May Day, May Day, Patch Day – Daily Security Byte EP. 261

Do you want to stay safe online? Then you need to keep your patches up-to-date since most Internet exploits target old flaws. Tuesday’s Byte video covers Microsoft and Adobe’s security bulletins for May. Watch below, but more importantly, go update.

(Episode Runtime: 2:38)

Direct YouTube Link: https://www.youtube.com/watch?v=tbmSGgL3TzY

EPISODE REFERENCES:

• Summary of Microsoft’s May 2016 Patch Day – Microsoft
• Adobe’s main security summary page – Adobe
• A good write-up of Microsoft Patch Day – Ghacks

— Corey Nachreiner, CISSP (@SecAdept)

March Patch Day – Daily Security Byte EP. 227

It’s that time of the month again… Patch Day. On Tuesday, both Microsoft and Adobe released their security updates for the month of March. If you use Windows, IE, Edge, Office, or Reader, you’ll want to get these updates quickly. Watch today’s video for a quick summary, and check out the links below to find the relevant updates.

(Episode Runtime: 2:25)

Direct YouTube Link: https://www.youtube.com/watch?v=u86IswJMMow

EPISODE REFERENCES:

• Microsoft’s March Patch Day Summary – Microsoft
• Adobe’s March Patch Day Summary –  Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Upgrade to IE11 or Edge No Matter What – Daily Security Byte EP. 202

Last month, I warned you that Microsoft planned to End-of-Life all version of Internet Explorer (IE) after January 12, except version 11. This means they will only release security updates for IE11 and the new Edge browser, so if you use Microsoft browsers you need to upgrade to stay safe. However, in today’s video I tell you why you need to upgrade to IE11 (or Edge) even if you don’t plan on using Microsoft’s browsers.

(Episode Runtime: 2:24)

Direct YouTube Link: https://www.youtube.com/watch?v=EkZeCHAXpww

EPISODE REFERENCES:

• Microsoft blog post about why you should upgrade to IE11 even if you remove it – Microsoft

— Corey Nachreiner, CISSP (@SecAdept)

New Year, New Microsoft Patches – Daily Security Byte EP. 201

Why not start your new year security plan right by staying current with patches? Tuesday was Microsoft and Adobe’s monthly patch day. Watch the video below to learn about the affected products, the severity of the issues, and how quickly to patch. Or at the very least skip to the reference section to find links to the proper patches.

(Episode Runtime: 2:51)

Direct YouTube Link: https://www.youtube.com/watch?v=4NGW6T3m36U

EPISODE REFERENCES:

• Microsoft’s January Patch Day Summary – Microsoft
• Also check out Microsoft three January advisories – Microsoft
• Article summarizing Microsoft Patch Day – Network World
• Adobe’s January Reader and Acrobat patch – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Patch Day Improves Browser Security – Daily Security Byte EP.157

As boring and repetitive as it may seem, patching is one of the most effective things you can do to improve your security. That’s why I suggest you keep up with Microsoft Patch Day on the second Tuesday of every month. Today, I quickly highlight Microsoft’s October security updates, so that you know the types of holes you’ll be patching. I even throw in an Adobe update as an extra. Whether or not you stick around to watch the video, I highly recommend you at least follow the links below to get the latest Microsoft patches, or let Windows’ auto-update feature apply them for you.

(Episode Runtime: 2:37)

Direct YouTube Link: https://www.youtube.com/watch?v=HHupnMtLztE

EPISODE REFERENCES:

• Summary post for October’s Microsoft Patch Day – Microsoft
  • October’s Internet Explorer update – Microsoft
  • October’s Edge update – Microsoft
  • October’s Windows Jscript/VBscript update – Microsoft
  • October’s Windows Shell update – Microsoft
  • October’s Office update – Microsoft
  • October’s Windows Kernel update – Microsoft
  • Don’t forget to check out Microsoft’s October security advisories – Microsoft
• Latest security update for Adobe Flash – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

VM Venom, MS Patches, & GTA V Malware – WSWiR Episode 152

Last week was full of a wide range of information security news; from the latest critical Microsoft updates, to a new virtualization system vulnerability, and finishing off with malware targeting a popular video game. If you find yourself falling behind with the latest security intelligence, you’re not alone. Don’t worry though, we’re here to pick up the slack.

Press play below to hear the highlights from last week, and subscribe to our YouTube Channel to get regular updates. If you’re hungry for more security news, also check out our References section for links to other stories.

(Episode Runtime: 8:37)

Direct YouTube Link: https://www.youtube.com/watch?v=sLIL0Yxnkn8

EPISODE REFERENCES:

• Monday: Lookout for Reader Patches – Daily Security Byte EP.80
  • Adobe Patch Day pre-notification for Reader – Adobe
  • Adobe security page – Adobe
• Tuesday: Microsoft Patch Day is NOT Dead Yet – Daily Security Byte EP.81
  • Our summary post on Microsoft’s May Patch Day – WatchGuard Blog
• Wednesday: SOHO Router DDoS – Daily Security Byte EP.82
  • Multiple DDoS attacks traced to SOHO router hijacks – Incapsula
  • DDoS botnet makes routers into zombies – ZDNet
• Thursday: QEMU Poisoned with VENOM – Daily Security Byte EP.83
  • QEMU VENOM vulnerability disclosure page – CrowdStrike
  • Article describing the VENOM virtualization vulnerability – ZDNet
• Friday: GTAV Mod Malware – Daily Security Byte EP.84
  • Original forum post on GTA V mod malware – GTA Forums
  • Malicious keylogger in popular GTA V plugins/mods – PC World
  • How to remove the GTA V plugin malware – International Business Times
  • We detect this with GAV – Virus Total

EXTRAS:

• Washington Post’s mobile website temporarily hacked – Ars Technica
  • How attackers defaced WaPo (hint: CDN) – Motherboard
• Sally Beauty confirms second payment card breach – PC World
• Hacker’s stealing money via Starbucks App flaw – UberGizmo
• United Airlines to pay bug bounties with reward miles – Wired
• A 3D-printed device used to pick combination locks – Techeblog
• Jamie Oliver’s website is serving malware for the third time – BBC
• 70M Americans report stolen data – MSN
• How WatchGuard APT Blocker (via LastLine) block Rombertik – LastLine
• Latest ransomware uses Breaking Bad image – Tech World
• Smart Grid devices use flawed encryption – ZDnet
• US Government says China is developing network killing cyber tools – V3.co.uk
• Hackers target HR departments – Forbes
• Learn about Microsoft’s Edge’s (new browser) security features – Tom’s Hardware
• Mobile spyware company’s database hacked – The Register
• APT group uses Microsoft TechNet Forum as C&C channel – FireEye
  • Advanced attackers embarrass Microsoft – Business Insider
• Verizon flaw could have allowed attackers access to millions of accounts – BuzzFeed
• More PoC GPU malware – Columbia.edu
• UK laws changes to allow GCHQ “hacking” – The Register
• Hacked billboard displays gross image – MotherBoard
• Can you pass this phishing test? – CBS

— Corey Nachreiner, CISSP (@SecAdept)

Lookout for Reader Patches – Daily Security Byte EP.80

Adobe typically shares Patch Tuesday with Microsoft, but with Microsoft’s recent announcement to stop monthly patches for Windows 10, Adobe could be patching alone this month. That’s no excuse to miss patches though, so watch today’s video to learn what Adobe  plans to update tomorrow.

By the way, if Microsoft does release patches tomorrow, we’ll be sure to let you know.

 

(Episode Runtime: 1:22)

Direct YouTube Link: https://www.youtube.com/watch?v=YgKN_CGrIEM

EPISODE REFERENCES:

• Adobe Patch Day pre-notification for Reader – Adobe
• Adobe security page – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Poodle’s Back – WSWiR Episode 132

Another week, another batch of information security (infosec) news. Would you like a quick summary, rather than hunting it down yourself? No problem! Just check out our weekly video every Friday.

Today’s episode covers the Patch Day bonanza, lots of updates on the Sony Pictures breach, and a new twist on the “Poodle” SSL/TLS vulnerability. Press play for the scoop, and check our the References and Extras section for more stories and details.

(Episode Runtime: 7:13)

Direct YouTube Link: https://www.youtube.com/watch?v=WbbZjRtyODA

EPISODE REFERENCES:

• December Patch Day
  • Microsoft December 2014 Patch Day – WatchGuard Blog
  • UPDATE: Microsoft pulled the Exchange patch. Don’t install it yet! – Microsoft
  • Adobe December 2014 Patch Day – Adobe
  • Apple’s December Security Updates – Apple
• Sony Pictures Breach Updates
  • Sony attackers knew all about Sony’s network beforehand – Dark Reading
  • Attacker’s Also threaten Sony employees – The Guardian
  • North Korea denies Sony hack again, but says it was righteous – Computer World
  • FBI can’t attribute Sony hack to North Korea – CNET
  • FBI says GOP’s attack would beat 90% of defenses – IT Pro Portal
  • Details on Sony breach malware; Destover – Securelist
  • Sony breach traced to Bangkok hotel – Gizmodo
  • Sony allegedly hacks back – Re/code
  • Sony malware signed with Sony certificate; probably prank – SC Magazine
  • GOP threatens Sony employees in email – WSJ
  • Sony exec calls Angelina Jolie a “spoilt brat” in stolen email – The Guardian
  • Sony cancels “The Interview” marketing and interviews – Bloomberg
  • What one alleged employee feels about the Sony breach – Gizmodo
  • UPDATE: GOP sends some Sony employees yet another threatening message – Time
• Poodle Bites Again
  • The Poodle SSL/TLS flaw is back – Network World
  • Details on the new Poodle variant – Imperial Violet
  • Even more details on Poodle 2.0 – Vivaldi.net
  • CVE advisory for new Poodle variant – NIST
  • F5’s advisory on the new Poodle issue – F5
  • Scan your site for the new Poodle issue – Qualys SSL Labs

EXTRAS:

• Lizard Squad DDoSes PSN after Xbox Live – Forbes
• Anonymous warns Lizard Squad to back off on gaming DDoS attacks – CNR Online
• Fake malicious site warning helps distribute Zeus bot – Maximum PC
• Mobile payments company, Charge Anywhere, has been breached for five years – The Register
• The Sand’s allegedly hacked by Iranian hacktivists – Slashgear
• Some information security tips for retails (and everyone really) – Forbes
• Three ways the US government can help fight cyber crime – Network World
• Did a Russian cyber attack cause a Turkish pipeline fire? – Slate
• Nintendo plugs the first software 3DS exploit – Ars Technica
• Trip Advisor site suffers from major XSS vulnerability – Tech Week Europe
• Old vulnerabilities found in Linux X Windows –  The Register
• Rock guitarist sentenced to 10-day for being part of Anonymous attack – The Verge
• Smart watched have been hacked (no surprise there) – Phys.org
• The Pirate Bay raided; watch out for torrent-related scams – WatchGuard Blog
• A new market around surveillance – Daily Dot
• Inception malware hits European governments – Sky.com
• Attackers still using cloud servers for C&C – CBR Online
• Mobile malware might rack up your cell bill – The Guardian
• Canadian teen arrested for SWATing – Kotaku
• BGP hijacking still going strong – Slashdot
• FUN: Watch the trailer for “Blackhat” the movie – Gizmodo

— Corey Nachreiner, CISSP (@SecAdept)

Printer Doom Hack – WSWiR Episode 122

Apple Patches, Kindle XSS, and Doom Printer Hack

If you want to stay current with the Internet “threatscape,” our weekly video can help. It summarizes each week’s top information and network security news in one convenient place. Subscribe today!

