White House Cyber Disclosure, Traffic Light Hacking, and Zero Day Exploits
There was a ton of Information Security news this week. More than most people can keep up with; especially busy IT administrators who are already putting out other fires. If you have little time to read the latest news, but want a quick recap of the most important infosec stories each week, this is the vlog for you.
In this episode, I react to the White House talking about their zero day disclosure policy, I share news about a researcher hijacking traffic lights across the US, and I warn you about two critical zero day flaws in very popular software products. If you want to stay informed and get the latest security advice, watch the video below. You can also explore the Reference section for links to more stories.
Enjoy your weekend, and stay safe out there.
(Episode Runtime: 8:04)
Direct YouTube Link: https://www.youtube.com/watch?v=UxQoInvMBcw
Episode References:
- White House blogs on vulnerability disclosure (government holding 0day) – Whitehouse.gov
- Wired article on traffic light hacking – Wired
- Cesar Cerrudo’s blog post on traffic light hacking (including with a RC multicopter) – IOActive
- IE and Flash 0day discovered in the wild – WGSC
- Microsoft releases and out-of-cycle patch for IE 0day – WGSC
- Bonus: Six Infosec tips I learned from Game of Throne – WGSC
Extras:
- AOL admits network breach – Business Insider
- Weev trolls CNBC (pay attention to his company name) – CNBC
- Heartbleed used to pwn hacker web sites – Theiet.org
- Siemen’s products were vulnerable to Heartbleed – ICS-CERT
- Apple’s dev center site suffered info leak over the weekend – Naked Security
- Hackers offer another alleged OpenSSL flaw for sale; likely a scam – Computer World
- Firefox update fixes 29 flaws; five critical – ThreatPost
- Security flaw in FreeBSD’s TCP stack – FreeBSD.org
- Interesting post about Tunisian government injecting Javascript to steal credentials – JGC.org
- Latest Android malware spreading like a worm – Help Net Security
- Latest Snowden leak claims the GCHQ asks for access to NSA’s data – The Intercept
- Major flaw found in OAuth and OpenID – BGR.com
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply