Vuln Market 0day, Printer Backdoors, and Downed Internet
We’re back from hiatus. After a two week break, our weekly security news podcast has returned.
This week’s episode covers interesting new malware that leverages new command & control channels or targets specific victims, lots of zero day exploits being sold on vulnerability markets, a security industry murder mystery, and much more. If you’d like the latest information security updates, watch below.
As always, I’ve also included a Reference section, which contains links to all the stories mentioned in the video, as well as a few extra ones. Don’t forget to leave your feedback in our comments section.
Enjoy the show, and see you next week.
(Episode Runtime: 11:41)
Direct YouTube Link: http://www.youtube.com/watch?v=_DW3EcXbFlM
Episode References:
- South Carolina SSN Breach Investigation results – SC Government
- New Malware
- Malware uses Google Docs & Drive for C&C – Computer World
- Malware targets Iran and corrupts MSSQL DB fields – Gizmodo
- Vulnerability Markets
- Yahoo Mail 0day for sale – Naked Security blog
- Java 0day for sale – SC Magazine
- Revuln to auction off SCADA vulnerabilities – eWeek
- US-CERT warns of Samsung printer backdoor – US-CERT
- Hacktivists Breach UN atomic agency’s servers – NBC News
- UN atomic agency breach PasteBin post – PasteBin
- Syria mysteriously drops from the Internet – NBC News
- UPDATE: Syria Internet blackout likely caused by government despite claims otherwise – CNN
- UPDATE: Anonymous reacts to Syria Internet blackout – CNet
- John McAfee wanted for questioning in murder case – Huffington Post
- Extra Stories
- Consumer routers vulnerable to email hack – Acunetix Blog
- French claim Sarkozy’s office affected by Flame – Ars Technica
- Ebay fixes two web application flaws – ZDnet
- Xtreme RAT targets governments – Computer World
- Major Domains hijacked in Romania – TechWorld
- Consumer routers vulnerable to email hack – Acunetix Blog
— Corey Nachreiner, CISSP (@SecAdept)
Thank you, Corey. Very interesting review, especially about embedded backdoor in Samsung 🙂 I think it was created for the troubleshooting, but of course, can be used in a different ways.