Archive | October, 2015

Don’t Listen to the FBI – Daily Security Byte EP. 168

At a small security conference in Boston, an FBI agent said that they often recommend victims to just pay the ransom associated with ransomware like Crytpowall and Cryptolocker. Watch today’s video to see what I think of this, and to get a small Halloween-themed surprise.

(Episode Runtime: 3:59)

Direct YouTube Link: https://www.youtube.com/watch?v=25ncoN7CDfk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

The Three “Ps” of Cyber Protection

As October ends, so does National Cyber Security Awareness month, and I recently had the opportunity to go over to KOMO Radio and talk about what I call the three “Ps” of protecting yourself from cyber crime.

To listen in on our conversation, click play below (or download the file [MP3] directly):

(Runtime: 2:27)

Don’t have time right now to listen? Here’s a summary:

  • Patches– Though the numbers change from year to year, experts estimate that around 90% of the exploits bad guys use prey on vulnerabilities that software companies have already fixed. If you set yourself up for automatic updates, you eliminate those threats.
  • Passwords– It’s not enough to have one long, strong password. You need to use different passwords for different accounts. Try using a password management tool, pass phrase, or best yet, multifactor authentication whenever possible.
  • Precaution– This is really about using common sense. How often are things free? Do I really have a long lost relative who is Nigerian royalty? If it doesn’t make sense, don’t click the link or launch the program.

— Corey Nachreiner, CISSP (@SecAdept)

Emergency Shockwave Update – Daily Security Byte EP. 167

If you use Adobe Shockwave, it’s time to patch. This week, Adobe released an out-of-cycle update fixing a critical flaw in the popular multimedia player. Watch the video to learn more, including why I recommend against Shockwave.

(Episode Runtime: 1:10)

Direct YouTube Link: https://www.youtube.com/watch?v=LFKIM8k8nf8

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

TalkTalk Hacked by Teenager? – Daily Security Byte EP. 166

Last week, TalkTalk’s suffered a data breach for the third time this year. It took awhile for the details to surface, but it looks like the attackers exploited a SQL injection flaw in TalkTalk’s website to steal 4M customers’ personally identifying information. Watch today’s information to learn the latest news about this breach, and what you should do if you’re a victim.

(Episode Runtime: 3:32)

Direct YouTube Link: https://www.youtube.com/watch?v=IQhwPq24khk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

PWNed CIA, hacked Fitbit, and Fake Chrome- WSWiR Episode 167

Are you feeling overwhelmed by your normal IT job, but wish you had time to keep up with information security (infosec)? No worries! Let our weekly security video fill you in. Every Monday, I quickly summarize the biggest network and information security stories from the previous week, so you can keep up with the latest threats.

Today’s episode includes a story about a teenager hacking the CIA Director’s email, a new Fitbit hack, a malicious Chrome lookalike, and lots of patches. Press play to learn more, and check the references for other stories.

(Episode Runtime: 13:27)

Direct YouTube Link: https://www.youtube.com/watch?v=aqb7WIjuv94

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Overstated Fitbit Hack – Daily Security Byte EP. 165

This week, the media was all over a Fitbit hack that allegedly could transfer malware from an infected Fitbit to a victim computer. However, the researchthough interestingdidn’t deliver on this nightmare scenario. Watch today’s video to learn what the discoverer really did, and what some news stories are overstating.

(Episode Runtime: 4:58)

Direct YouTube Link: https://www.youtube.com/watch?v=jHYbLgKxg6E

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Apple’s October Updates – Daily Security Byte EP. 164

 

Are you an Apple fan, or do you at least use Safari or iTunes for Windows? If so, yesterday was Apple patch day. If you haven’t updated yet, watch today’s video to learn what you’re missing.

(Episode Runtime: 1:08)

Direct YouTube Link: https://www.youtube.com/watch?v=AMSg5eyRynI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Malicious Chrome Look-alike – Daily Security Byte EP. 163

Have you installed free software lately. If so, there’s a chance you might think you’re surfing with Chrome, but in reality a look-alike browser is snooping on your web connections and forcing ads on you. In today’s video, I discuss eFast browser, a potentially unwanted program (PUP) shipping with certain free software installers.

Show note: I’m traveling tomorrow, and may not be able to post a daily video. If not, I’ll return Friday.

(Episode Runtime: 3:00)

Direct YouTube Link: https://www.youtube.com/watch?v=Ez1CwTwQwzI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Oracle CPU for Oct. 2015 – Daily Security Byte EP. 162

Oracle follows a quarterly patch cycle, and today they released their big Critical Patch Update (CPU) for October 2015. Since they only update four times a year, they tend to release tons of patches at once. Today’s update fixes 154 vulnerabilities in a wide selection of their productsfrom MySQL to the Siebel CRM. Most importantly, they also released a Java update. If you use Oracle products, watch today’s video to learn more about the scope and impact of today’s CPU.

(Episode Runtime: 2:00)

Direct YouTube Link: https://www.youtube.com/watch?v=o4sfU3uS_mw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

CIA Director’s Email Hacked – Daily Security Byte EP. 161

Lately, the nation has been been criticizing Hilary Clinton for running an insecure personal email server. However, she’s apparently not the only government employee with insecure email practices. Today, a high school hacker claimed to hijack the personal email account of the Director of the CIA. Watch today’s episode to learn what sensitive documents the director shared with his personal email account, and how you might prevent this from happening at your organization.

(Episode Runtime: 2:54)

Direct YouTube Link: https://www.youtube.com/watch?v=34TbTEVkS5g

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: