Tag Archives: WatchGuard Security Week in Review

ICANN Breach & More Sony – WSWiR Episode 133

Wow! This week’s been such a busy news week that the information security (InfoSec) stories kept pouring in, long after I finished this week’s video. The latest? CERT just warned about some critical vulnerabilities in NTPd, a popular network time protocol (NTP) service that many network devices and software uses. If you use NTPd, look into it (and I’ll post more soon). In the meantime, if you can’t keep up with the weekly deluge of security news, let our video summarize the important stuff for you.

Today’s episode covers a website hijacking campaign targeting WordPress plugins, a new SOHO router vulnerability called Misfortune Cookie, and a noteworthy breach affecting ICANN (the folks who manage domain names). I even throw in the latest Sony updates for good measure. Press play to learn more about those stories, but don’t forget to check out the References section too. It covers other interesting news, such as the last-minute, breaking NTPd issue.

Quick show note: I’m taking some time of for the Holidays, so I won’t be posting a video for two weeks. Have a happy holiday yourself, and I’ll see you next year.

(Episode Runtime: 12:47)

Direct YouTube Link: https://www.youtube.com/watch?v=T-gdqsB5Qiw

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Poodle’s Back – WSWiR Episode 132

Another week, another batch of information security (infosec) news. Would you like a quick summary, rather than hunting it down yourself? No problem! Just check out our weekly video every Friday.

Today’s episode covers the Patch Day bonanza, lots of updates on the Sony Pictures breach, and a new twist on the “Poodle” SSL/TLS vulnerability. Press play for the scoop, and check our the References and Extras section for more stories and details.

(Episode Runtime: 7:13)

Direct YouTube Link: https://www.youtube.com/watch?v=WbbZjRtyODA

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Sony Breach & More – WSWiR Episode 131

Operation Cleaver, FIN4, Regin, and Sony Breach

Now that cyber attacks have gone primetime, every week is filled with new information security (infosec) news, leaving administrators little time to catch up. If you’re falling behind, let our weekly video summarize the biggest security news for you.

No vacation goes unpunished.

Unfortunately, skipping last week’s video due to holidays resulted in missing a week of pretty important security news, and those revelations continued this week. In result, this weeks video covers four security stories, and is much longer than normal. The theme for the week—advanced attack campaigns and breaches.

To make thing easier, I share specific video links to each individual story below. If you don’t want to watch the whole thing at once, use the links to skip to the topics you care about. Otherwise, click play below to catch up on two weeks of infosec news, and check out the Extras section for links to many other stories.

(Episode Runtime: 22:20)

Direct YouTube Link: https://www.youtube.com/watch?v=NX4fvTqJHWE

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

#OpKKK – WSWiR Episode 130

Emergency Windows Patch, Malware Vs. Passwords, and #OpKKK

Nowadays, researchers, hackers, and the media bombard us with tons of information security (InfoSec) news each week. There’s so much, it’s hard to keep upespecially when it’s not your primary job. However, I believe everyone needs to be aware of the latest InfoSec threats. If you want to protect your network, follow our weekly video so I can quickly get you up to speed every Friday.

Today’s episode covers a critical out-of-cycle Microsoft patch, talks about the latest updates to a nasty piece of mobile malware, and explores the ethical issues surrounding a recent Anonymous attack campaign, Operation KKK. Press play for the details, and see the references below for more stories.

As an aside, after shooting this week’s video, I learned attackers may have stolen a bunch of passwords from many popular online services. It may be a hoax, but if you use Windows Live, PSN, or 2K Games, you should probably change you password… just to be safe. Have a great weekend!

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=XUsqxsHvVZc

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

DarkHotel & iOS Masque – WSWiR Episode 129

MS Patch Day, DarkHotel, and iOS Masque

Too much Information Security (InfoSec) news, too little time? I sometimes feel the same way. If you don’t have time to keep up yourself, why not watch our weekly InfoSec video to catch the highlights.

