Archive | April, 2015

Password Alert Fail – Daily Security Byte EP.73

Yesterday, I recommended a free Google Chrome extension that could help spot phishing attacks, but today a security researcher has already figured out how to bypass it. Press play to learn what he did, and whether or not this extension is still worthwhile.

 

(Episode Runtime: 1:24)

Direct YouTube Link: https://www.youtube.com/watch?v=TdzYtcmLpao

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Prevent Phishing with Password Alert – Daily Security Byte EP.72

In today’s extra short daily vlog I recommend a free security tool rather than cover the InfoSec news. If you use Chrome, watch the video to learn how Password Alert can inform you of phishing attempts.

 

(Episode Runtime: 1:02)

Direct YouTube Link: https://www.youtube.com/watch?v=gYuJN8H6Dog

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

0Day WordPress XSS – Daily Security Byte EP.71

A really, really long comment could allow an attacker to hijack your WordPress blog. Watch today’s quick video to learn about the zero day XSS flaw reported by a Finnish security researcher, and what you can do about it.

 

(Episode Runtime: 1:48)

Direct YouTube Link: https://www.youtube.com/watch?v=H2XR2tnm0yQ

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

White House Breach Gets Worse – Daily Security Byte EP.70

We keep learning more about the White House email breach from last year, and the news gets worse and worse. Today we learned the attackers may have had access to more of President Obama’s email correspondence than first suspected. Watch today’s vlog post to for the details, and to learn tips to protect your organization’s email.

 

(Episode Runtime: 3:59)

Direct YouTube Link: https://www.youtube.com/watch?v=ni2xGWmE4yw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

PoS Fail and Browser Side-Channel – WSWiR Episode 149

As if every week wasn’t busy enough with new information security (InfoSec) news, this week was the RSA Conference, which brings with it a whole new batch of security news. If you find yourself struggling to keep up, follow my daily or weekly videos to get a quick summary of the latest relevant news.

This week, I was too busy at the RSA Conference to post my daily videos, but you can still catch some of the week’s news in today’s summary episode. In it, I cover the latest updates about the White House breach, I share some interesting tidbits from an RSA PoS security presentation, and I point out some great new research highlighting a side-channel attack that affect most web browsers. Watch the video for the details, and check out the references for more stories.

As an aside, I will be attending another industry conference next week as well, so I may not be able to post my regular Daily Security Byte. However, I’ll still post a weekly video at the very least. I’ll continue with the Daily Bytes the week following next. Have a great weekend, and stay safe out there.

(Episode Runtime: 7:20)

Direct YouTube Link: https://www.youtube.com/watch?v=gGqDplwMJA4

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Fireware OS Update Targets ‘Time Crime’

Up to 80 percent of employees’ time on the Internet each day has nothing to do with work. It’s unrealistic to completely cut it out – we all know breaks are necessary to recharge our battery. But, how much is too much?

Today, we announced the newest version of the WatchGuard Fireware® OS (11.10), which makes it easy to control the amount of data and time employees spend surfing the web. After all, we want our employees to be productive (and happy). It also allows IT pros to set website policies using names not numbers – 216.176.177.72 is now http://icanhas.cheezburger.com/. More so, the new “wildcard” function enables network admins to cover multiple domains with one policy, in turn making your team more efficient.

The new Fireware OS is available for all WatchGuard XTM and Firebox appliances, and is available starting in April 2015. For complete feature information please click here.

Below is a fun infographic that highlights some of the cyberloafing your employees are doing. Control it now with Fireware OS 11.10.

Cyberloafing_1

Patches, APT Gangs, and Sony Wikileaks- WSWiR Episode 148

Want to know what went on this week in the InfoSec world? Well then, check out my weekly security news recap video. This week I cover a ton of software security patches, news of China’s DDoS and man-in-the-middle tool, and the latest drama in the Sony breach saga. Press play to learn more, and enjoy your weekend.

(Episode Runtime: 13:25)

Direct YouTube Link: https://www.youtube.com/watch?v=uBeOUz40tws

EPISODE REFERENCES:

 

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Match.com InfoSec Fail – Daily Security Byte EP.69

Match.com is inadvertently exposing its user’s passwords to snooping hackers. Learn what they did wrong, and how you can avoid it in today’s Daily Security Byte video.

 

(Episode Runtime: 2:26)

Direct YouTube Link: https://www.youtube.com/watch?v=2tAfNx47AMo

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Wikileaks Spread Sony Dirt – Daily Security Byte EP.68

Sony Pictures is in the headlines again, this time because Wikileaks decided to air their dirt. While there are cases where information disclosure is good, I think this Wikileaks stunt is horrible. Watch the video to remind yourself why it’s so important to protect your confidential data.

 

(Episode Runtime: 2:51)

Direct YouTube Link: https://www.youtube.com/watch?v=ZNeAaqLjHCY

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

APT Spy vs. Spy – Daily Security Byte EP.67

Kaspersky researchers have found two advanced threat actor groups trying to hack one another. Today’s video talks about this spy vs spy phish off, and shares what we can learn from it. Watch the video, but be sure to check out Kaspersky report for all the interesting technical details.

 

(Episode Runtime: 3:12)

Direct YouTube Link: https://www.youtube.com/watch?v=4qTo3gB89GU

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: