Ashley Madison Hemorrhaging Data – Daily Security Byte EP.129

As if yesterday’s Ashley Madison data dump wasn’t bad enough, the attackers have released new stolen data. Learn what new information is at stake, and what you can do to protect your data in today’s video.

(Episode Runtime: 1:39)

Direct YouTube Link: https://www.youtube.com/watch?v=4Yk7OOST1ag

EPISODE REFERENCES:

• Attacker dump new data from the Ashley Madison breach – Motherboard
• Details on new Ashley Madison data leaked – Hydraze.org

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 43 – Tumblr Worm

Tumblr Worm, Spoofed Tweets, and Madcap McAfee

Wow. I knew information security news was picking up over the past few years, but lately it seems like our own little industry reality show; complete with mysterious murders, border-crossing heists, and random heart attacks (not to mention, colorful personalities).

This week’s security news episode covers updates on the John McAfee melodrama, news of a fast-spreading Tumblr worm, and a Twitter SMS spoofing issue that can allow attackers to hijack your tweets. It also informs you about the latest important software vulnerabilities and updates. If you’d like a short video to quickly fill you in on the biggest security headlines from the week, click play below.

Of course if video isn’t your thing, you can also read about these stories using the helpful reference links I’ve provided. I’ve even thrown in a few extra news items for your enjoyment.

Let us know what you think in the comments, and see you next week.

(Episode Runtime: 12:41)

Direct YouTube Link: http://www.youtube.com/watch?v=9Cwvuz_TpXM

Episode References:

• Story Updates
  • Parastoo steals more from IAEA than first suspected – PasteBin
  • Photo EXIF data reveals John McAfee’s location – Naked Security Blog
  • John McAfee has heart attacks in Guatemalan Jail – Huffington Post
• Software Vulnerabilities and Updates
  • Kingcope finds many MySQL Vulnerabilities – Slashdot
  • IPv6 DoS flaw in Bind – The H-Online
    
  • December Microsoft Patch Day notification – WGSC
• Tumblr worm caused by XSS flaw – Help Net Security
• Twitter SMS Spoofing allows rogue tweets – Threat Post

• Extra Stories
  • Anonymous targets the ITU – Network World
    
  • Obama signs the Safe Web Act – Engadget
  • Foreign attackers target ex-US Gov. Official – Reuters
  • Japanese NASA (JAXA) hit by hackers again – Network World
  • CIA and MI6 get pwned – ZDNet
  • More Mac Dalai Lama Malware – Ars Technica

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 42 – Vulnerability Markets

Vuln Market 0day, Printer Backdoors, and Downed Internet

We’re back from hiatus. After a two week break, our weekly security news podcast has returned.

This week’s episode covers interesting new malware that leverages new command & control channels or targets specific victims, lots of zero day exploits being sold on vulnerability markets, a security industry murder mystery, and much more. If you’d like the latest information security updates, watch below.

As always, I’ve also included a Reference section, which contains links to all the stories mentioned in the video, as well as a few extra ones. Don’t forget to leave your feedback in our comments section.

Enjoy the show, and see you next week.

(Episode Runtime: 11:41)

Direct YouTube Link: http://www.youtube.com/watch?v=_DW3EcXbFlM

Episode References:

• South Carolina SSN Breach Investigation results – SC Government
• New Malware
  • Malware uses Google Docs & Drive for C&C – Computer World
  • Malware targets Iran and corrupts MSSQL DB fields – Gizmodo
• Vulnerability Markets
  • Yahoo Mail 0day for sale – Naked Security blog
  • Java 0day for sale – SC Magazine
  • Revuln to auction off SCADA vulnerabilities – eWeek
• US-CERT warns of Samsung printer backdoor – US-CERT
• Hacktivists Breach UN atomic agency’s servers – NBC News
• UN atomic agency breach PasteBin post – PasteBin
• Syria mysteriously drops from the Internet – NBC News
• UPDATE: Syria Internet blackout likely caused by government despite claims otherwise – CNN
• UPDATE: Anonymous reacts to Syria Internet blackout – CNet
• John McAfee wanted for questioning in murder case – Huffington Post
  

• Extra Stories
  • Consumer routers vulnerable to email hack – Acunetix Blog
    
  • French claim Sarkozy’s office affected by Flame – Ars Technica
  • Ebay fixes two web application flaws – ZDnet
    
  • Xtreme RAT targets governments – Computer World
  • Major Domains hijacked in Romania – TechWorld

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review: Episode 41 – Coke Cracked

Coca-Cola Cracked, Fawkes Day Fail, and Lots of Updates

This week’s security news round-up includes a story about an old Coca-Cola network breach, the results of Anonymous’ Fawkes Day fiasco, a little Twitter password hiccup, and lots of software security updates. If you have a little extra time on Fridays to catch up on the latest information security news, watch the video below.

Of course, if you have no time for videos, and would prefer to pick and choose your news items, see the Reference section below for link to all this week’s security headlines.

Show Note: I will be out for vacation starting the middle of next week, so will not be posting any WatchGuard Security Week in Review videos for the next couple of weeks. See you again at the end of November, and stay frosty out there.

(Episode Runtime: 10:42)

Direct YouTube Link: http://www.youtube.com/watch?v=S3LyJUK3MLw

Episode References:

• Apple’s November Quicktime security update – Apple
• Cisco Secure ACS November update – Cisco
• Adobe’s Flash update and Reader X zero day – WGSC
• More detail on Reader X zero day – Group-IB
• Microsoft November Patch Day notification – WGSC
• Anonymous Fawkes Day stories:
  • Anonymous Fawkes Day hacking spree – Computer World
  • More Anonymous Nov. 5 hacking – The Register
• Major Coca-Cola network breach in 2009 – Bloomberg
• PixSteal trojan steals images and DMP files – Computer World
• Twitter accidentally resets passwords – Ubergizmo
• Borderlands 2 graveyard “virus” issue fixed – G4TV

• Extra Stories
  • Google hacker finds AV file parsing vulnerabilities – PDF Report
    
  •  US government says China is cyber enemy #1 – Network World
  • Skype accused of illegally sharing users data – Heise Online
    
  • SEC staffer breached at Black Hat – The Register

— Corey Nachreiner, CISSP (@SecAdept)