Tag Archives: WatchGuard Security Week in Review

iOS Backdoor – WSWiR Episode 114

Firefox 31, Tails 0day, and iOS Backdoor

Are you curious about the latest network breaches, dangerous new zero day exploits, or breaking security research, but too busy to find all this information on your own? No worries. We summarize the most important security news for you in our weekly security video every Friday.

In this week’s episode, you’ll learn how the latest Firefox update makes it harder to download malware, why you can’t rely on some anonymizers, and whether or not you should worry about the rumored backdoor in iOS. Check out the video for the full scoop, and don’t forget to peruse the extra stories in the Reference section below.

(Episode Runtime: 7:51)

Direct YouTube Link: https://www.youtube.com/watch?v=qg1wsjzjC4Q

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Weak Passwords are Good? – WSWiR Episode 113

Oracle Patches, Project Zero, and Password Problems

Another week, another big batch of InfoSec news. If your IT job is already overwhelming you with tasks, leaving you no time to keep up with computer and network security, “I’ve got ya bro.” Check out our weekly security news summary for all the important action.

Today’s episode covers Oracle’s quarterly Critical Patch Update (CPU), a neat security project from Google, and a bevy of password security related news and issues. It’s all in the video, so give it a play. Also, don’t forget the Reference section below for other interesting news.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 8:59)

Direct YouTube Link: https://www.youtube.com/watch?v=yOtbuwhqZVo

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Hardware Malware – WSWiR Episode 112

Tons of Patches, Facebook Botnets, and Infected Hand Scanners

After a couple weeks of hiatus, we’re finally back with our weekly security news summary video. If you want to learn about all the week’s important security news from one convenience resource, this is the place to get it.

This episode covers the latest popular software security updates from the last two weeks, and interesting Litecoin mining botnet that Facebook helped eradicate, and an advanced attack campaign that leverages pre-infected hardware products. Watch the video for the details, and check out the Reference’s for more information, and links to many other interesting InfoSec stories.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=oAHYUW1KkM0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Microsoft Service Bus DoS Mostly Affects Enterprise Web Developers.

Among this week’s Microsoft security bulletins is one that likely only affects a small subset of Microsoft customers, and thus not worth a full security alert.

Microsoft Service Bus is a messaging component that ships with server versions of Windows, providing enterprise developers with the means to create message-driven applications. According to Microsoft’s bulletin, Service Bus suffers from a denial of service (DoS) vulnerability involving it’s inability to properly handle a sequence of specially crafted messages. If you have created an application that uses Service Bus, an attacker who could send specially crafted messages to your application could exploit this flaw to prevent the application from responding to further messages. You’d have to restart the service to regain functionality.

Windows itself doesn’t really use Service Bus for anything, but if you have internal applications that do, this vulnerability may be significant to you. If you use Service Bus, be sure to check out the bulletin to get your updates. — Corey Nachreiner, CISSP (@SecAdept)

TweetDeck XSS – WSWiR Episode 111

Patch Day, P.F. Changs Hack, and TweetDeck XSS

This week delivered a lot of infosec news and a ton of software security updates. If you didn’t have time to follow it all, check out our weekly computer security video to fill in the blanks.

During today’s episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. restaurant chain, and talk about the cross-site scripting worm spreading via TweetDeck. Click play below to learn more, and check out the References for other interesting infosec stories.

Before wishing you a great weekend, here are a couple of quick show notes. First, I’m starting a vacation during the middle of next week, so I won’t be publishing this weekly video for the next two weeks. It will return in July.

Second, if you are a WatchGuard customer curious about our OpenSSL updates, we are in the process of posting new versions of software for many of our products. Keep your eye on this blog, as those will likely start coming out early next week.

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=hbGqdrxvOyA

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

GOZeus Down – WSWiR Episode 110

NSA Facial Recognition, OpenSSL Patch, and Zeus Takedown

It’s that time again. If you have a hankering for the latest InfoSec news, this is the place to get it. You can watch me summarize all of the week’s biggest security stories in one short video.

Today I talk about the NSA scanning the Internet for our pictures, a big OpenSSL security update, and the latest botnet takedown that puts a damper on GOZeus and Cryptolocker. Watch the video for the scoop, and check out the Extras below for other news.

Hope you have a great weekend, and stay safe out there.

(Episode Runtime: 8:33)

Direct YouTube Link: https://www.youtube.com/watch?v=gp46hzT6G1E

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

iPhone Ransom Message – WSWiR Episode 109

Iranian Social Hackers, XP Patch Hack, and iPhone Ransom Notes

Did you have time to follow security mailings lists, check out infosec news sites, or find that latest patches this week? If not, don’t worry. This weekly video blog will cover the top three computer security news items each Friday for you. Subscribe to this blog or the YouTube channel to stay informed.

This episode covers an Iranian hacking campaign where attackers pose journalists on social media sites, shares a tip about a Windows XP registry hack that could give you security updates until 2019, and highlights a recent iCloud attack that attackers are using to hold iPhones for ransom. Click play for the details, and check out the reference section for other stories.

(Episode Runtime: 7:38)

Direct YouTube Link: https://www.youtube.com/watch?v=sa-2RLe_sr4

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Ebay Pwned – WSWiR Episode 108

Ebay Data Breach, IE8 0Day, and Alleged Chinese Hackers

With all the information security (InfoSec) news coming out each week, it’s hard to believe anyone can keep up with it; let alone an already busy IT professional with other things on his plate. If that sounds like you, rather than worrying about finding the most important security news you can let my weekly summary video fill you in.

Today’s episode covers the 145M record Ebay breach, and new zero day Internet Explorer (IE) 8 vulnerability released early by the supposedly good guys, and the Department of Justice’s official charges against five alleged Chinese government hackers. Check out the video below for the details, and peruse the Reference section for links to other InfoSec stories.

If you’re in the USA, enjoy your extended holiday weekend. See you next time…

(Episode Runtime: 8:00)

Direct YouTube Link: https://www.youtube.com/watch?v=Ib7nI1H13P8

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

TAO Hijack Routers – WSWiR Episode 107

Tons of Patches, NSA Booby-Trapped Routers, and Alleged Iranian Hackers

If you don’t have time to follow all the information security stories popping up each week, you can let our weekly video and blog post summarize the important stuff for you.

In today’s show, I recite the big list of security patches you need to get this week, talk about how the NSA is intercepting and hacking routers to foreigners, and weigh in on whether or not the security industry is blaming advanced attacks on “nation-state” actors a bit too freely. Press play on YouTube for all the details, and don’t forget to check out the Reference section for links to other interesting InfoSec stories.

Hope you have a great weekend, and be careful shopping online!

(Episode Runtime: 8:25)

Direct YouTube Link: https://www.youtube.com/watch?v=LdOHsV88z4Y

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

World Password Day – WSWiR Episode 106

MS Patch Day, 4chan Hacked, and Password Security

If you’re too busy helping your users and maintaining your network to read the latest information security news, you might miss out on new tip that could save your network. No worries. Let my short, weekly Infosec video summarize the week’s biggest news for you.

Today, I warn you about all the upcoming patches next Tuesday, talk about a popular web site hack and what administrators can learn from it, and share my three primary password tips for World Password Day. Click play below for all the details, and take a peek at the Reference section for links to other stories.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 7:32)

Direct YouTube Link: https://www.youtube.com/watch?v=fKU3Qoaj_Dw

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,529 other followers

%d bloggers like this: