Tag Archives: 0day

Ransomware Exploits Flash 0day – Daily Security Byte EP. 244

Next week is Microsoft and Adobe’s Patch Day. However, on Thursday Adobe released an emergency security advisory to fix a zero day Flash vulnerability. Watch the episode below to learn why you should get this update to avoid drive-by download attacks pushing ransomware.

(Episode Runtime: 1:44)

Direct YouTube Link: https://www.youtube.com/watch?v=F2MKTU9ZIO4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Badlock – Daily Security Byte EP. 242

Last week, a researcher mysteriously warned the world about an upcoming critical SMB flaw, without sharing any technical details. The warning says the flaw is bad enough that network administrators will want to prepare for it, so they know what to patch immediately. Watch below to learn what little we know about this flaw, and how the security community has reacted to the early warning.

(Episode Runtime: 3:37)

Direct YouTube Link: https://www.youtube.com/watch?v=HnpMNsprYlU

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day & Patches – Daily Security Byte EP. 229

Frankly, I’m a bit sick of talking about patches and security updates after focusing on them for the last two days. However, so many important security updates got released today that I have to cover them for a third day in a row. If you use Adobe Flash, Microsoft products, Firefox, or a Cisco cable modem, watch today’s video to learn about these important patches, including one that fixes a zero day flaw.

Show Note: Please excuse the irritating audio pops. I have since replaced the defective mic.

(Episode Runtime: 2:37)

Direct YouTube Link: https://www.youtube.com/watch?v=6LDgnICKE-Y

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Joomla Attack in Wild – Daily Security Byte EP. 192

If you use Joomla to manage content on your website, you’re going to want to patch immediately. Today’s daily video covers a new zero day flaw in the open source content management system (CMS) that attackers are actively exploiting in the wild.

(Episode Runtime: 1:42)

Direct YouTube Link: https://www.youtube.com/watch?v=oLcHEBQb274

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Android Chrome 0day – Daily Security Byte EP. 176

Last week, a Chinese security research disclosed a new zero day Android vulnerability at PacSec’s Pwn2Own competition. Watch today’s video to learn a little more about this flaw, and what to do about it until it’s patched.

(Episode Runtime: 2:13)

Direct YouTube Link: https://www.youtube.com/watch?v=GzE9VpfhkaE

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

vBulletin Breach and 0day – Daily Security Byte EP. 171

The creators of vBulletin are having a bad week. Not only did they have a data breach that resulted in around 400,00 stolen user records, but it sounds like the attacker leveraged a zero day vulnerability in their own software to compromise their network. Watch today’s Daily Byte to learn more about this story, and what you should do if you use vBulletin software.

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=5XIwY4seah0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Patches, Drone Hacks, and Evil USB – WSWiR Episode 166

Did you miss last week’s security news since you were too busy keeping your network running? If so, you’re not alone. However, staying up to date with the latest threats is important, so let our short weekly security summary keep you informed. If you don’t have time to follow our daily security videos, I summarize them in this video every Monday.

Today’s episode includes a root vulnerability in popular consumer routers, a zero day Adobe Flash issue, and drone hacking. If that’s not enough, you should watch just to learn about last week’s Microsoft and Adobe patches. Watch the video for the details, and check the References section for links to other security stories from the past few weeks.

(Episode Runtime: 10:56)

Direct YouTube Link: https://www.youtube.com/watch?v=77R3I5fw9Ao

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day Surfaces – Daily Security Byte EP.159

Adobe just released a new Flash update Tuesday, but researchers have already found sophisticated threat actors leveraging a new zero day Flash exploit in the wild. Trend Micro, one of our security partners, found the Pawn Storm attackers leveraging this new Flash exploit. Watch today’s video to learn when the next patch will come out, and what to do in the meantime.

UPDATE: Adobe actually sped up their schedule to release a fix. Go get it now.

(Episode Runtime: 1:27)

Direct YouTube Link: https://www.youtube.com/watch?v=_HFC6VFBdu0

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

0day Root Netgear Flaw – Daily Security Byte EP.156

If you use a Netgear router, you’ll want to disable remote administration. In today’s video, I talk about two zero day vulnerabilities the Shellshock Labs found in a line of popular Netgear broadband routers. In a nutshell, if an attacker can access the administrative web page, she can gain complete control of your router. Press play to learn more about these flaws, and what you can do until Netgear patches.

(Episode Runtime: 2:01)

Direct YouTube Link: https://www.youtube.com/watch?v=DPbRUoWqYvg

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Yosemite 0day – Daily Security Byte EP.130

It’s pretty impressive to know an 18 year old Italian teenager is already finding vulnerabilities in OS X. However, I hope he learns to disclose them responsibly, and starts informing vendors first. This week, news surfaced of a zero day privileges escalation flaw in the latest version of OS X Yosemite. Click play below to learn all about it.

(Episode Runtime: 1:30)

Direct YouTube Link: https://www.youtube.com/watch?v=6WmdmY9kHks

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: