Software Patches, Home Depot Breach, and Celebrity Selfie Hack
If you need a quick source for all your information security (infosec) news, you’ve come to the right place. I summarize the most important infosec news in this weekly video, and provide links to other security stories as well.
Unfortunately, today’s episode includes a pretty creepy hack. The show covers next week’s upcoming software patches, another credit card leak that seems to come from Home Depot, and a gross story about hackers stealing hundreds of celebrities’ most private pictures. Find the details in the video below and see what you can learn from these unfortunate cyber attacks.
As always, check the Reference section if you are interested in other stories that I didn’t cover in the video. Also, I will be traveling the next few weeks, which means I may not be able to post this video as regularly as usual. Expect the video to turn up at irregular times, otherwise I may post a written version of the weekly summary instead. Have a great weekend, and stay safe online!
(Episode Runtime: 13:17)
Direct YouTube Link: https://www.youtube.com/watch?v=-mRjltM-tc0&
Episode References:
- Software Updates:
- Latest Firefox update fixes vulns and supports public-key pinning – Threatpost
- Microsoft pre-announces next week’s Patch Day – Microsoft
- Adobe to release critical Reader update next Tuesday – Computer World
- Home Depot suffers major credit card data breach – Krebs on Security
- All Home Depot stores likely affected – Krebs on Security
- Celebrity Photo Hacking:
- iCloud hacked to steal private celebrity pictures – The Telegraph
- Researcher’s iBrute iCloud brute force tool – GitHub
- Law enforcement use the same tool as iCloud hackers – The Next Web
- How to set up Apple’s two factor authentication – Mac World
- How to bypass Apple two-factor authentication – Gizmodo
- Dan Kaminsky’s fantastically expressed thoughts on the celeb hacking – Dan Kaminsky Blog
- Well documented notes on how the hack happened – Nikcub
- Apple’s latest response to fix problems – Tech Radar
Extras:
- Latest on the LizardSquad Drama – The Register
- Mysterious lorem ipsum Google Translate hack? – Krebs on Security
- What’s the best Mac AV software? – PC Magazine
- Twitter introduces a bug bounty program for vulnerabilities – Hackerone.com
- Angler exploit kit now capable of fileless infection – MDNC Blog
- XSS and CSRF vulnerabilities plague some WordPress plugins – ThreatPost
- CERT shares which Android apps don’t use SSL correctly – Google Docs
- Vulnerability disclosures trending up, but Microsoft ones down – Microsoft
- Akamai warns of Linux iptables infections used for DDoS – Help Net Security
- Semalt botnet practices Blackhat SEO – Help Net Security
- Researchers find more problems with WiFi WPS (Don’t use it) – Naked Security
- Cyber attacks on hospitals are rising – MIT Technology Review
- 90% of healthcare cloud services are risky – Forbes
- NATO adopts new cyber defense policy; all for one – Computer Weekly
- Namecheap hosts says Cybervor is hijacking user accounts – The Register
- HP research highlights North Korea’s Cyber attack capability [PDF] – HP
- Hackers use VirusTotal too – Wired
- Research paper on hackers using VirusTotal – Google Docs
- A new piece of Mac malware converted from Windows threat – FireEye
- Botnet sat on HealthCare.gov server for over a month – PC World
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply