• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Vulnerability Disclosure Fight – WSWiR Episode 135

February 3, 2015 By Corey Nachreiner

Want a quick way to learn about the latest information security (infosec) news and tips? Then this is the video for you! Every week, I summarize the most important stuff, and share what you should do about it.

This week, we’ve changed the format of the show. Since I’m now posting the Daily Security Byte every week day, our weekly episode will summarize those episodes, share additional updates, and cover Friday’s story. I hope you enjoy the new format and am open to all feedback.

This episode, from the second week of January, covers Microsoft’s January Patch Day, the CENTCOM Twitter hijack, Charlie Hebdo related cyber attacks, and a vulnerability disclosure fight between Google and Microsoft. Click play for the details.

(Episode Runtime: 5:18)

Direct YouTube Link: https://www.youtube.com/watch?v=MIhdn7c2cZY

EPISODE REFERENCES:

  • Daily Security Bytes:
    • Monday: CENTCOM Hack – Daily Security Byte EP.1
    • Tuesday: MS Patch Bonanza – Daily Security Byte EP.2
    • Wednesday: Obama on CyberSecurity – Daily Security Byte EP.3
    • Thursday: Charlie Hebdo Cyber Attacks – Daily Security Byte EP.4
    • Friday: Google vs. Microsoft – Daily Security Byte EP.5
  • Microsoft vs. Google on early vulnerability disclosure
    • Microsoft and Google fight over an early released vulnerability – Reuters
    • MS’s blog post about coordinated disclosure – Microsoft
    • Google’s details on pre-released flaw – Google
    • Security pundits thoughts on the controversy – Tech Republic
    • Two more 0day in Google and Microsoft’s disclosure fight – ThreatPost
      • Windows 0day one – Google
      • Windows 0day two – Google
  • Microsoft Patch Day (and other updates)
    • Microsoft’s security bulletins page – Microsoft
    • SAN’s ISC Diary on summary on Patch Day – SANS
    • Adobe fixes nine Flash vulnerabilities – Abode
    • Firefox 35 updates plugs potential drive-by download exploits – Mozilla
  • President Obama’s address on cyber security
    • Robert Graham’s great opinion piece on Obama’s proposal – Errata Sec
    • Hollywood reporter on obama – Hollywood Reporter
    • Krebs’ thoughts on mandatory breach disclosure – KrebsonSecurity
    • Some negative opinions on Obama’s cyber security proposals – Forbes
    • More commentary against Obama’s proposal – CircleID
  • Charlie Hebdo related cyber attacks
    • France seeing record cyber attacks related to Charlie Hebdo tragedy – Phys.org
    • Miscreants hijack #JeSuisCharlie hashtag to deliver malware – BlueCoat
  • CENTCOM Social Network hijack
    • CyberCaliphate, a pro ISIS group, hijacks CENTCOM’s Twitter and YouTube – Gizmodo
    • British hacker suspected in the CENTCOM twitter incident – Mashable

EXTRAS:

  • Kim Jung Un video game creators hacked – Kotaku
  • Google not fixing flaws in old versions of Android – PC World
  • Attackers deface Crayola Facebook page with inappropriate content – Phys.org
  • North Korea’s official news site delivers malware (surprise, surprise) – Ars Technica
  • Researcher’s details on DRPK’s malicious news site – Infosecotter.com
  • Anonymous takes down jihadist website in retaliation for Paris terrorism – Red Orbit
  • Attackers publish client emails after bank refuses to pay ransom – Reuters
  • UK Prime Minister wants backdoors in messaging apps – Ars Technica
  • Attackers hijacked United milage accounts to book free trips – Mashable
  • We wary of non-Oracle sites pushing fake updates – Oracle
  • Malicious wall charge key sniffs wireless keyboards – Business Insider
  • Skeleton Key Malware hijacks AD servers – Forbes
    • SecureWorks’ analysis on Skeleton Key – SecureWorks
  • Russian credit card theft tries to get out of extradition – Phys.org
  • Cisco patches Webex – Tech Target
  • Airport parking companies confirm a data breach – KrebsonSecurity
  • Is open wifi a crime? SWAT team raids grandma’s house – TechDirt
  • Do insurance dongles provide a new vector to hack cars? – Forbes
  • Blackhat movie tries to get hacking right – Ars Technica
  • NSA says “sorry” for weakened crypto algorithm (kind of) – ThreatPost
  • I like the idea of Internet as a public utility – Gizmodo
  • Free open network used to make point about electronic surveillance –  Ars Technica
  • The CIA clear themselves for their Senate hacking – Ars Technica
  • Serious vulnerabilities found in popular Italian ISP consumer router – UPV.es
  • Canada’s new anti-spam laws could have auto-update ramifications – CBC.ca
  • New York Post and UPI’s twitter accounts hijacked – Computer World
  • Need a hacker? A web site offers them for hire – Slate
  • ISC still seeing lots of Shellshock attemtps; hope you patched – SANS
  • US government says encryption is key, yet they still backdoor it? – The Guardian
  • Chinese research on Windows telnet issue and PoC leak – PasteBin

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, cyber security, firefox, Google, Hacking, Infosec news, Je Suis Charlie, Microsoft, mozilla, MS Patch Day, President Obama, SOTU, State of the Union, Twitter, vulnerability discolsure, YouTube

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The Qakbot Takedown
  • iPhone’s Latest 0-Day
  • Meta’ One Good Deed

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Meta’ One Good Deed
  • iPhone’s Latest 0-Day
  • The Qakbot Takedown
  • Weaponizing WinRAR
  • U.S. Cyber Trust Mark
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use