November 9, 2015 
Nowadays, each week has more information security news that we used to have each month. If you find yourself falling behind, and need a shortcut to stay informed, this is the weekly video for you. Every Monday, I summarize our daily security video from last week.
Today’s episode covers a new Android malware variant, an iOS zero day that’s bad for the industry, a couple hacktivism campaigns, and more. Watch the YouTube video for all the details, and check out the references below to learn more.
(Episode Runtime: 13:13)
Direct YouTube Link: https://www.youtube.com/watch?v=z7Xgnd8CHQ8
EPISODE REFERENCES:
- Monday: 000Webhost has 000 Security – Daily Security Byte EP. 169
- 13M+ password leaked from popular web hosting company – Forbes
- Original blog disclosing the 000webhost breach – Troy Hunt
- 000Webhost’s breach due to outdated PHP – Computer Weekly
- Tuesday: Claimed iOS Bounty is Bad News – Daily Security Byte EP. 170
- Vulnerability researchers claim a $1M iOS 9.1 hack bounty – Motherboard
- iOS bounty claimed, but Apple won’t be informed – Wired
- The original iOS 9 hack bounty – Zerodium
- Wednesday: vBulletin Breach and 0day – Daily Security Byte EP. 171
- vBulletin’s site and forum software hacked – Ars Technica
- vBulletin asks users to reset password – vBulletin
- vBulletin released patch for forum software – vBulletin
- Researcher discloses his vBulletin RCE vuln – Twitter
- His actual Pastie disclosure – Pastie
- Hacker claims responsibility for breach – The Admin Zone
- Coldzer0 attempts to sell vBulletin 0day – oday.today
- Video demonstrating the vBulletin exploit – YouTube
- Thursday: Auto-rooting Android Malware – Daily Security Byte EP. 172
- Friday: Guy Fawkes Day Hacktivism – Daily Security Byte EP. 173
- Anonymous Doxxes 1000 alleged KKK members as part of #OpKKK – ZDNet
- Anonymous threatens #OpKKK on Nov. 5th: Epic fail – USA Today
- CWA doxxed more government employees – Motherboard
- CIA Director hackers break into arrest database – Wired
- Information about Guy Fawkes night – Wikipedia
EXTRAS:
- 11yr old girl will give you a secure password for $2 – The Telegraph
- CISA passes the Senate despite privacy issues – Wired
- Big tech companies don’t like CISA either – CNN
- EFF unveils vulnerabilities in automatic license plate readers – EFF
- Can humanity build a computer security AI? – TechCrunch
- BGP is still a security risk (nothing new here) – SC Magazine
- Nice article on man-in-the-middle attacks – Network World
- Millions of passwords leaked from a free web hoster – Forbes
- Lots of issues with SSL certificate revocation systems – Phys
- Google warns Symantec to clean up certificates – Ars Technica
- More browser vulnerabilities allow for zombie cookies – Ars Technica
- Duuzer trojan seems to target South Korean manufacturing industry – Computer World
- Strengthen your security with passive DNS – Network World
- It’s ok to hack stuff you own for research – Wired
- NSA director says state sponsored attacks increasing – Time
- Tennis star recommends affirmations as passwords – Wired
- Chipped cards get hacked too – Network World
- DARPA keeping an eye on security researchers – Motherboard
- A third of stolen cars in France were hacked – Telegraph
- UK to ban strong encryption on social sites – The Telegraph
- No three arrested in association with the TalkTalk hack – Dark Reading
- Citrix patches some serious (and old) Xen vulnerabilities – The Register
- Researchers collect the $1M iPhone root vulnerability bounty – Forbes
- Zerodium to pay a $1M iOS hack bounty – Motherboard
- Apple doesn’t approve security conference app because of hacking talks – The Register
- Fascinating piece on ex-employees of The Hacking Team – Motherboard
- Will ransomware threaten to disclose your files publicly? – Tripwire Blog
- DMCA exemptions allow hacking for security research – SC Magazine
- British Gas data breach affects 2200 customers – IBTimes
- UK national arrested in association with DroidJack – BBC
- Cyber criminals suck at information security too – The Register
- CCTV (or Linux) botnet DDoSes victims – Incapsala
- Anti-adblocker CDN hijacked and served malicious fake Flash update – The Register
- KeeFarce targets popular password manager – Ars Technica
- Latest Android update fixes 23 vulns including another “Stagefright” – Forbes
- Researchers find new Windows flaw that bypasses EMET – Threatpost
- Cryptowall’s revenue may go to one criminal group – PC World
- Backdoor found in Chinese iOS ad SDK – Threatpost
- UK government wants to increase surveillance – The Intercept
- Tinba still spreading, and targeting Japanese and Russian banks – Threatpost
- FBI is budging a bit on back doors. Servants to the people – Ars Technica
- Longest DDoS attack lasted 320 hours – IT Pro
- Signing malware with valid certs has become an underground service – The Register
- XcodeGhost still lurking, this time on US Appstore – Dark Reading
- Google’s project Zero found 11 vulnerabilities in latest Samsung phone – The Inquirer
- White House reveals the Cybersecurity Strategy Implementation Plan (CSIP) – WhiteHouse.gov
- U.S. Officials targeted by cyber attacks after Iranian hacker’s arrest – Reuters
- Hackers pull heist on a heist video game over microtransactions – Motherboard
- Details surface about two older gambling payment processor breaches – Forbes
- Like the NSA, MI5 uses hacking for investigations – Motherboard
- 14yr old Japanese boy arrested for having the Zeus trojan (video) – NBC News
- Apparently, CIA Director’s email hackers are targeting others – Motherboard
- Good article asking if we learned from Stuxnet – Dark Reading
- Proton email suffers DDoS and pays extortionists $6000 in bitcoin – Forbes
- A look at the person modeled for the CSI:Cyber character – Telegraph
- Finfisher government spyware company still alive and well – Motherboard
WatchGuard Security Center 