FBI Delays Apple Case – Daily Security Byte EP. 237

The FBI vs Apple court hearing was supposed to start Tuesday, but the FBI delayed it. What happened? Watch my daily video to find out and to learn what I think this means to the case.

(Episode Runtime: 4:52)

Direct YouTube Link: https://www.youtube.com/watch?v=L0hVttpqeB0

EPISODE REFERENCES:

• FBI delays the Apple hearing – The Verge
• FBI thinks it might be able to unlock terrorist’s phone – LA Times

— Corey Nachreiner, CISSP (@SecAdept)

Apple vs.The FBI – Daily Security Byte EP. 218

This week, Apple’s CEO, Tim Cook, posted a public letter to his customers explaining why Apple intends to fight a court order demanding that they help crack the security of a dead terrorist’s iPhone. Hearing this, you might think, “I don’t use Apple stuff, so I don’t care,” or “this doesn’t affect me and I want them to catch terrorists.” The problem is, this issue could set a precedent that will affect all of us. Watch today’s Byte to learn more about this issue and why it could affect you, and check out the references below—especially Cook’s Letter—for more details.

Show Note: Unfortunately, this episode is posting a few days late, and I missed a day of the Daily Byte. Technical issues forced me to re-shoot the content. 

(Episode Runtime: 8:01)

Direct YouTube Link: https://www.youtube.com/watch?v=IIVHl-tO0BQ

EPISODE REFERENCES:

• Tim Cook’s letter to customers on FBI order – Apple
• FBI uses old law to force Apple to weaken security – Slate
• The actual U.S. court order to Apple [PDF] – Document Cloud
• Editorial debate on FBI or Apple – Bloomberg View
• What is the All Writs Act? – Daily Dot
• How U.S. lawmakers are reacting to the issue – Techdirt
• Well-known hacker’s technical view on this case – Fox News
• Other tech companies back Apple – ZDNet
• Blocking encryption products will not prevent terrorists from using others – Schneier.com
• UPDATE: LA Congressman’s response to the Apple issue (hear, hear!) – House.gov
• UPDATE: Screw up prevents a cloud backup retrieval wo/backdoor –  Gizmodo
• FUN: Eccentric McAfee claims FBI doesn’t need Apple, he can crack the iPhone – Uber Gizmo

— Corey Nachreiner, CISSP (@SecAdept)

CWA Teens Arrested – Daily Security Byte EP. 216

Just a few days after the DoJ data leak, UK authorities arrest two teenagers associated with the group CWA. Watch the video to learn more.

(Episode Runtime: 2:13)

Direct YouTube Link: https://www.youtube.com/watch?v=82c3nvMibWg

EPISODE REFERENCES:

• UK authorities arrest two teens in association with DoJ hacks – Motherboard
• “Cracka” from CWA arrested – Motherboard
• CWA promises more hacks after arrests– The Next Web

— Corey Nachreiner, CISSP (@SecAdept)

DoJ, FBI, and DHS Pwned? – Daily Security Byte EP. 215

A Hacker (likely Hacktivist) claims to have breached the Department of Justice’s network, and has dumped FBI and DHS employee records to prove it. If you think he used some advanced attack to crack the government’s systems, you’d be wrong. Watch today’s episode to learn how claims to have done it, and how you could protect yourself.

(Episode Runtime: 3:34)

Direct YouTube Link: https://www.youtube.com/watch?v=hETu9ajeMn0

EPISODE REFERENCES:

• Hacker dumps DHS records – Motherboard
• Hacker follows up with FBI records – Motherboard
• U.S. DoJ allegedly hacked – IBTimes
• CryptoBin takes down the leaked data – Tripwire

— Corey Nachreiner, CISSP (@SecAdept)

Don’t Listen to the FBI – Daily Security Byte EP. 168

At a small security conference in Boston, an FBI agent said that they often recommend victims to just pay the ransom associated with ransomware like Crytpowall and Cryptolocker. Watch today’s video to see what I think of this, and to get a small Halloween-themed surprise.

(Episode Runtime: 3:59)

Direct YouTube Link: https://www.youtube.com/watch?v=25ncoN7CDfk

EPISODE REFERENCES:

• The FBI advises you pay ransom for malware – The Security Ledger

— Corey Nachreiner, CISSP (@SecAdept)

Grounded Airline, Snowden Leak, and Mr. Robot – WSWiR Episode 158

If you’re feeling behind on critical information security news, you’re not alone. There are so many new InfoSec stories each week that only a dedicated few can keep up with the latest. If you need a little help following what’s important, let our weekly security news summary video keep you informed.

Last Friday’s episode covered an 0day Flash flaw, the latest Snowden leak, my review of a cool new infosec related show, and more. Watch the video below for the details, and check out the References section for other stories.

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=cvZCDHCc4ec

EPISODE REFERENCES:

• Monday: Hackers Ground Airline – Daily Security Byte EP.101
  • Attackers ground 1400 passengers in Warsaw – Reuters
  • Polish airline delays 10 planes due to cyber attack – Gizmodo
  • The attack against LOT could affect all airlines – Wired
• Tuesday: Spam Spreads 0day Flash Exploit – Daily Security Byte EP.102
  • Adobe releases out-of-cycle Flash update for 0day – Adobe
  • Alleged Chinese threat actors exploiting 0day Flash flaw – Forbes
  • Researchers write-up on Operation Clandestine Wolf – FireEye Blog
  • FireEye’s IoC for APT3 group – Github
• Wednesday: Nation States Spy on AV Vendors – Daily Security Byte EP.103
  • Latest Snowden leak accuses NSA/GCHQ of hacking/reversing AV– The Intercept
• Thursday: Ransomware Costs $18M – Daily Security Byte EP.104
  • Cyber criminal make over $18M from ransomware – Ars Technica
  • FBI’s official warning about ransomware – IC3.gov
• Friday: Mr. Robot Rocks! – Daily Security Byte EP.105
  • USA Network streams pilot of Mr. Robot of free – USA Network
  • Mr. Robot brings security paranoia to the mainstream – Ars Technica
  • Why you need to be watching Mr. Robot – Gizmodo

EXTRAS:

• Great long form article on L0pht – The Washington Post
• Uber collects location data with app is in the background – Ars Technica
• AV-Test audits wearable devices’ security posture – Graham Cluley
• Latest OPM Updates
  • Latest details about the OPM data breach – Ars Technica
  • Alleged analysis of how the OPM hack happened – Threat Connect
  • John McAfee’s thoughts on the OPM breach and AV – IBTimes
  • Richard Clarke has strong feelings on the OPM breach response – CNN
  • OPM attackers got FBI files too – Business Insider
  • OPM director says they are trying hard – Ars Technica
• Make sure you get Chrome’s security updates with auto-update – ThreatPost
• Wireless pita bread device sniffs leaked radio emissions – BBC
• UK Big Brother celeb’s Twitter feed hacked – Naked Security
• Was the first live hack on BBC in 1983? – Motherboard
• New password reset scam social engineers your SMS token – Symantec
• Analysis of ChinaZ, new Chinese Linux malware – MMD Blog
• FBI says crypto ransomware has made criminals over $18M in the US – Ars Technica
• Government log in details found all over the web – Wired
• Android accounts for 97% of mobile malware – The Inquirer
• Blackshades RAT author gets 5yrs in prison – NY Post
• “A Tech Dad’s” tool automatically emails password leak victims – Motherboard
• FUN: Funny skit on North Korea hacking a company – The Next Web
• ESET AV users should patch immediately – The Register
• Emoji passwords probably won’t catch on – Motherboard
• Research find many flaws in Font driver, but already patched – J00ru blog
• Anonymous claims to have leaked credit card info of Canadian officials – Motherboard
• Facebook can identify you without you face – Slate
• Cybercrime has gotten more organized – CSO Online
• Inside the Sony Pictures hack – Fortune
• Facebook’s AI chief on facial recognition – Motherboard
• Java updater still includes crapware – ZDNet
• Lots of government passwords leaked – BGR
• Researcher finds lots of font parsing vulnerabilities – J00ru Blog

— Corey Nachreiner, CISSP (@SecAdept)

Ransomware Costs $18M – Daily Security Byte EP.104

I’ve mentioned ransomware repeatedly in my videos, but today the FBI warned business how dangerous ransomware can be. Watch our video to learn how much ransomware has cost US companies this year, and how to protect yourself from it.

(Episode Runtime: 2:30)

Direct YouTube Link: https://www.youtube.com/watch?v=Z1WVM7_xLMQ

EPISODE REFERENCES:

• Cyber criminal make over $18M from ransomware – Ars Technica
• FBI’s official warning about ransomware – IC3.gov

— Corey Nachreiner, CISSP (@SecAdept)

Baseball Hacks and Mobile Threats – WSWiR Episode 157

Do you want to know about the latest security threats, but find yourself too busy solving business critical IT problems to keep up to date? Well maybe our videos can help. This weekly video summarizes the most interesting InfoSec news from the week. Or if you prefer, you can catch the shorter dailies.

Last Friday’s episode covered a cracked cloud password vault, an unusual baseball franchise data breach, and a couple threats affecting the most popular mobile platforms. Press play in the window below to learn more.

(Episode Runtime: 9:19)

Direct YouTube Link: https://www.youtube.com/watch?v=n1fnylUcBzk

EPISODE REFERENCES:

• Monday:LastPass Hacked – Daily Security Byte EP.98
  • LastPass, the password vault vendor, had a network breach – The Guardian
  • LastPass’s official announcement on the network breach – LastPass
• Thursday: Baseball Cyber Espionage – Daily Security Byte EP.99
  • Original article about the Astros data breach – NY Times
  • How the baseball attack is similar to nation state attacks – The Washington Post
  • Baseball gets a rude awakening to the age of cyber espionage – Five Thirty Eight
• Friday:Two Mobile Platform Threats – Daily Security Byte EP.100
  • Researcher disclose vulnerabilities to steal iOS and OS X passwords – MacRumors
  • XARA password stealing flaws – ThreatPost
  • What you need to know about XARA – iMore
  • A detailed, layman friendly, description of the XARA flaws – iMore
  • The complete XARA research paper (very technical) [PDF] – Google Drive
  • 600M Samsung mobiles vulnerable to new vulnerability – BGR
  • Samsung promises to fix the flaw – Samsung Tomorrow
  • Many Android apps fail at HTTPS login – Ars Technica

EXTRAS:

• OPM breach allegedly tied to Chinese intelligence – Reuters
• Sites not moving to HTTPS have no excuse – ZDNet
• Reddit defaults to HTTPS – SC Magazine
• A 2015 botnet research report [PDF] – Level 3
• Duqu 2.0 allegedly uses a stolen signature from Foxconn – Ars Technica
• Interesting documentary on Romania’s Hackerville – Motherboard
• Drupal fixes critical OpenID vulnerabilities – The Register
• Anonymous DDoSes Canadian government web sites – NBC
• The Sunday Times claims Snowden leaks docs to Russia: Others disagree – Ars Technica
• Stegoloader hides malicious communications in images – IT Pro Portal

— Corey Nachreiner, CISSP (@SecAdept)

Baseball Cyber Espionage – Daily Security Byte EP.99

We’ve heard a ton about nation state cyber espionage, but this is the first time I’ve heard of baseball teams using network attacks to spy. Watch today’s video to hear how employees from the St. Louis Cardinals allegedly broke into the Houston Astro’s network, and what you should do to protect yourself from a similar attack.

 

(Episode Runtime: 2:11)

Direct YouTube Link: https://www.youtube.com/watch?v=BOLvOFJvCfw

EPISODE REFERENCES:

• Original article about the Astros data breach – NY Times
• How the baseball attack is similar to nation state attacks – The Washington Post
• Baseball gets a rude awakening to the age of cyber espionage – Five Thirty Eight

— Corey Nachreiner, CISSP (@SecAdept)

Plane Hacking Hijinks – Daily Security Byte EP.85

Last month a security researcher was detained from a flight for allegedly making a silly plane hacking joke on Twitter. The latest news suggest his research was more than a just a joke. Watch today’s video to learn what he’s accused of and why I think he was irresponsible.

Quick show note: I’ll be traveling to speak at a conference this week. I’ll try to keep my daily video schedule, however, I may miss a day or two due to travel.

 

(Episode Runtime: 2:10)

Direct YouTube Link: https://www.youtube.com/watch?v=aBgLyb0Ws5c

EPISODE REFERENCES:

• Latest details about FBI’s investigation into RSA plane hacker – Techdirt
• Opinion piece on Robert’s Plane pen-testing – Information Week
• Eccentric John McAfee supports Roberts – Motherboard
• Roberts claims of controlling the plane may be overstated – Bloomberg

— Corey Nachreiner, CISSP (@SecAdept)