This week, I share the highlights from Microsoft Patch Day, talk about a targeted attack preying on executives in hotels, and warn of a new vulnerability that affects anyone with an iPhone or iPad. Click play below to learn all about it, and check out other stories from the week in the Extras section below.

Stay vigilant online and enjoy your weekend!

(Episode Runtime: 12:39)

Direct YouTube Link: https://www.youtube.com/watch?v=MwxEksw3j-Q

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

WireLurker – WSWiR Episode 128

Mega Patch Day, Password Hijack, and WireLurker

What new security updates do I need? Are attackers exploiting new zero day attacks that affect me? Should I be concerned with any new attack campaigns? What can I learn from the latest network breaches? If you’ve asked yourself these questions, but don’t have time to find the answers, this is the weekly video for you. In it, I summarize the biggest security news from the week and explore what we might learn from it.

Today’s episode talks about the upcoming humongous Microsoft Patch day, explores a password hijack that succeeded despite good security practices, and covers two major threats that affect Apple’s OS X and iOS devices. Watch the video for details, and check out the links below for other interesting stories.

Have a safe and fun weekend!

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=PXJ1t23K5hY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Evil Tor Exit Node – WSWiR Episode 127

Security FUD, Black Energy, and Tor Terror

Happy Halloween!

The Internet “threatscape” has changed drastically over the past few years, with many more cyber security incidents each year and tons of information security (infosec) news in the headlines. Can you keep up? If not, maybe my weekly infosec video will help.

In today’s quick update, I rant a bit about infosec misinformation, share the latest on the Black Energy ICS attack campaign, and talk about an Evil Tor exit node that dynamically adds malware to downloads. Press play for the scoop, and enjoy your spooky Halloween weekend.

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=HjejYd_9Oik

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Cryptowall Malvertising – WSWiR Episode 126

Windows 0day, iCloud MitM, and Cryptowall Rises

You’re a busy IT guy that barely has time to brush your teeth before running off to work, so who has time to follow security news too? Does this sound like you? If so, let our short weekly video inform you of the most important security news in the time it takes you to enjoy your first cup of coffee.

Today’s episode covers another Microsoft zero day flaw, a recent man-in-the-middle (MitM) attack against iCloud, and the latest developments with a nasty piece of ransomware called CryptoWall. Press play below to learn about all that and more, and peruse the Reference section for other stories.

(Episode Runtime: 8:40)

Direct YouTube Link: https://www.youtube.com/watch?v=0y5lBIQ0CEI

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

POODLE Bites SSL – WSWiR Episode 125

October Patch Bonanze, Leaky Apps, and POODLE

Cyber security has gone main stream, which means we’re getting a lot more security news each week than we used to. This week was even busier than usual, with updates fixing hundreds and hundreds of security vulnerabilities, as well as a significant vulnerabilities in a encryption standards. If you’re having trouble keeping track of the most important security info on your own, let our week video summary do it for you.

Today’s episode covers a ton of updates for October’s Patch Day, data leaks affecting SnapChat and DropBox, and a relatively serious SSL vulnerability called POODLE. The video is a bit longer than usual in order to better describe the POODLE flaw. Press play to learn more, and check the references for other interesting stories.

Enjoy your weekend, and beware what you click online.

(Episode Runtime: 16:37)

Direct YouTube Link: https://www.youtube.com/watch?v=AFX9DXDizu4

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

ATM Trojan – WSWiR Episode 124

Nine MS Bulletins, Sneaky DRM, and ATM Trojan

Every week, the security community learns about new attacks, exploits, breaches, security patches, and more. However, keeping track of all this fresh information security (infosec) news can be challenging for most IT practitioners. If you need a little help separating the security wheat from the chaff, this weekly video podcast is for you.

Today’s episode warns you about next week’s upcoming Microsoft patch, covers how Adobe DRM snoops on your reading habits, and shares details about an ATM trojan that has helped its creators steal millions in cold hard cash. Watch the video for details, and check out the reference section for most interesting infosec stories.

(Episode Runtime: 5:45)

Direct YouTube Link: https://www.youtube.com/watch?v=5xi3vtc5bAQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: