Tag Archives: OpenSSL

Massive Webmail Credential Leak? – Daily Security Byte EP. 257

According to reports, a Russian cyber criminal has leaked over 272 million credentials, including many from popular webmail services. However, so far none of the companies have validated that the leaked credentials work today. Watch my video below to learn what I think, and what you can do to protect yourself.

(Episode Runtime: 3:34)

Direct YouTube Link: https://www.youtube.com/watch?v=1Icgdapc2uw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Important OpenSSL Updates – Daily Security Byte EP. 256

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two very important Internet protocols, as they help us encrypt Web traffic and much more. OpenSSL is a very popular Linux implementation of SSL/TLS, used in many products. If you use OpenSSL, watch the video to learn why you should update OpenSSL as soon as you can.

(Episode Runtime: 2:43)

Direct YouTube Link: https://www.youtube.com/watch?v=TE4pz9SD-mY

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

DROWN Vulnerability – Daily Security Byte EP. 225

Researchers disclosed a critical new SSL vulnerability during one of the biggest security conferences in the world, RSA. DROWN, or Decrypting RSA with Obsolete and Weakened eNcryption, is an vulnerability that allows attackers to gain the public key of servers that still use SSLv2.0. Watch today’s video to learn more about it, and make sure to disable SSLv2.0 on all your servers, and to update OpenSSL.

(Episode Runtime: 5:25)

Direct YouTube Link: https://www.youtube.com/watch?v=TLMLw2sDB3E

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

OpenSSL DSA Vulnerability – Daily Security Byte EP. 209

Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected.

(Episode Runtime: 3:17)

Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Hacked Team Flash ’Sploit Patched – Daily Security Byte EP.112

Among all the embarrassing stolen data from The Hacking Team breach was a serious Adobe Flash zero day vulnerability, which is now in the hands of any blackhat criminal who knows how to use Google. If you don’t want cyber criminals exploiting this flaw against you, watch today’s video to learn what you can do.

(Episode Runtime: 1:47)

Direct YouTube Link: https://www.youtube.com/watch?v=05Vgkg9l-1M

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Premera, CISA, and OpenSSL – WSWiR Episode 144

This week’s security news covered topics from biometrics, to nation-state cyber teams, to big data breaches, to new vulnerabilities. How’s the average network Joe to keep up? Let my weekly video help by quickly summarizing the important stuff.

Today’s show covers a US healthcare data breach, a new OpenSSL update, and the US CISA law. You’ll find it all in this week’s video, and more in the Reference section below.

(Episode Runtime: 11:23)

Direct YouTube Link: https://www.youtube.com/watch?v=nigzxITwPvI

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

OpenSSL DoS – Daily Security Byte EP.48

This week the information security (InfoSec) community was abuzz about an upcoming critical OpenSSL update. Would it fix the next FREAK or Heartbleed? Nope. It was much less severe than expected. Nonetheless, watch today’s video to learn how quickly you should patch.

 

(Episode Runtime: 1:55)

Direct YouTube Link: https://www.youtube.com/watch?v=UkehIk0KDaw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

FREAK affects Windows – Daily Security Byte EP.39

I warned you about the FREAK SSL vulnerability on Tuesday. It turns out it affects Windows too. Learn how to mitigate the issue, and get an update on how WatchGuard’s products are affected in the video below.

(Episode Runtime: 1:56)

Direct YouTube Link: https://www.youtube.com/watch?v=JZNdJfMZnik

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Don’t FREAK Out – Daily Security Byte EP.36

I’m going to freak out if I hear about another security vulnerability in SSL…. Too late! Watch today’s episode to see whether or not you should freak about the FREAK SSL flaw.

(Episode Runtime: 2:17)

Direct YouTube Link: https://www.youtube.com/watch?v=ps3a7U0TOvo

WatchGuard customers might be curious if our products are affected by FREAK. Probably not! As far as our engineers have found, we do not enable the RSA_EXPORT cipher suite in our SSL implementations. We’re continuing to check to be sure, but so far we don’t appear to be affected by FREAK.

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Poodle’s Back – WSWiR Episode 132

Another week, another batch of information security (infosec) news. Would you like a quick summary, rather than hunting it down yourself? No problem! Just check out our weekly video every Friday.

Today’s episode covers the Patch Day bonanza, lots of updates on the Sony Pictures breach, and a new twist on the “Poodle” SSL/TLS vulnerability. Press play for the scoop, and check our the References and Extras section for more stories and details.

(Episode Runtime: 7:13)

Direct YouTube Link: https://www.youtube.com/watch?v=WbbZjRtyODA

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: