DNC Hack Drama – Daily Security Byte EP. 274

Early last week, the Democratic National Committee admitted they were hacked. Later, a security team blamed the attack on two Russian hacking groups. Now, another hacker claims credit for the attack and shares some sensitive documents to prove it. Watch the video below to learn a bit about this hacking drama, and whether or not there is anything we can learn from it.

(Episode Runtime: 3:16

Direct YouTube Link: https://www.youtube.com/watch?v=IQrOeUxando

EPISODE REFERENCES:

• Democrat Party’s computers allegedly hacked by Russians – The Washington Post
• Hackers steal Trump research from the DNC – Reuter
• Security team blame attack on two Russian groups – Crowd Strike
• Guccifer claims credit for DNS hack – Ars Technica
• Guccifer’s blog post on his alleged hack – WordPress

— Corey Nachreiner, CISSP (@SecAdept)

SocNet Data Breaches – Daily Security Byte EP. 266

With the amount of data breaches in the headlines lately it’s easy to get overwhelmed with yet another user record or password leak. Nonetheless, if you’ve ever been a Myspace or Tumblr user, you should pay attention to the headlines at least long enough to change your passwords. In today’s video, I share the impact of two social network data leaks.

(Episode Runtime: 3:07)

Direct YouTube Link: https://www.youtube.com/watch?v=SAyeH2Uqo6s

EPISODE REFERENCES:

• Hundreds of millions of Myspace records leaked online – Leakedsource.com
• 65M Tumblr accounts on sale on the Darknet – CBR Online
• Myspace confirms their leak was a hack – ITPro 
• Myspace discloses their data leak – Myspace
• Is the Tumblr leak associated with the Linkedin one? – Digital Trends
• As an aside, Katy Perry’s twitter account was hijacked – NBC News

— Corey Nachreiner, CISSP (@SecAdept)

LinkedIn Loses 117M Credentials – Daily Security Byte EP. 264

In the middle of 2012, LinkedIn warned that attackers had stolen millions of their users’ credentials. That leak was bad enough, but it turns out the breach was much bigger than first reported. In today’s video, I share just how many passwords criminals are selling on the underground, and what LinkedIn users should do to protection their accounts.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=z1Xvx_XODGU

EPISODE REFERENCES:

• Hackers selling 117 million LinkedIn credentials – The Register
• Official customer blog post on the LinkedIn credential breach – LinkedIn

— Corey Nachreiner, CISSP (@SecAdept)

Big Changes Ahead for this Blog – Your Feedback is Appreciated!

Over the past 6 years WatchGuard has been publishing breaking news and in-depth analysis on the most important network security issues on this blog.  Even before that, we shared security articles, podcasts, and various malware analysis videos with our LiveSecurity subscribers. This content has been well-received by our loyal audience, but we want to do even more to help our followers and the network security community.

To achieve this goal we have decided to completely redesign the blog. In fact, you probably already noticed a few small changes, including more content from new writers. However, our more strategic plan is to create a broader industry community and forum for all network security professionals. You can help us achieve this vision.

Your feedback is important to us, and will play a major role in the quality and direction of our blog redesign. If you’d like to make sure our new blog meets your needs, please fill out our survey below. It takes less than 5 minutes, and will ensure that we deliver content that serves you. Your input and time is very much appreciated. — Corey Nachreiner, CISSP (@SecAdept)

http://secure.watchguard.com/blog-redesign-survey

 

Hacking Team Breach Unveiled – Daily Security Byte EP. 250

Almost a year ago, an Italian security company called the Hacking Team suffered an embarrassing network breach. This week, the alleged attackers behind the hack detail exactly how they did it. Watch today’s Byte to see what you can learn from this particular attack.

(Episode Runtime: 5:02)

Direct YouTube Link: https://www.youtube.com/watch?v=p9yEvODyGZI

EPISODE REFERENCES:

• Antisec’s alleged e-zine describing the Hacking Team breach in detail – Pastebin
• Hackers tell all about the Hacking Team attack – Computer World
• Our original Byte on the Hacking Team breach – WatchGuard Blog

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard receives Grand Trophy and five other 2016 Global Excellence Awards

It was a busy week down at the RSA conference in San Francisco, but it kicked off right on Monday night when we learned that InfoSecurity Products Guide, the industry’s leading information security research and advisory guide, recognized WatchGuard Technologies as a Grand Trophy winner for their 2016 Global Excellence Awards®.

More than 50 judges from around the world formed a broad spectrum of industry voices and their average scores determined the 2016 Global Excellence Awards Finalists and Winners.

Beyond the Grand Trophy, we brought home a total of five Info Security Product Guide Global Excellence Awards in a diverse set of categories:

• Gold Winner Award for Network Security and Management: WatchGuard Dimension Command
• Gold Winner Award for Security Products and Solutions for Small Businesses and SOHO: WatchGuard Firebox T50
• Silver Winner Award for Security Products and Solutions for Enterprise (Medium): APT Blocker
• Bronze Winner Award for Integrated Security and Unified Threat Management: WatchGuard Firebox M300 Firewall (Firebox M300 running Fireware 11.10.4 firmware)
• Bronze Winner Award for People Shaping Info Security: Corey Nachreiner, Chief Technology Officer at WatchGuard Technologies, for Raising InfoSecurity Awareness Through Education

Info Security Product Guide’s recognition of our products and personnel stands as further validation of this company’s commitment to best-in-class security solutions. We’re proud to receive yet another endorsement of WatchGuard’s vision and execution in the field of security for SMBs and enterprises, and for general education and awareness about infosecurity.

Kid Tracking Company Leaks Data – Daily Security Byte EP. 221

If you collect data to track children for parents, it’s probably a good idea to put a password on the database holding all that tracking data. In today’s episode I share a security industry drama around a researcher reporting just such a flaw, but not getting the best response. More importantly, I share resources you could leverage to make sure you don’t make the same mistakes this company did.

(Episode Runtime: 3:55)

Direct YouTube Link: https://www.youtube.com/watch?v=fC1XPIU3yiY

EPISODE REFERENCES:

• Child Tracking firm doesn’t put a password on their database  – Graham Cluley Blog
• MacKeeper research discovers and discloses the insecure database – MacKeeper
• uKnowKids breach warning and response to the disclosure – uKnowKids

— Corey Nachreiner, CISSP (@SecAdept)

Linux Distro Backdoored – Daily Security Byte EP. 220

It would suck to have your website hacked, and your user database stolen by malicious attackers. However, can you imagine those attackers also creating a backdoored version of your software, and distributing it among your customer from your very own site? Unfortunately, that’s exactly what happened Linux Mint, the makers of a popular Linux distribution. Watch today’s episode to learn more, including what you should do if you downloaded Linux Mint recently.

(Episode Runtime: 2:19)

Direct YouTube Link: https://www.youtube.com/watch?v=q2WpKLJVfUE

EPISODE REFERENCES:

• Linux Mint website hacked and official distro backdoored – The Hacker News
• Linux Mint’s official announcement about hack – Linux Mint
• Linux Mint forum was hacked too – Linux Mint

— Corey Nachreiner, CISSP (@SecAdept)

CWA Teens Arrested – Daily Security Byte EP. 216

Just a few days after the DoJ data leak, UK authorities arrest two teenagers associated with the group CWA. Watch the video to learn more.

(Episode Runtime: 2:13)

Direct YouTube Link: https://www.youtube.com/watch?v=82c3nvMibWg

EPISODE REFERENCES:

• UK authorities arrest two teens in association with DoJ hacks – Motherboard
• “Cracka” from CWA arrested – Motherboard
• CWA promises more hacks after arrests– The Next Web

— Corey Nachreiner, CISSP (@SecAdept)

DoJ, FBI, and DHS Pwned? – Daily Security Byte EP. 215

A Hacker (likely Hacktivist) claims to have breached the Department of Justice’s network, and has dumped FBI and DHS employee records to prove it. If you think he used some advanced attack to crack the government’s systems, you’d be wrong. Watch today’s episode to learn how claims to have done it, and how you could protect yourself.

(Episode Runtime: 3:34)

Direct YouTube Link: https://www.youtube.com/watch?v=hETu9ajeMn0

EPISODE REFERENCES:

• Hacker dumps DHS records – Motherboard
• Hacker follows up with FBI records – Motherboard
• U.S. DoJ allegedly hacked – IBTimes
• CryptoBin takes down the leaked data – Tripwire

— Corey Nachreiner, CISSP (@SecAdept)