Today’s episode covers, Apple and Adobe security updates, a cross-site scripting flaw that affects Kindle users, and an interesting printer hack that allowed an attacker to run doom on a printer. Watch the video for details and see the Reference section below for more info.

Enjoy your weekend!

(Episode Runtime: 5:39

Direct YouTube Link: https://www.youtube.com/watch?v=aZ7-LdlMYHc

Episode References:

• Software Updates:
  • Lots of Apple security updates in September– Apple Security Page
  • Adobe releases Reader update to fix eight flaw – ZDNet
  • Microsoft pulls the Lync update – ZDNet
• XSS flaw in Kindle Library can compromise your Amazon account – F17.de
• Hacker’s run Doom on Canon Pixma printers – Ars Technica
  • Blog post about Doom printer hack – Contextis

Extras:

• FBI targeting Tor users and hacking suspects – The Register
• Home Depot numbers are in; 56m credit cards – The Guardian
• A couple of Android pick-pocketing Russian hackers arrested – IB-Group blog
• Next version of Android will encrypt your data by default – Business Insider
• More malicious advertising via Zido and Google’s Ads – PC World
• CryptoWall hits Australia hard (XTM GAV can catch it) – PC Advisor
• Recently phishing campaigns using Apple hype as a lure –  ZDNet
• Latest U.S government report blames China for more hacking – Phys.org
• “Bitcoin Jesus” offers bounties for Bitcoin hackers – Wired
• NATO says we all face a high “cyber threat” level for the next decade – Computer Weekly
• Some iPhone eBay listings contain XSS attacks –  Tamebay
• Hacker breached Goodwill for 18 months – Computer World
• Audible security flaw lets pirates steal audiobooks – Gizmodo
• One researcher says Home Depot malware was different than BlackPoS/Backoff – SC Magazine

— Corey Nachreiner, CISSP (@SecAdept)

Old Gmail Leak – WSWiR Episode 121

Patch Day, Home Depot Update, and Gmail Leak

Why go searching for all the week’s information security (infosec) news when you can find it in one convenient place. This weekly vlog summarizes the important security updates, hacks, and threats so you can protect yourself.

This week’s episode arrives a bit late due to my business travel in Europe. Today’s show covers the week’s Microsoft and Adobe patches, the latest news on the Home Depot breach, and a story about a potentially new (but likely old) Gmail credential leak. Watch the video for the details, and check the references below for more info and some extra stories.

I will be continuing my business travel next week as well. So my weekly post may arrive earlier or later than normal. Have a great day!

(Episode Runtime: 4:53)

Direct YouTube Link: https://www.youtube.com/watch?v=I1GZpvQV6dQ

Episode References:

• Software Updates:
  • Microsoft September Patch Day summary post – WGSC
  • Microsoft September IE alert – WGSC
  • Lync and .NET DoS vulnerabilities – WGSC
  • Windows elevation of privilege flaw update – WGSC
  • Adobe patches 12 Flash vulnerabilities – WGSC
• Home Depot update; 70M credits cards stolen – UberGizmo
• Five million gmail accounts hijacked (15M with others) – Neowin
• Check if your gmail account is leaked – Isleaked
  • Note: many recommend you don’t share your email with 3rd parties.

Extras:

• Ransomware still thrives despite recents take downs – Ars Technica
• SandroRAT masquarades as Android antivirus program – International Business Times
• F-Secure finds 25 new threats targeting Macs – v3.co.uk
• Apple promises new breach notifications for iCloud attacks – Tech Week
• Goodwill credit card breach affects almost 1M cards – Forbes
• New trojan (Dyreze) targets SalesForce users – Beta News
  • SalesForce warns about new trojan – SalesForce
• Targeted spear phishing campaign in UK installs Peter Pan malware – Belfast Telegraph
• Hacker claims to have hacked and doxed Bitcoin creator; Now extorting – Vice
• Heathcare.gov hacked. DDoS malware uploaded to CMS – Computer World
• Malware found on Twitch tries to steal Steam credentials – Redorbit

— Corey Nachreiner, CISSP (@SecAdept)