?v=0PTk45hAcc0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Remote Zero Day Car Hack – Daily Security Byte EP.117

The IOActive researchers are at it again. In 2013, they demonstrated how you could hack a car with physical access. However, this year they found the holy grail of car hacksa remote zero day flaw that allows them to control a car over its cellular network. Watch today’s video to learn what you should do if you have a Fiat Chrysler vehicle with a Uconnect system.

(Episode Runtime: 3:34)

Direct YouTube Link: https://www.youtube.com/watch?v=oLQwVsXomDw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacktivists Expose Cheaters – Daily Security Byte EP.116

We can’t condone cyber crime, even when the hacktivists have morals. A group of attackers calling themselves The Impact Team have breached a well-known online cheating site, and threatened to expose all its customers if they don’t shutdown shop. Watch today’s video to learn about this scandalous cyber drama, and why you shouldn’t post anything online that you don’t want your Grandma to see.

(Episode Runtime: 3:41)

Direct YouTube Link: https://www.youtube.com/watch?v=Uvow48dkF54

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacking Team Updates and RC4 Insecurity – WSWiR Text Edition

 RC4’s Dead and White House On Security

Last week, I was in the UK attending a WatchGuard Partner conference, and as a result I only shot two videos and skipped my weekly summary. Nonetheless, there was still plenty of interesting information security (infosec) news, which I don’t want you to miss. So to make up for it, let me quickly share three infosec stories I would have covered if I had had more time:

  1. Lots of The Hacking Team breach updates: Through the week, we learned a lot more about The Hacking Team organization from the 400GBs of data made public by their network breach. For instance, they had more zero day exploits that first suspected; They leveraged BGP flaws to launch man-in-the-middle attacks, and they worked with both the FBI and DEA to snoop out TOR users. If you’re following this infosec drama, Wikileaks has made all The Hacking Team’s stolen email public. Check out the links below to learn the latest Hacking Team gossip.
  2. The White House brags about cybersecurity: Last week, the White House released a CyberSecurity Fact Sheet detailing everything the US government has done this year to improve the nation’s cybersecurity stance. Highlights include creating a new office in charge of the problem, and encouraging the government and private industry to share threat intelligence. Check out the references if you’d like more details.
  3. RC4 gets another nail in its coffin: RC4 is a very popular hashing algorithm we’ve used for decades. Unfortunately, over the years it has been proven weak due to many vulnerabilities in this old function. Most security experts already consider RC4 dead, that said, new research [PDF] has proven RC4 even weaker. Without going into the details, this new discovery mean bad guys can break RC4 in days instead of months. If you are using RC4, it’s time to move on.

Those are the stories I missed, but the week included many others. If you are interested in all of them, feel free to peruse the Reference section below. I’ll get back to my regularly scheduled videos this week.

References:

 

— Corey Nachreiner, CISSP (@SecAdept)

Darkode Busted – Daily Security Byte EP.115

Good news. A major underground cyber crime forum has been busted. However, it turns out an intern from a well known security company was actually behind a popular android exploit kit sold on the forum. Watch today’s video to learn more.

(Episode Runtime: 2:14)

Direct YouTube Link: https://www.youtube.com/watch?v=iZBsTM2N_Sc

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

July Patch Avalanche – Daily Security Byte EP.114

This Patch Tuesday, Adobe and Oracle shared the spotlight with Microsoft, releasing updates for well over 200 vulnerabilities. Furthermore, the patches included fixes for flaws leaked during The Hacking Team fiasco. Watch today’s video for details, and be sure to update as soon as you can.

Show Note: Due to continued travel, there will likely be no video on Thursday, though I will return with one on Friday. I’ll probably skip the weekly video this time due to the light week.

(Episode Runtime: 2:21)

Direct YouTube Link: https://www.youtube.com/watch?v=aoLhMVu4zzI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Lizard Squad Drama – Daily Security Byte EP.113

A Finnish teenager was convicted of 50,000 incidents of cyber fraud while part of the Lizard Squad; yet he’s not going to jail. One of his victims, and the ex-chief of Sony Online Entertainment (SOE), is not happy and vents to the world. Watch Friday’s video to learn all about this InfoSec drama.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=v4RReNpK_0U

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,998 other followers

%d bloggers like this: