June 26, 2016 
0 Comments
A new double phishing scam is targeting ISPs and pirates. Watch Friday’s video to learn how attackers are tricking ISPs into making their phishing emails look even more legitimate.
(Episode Runtime: 3:33
Direct YouTube Link: https://www.youtube.com/watch?v=QDY7pRvJ4Bc
EPISODE REFERENCES:
January 28, 2016 1 Comment
This week, two different organization’s in two different industry verticals suffered security incidents that either lost them tons of money, or tons of time. What do they both have in common, and what can we learn from them? Watch today’s video to find out!
(Episode Runtime: 3:26)
Direct YouTube Link: https://www.youtube.com/watch?v=crBB4CU-cTs
EPISODE REFERENCES:
December 3, 2015 0 Comments
At the end of each year, WatchGuard’s security team and I like to spend some time imagining what the threat landscape might look like the upcoming year. This not only gives us the opportunity to analyze the security trends we’ve followed over the past year, but also allows us to creatively extrapolate what might happen next. Though our predictions don’t always hit dead on, they’re based on very real security trends, which means they can help you prepare your defenses for 2016’s upcoming threats.
This year, I’ve come up with ten predictions covering a wide variety of security threats and trends that will impact many organizations. As 2015 comes to a close, let’s explore some of the new security threats we may see in the coming year. I’ll release one prediction a day for the next ten business days. Here’s the first of WatchGuard’s top ten new security predictions for 2016.
The first prediction focuses on ransomware, which has really taken off over the past three years. Ransomware has evolved from relatively feeble policeware variants like Reveton to extremely effective cryptoware samples like Cryptolocker and Cryptowall.
Prediction video link: https://www.youtube.com/embed/5SVYwyDWQ9U
Unfortunately, these new strains of file encrypting malware are so good at their evil jobs that many victims have paid the ransoms. FBI agents have even gone on record recommending victims pay up. Our acquiescence to this cyber ransom will only ensure that victims continue paying up in 2016. Proving to cyber criminals that this practice works, so expect them to up the stakes and continue refining their cryptoware techniques next year.
We expect the evolution in two main categories:
In short, Crypto ransomware will get even worse in 2016, and will become more effective at stealing millions from Android and Mac users as well. Visit our WatchGuard security predictions site to see a new daily security prediction over the next ten days.
November 26, 2015 0 Comments
To deal hunters, Black Friday and Cyber Monday have become even more exciting than the Thanksgiving holiday that spawned them. Unfortunately, cyber criminals understand our weakness for deals, and use the time themselves to increase their phishing and web scam campaigns. Watch today’s video for some quick tips on how you might avoid any Black Friday related cyber attacks.
Show note: This is the last show this week since WatchGuard will be out on a long holiday weekend. Have a happy Thanksgiving!
(Episode Runtime: 3:00)
Direct YouTube Link: https://www.youtube.com/watch?v=vhEgt81-QIE
EPISODE REFERENCES:
October 26, 2015 0 Comments
Last week, TalkTalk’s suffered a data breach for the third time this year. It took awhile for the details to surface, but it looks like the attackers exploited a SQL injection flaw in TalkTalk’s website to steal 4M customers’ personally identifying information. Watch today’s information to learn the latest news about this breach, and what you should do if you’re a victim.
(Episode Runtime: 3:32)
Direct YouTube Link: https://www.youtube.com/watch?v=IQhwPq24khk
EPISODE REFERENCES:
May 4, 2015 1 Comment
Another week, another flood of security news. Do you find yourself falling behind of the latest InfoSec news? Than this weekly video should help you catch up.
This week’s video covers the latest on the White House breach, a new security tool that got hacked a day later, and an old trojan that has received some politically-motivated updates. Press play to learn about all that and more; and don’t forget the references to other stories below.
As an aside, I’m experimenting with the timing of this weekly blog post. While I will continue to post the weekly video on Friday, I will schedule this blog post the Monday after. If you’d rather see the video on Friday, be sure to subscribe to the YouTube channel.
(Episode Runtime: 10:12)
Direct YouTube Link: https://www.youtube.com/watch?v=EmIr30YlLDA
EPISODE REFERENCES:
EXTRAS:
April 30, 2015 1 Comment
Yesterday, I recommended a free Google Chrome extension that could help spot phishing attacks, but today a security researcher has already figured out how to bypass it. Press play to learn what he did, and whether or not this extension is still worthwhile.
(Episode Runtime: 1:24)
Direct YouTube Link: https://www.youtube.com/watch?v=TdzYtcmLpao
EPISODE REFERENCES:
April 29, 2015 1 Comment
In today’s extra short daily vlog I recommend a free security tool rather than cover the InfoSec news. If you use Chrome, watch the video to learn how Password Alert can inform you of phishing attempts.
(Episode Runtime: 1:02)
Direct YouTube Link: https://www.youtube.com/watch?v=gYuJN8H6Dog
EPISODE REFERENCES:
April 16, 2015 2 Comments
Kaspersky researchers have found two advanced threat actor groups trying to hack one another. Today’s video talks about this spy vs spy phish off, and shares what we can learn from it. Watch the video, but be sure to check out Kaspersky report for all the interesting technical details.
(Episode Runtime: 3:12)
Direct YouTube Link: https://www.youtube.com/watch?v=4qTo3gB89GU
EPISODE REFERENCES:
April 9, 2015 0 Comments
I’ve been known to mix a bit of pop culture with my information security (InfoSec) in the past. I truly believe that people get more interested in subjects, and learn better, if you make it fun for them—and almost everyone likes pop culture, right?
In my latest InfoSec/TV mashup, I decided to tackle what a popular Breaking Bad TV spin-off, called Better Call Saul, can teach you about computer security. Want to join along in the fun, and see what I learned? Then check out my latest blog post at Dark Reading.
If you liked that article, and missed my previous attempts, you can check out The Walking Dead, Game of Thrones, and Destiny themed versions of these mashup security articles too. Also, don’t be afraid to get in on the fun yourself by sharing a few of your own pop culture inspired security tips in the comments below.
Finally, let me let you in on a little secret. My original piece had a sixth tip that got dropped due to word count. I recommend you read the above article first, but you can find my last, outtake Better Caul Saul security tip below, if you’re interested. — Corey Nachreiner, CISSP (@SecAdept)
Scenario 6: Watch out for electrical emissions – This last tip might be a stretch, but I think it’s funny. Better Call Saul literally has a tinfoil hat. Jimmy’s brother, Chuck, suffers from something called electromagnetic hypersensitivity. Basically, he thinks the EMF emissions from electrical devices cause him pain and are ultimately killing him. He doesn’t allow anyone to bring electric devices near him, and even wears a space blanket (tinfoil blanket) when he has to go near electric devices.
Let’s face it, Chuck is crazy and has a mental illness, not a physical one. However, our most fantastic delusions are often based on kernels of truth. Our computing devices do emanate many things—from vibrations and heat, to electromagnetic fields and radio waves—and these emanations can and do have security implications. Recently, researchers showed how you might use heat emanations as a backchannel communication medium. Even more famously, the TEMPEST project showed how attackers might use electromagnetic emanations from a CRT monitor to intercept and view the contents of that monitor wirelessly, way back in the 80s. So perhaps Chuck isn’t totally crazy for wearing a tinfoil hat. As threat actors get more advanced, perhaps we should think more about protecting our electrical devices’ inadvertent emissions.
WatchGuard Security Center 