Gaming DDoS, Malvertising, and U.S. Banks Breached
You really need to keep up with the latest attacks to learn how to adjust your defenses to survive. However, with so much infosec news and so little time, it’s hard for many administrators to stay current. This weekly videos tries to keep you in the loop by summarizing the top news items each week.
Today’s show covers a big DDoS campaign against gaming sites that included a diverted plane, a malicious advertising attack that infected popular web sites, and an allegedly Russian attack against U.S. banks. See the video for the details, and check the references for other stories.
If you live in the U.S., enjoy your Labor Day weekend.
(Episode Runtime: 11:26)
Direct YouTube Link: https://www.youtube.com/watch?v=T4dz4wjY5hQ
Episode References:
- Sony PSN and other gaming services DDoSed offline – Kotaku
- LizardSquad bomb threat diverts Sony exec’s plane – Kotaku
- Lizard Squad DDoS Twitch streaming network – Viral Global News
- Malvertising campaign affects Java.com and others – CIO
- JP Morgan an four other US Banks breached – Bloomberg
Extras:
- Microsoft has re-released the broken MS14-045 update – WP Central
- Was Google Images hacked to show a car crash? – Jalopnik
- How the NSA is providing a Google-like intercepted data search engine – The Intercept
- Backoff malware has infected 1000 US businesses according to FBI – Naked Security
- Also, new variants of Backoff found as well – SCMagazine
- Singapore’s “Messiah” hackers faces 105 charges – Channel News Asia
- Cyber criminals social engineer patriotic Russians into self-infection – Help Net Security
- One of the black market information brokers from Carder.su sentenced – Help Net Security
- Interesting OpEd on the new US “Cyber Czar” lacking any technical security background – Forbes
- NIST warns of Secure Shell (SSH) security considerations [PDF] – NIST
- Old ActiveSync passwords may continue to work for a bit after a change – TechRepublic
- For the devs: Avoiding the Top 10 Software Security Design Flaws [PDF] – IEEE
- Third-party releases unofficial patch to fix an unpatch OS X SSL flaw (already fixed in iOS) – Computer World
- Was the mysterious and temporary Google Image hiccup a hack? – Time
- Thousands of U.S. Android phones infected with ScarePackage ransomeware – BGR
- FBI and DHS warn about “Google Dorking” TEN YEARS LATE! – Ars Technica
- NIST recommendations for vetting 3rd party mobile apps – Information Week
- Sixteen arrested in huge South Korean data breach – IT Pro
- Fifty Norwegian oil and energy companies hit by breaches – TheLocal.no
- Feds looking to enact new search and seizure rules that would allow them to hack suspected criminals – Network World
- Dairy Queen Breach – Consumer Affairs
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply