Flash 0day and MS Patch Day – Daily Security Byte EP. 273

The second Tuesday of each month is infamously known as Microsoft Patch Day by IT pros. However, this month Adobe’s security news trumps Microsoft’s. Watch today’s video to learn why you should update Flash before your Microsoft products, but also why you shouldn’t skimp on the Microsoft patches either.

(Episode Runtime: 2:59

Direct YouTube Link: https://www.youtube.com/watch?v=cPo6vF9vrCU

EPISODE REFERENCES:

• Microsoft June Patch Day summary page – Microsoft
• Adobe Security bulletin summary page – Adobe
  • Adobe fixes Flash 0day vulnerability – Adobe
• Good overall summary of Microsoft Patch Day – Ghacks

— Corey Nachreiner, CISSP (@SecAdept)

May Day, May Day, Patch Day – Daily Security Byte EP. 261

Do you want to stay safe online? Then you need to keep your patches up-to-date since most Internet exploits target old flaws. Tuesday’s Byte video covers Microsoft and Adobe’s security bulletins for May. Watch below, but more importantly, go update.

(Episode Runtime: 2:38)

Direct YouTube Link: https://www.youtube.com/watch?v=tbmSGgL3TzY

EPISODE REFERENCES:

• Summary of Microsoft’s May 2016 Patch Day – Microsoft
• Adobe’s main security summary page – Adobe
• A good write-up of Microsoft Patch Day – Ghacks

— Corey Nachreiner, CISSP (@SecAdept)

Remove QuickTime for Windows – Daily Security Byte EP. 248

Trend Micro researchers found two serious vulnerabilities in Quicktime for Windows. Normally I’d tell you to patch, but instead I’m suggestion you remove. Watch today’s video to find out why.

(Episode Runtime: 1:36)

Direct YouTube Link: https://www.youtube.com/watch?v=9JmCwViLPuM

EPISODE REFERENCES:

• Trend Micro find two remote code execution flaws in Quictime for Windows – Trend Micro
• US-CERT recommend you remove Quicktime for Windows – US-CERT

— Corey Nachreiner, CISSP (@SecAdept)

April Patch Day 2016 – Daily Security Byte EP. 247

Microsoft and Adobe have delivered a fresh batch of security updates for April. If you use products from either vendor, watch today’s short Security Byte to get a summary of the updates, and more importantly, follow the links below to get your patches.

(Episode Runtime: 2:00)

Direct YouTube Link: https://www.youtube.com/watch?v=r95SPareQU4

EPISODE REFERENCES:

• Microsoft Patch Day summary for April 2016 – Microsoft
• Adobe’s April Security updates – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Badlock – Daily Security Byte EP. 242

Last week, a researcher mysteriously warned the world about an upcoming critical SMB flaw, without sharing any technical details. The warning says the flaw is bad enough that network administrators will want to prepare for it, so they know what to patch immediately. Watch below to learn what little we know about this flaw, and how the security community has reacted to the early warning.

(Episode Runtime: 3:37)

Direct YouTube Link: https://www.youtube.com/watch?v=HnpMNsprYlU

EPISODE REFERENCES:

• Early warning about a new Samba and Windows vulnerability – Badlock
• Some criticize the Badlock warning – Wired
• Getting ready for Badlock – ISC SANS
• The latest rumors about Badlock – ThreatPost

— Corey Nachreiner, CISSP (@SecAdept)

March Patch Day – Daily Security Byte EP. 227

It’s that time of the month again… Patch Day. On Tuesday, both Microsoft and Adobe released their security updates for the month of March. If you use Windows, IE, Edge, Office, or Reader, you’ll want to get these updates quickly. Watch today’s video for a quick summary, and check out the links below to find the relevant updates.

(Episode Runtime: 2:25)

Direct YouTube Link: https://www.youtube.com/watch?v=u86IswJMMow

EPISODE REFERENCES:

• Microsoft’s March Patch Day Summary – Microsoft
• Adobe’s March Patch Day Summary –  Adobe

— Corey Nachreiner, CISSP (@SecAdept)

February Patch Day Plugs Microsoft and Adobe Flaws- Daily Security Byte EP. 214

If you’re an IT administrator, you probably know that yesterday was Microsoft Patch Day. You might even know that Adobe shares this day. Watch today’s video for a quick summary of the affected products, and the scope and impact of some of the flaws. More importantly, be sure to follow the links in the Reference section to find out where to get the updates so you can patch quickly.

(Episode Runtime: 2:48)

Direct YouTube Link: https://www.youtube.com/watch?v=bhZFzPAjN8Q

EPISODE REFERENCES:

• Microsoft’s February Patch Day summary post – Microsoft
• Microsoft’s new advisories for February –Microsoft
• Good summary of Microsoft Patch Day – Ghacks
• Microsoft announces an update history page for Windows 10 – Microsoft
• Adobe’s security page with February advisories – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Upgrade to IE11 or Edge No Matter What – Daily Security Byte EP. 202

Last month, I warned you that Microsoft planned to End-of-Life all version of Internet Explorer (IE) after January 12, except version 11. This means they will only release security updates for IE11 and the new Edge browser, so if you use Microsoft browsers you need to upgrade to stay safe. However, in today’s video I tell you why you need to upgrade to IE11 (or Edge) even if you don’t plan on using Microsoft’s browsers.

(Episode Runtime: 2:24)

Direct YouTube Link: https://www.youtube.com/watch?v=EkZeCHAXpww

EPISODE REFERENCES:

• Microsoft blog post about why you should upgrade to IE11 even if you remove it – Microsoft

— Corey Nachreiner, CISSP (@SecAdept)

New Year, New Microsoft Patches – Daily Security Byte EP. 201

Why not start your new year security plan right by staying current with patches? Tuesday was Microsoft and Adobe’s monthly patch day. Watch the video below to learn about the affected products, the severity of the issues, and how quickly to patch. Or at the very least skip to the reference section to find links to the proper patches.

(Episode Runtime: 2:51)

Direct YouTube Link: https://www.youtube.com/watch?v=4NGW6T3m36U

EPISODE REFERENCES:

• Microsoft’s January Patch Day Summary – Microsoft
• Also check out Microsoft three January advisories – Microsoft
• Article summarizing Microsoft Patch Day – Network World
• Adobe’s January Reader and Acrobat patch – Adobe

— Corey Nachreiner, CISSP (@SecAdept)

Devastating Kerberos Flaws? – Daily Security Byte EP. 193

A few stories surfaced yesterday talking about “devastating” vulnerabilities in Windows’ Kerberos. Today’s vlog explores whether or not these are new issues, how severe they really are, and where you can learn how to mitigate them.

(Episode Runtime: 3:44)

Direct YouTube Link: https://www.youtube.com/watch?v=yxcoqfagLfI

EPISODE REFERENCES:

• The Register’s edited article about the “devastating” Windows Kerberos flaws  – The Register
• A copy of the original The Register article, with the original title – Spiceworks
• The researcher blog post that spawned the media coverage – Dfir blog
• Microsoft’s Pass the Hash tech tips page (covers Kerberos issues too) – Microsoft

— Corey Nachreiner, CISSP (@SecAdept)