Backdoor in Pokemon Go – Daily Security Byte EP. 287

To keep Friday’s story fun, I covered an incident that involves both gaming and infosec. Attackers have already created a malicious version of the popular Pokemon Go app. If you’re an Android user trying to download Pokemon Go from non-official sources, this story is no joke. Watch below to learn more.

(Episode Runtime: 3:16

Direct YouTube Link: https://www.youtube.com/watch?v=Kt54wJ3gpsY

EPISODE REFERENCES:

• Research blog post describing the backdoored Pokemon Go app – Proofpoint
• Remote access tool found in Pokemon Go – Android Central

— Corey Nachreiner, CISSP (@SecAdept)

Eleanor Mac Backdoor – Daily Security Byte EP. 284

Many Mac users think they’re immune to malware, but unfortunately that’s untrue. Though Windows malware variants still greatly outweigh Apple ones, Mac malware is starting to appear more regularly. Today’s Byte video covers a new Mac trojan discovered by Bitdefender, and what you can do to avoid it. 

(Episode Runtime: 3:04

Direct YouTube Link: https://www.youtube.com/watch?v=6K4lU6bcQ_w

EPISODE REFERENCES:

• Research blog post about  Eleanor Mac OS X trojan – Bitdefender
• Technical paper on the Eleanor OS X Backdoor – Bitdefender

— Corey Nachreiner, CISSP (@SecAdept)

Steam Stealers – Daily Security Byte EP. 235

If you’re a Steam gamer, your credentials and library are a hot commodity on the Internet underground. Watch Friday’s video to learn about Steal Stealers, and how to avoid them.

(Episode Runtime: 3:06)

Direct YouTube Link: https://www.youtube.com/watch?v=4YqXzqao1pQ

EPISODE REFERENCES:

• Steam Stealers research report [PDF] – Kaspersky
• Steal Stealers article – The Inquirer

— Corey Nachreiner, CISSP (@SecAdept)

Linux Distro Backdoored – Daily Security Byte EP. 220

It would suck to have your website hacked, and your user database stolen by malicious attackers. However, can you imagine those attackers also creating a backdoored version of your software, and distributing it among your customer from your very own site? Unfortunately, that’s exactly what happened Linux Mint, the makers of a popular Linux distribution. Watch today’s episode to learn more, including what you should do if you downloaded Linux Mint recently.

(Episode Runtime: 2:19)

Direct YouTube Link: https://www.youtube.com/watch?v=q2WpKLJVfUE

EPISODE REFERENCES:

• Linux Mint website hacked and official distro backdoored – The Hacker News
• Linux Mint’s official announcement about hack – Linux Mint
• Linux Mint forum was hacked too – Linux Mint

— Corey Nachreiner, CISSP (@SecAdept)

#OpNasaDrones Hack – Daily Security Byte EP. 210

A hacking group calling themselves AnonSec claims to have hacked NASA’s network, and shared a 250GB dump of NASA drone data to back up the claim. Meanwhile, NASA says the data is public, and claims they can’t find evidence of a breach. Whether or not AnonSec’s story is fiction, I think you can learn from it. Watch today’s Byte episode to learn how.

(Episode Runtime: 3:44)

Direct YouTube Link: https://www.youtube.com/watch?v=f0DABSVg5rA

EPISODE REFERENCES:

• AnonSec’s Pastebin ezine post on #OpNasaDrones – Pastebin
• AnonSec breaches NASA systems and steal 250GB of info  – The Register
• AnonSec’s facebook page – Facebook
• Link to data dump – The Cthulhu
• Video interview about NASA breach – YouTube
• Article on NASA denying the breach claim – Information Week

— Corey Nachreiner, CISSP (@SecAdept)

Malicious WhatsApp Spam – Daily Security Byte EP. 200

Today, a few media outlets picked up on a new malicious spam campaign that masquerades  as a missed WhatsApp message to deliver malware. However, this isn’t the first time cyber criminals have tried this trick. Watch today’s episode to learn how to identify this malicious email and avoid it.

(Episode Runtime: 2:56)

Direct YouTube Link: https://www.youtube.com/watch?v=lMIvQhxRsfg

EPISODE REFERENCES:

• Don’t open WhatsApp email – Express
• Comodo’s blog post on malicious WhatsApp spam – Comodo
• WhatsApp malicious email from 2013 – Webroot

— Corey Nachreiner, CISSP (@SecAdept)

Botnet Tool Leaked – Daily Security Byte EP.110

A group of malware researchers wants the security community to know about a recent botnet tool that has leaked on the underground. Watch today’s episode to learn about this tool, and why this leak will result in an increase in botnet activity. I also cover a few updates about the Hacking Team breach.

(Episode Runtime: 2:06)

Direct YouTube Link: https://www.youtube.com/watch?v=4iPkwkGo1K0

EPISODE REFERENCES:

• Malware Must Die post on ZeusVM leak – Malware Must Die
• Expect botnet increase due to ZeusVM leak – The Register
• Malware Must Die video demo of leaked botnet tool – YouTube
• Hacking Team breach leaks 0day Flash flaw – Ars Technica
• US-CERT warns about Flash 0day  – Cert.org

— Corey Nachreiner, CISSP (@SecAdept)

GTAV Mod Malware – Daily Security Byte EP.84

I hoped to keep today’s video fun with a video game related story, but I guess if the news means gamers might have been infected with a keylogger, it’s no fun at all. Watch the the Daily Byte video to learn what “mods” GTA V PC gamers should avoid.

 

(Episode Runtime: 1:47)

Direct YouTube Link: https://www.youtube.com/watch?v=FKf7evErl4k

EPISODE REFERENCES:

• Original forum post on GTA V mod malware – GTA Forums
• Malicious keylogger in popular GTA V plugins/mods – PC World
• How to remove the GTA V plugin malware – International Business Times
• We detect this with GAV – Virus Total

— Corey Nachreiner, CISSP (@SecAdept)

Bedep Trojan Gets Political – Daily Security Byte EP.74

The Bedep trojan (or botnet client) has been around for a long time, allowing hackers to steal information and make money. However, new research shows that it now has political motives as well. Watch today’s video to learn what it’s up to.

 

(Episode Runtime: 2:12)

Direct YouTube Link: https://www.youtube.com/watch?v=Ja22Rx1c9Us

EPISODE REFERENCES:

• Bedep trojan used to increase views of Russian political video – Trustwave
• Hackers fake views on political videos – Motherboard

— Corey Nachreiner, CISSP (@SecAdept)

Java DDoS Botnet – WSWiR Episode 93

Cross-Platform Bots, Deceitful Ransomware, and Oracle Exploits

Ok… I know all your minds are already on this weekend’s upcoming Super Bowl, and if you’re anything like my Seattle-based office, you’ve got that Seahawk 12ᵗʰ man spirit going on. But, before running off to your tailgate party, why not take a few minutes to catch up on this week’s information security news with our weekly Infosec video?

On today’s episode, I talk about some deceitful new ransomware, share news of how hackers hijacked another Twitter handle, warn of a cross-platform Java-based botnet, and share details about some serious unpatched Oracle vulnerabilities. If you want to learn about all that and more, plus get some tips for protecting your organization, click on the white triangle play button below. Of course, if you hate staring at my ugly mug, you can also read about all these stories in the reference section instead. 

Have a great Super Bowl weekend and GO HAWKS!!

(Episode Runtime: 9:00)

Direct YouTube Link: http://www.youtube.com/watch?v=reKHxixBkDw

Episode References:

• Target-related Updates:
  • Watch out for fraudulent $9.84 charges – USA Today
  • Latest Target breach clues point to default password on popular server – KrebsonSecurity
  • Michaels reports a similar credit card breach and theft – Bank Infosecurity
• Cryptorbit lies about decryption key  – The Hacker News
• How hackers hijacked anotherx unique Twitter handle – The Next Web
• Cross-platform DDoS botnet affects Windows, Mac, and Linux computers – Securelist
• Researcher publicly discloses old unpatched Oracle Reports vulnerability – NetInfiltration
  • Exploit code for Oracle Report flaw released – Github
  • Metasploit module also out – Github

Extras:

• Angry birds get upset at the NSA and GCHQ – The Guardian
• Watch out for a trojaned FileZilla client – PC World
• How SEA uses phishing attackers to hijack CNN (and others) – Mashable
• Hasbro Toys server drive-by downloads – Threat Post
• Interesting new technology protects encrypted data; honey encryption – Gizmodo
• Another Spyeye attacker arrested and pleads guilty – The Inquirer
• Thunderbird update fixes security flaws –Threat Post
  
• High schoolers hack to change grades – LA Times
• Hackers-for-Hire arrested – CSO Online
• FBI owns the TorMail server, and can snoop on email – Wired
• Yahoo suffers an email hack, resets user passwords – E&T News
• “Chewbacca” hackers targeting Retailers – Business Insider

— Corey Nachreiner, CISSP (@SecAdept)