• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Cryptowall Malvertising – WSWiR Episode 126

October 24, 2014 By Corey Nachreiner

Windows 0day, iCloud MitM, and Cryptowall Rises

You’re a busy IT guy that barely has time to brush your teeth before running off to work, so who has time to follow security news too? Does this sound like you? If so, let our short weekly video inform you of the most important security news in the time it takes you to enjoy your first cup of coffee.

Today’s episode covers another Microsoft zero day flaw, a recent man-in-the-middle (MitM) attack against iCloud, and the latest developments with a nasty piece of ransomware called CryptoWall. Press play below to learn about all that and more, and peruse the Reference section for other stories.

(Episode Runtime: 8:40)

Direct YouTube Link: https://www.youtube.com/watch?v=0y5lBIQ0CEI

Episode References:

  • Software Updates:
    • Check out all Apple’s Security Updates for October – Apple
    • Microsoft warns of an 0day OLE vulnerability – Microsoft
      • An article talking about the OLE 0day – The Register
  • Chinese actors allegedly intercepting iCloud communications – The Guardian
    • The GreatFire’s original post alleging Chinese actors responsible for iCloud MitM – Greatfire
  • Malvertising used to spread CryptoWall on Yahoo, AOL, and others – Forbes
    • US-CERT releases general warning on Crypto Ransomeware – US-CERT
    • Good post on CryptoWall ransomware – Tech Republic

Extras:

  • Seven Destiny video game tactics that translate to cyber security – Corey Nachreiner on HNS
  • Bitcoin trader, another bitcoin company, collapses allegedly due to breach – IBTimes
  • Facebook proactively searching for stolen credentials to mitigate (kudos!) – The Register
  • What happened to stolen Target data? Attackers sold it – Business Insider
  • Access control security company tries to hide vulnerability via legal action – Slashdot
  • DHS investigating security vulnerabilities in 24 medical devices – Reuters
  • 183% increase in high volume, DNS-based DDoS attacks in 2014 – CBR Online
  • Beware of spam campaigns leveraging Ebola fear – Spiderlabs blog
  • Misconfigured NGFW leaking NTLM credentials – The Register
  • Ten Windows 10 security enhancements – Neowin
  • Survey suggests 51% of UK residents have been a victim of cyber crime – IT Pro Portal
  • Koler Android ransomware now spreads via SMS – TechWorld
  • Ventir: Modular trojan for Mac OS X – Securelist
  • Staples now investigating a potential data breach – Computing
  • Intel working on TrustLite to help secure IoT – Silicon Valley Watch
  • Twitter launches Digits to get rid of password (SMS auth) – Tech Crunch
  • Viral marketing campaign interpreted as a DDoS attack – Computer World
  • TOOL: Improve Firefox security with Metascan – Beta News
  • Operation Pawn Storm – Help Net Security
  • Backoff malware continues harassing PoS systems – Computer World
  • Man arrested over the recent spat of ATM hackings – Computing
  • Regular cyber attacks affect 40% of citizens (everyone is a target) – Computer Weekly

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Apple, Dropbox, Hacking, Infosec news, linux, Microsoft, MitM, OpenSSL, Oracle, POODLE, Security breach, SnapChat, Software vulnerabilities, SSL, SSLv3, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use