• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

World Password Day – WSWiR Episode 106

May 9, 2014 By Corey Nachreiner

MS Patch Day, 4chan Hacked, and Password Security

If you’re too busy helping your users and maintaining your network to read the latest information security news, you might miss out on new tip that could save your network. No worries. Let my short, weekly Infosec video summarize the week’s biggest news for you.

Today, I warn you about all the upcoming patches next Tuesday, talk about a popular web site hack and what administrators can learn from it, and share my three primary password tips for World Password Day. Click play below for all the details, and take a peek at the Reference section for links to other stories.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 7:32)

Direct YouTube Link: https://www.youtube.com/watch?v=fKU3Qoaj_Dw

Episode References:

  • Adobe and Microsoft Patch Day is coming – WGSC
    • Microsoft advanced notification for May 2014 – Microsoft
    • Adobe prenotification bulletin for May 2014 – Adobe
  • 4chan admin console hacked; Moot shares details – Moot’s blog
  • World Password Day 2014 – Passwordday.com
    • Bud Logs In; A WatchGuard password security video – WatchGuard

Extras:

  • Alleged “nuclear black hat” hacker is a Navy sysadmin for aircraft carrier – The Register
  • Latest Microsoft SIR report says infect computers raise threefold – PCWorld
  • Half of stolen cars in the UK due to electronic fob hacking – Huffington Post
  • French Orange site breached again – NASDAQ
  • Ransomware making a move to Android devices – ZDNet
  • Dropbox fixes a small shared link search engine vulnerability – Collaborista Blog
  • Latest iOS lockscreen bypass flaw – NBC News
  • Hackback video; hacking a botnet (potentially illegal) – Spgedwards.com
  • SNMP the next protocol exploited for DDoS? – SANS
  • Bitly breach; change your password – Mashable
  • Twitter adds SMS to bolster password reset process – ZDNet
  • What’s your stance on Net Neutrality? Watch to learn – Youtube

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Hacking, Infosec news, Internet Explorer, Microsoft, password security, Reader, Software vulnerabilities, SQLi, Updates and patches, World Password Day

Comments

  1. Dave Cowman says

    May 11, 2014 at 3:30 pm

    Hi,

    This account is no longer monitored.

    Please unsubscribe this email address.

    Regards,
    Strettons
    Strettons, Chartered Accountants
    44 Heuheu Street, P O Box 214, Taupo 3351, New Zealand
    Direct Dial +64 (7) 376 1700, Facsimile +64 (7) 376 1711

    Reply
  2. Alexander Kushnarev says

    May 17, 2014 at 2:40 am

    Here are a lot of interesting and curious news in this post!
    1. The technical substance of MS14-025 was really striking for me, since I’ve considered AD Group Policy mechanism is HIGHLY reliable and trusted…Don’t even thought, that passwords can be stored/cached insecurely inside Group Policy Objects. And if Microsoft’s technicians will “grayed out” fields for CPassword attribute inside standard GUI (!) configuration windows for 5 described functions – then it’s more than just “important” (the rating they provide for this issue)…
    https://support.microsoft.com/kb/2962486

    2. Next is short but fabulous (!) Chris Hate’s article. As always for me, the technical details are most exciting. Attacker, to reach the goal, combines:
    – source code analyze,
    – PHP- authentication issue exploitation,
    – forged cookie (similar to XSS) method,
    – SOL-injection due to vulnerability in ONLY ONE parameter
    This guy was more than serious, and very skilful.
    Anyway – separate professional respect should be sent to Chris Hate for publishing this story.

    3. An the last note is about a Rotbrow plug-in. Tricky and well thought-out approach to distribute malware. I would like to say, that such “postpone downloaders” without any doubt, can be classified as element of APT-campaign.

    Reply
    • Corey Nachreiner says

      May 28, 2014 at 9:39 am

      Awesome additional materials as always, Alex. I bet you and I would have a lot to chat about over a few beers (or vodka!)

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use