• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

TAO Hijack Routers – WSWiR Episode 107

May 16, 2014 By Corey Nachreiner

Tons of Patches, NSA Booby-Trapped Routers, and Alleged Iranian Hackers

If you don’t have time to follow all the information security stories popping up each week, you can let our weekly video and blog post summarize the important stuff for you.

In today’s show, I recite the big list of security patches you need to get this week, talk about how the NSA is intercepting and hacking routers to foreigners, and weigh in on whether or not the security industry is blaming advanced attacks on “nation-state” actors a bit too freely. Press play on YouTube for all the details, and don’t forget to check out the Reference section for links to other interesting InfoSec stories.

Hope you have a great weekend, and be careful shopping online!

(Episode Runtime: 8:25)

Direct YouTube Link: https://www.youtube.com/watch?v=LdOHsV88z4Y

Episode References:

  • Microsoft’s May Patch Day Summary – WGSC
    • May’s Internet Explorer (IE) alert – WGSC
    • Consolidated Office security alert – WGSC
    • Consolidated Windows security alert – WGSC
  • Adobe’s May Patch Day Summary – WGSC
  • Latest Chrome update fixes three critical vulnerabilities – ThreatPost
  • Apple’s Patch Day Summary – WGSC
  • More details on NSA’s TAO team intercepting and booby-trapping routers – The Guardian
  • Fireeye’s Saffron Rose report on alleged Iranian nation-state sponsered hacking [PDF] – Fireeye
  • Krypt3ia’s blog post saying Operation “Flying Kittens” is more likely normal hacktivists – Krypt3ia’s blog

Extras:

  • Research on fake SSL certs used in MitM attacks (most actually security devices decrypting SSL)  – Linshunghuang.com
  • Bitly shares details about breach, and promises two token authentication – Bitly
  • Vulnerabilities found in Estonia’s online voting system – PCWorld
  • Snowden explains why he asked Putin tough questions – The Guardian
  • Teenager responsible for Krebs’ SWAT attacks arreseted – KrebsonSecurity
  • DayZ developers network breached, source code allegedly stolen – Segmentnext.com
  • Old EoP flaw finally fixed in Linux kernel – Ars Technica
  • Main Dogecoin wallet temporarily shuts down due to breach – ITPortal
  • GCHQ being sued for alleged mobile hacking – The Register
  • Mozilla capitulates to DRM in Firefox – The Guardian
  • CC skimmers found on stamp vending machines – KrebsonSecurity
  • General Hayden accidentally admits that they kill using metadata – Youtube
  • Google Docs click jacking flaw – M-austin Blog
  • Elderwood gand still releasing more 0day IE exploits – ComputerWorld
  • Fake AV found in Google and Microsoft’s online app markets – NetworkWorld

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Advanced threats, APT, Flying Kittens, Hacking, Infosec news, Internet Explorer, Microsoft, NSA, Reader, router hijack, Saffron Rose, Snowden, Software vulnerabilities, TAO, Updates and patches

Comments

  1. hobbies for teenagers says

    August 16, 2014 at 11:36 pm

    each time i used to read smaller posts that also clear their motive, and that
    is also happening with this paragraph which I am readijng at this place.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use