Tag Archives: drive-by download

Tool Tip: ScriptSafe – Daily Security Byte EP. 276

In today’s video I share a quick security tool tip. NoScript is one of my favorite security extensions for Firefox, as it can help block web-based attacks. Unfortunately, it doesn’t work with other browsers. In the episode below, I cover ScriptSafe, a NoScript like extension for Chrome. 

(Episode Runtime: 2:25

Direct YouTube Link: https://www.youtube.com/watch?v=4EGH78n3has

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Ransomware Exploits Flash 0day – Daily Security Byte EP. 244

Next week is Microsoft and Adobe’s Patch Day. However, on Thursday Adobe released an emergency security advisory to fix a zero day Flash vulnerability. Watch the episode below to learn why you should get this update to avoid drive-by download attacks pushing ransomware.

(Episode Runtime: 1:44)

Direct YouTube Link: https://www.youtube.com/watch?v=F2MKTU9ZIO4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Two Malicious Web Campaigns – Daily Security Byte EP. 232

This week, two web-based attack campaigns are increasing the chance you might encounter a drive-by download when visiting a legitimate web site. Watch Tuesday’s Byte to learn more about these campaigns, the tools one uses, and what you can do to avoid these sorts of attacks.

(Episode Runtime: 5:24)

Direct YouTube Link: https://www.youtube.com/watch?v=pAKkZmtD1Ak

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Flash 0day & Patches – Daily Security Byte EP. 229

Frankly, I’m a bit sick of talking about patches and security updates after focusing on them for the last two days. However, so many important security updates got released today that I have to cover them for a third day in a row. If you use Adobe Flash, Microsoft products, Firefox, or a Cisco cable modem, watch today’s video to learn about these important patches, including one that fixes a zero day flaw.

Show Note: Please excuse the irritating audio pops. I have since replaced the defective mic.

(Episode Runtime: 2:37)

Direct YouTube Link: https://www.youtube.com/watch?v=6LDgnICKE-Y

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hackers Leverage Let’s Encrypt – Daily Security Byte EP. 197

Let’s Encrypt is an organization that wants to help encrypt the web by offering CA validated SSL/TLS certificates for free. Unfortunately, attackers can also benefit from easy encryption. I support HTTPS everywhere, but you need to plan a way to secure your HTTPS traffic. Watch today’s episode to learn how malvertisers are exploiting easy encryption to hide, and how you can protect yourself.

(Episode Runtime: 3:30)

Direct YouTube Link: https://www.youtube.com/watch?v=9cWUGNbLXdc

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Ironic Watering Hole Attack – Daily Security Byte EP. 191

Cybercrime; Is it out of control?

Yes! When attackers hijack your news site to serve malware from your cyber crime article, it probably is a bit out of control. Watch today’s video to learn what I’m talking about, and how you might protect yourself from legitimate web sites unknowingly spreading malware.

(Episode Runtime: 3:28)

Direct YouTube Link: https://www.youtube.com/watch?v=20jp-teI5no

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Fantasy Football Malvertising – Daily Security Byte EP. 175

Whether you’re talking about soccer in Europe, or U.S. football in the states, fantasy football leagues have become very popular lately, which is why criminal hackers have noticed and might start targeting them. Today’s video talks about how a popular UK fantasy football site has become infecting with evil malvertising. Watch below to learn how you can protect yourself from these sorts of ad-based drive-by downloads.

(Episode Runtime: 2:42)

Direct YouTube Link: https://www.youtube.com/watch?v=-tlHgUko21c

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

A Dozen Microsoft Updates – Daily Security Byte EP. 174

If you use Microsoft or Adobe productsas the majority of computer users do—it’s that time again… Patch Day.

For November’s Patch Day, Microsoft released a dozen bulletins fixing many flaws in their most popular products. Watch today’s video for the quick highlights about these and Adobe’s updates.

UPDATE: As gung-ho as I am about applying patches quickly, there have been reports that some of the Windows 10 updates can cause problems. You may want to test these updates before deploying them throughout your network.

(Episode Runtime: 1:43)

Direct YouTube Link: https://www.youtube.com/watch?v=xGj2grkLQfk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Emergency Shockwave Update – Daily Security Byte EP. 167

If you use Adobe Shockwave, it’s time to patch. This week, Adobe released an out-of-cycle update fixing a critical flaw in the popular multimedia player. Watch the video to learn more, including why I recommend against Shockwave.

(Episode Runtime: 1:10)

Direct YouTube Link: https://www.youtube.com/watch?v=LFKIM8k8nf8

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Critical Flash Patch – Daily Security Byte EP.148

Adobe usually follows Microsoft Patch Tuesday, and releases updates on the second Tuesday of each month. However, yesterday they released a critical, out-of-cycle Flash update fixing 23 vulnerabilities. Watch today’s video to learn how severe these vulnerabilities are, and what you should do.

(Episode Runtime: 1:45)

Direct YouTube Link: https://www.youtube.com/watch?v=ybNfQajHGhI

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: