Tag Archives: WatchGuard Security Week in Review

Oracle CPU – WSWiR Episode 103

Oracle Patches, Heartbleed Update, and Cool Gaming Hacks

Information security has become a hot topic, with tens of new infosec articles and issues showing up each week. Perhaps you’re concerned with the latest security news, but don’t have to time to keep up with it among your other administrative tasks. If that sounds like you, check out my weekly infosec news video for a quick summary of the week’s most interesting stories.

Today’s episode is quite simple. I quickly cover Oracle’s April Critical Patch Update (CPU), share some interesting Heartbleed vulnerability updates, and end with a fun, gaming-related hack to cap off the week. Watch the video below, and browse the Reference section for links to more stories and details.

Have a great Easter weekend.

(Episode Runtime: 6:42)

Direct YouTube Link: https://www.youtube.com/watch?v=NtwbM82vVF0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Heartbleed Bug- WSWiR Episode 102

April Patch Day, Raided Pen-Tester, and OpenSSL Heartbleed

Information security news never stops, even if I have to post it from a Changi Airport lounge. If you need to learn the latest cyber security news, including what to do about the biggest vulnerability of the year (so far), you’ve found the right weekly video blog.

This week’s “on-the-road” episode covers Adobe and Microsoft’s Patch Day, an allegory on why you should avoid greyhat pen-testing, but most important of all, information and advice about the major OpenSSL Heartbleed vulnerability. If you use the Internet, you need to know about the Heartbleed flaw, so click play below to watch this week’s video. Finally, make sure to check the Reference section for links to the stories and some extras; especially if you are interested in all the WatchGuard Heartbleed information.

(Episode Runtime: 8:05)

Direct YouTube Link: http://www.youtube.com/watch?v=gEw-o2GQd1U

Episode References:

Extras:

Heartbleed described by XKCD

— Corey Nachreiner, CISSP (@SecAdept)

APT Blocker – WSWiR Episode 101

April Patch Day, NSA Encryption Backdoors, and APT Blocker

Ready for your weekly summary of InfoSec news? Well here it is.

This week’s episode covers what you need to know about next week’s Microsoft patch day, shares details about the latest NSA/RSA encryption scandal, and unveils WatchGuard’s latest security service, which can protect you from zero day malware. Watch the video for the whole scoop, and scope out the references for links to other news.

I continue my travels in Asia next week, so the video may continue to post at unusual times. We’ll be back to our normal scheduling soon.

(Episode Runtime: 5:23)

Direct YouTube Link: https://www.youtube.com/watch?v=JkFmxEVveRY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Paranoia 2014 – WSWiR Episode 100

Word 0day, Cisco DoS, and Bricked Androids

My weekly InfoSec summary arrives bit late this time due to business travel. Last week, I spoke at Watchcom’s Paranoia conference in Oslo Norway, so I couldn’t post my security news summary until the weekend. Nonetheless, why not start your week off by quickly catching up on last week’s news.

This week’s episode includes a quick summary of the Paranoia show, news of a new Word zero day flaw, information about Cisco IOS updates, and a story about a new android vulnerability attackers can use to brick phones. Check out the video for the details, and scroll down to the Reference section for a few extra stories.

As an aside, I’ll be traveling the next two weeks as well, so my weekly video may show up either earlier or later than normal, due to travel.

(Episode Runtime: 5:27)

Direct YouTube Link: https://www.youtube.com/watch?v=BNiCOytV5sg

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Operation Windigo – WSWiR Episode 99

MH370 Scams, Google Play DDoSed, and Operation Windigo

Each week I summarize the biggest information security news in a short video, so you don’t have to go searching for it yourself. If you’re interested in the latest infosec updates, be sure to watch each Friday. 

Today’s late episode covers a few cyber security stories around the disappeared MH370 flight, news about a penetration tester downing Google Play, and a report about a cyber attack campaign that hijacked 25,000 Linux servers. Watch the video for the full scoops, and check the Reference section below for more info.

Have a great weekend.

