Patching Trifecta, Mobile Banking Risks, and Hacktivist Hijackings
Patches, mobile malware, hacked off hacktivists, Point-of-Sale (PoS) malware… all that and more in this week’s information and computer security news summary video! If you need a quick roundup of the latest security news in one convenient package, you’ve come to the right place.
Today’s episode covers the week’s huge, triple-vendor patch day, the latest hacktivist hijacking, research on flaws in popular mobile banking apps, and more. I also talk about the latest updates on the huge holiday Target breach, including reports that begin to uncover the specific malware used in the attack. If you want to keep your organization’s network safe, don’t miss this video for the latest news and tips. Remember, check the Reference section below for links to many other security stories too!
Keep vigilant and have a great weekend!
(Episode Runtime: 12:45)
Direct YouTube Link: http://www.youtube.com/watch?v=7bOYMBKF1ws
Episode References:
- Patch Day
- Microsoft Windows Updates – WGSC
- Microsoft Office (Word) Updates – WGSC
- Adobe Reader and Flash Updates – WGSC
- Oracles Q1 CPU Updates – WGSC
- Syrian Electronic Army hijacks Microsoft social network feeds – The Register
- IOActive researcher finds many security flaws in mobile banking apps – IOActive Blog
- Starbucks app stores clear text passwords – CIO
- Kernel vulnerability and potential backdoor found in Evasion iOS jailbreak – Winocm
- Discussion about jailbreak flaw on Reddit – Reddit
- Target Breach Updates
- Target CEO answers breach questions in interview – CNBC
- Neiman Marcus and other retailers suffer breach near the same time – KrebsonSecurity
- Krebs believes BlackPOS-like malware responsible for the breach – KrebsonSecurity
- iSight Partners say it’s not BlackPOS, but may be derivitive – iSightPartners
- Kreb’s latest update on Target malware – KrebsonSecurity
Extras:
- Academic researchers claim a predictive algorithm for major cyber security events – Ars Technica
- Suspected terrorist gets five years for not disclosing encryption password – Business Insider
- Security Pro admits mistake, and finds attackers scraping Github for passwords – Securosis
- IceFog APT campaign affects US businesses – TechWorld
- DDoS attack targets UK Zyxel Routers – The Register
- Dropbox says outage last week was not a hack – CIO
- NSA spys on air-gapped computers with USB wireless dongle – PCWorld
- More flaws and attacks against SCADA solutions – ComputerWorld
- Healthcare.gov still has security holes – CNET
- Botnet targets the Internet of Things, including a fridge – Business Insider
- A sincere story about what it’s like being blackmailed by hackers – Business Insider
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply