• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Heartbleed Bug- WSWiR Episode 102

April 11, 2014 By Corey Nachreiner

April Patch Day, Raided Pen-Tester, and OpenSSL Heartbleed

Information security news never stops, even if I have to post it from a Changi Airport lounge. If you need to learn the latest cyber security news, including what to do about the biggest vulnerability of the year (so far), you’ve found the right weekly video blog.

This week’s “on-the-road” episode covers Adobe and Microsoft’s Patch Day, an allegory on why you should avoid greyhat pen-testing, but most important of all, information and advice about the major OpenSSL Heartbleed vulnerability. If you use the Internet, you need to know about the Heartbleed flaw, so click play below to watch this week’s video. Finally, make sure to check the Reference section for links to the stories and some extras; especially if you are interested in all the WatchGuard Heartbleed information.

(Episode Runtime: 8:05)

Direct YouTube Link: http://www.youtube.com/watch?v=gEw-o2GQd1U

Episode References:

  • OpenSSL Heartbleed Vulnerability
    • Initial warning about the Heartbleed vulnerability – WGSC
    • WatchGuard releases XTM 11.8.3 Update 1 to fix Heartbleed – WGSC
    • Heartbleed and XTM; how to regenerate XTM certificates – WatchGuard KB Article
    • Official page and FAQ for Heartbleed bug – Heartbleed.com
  • Patch Day Information
    • Summary post for Microsoft’s April Patch Day – WGSC
    • Consolidated Microsoft Office alert (0day Word flaw) – WGSC
    • April’s Internet Explorer Cumulative Patch – WGSC
    • Windows update fixes Important Flaw – WGSC
    • Critical Adobe Flash Update – WGSC
  • Reddit AMA post from the greyhat pen-tester who was raided by the FBI – Reddit

Extras:

  • Flaw in a mysterious Alexa top 50 website used to DDoS victims – Incapsula
  • Wired.com hacked over the weekend and forced to serve malware – Seroundtable.com
  • Interesting malware leverages Windows Powershell – PCWorld
  • Weev’s hacking case thrown out – Forbes
  • Gang of nine hackers charges for using Zeus – Computer World
Heartbleed described by XKCD

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, ethical hacker, Hacking, heartbleed, Infosec news, Internet Explorer, Microsoft, OpenSSL, Penetration testing, publisher, Software vulnerabilities, University Of Maryland College Park (College/University), Updates and patches, word, Zero day exploit

Comments

  1. Cedric McCarthy says

    April 11, 2014 at 12:34 pm

    After apply the heartbeat patch we should replace the certificates on the firebox. This will affect your IPSEC VPN mobile users. What is the best way to get the new certificates to the users?

    Reply
  2. Andrew A. says

    April 15, 2014 at 7:58 am

    Great blog, easy to watch during a lunch break, and of course informative. Keep up the great work.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use