Target Chain of Trust Attack – WSWiR Episode 94

Flash 0day, DailyMotion Watering Hole, and New POS Malware

With Seattle celebrating our Super Bowl victory (Sea-Hawks!), it’s hard for locals to keep their minds on Information Security (Infosec), but criminal hackers don’t stop for American football. If you’ve been too busy to follow security news this week, let WatchGuard’s Friday video fill you in on the details, and help you with your defenses.

In today’s video, I cover an Adobe Flash 0day exploit that advanced attackers are leveraging in the wild, warn about a popular video site that has been turned into a FakeAV watering hole, give you the latest breaking update on the Target breach, and more. Watch the video below to learn the latest security news, and check out the Reference section if you’d like links to other security stories from the week.

Quick show note; I’ll be traveling in the UK next week, so will have to produce the next episode from the road. This also means the video may go live either early or later in the week than it normally does.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 10:04)

Direct YouTube Link:

Episode References:


— Corey Nachreiner, CISSP (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

4 Responses to “Target Chain of Trust Attack – WSWiR Episode 94”

  1. Now Google Chrome has an ability to reset settings to defaults, but more interesting points are:
    – On what level such function is developed? Is it “hard-coded” in browser?
    – If calling such function can be debugged/traced – then is it really secure?
    – Let’s hope, that due to current implementation – malicious add-ons will not be able to manipulate conditions of appearance factor…

  2. Does your site have a contact page? I’m having problems locating it but,
    I’d like to shoot you an e-mail. I’ve got some ideas
    for your blog you might be interested in hearing.
    Either way, great site and I look forward to seeing
    it expand ovr time.

  3. Hello there, I believe yopur weeb site might be having
    internet browser compatibility issues. Whenever I look at your weeb site in Safari, it
    looks fine however whrn opening in Internet Explorer, it’s
    got some overlapping issues. I just wanted to provide yoou
    woth a quick heads up! Apart fdom that, excellent site!


  1. Microsoft Black Tuesday: IE Fi Leads the List of Critical Updates | WatchGuard Security Center - February 11, 2014

    […] audible, releasing seven security bulletins rather than the five I mention in last week’s security video. The good news is this last minute play change might help your security team win the game by […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: