• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

#OpKKK – WSWiR Episode 130

November 21, 2014 By Corey Nachreiner

Emergency Windows Patch, Malware Vs. Passwords, and #OpKKK

Nowadays, researchers, hackers, and the media bombard us with tons of information security (InfoSec) news each week. There’s so much, it’s hard to keep up—especially when it’s not your primary job. However, I believe everyone needs to be aware of the latest InfoSec threats. If you want to protect your network, follow our weekly video so I can quickly get you up to speed every Friday.

Today’s episode covers a critical out-of-cycle Microsoft patch, talks about the latest updates to a nasty piece of mobile malware, and explores the ethical issues surrounding a recent Anonymous attack campaign, Operation KKK. Press play for the details, and see the references below for more stories.

As an aside, after shooting this week’s video, I learned attackers may have stolen a bunch of passwords from many popular online services. It may be a hoax, but if you use Windows Live, PSN, or 2K Games, you should probably change you password… just to be safe. Have a great weekend!

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=XUsqxsHvVZc

EPISODE REFERENCES:

  • Microsoft Out-of-Cycle patch fixed Windows AD Server flaw – WatchGuard Blog
  • Citadel Targets Password Vaults – Ars Technica
    • Original IBM research on the Citadel variant updates – Security Intelligence
  • Anonymous pwns KKK for Ferguson comments – ZDNet
    • MSNBC about Anonymous and #OpKKK – MSNBC
  • BREAKING: A hacker group claims to have stolen PSN, Windows Live, and 2K Games credentials – PasteBin
    • However, it could be a hoax – The Guardian

EXTRAS:

  • NotCompatible variant, an Android botnet, gets more dangerous – Lookout Blog
  • State Dept. Hacked; Related to White House Attack? – NYTimes
  • Citadel variant targets password vaults – ThreatPost
  • Let’s Encrpyt offers free certificates to encourage web encryption – Betanews
  • Beware the naked shark attack scam on Facebook – IBTimes
  • Fasthosts down for five hours due to DDoS attack – The Register
  • The FBI’s most wanted cyber criminals – CNN
  • Chinese authorities arrest three suspects over Wirelurker malware – BBC
  • Private PoC released for WinShock vulnerability (hard to exploit) – The Register
  • Q3 2014 breaches by the numbers – HNS
  • Chrome 39 fixes 42 security vulnerabilities – Google
    • Article on the Chrome 39 Update – SC Magazine
  • US Gov. doing all they can to weaken citizen’s cryptography – Ars Technica
  • New potential reflection-based DDoS attack – Cymru
  • BadUSB may have wider sprad ramifications – Threatpost
  • Vulnerabilities in BitTorrentSync (BTSync) – Hackito Ergo Sum
  • Software flaw in specific game allows Nintendo 3DS hacking – Ars Technica
  • Hacker’s hijack child cancer FaceBook page – NBC News
  • Was Jeremy Clarkson’s Twitter account hijacked? – Naked Security
  • Major DDoS attacks against Hong Kong media sites – Forbes
  • Vulnerability allows attackers to delete DVRs – The Register
  • Hackers steal a Detroit city database… Detroit doesn’t care – The Register
  • Run a WordPress blog? You should update – Network World
  • Four arrested in the UK for RATS and webcam malware – The Guardian
  • Amnesty International releases a free tool to detect nation-state spying malware – Resist Surveillance

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Anonymous, botnet, Chrome, Ferguson (City/Town/Village), Hacking, Infosec news, Kerberos KDC, Microsoft, MS14-068, OpKKK, Password Vault, Software vulnerabilities, Updates and patches, Vigilatism

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use