• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

POODLE Bites SSL – WSWiR Episode 125

October 17, 2014 By Corey Nachreiner

October Patch Bonanze, Leaky Apps, and POODLE

Cyber security has gone main stream, which means we’re getting a lot more security news each week than we used to. This week was even busier than usual, with updates fixing hundreds and hundreds of security vulnerabilities, as well as a significant vulnerabilities in a encryption standards. If you’re having trouble keeping track of the most important security info on your own, let our week video summary do it for you.

Today’s episode covers a ton of updates for October’s Patch Day, data leaks affecting SnapChat and DropBox, and a relatively serious SSL vulnerability called POODLE. The video is a bit longer than usual in order to better describe the POODLE flaw. Press play to learn more, and check the references for other interesting stories.

Enjoy your weekend, and beware what you click online.

(Episode Runtime: 16:37)

Direct YouTube Link: https://www.youtube.com/watch?v=AFX9DXDizu4

Episode References:

  • Software Updates:
    •  Microsoft October Patch Day Summary – Microsoft
    • Adobe releases ColdFusion and Flash Updates– Adobe
    • Oracle Quarterly CPU for October 2014 – Oracle
    • UPDATE: Apple fixes 144 vulnerabilities in a number of products – ZDNet
  • The Snappening: 13Gb of SnapChat images and video stolen from SnapSaved.com – Kenny Withers blog
  • 7M Dropbox password leaked through 3rd party services (not a Dropbox hack) – Dropbox Blog
    • Pastebin post about leaked Dropbox password – Pastebin
  • POODLE vulnerability affects web-based SSL connections – WGSC

Extras:

  • Russian hackers allegedly spy on NATO and the west with Sandworm – IT Pro Portal
  • iSight’s report on Russian Sandworm campaign (patched this month) – iSight Partners
  • Kmart infected with PoS malware, but claim no data stolen – eSecurity Planet
  • New PoS malware variant called FrameworkPoS uses DNS exfiltration – GData
  • Obama’s cyber czar says drop passwords, use selfies (bad idea IMHO) – The Register
  • SSDP reflection attacks on the rise – SC Magazine
  • Hacker sophistication evolution timeline – Business Insider
  • FBI Director wants to take about encryption. Don’t let him – The Register
  • Sweet Orange malvertising campaign targets popular YouTube videos – Business Insider
  • Drupal suffers from a SQLi vulnerability – The Register
  • New web vulnerability helps phishers – Computer World

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Apple, Dropbox, Hacking, Infosec news, linux, Microsoft, MitM, OpenSSL, Oracle, POODLE, Security breach, SnapChat, Software vulnerabilities, SSL, SSLv3, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use