Paranoia 2014 – WSWiR Episode 100

Word 0day, Cisco DoS, and Bricked Androids

My weekly InfoSec summary arrives bit late this time due to business travel. Last week, I spoke at Watchcom’s Paranoia conference in Oslo Norway, so I couldn’t post my security news summary until the weekend. Nonetheless, why not start your week off by quickly catching up on last week’s news.

This week’s episode includes a quick summary of the Paranoia show, news of a new Word zero day flaw, information about Cisco IOS updates, and a story about a new android vulnerability attackers can use to brick phones. Check out the video for the details, and scroll down to the Reference section for a few extra stories.

As an aside, I’ll be traveling the next two weeks as well, so my weekly video may show up either earlier or later than normal, due to travel.

(Episode Runtime: 5:27)

Direct YouTube Link: https://www.youtube.com/watch?v=BNiCOytV5sg

Episode References:

• Attackers exploiting zero day Word flaw – WGSC
  • Word zero day fail – BlueCoat
• Cisco releases seven security updates to fix IOS DoS flaws – PCWorld
• Android vulnerability can allow attackers to brick phones – Trend Micro

Extras:

• Basecamp extorted with DDoS attack – Help Net Security
• Apache Tomcat backdoor worm – Ars Technica
  
• Banks sue Target’s auditor, Trustwave – Reuters
• SMS attack steals cash from ATMS – BGR
• Philips Smart TV vulnerabilities – Ars Technica
• Gameover Zeus botnet targets Monster.com – Computer World
• Pinterest accounts hacked and flooded with inappropriate pics – The Register
• WinRAR flaw exploited in targeted attack campaign – Intercrawler
• Google says nation-states targeting journalists – Digital Trends
• Tesla Model S locks easily cracked – NBC News

— Corey Nachreiner, CISSP (@SecAdept)

Share This: