Blackhat and More – WSWiR Episode 116

Blackhat Summary,Lots of Patches, and MonsterMind

Times have changed. Cyber attacks have increased 10-fold, causing a ton of information security (infosec) news each week. Can’t keep up with it all? Let me help out. In this weekly video summary, I highlight the biggest information and security news every week.

Last week, I had meant to post a Black Hat video summary, but simply couldn’t find the time during my two week travel schedule. I try to make up for it in this week’s episode. In today’s video, I share a bit about Black Hat, cover the latest security patches, comment on the alleged huge password theft, and highlight Snowden’s latest interview and disclosures. Watch the video for the details.

Also, don’t forget to check out the big reference section below for two weeks of security news links, and some videos from Black Hat. Have a great weekend.

(Episode Runtime: 9:09)

Direct YouTube Link: https://www.youtube.com/watch?v=Xv1fUT15AP8

Episode References:

• Blackhat Summary
  • Black Hat Briefings Day 1 – WGSC
  • Black Hat Briefings Day 2 – WGSC
  • Blackhat Presentation Videos
    • CyberSecurity as RealPolitik
    • BadUSB – On Accessories that Turn Evil
    • Cellular Exploitation on a Global Scale
    • Mission MPOSsible
    • SATCOM Terminals: Hacking by Air, Sea and Land
    • Breaking the Security of Physical Devices
    • Bringing Software Defined Radio to the Penetration Testing Community
• Software Updates
  • Microsoft Patch Day
    • August IE update – WGSC
    • Windows consolidated alert – WGSC
    • SQL Server patch – WGSC
    • Office updates for August – WGSC
  • Latest OpenSSL security update – OpenSSL
  • Latest Safari update fixes drive-by download vulnerabilities – Apple
  • Adobe patches Flash flaws – Adobe
  • August Reader and Acrobat Updates – Adobe
• Russian cyber gang stole 1.2 billion user credentials – WGSC
• Snowden talks about MonsterMind; NSA’s strikeback tool – Wired

Extras:

• Research disclosed on APT campaign (Turla, Snake, Uroburos) targeting diplomats – Symantec
• U.S. consumer finance agency warns of risks of virtual currency – Consumer Finance
• Attacker hunts and pwns WiFi Pineapples at DEF CON using 0day – Network World
• Yahoo’s ad networks spread CryptoWall – Sky
• He’s back… John McAfee surprises DEF CON and launched new web site – The Inquirer
• WiFi collar turns “kittehs” into hackers – Silicon Republic
• Chinese teen arrested after creating Android “Heart App” malware – SC Magainze
• Anonymous and others hack and DDoS Ferguson police – CNET
• Teaching kids to hack for good at DEF CON – Fox News
• Blackphone rooted, demo at DEF CON – Ars Technica
• Ukranian hackers claim to attack Polish web sites – Phys.org
• SOHOpelessly broken uncovers 15 vulnerabilities in consumer routers – SOHOpelessly Broken
• Hackers think they are above the law according to (flawed) survey – CNET
• U.S. SuperValu supermarket chain suffers data breach – Bloomberg
• iTunes sync is iOS’s security weak spot – The Register
• 300Gbps DDoS leverages motherboard flaw – Tech World
• Free iOS UnTrust tool claims to protect against Apple’s silent info sharing – Techweek
• I hate to say it, but if you run VNC without a password you should be pwned – Naked Security
• Forget hackers knowning down the Internet; it’s the sharks! – Huffington Post
• Exploit released for Symantec Endpoint Protection – ISC SANS
• Details about Finfisher nation-state espionage tools leaked – Netzpolitik.org
• FBI exploits drive-by download on Tor to infect suspected kiddie porn criminals – Wired
• PF Changs releases more details about June data breach – Mashable
• New malware only infects registry; not files – Darknet
• Hacking airplane’s entertainment systems (can’t crash planes) – RT
• China drops Symantec and Kaspersky as approved AV vendors – PCMag
• Sony and Microsoft’s Twitch accounts hijacked – Forbes

— Corey Nachreiner, CISSP (@SecAdept)