(Episode Runtime: 8:41)

Direct YouTube Link: http://www.youtube.com/watch?v=YJ3Ei1WDyIY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

NSA’s Turbine – WSWiR Episode 98

Patch Day, Missed Logs, and Snowden’s Latest

What to learn about the latest information security (infosec) news in under eight minutes? You’ve found the right place. Check out my weekly security news summary video below.

This week’s episode covers all the big updates from this month’s Adobe & Microsoft Patch Day, the latest news suggesting Target’s breach could have been averted, and another top secret document leak, detailing how the NSA hacks its targets. Check out the video below for the details, and don’t forget the Reference section for links to other stories. 

Enjoy your weekend, and stay safe!

(Episode Runtime: 8:21)

Direct YouTube Link: http://www.youtube.com/watch?v=h87aqWmaCtQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Uroburos APT- WSWiR Episode 97

SOHO Pharming, Trio of Data Breaches, and Russian APT

I still remember ten years ago, when I used to wish more people would realize the dangers of the Internet and the sad state of cyber security. Back then, it seemed like I had to work to convince someone that there was any computer security problem at all. Boy has that changed… Now I feel overwhelmed by the amount of information security news that breaks each week. If you’re interested in computer security news, but feel overwhelmed yourself, let my short video summarize the important news for you.

Today’s episode covers a SOHO pharming campaign that’s hijacking routers in Europe and Asia, another trio of big network and data breaches, and a new advanced, nataion-state level attack that allegedly comes from Russia. Watch the video for my quick summary, and/or check out the links below for more details, and some extra security stories to boot.

Enjoy your weekend, and keep safe out there.

(Episode Runtime: 11:24)

Direct YouTube Link: http://www.youtube.com/watch?v=IQch3fdbzAk

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Broken Apple SSL – WSWiR Text Edition

RSA 2014, EMET Bypass, and Broken SSL

This week I attended the 2014 RSA Security Conference, one of the biggest information security (and cryptography) conferences of the year. This was the busiest RSA Conference in the show’s history, which suggests that more and more businesses, governments, and organizations are becoming increasingly concerned about cyber security. As a side effect, the show also kept me too busy to produce my normal infosec news video. Instead, I offer a written summary of this week’s major security news and RSA stories below.

  • Apple fixes serious SSL vulnerability in their OSs – This week, Apple released security updates for iOS 6.x and 7.x, OS X, Quicktime, Safari, and Apple TV. Though these updates fix a wide swath of vulnerabilities in those forenamed products, the most astonishing fix corrects a very serious SSL/TLS vulnerability that affects the iOS and OS X operating systems (OS). SSL/TLS is designed to protect and encrypt your network communications, but this flaw allows anyone on the same network as you to intercept and read your communications in a Man-in-the-Middle attack. In short, if you use Apple products, you SSL communications have been open to interception for the last few months, making it especially scary if you joined any open Wifi networks. Apple’s updates fix the issue, and many more, so be sure to go get them. See Apple’s security update summary page for more details.
  • EMET suffers from a bypass vulnerability – EMET—short for Enhanced Mitigation Experience Toolkit—is a free Microsoft tool designed to make it harder for cyber attackers to actually exploit memory corruption type vulnerabilities. I doesn’t prevent a product from having a memory corruption flaw, rather it adds various memory protection mechanisms (like stronger Address Space Layout Randomization or ASLR) to make it harder for attackers to injection their malicious shell code into certain memory locations. It’s a tool I often recommend users install to help mitigate the risk of many vulnerabilities. Well this week, researchers at Bromium Labs proved that EMET is not bulletproof. They released a paper [PDF] showing how attackers could bypass some of EMET’s protections. Microsoft has acknowledged the flaws, and also has a new version in beta (EMET v5.0) that plugs some of the holes.
  • Academic researchers disclose the first AP virus – Researchers from a number of universities in Europe released a paper describing the first ever wireless access point (WAP) virus, which they dub Chameleon. Chameleon first tries to find unsecured wireless APs (for instance, ones using weak WEP encryption, or no encryption). Once it can access the victim AP’s wireless network, it then leverages flaws in the AP firmware to try and infect the AP with its virus. Then it continues scanning for new victim APs. As a research project, this attack was only done in a lab environment, and has never been seen in the wild. However, now that it’s out I suspect criminal hackers might copy this technique in the real world one day.
  • RSA Security Conference Summary – Here are a few of the big themes and news from this year’s RSA Conference.
    • Government and the NSA have broken our trust – In general, the buzz on the show floor was how governments around the world, especially the U.S. and the NSA, have broken our trust with their spying campaigns. While many agree that some sort of international spy agency should exist, most think the NSA has crossed the line with the amount of data they are collecting; which includes data from normal private citizens. The lack of transparency in these government cyber espionage operations has poisoned the industry’s confidence in all online security and communications, making it difficult to know what to trust. Many speakers at the conference criticized these government operations, especially when the governments in question designed malware which they released into the wild.
    • Destructive attacks get more real – In one session, researchers from CrowdStrike demonstrated a vulnerability in Apple computers that they could exploit to actually cause your device to overheat, potentially catching on fire. One of my predictions this year was to expect more destructive malware, and this example may unfortunately help that prediction come true. As an aside, other researchers at the show also demonstrated an attack against Apple iOS devices that allows malicious programs to log touch input—kind of like a keylogger for finger swipes.
    • Lots of vulnerabilities in RSA mobile app – A few weeks before the show, researchers at IOActive checked out the RSA mobile app for the 2014 conference. Turns out it suffered from six vulnerabilities that attackers could leverage to do many things, including disclose the personal information of some of the attendees, or to inject additional code into the app to phish credentials, and other bad things. Check out IOActive’s blog for more details, but it’s ironic that a security conference’s app suffers from the flaws the conference is supposed to educate against.

Well that’s all I have time for this week. However, if you’d like links to other security stories from the week, check out the extra below. I’ll return with my normal video updates next Friday.

Extras Stories:

— Corey Nachreiner, CISSP (@SecAdept)

0day Watering Holes – WSWiR Episode 96

Flash and IE 0day, Watering Holes, and Router Worms

It’s Friday, Friday, gotta get your InfoSec on Friday….

Seriously though. If you are looking for a quick round-up of this week’s biggest security news, this is your show. In it, I cover what I think are the top three information and network security stories of the week, vlog style. If that sounds good, keep reading.

This week’s episode covers an advanced watering hole attack that leverages two zero day vulnerabilities, a worm that’s infecting a popular brand consumer router, and new vulnerabilities that affect devices which fall under “the Internet of things” category. If you’d like all the details, including how to protect yourself, watch the video below. Or if you prefer to read, check out the Reference section for links to those stories and more.

Quick show note. Next week I’ll be attending the annual RSA Security Conference. Though I still hope to produce a video on the road, I may have to settle for a text version of our weekly Infosec news if I get too busy. Keep an eye on the blog for the latest, and have a great weekend.

(Episode Runtime: 8:57)

Direct YouTube Link: http://www.youtube.com/watch?v=NbxXXLov6Ek

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

The Mask APT Campaign – WSWiR Episode 95

400Gb DDoS, More Bitcoin Attacks, and The Mask APT

If you’re looking for a quick synopsis of the latest information security news and advisories, our quick weekly video can provide it for you. This week’s episode was shot literally right before I had to run out to catch a plane, so please excuse the low quality webcam footage. 

Today’s episode includes a quick rundown of the week’s Microsoft and Adobe patches, news about the latest world record-breaking DDoS attack, some Bitcoin hijinks, and the details around a new cross-platform advanced attack campaign discovered by Kaspersky. Check out the video for all the details, and give the Reference section a peek for links to other infosec stories, including last minute news of a new Internet Explorer (IE) zero day attack.

Have a great weekend (and President’s Day for US readers), and be careful online.

(Episode Runtime: 8:20)

Direct YouTube Link: http://www.youtube.com/watch?v=W4JItAGJynY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,388 other followers

%d bloggers like this: