• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Hot Girls Help Hackers – WSWiR Episode 138

February 6, 2015 By Corey Nachreiner

The information security (infosec) industry is fast paced, and attackers change tactics every week. Do you have trouble following the latest attacks and security news? Well, our regular infosec video is here to help.

Today’s episode covers attackers masquerading as hot girls, a zero day IE11 flaw, malicious Google Play apps, an one of the largest healthcare data breaches. Watch the video for details on all that an more, and visit the Reference section for links to other stories.

(Episode Runtime: 10:50)

Direct YouTube Link: https://www.youtube.com/watch?v=EjDCoG7RxsY

EPISODE REFERENCES:

  • Daily Security Bytes:
    • Monday: Syrian Honey Trap – Daily Security Byte EP.16
    • Tuesday: IE11 0day XSS Flaw – Daily Security Byte EP.17
    • Wednesday: Malicious Google Play Apps – Daily Security Byte EP.18
    • Thursday: Huge Healthcare Breach – Daily Security Byte EP.19
    • Friday: Who Cares About Lovely Horse? – Daily Security Byte EP.20
  • “Hot girls” honey trap:
    • “Hot Girls” are still an effective lure, even among nation-state attackers – Gizmodo
    • FireEye’s report on the Syrian “Hot Girl” attack campaign [PDF] – FireEye
  • Zero day IE 11 XSS vulnerability:
    • New XSS vulnerability affects IE 11 running on Windows 8.1 – Computer World
    • Full Disclosure post about the flaw – Seclists
    • Follow up post on Full Disclosure – Seclists
    • Proof-of-Concept exploit illustrating the issue – Packet Storm
  • Malicious app on Google Play:
    • Avast customer finds Google Play apps maliciously forcing ads – Avast Forum
    • Avast blog post about the issue – Avast
    • Ars’ take on the Google apps delivering malicious ads – Ars Technica
  • Huge Anthem bata breach:
    • Anthem CEO’s letter to customers about the breach – Anthem
    • FAQ telling Anthem customers what they can do – Anthem
    • CNN story on the Anthem date breach – CNN
    • Already claims of the Anthem hack coming from China – Bloomberg
    • Krebs  covers China’s alleged link to Anthem hack – Krebs on Security
  • Operation Lovely Horse:
    • GCHQ uses researchers public feeds to get information – The Intercept
    • Another article about the Lovely Horse campaign – Computing

EXTRAS:

  • 80% of Tor traffic is not as gross as FBI alleges – Wired
  • Silverlight targeted in exploit kits too – Zscaler
  • That “adult” video on Facebook might be malware – The Guardian
  • TopFace pays off cyber criminals; bad move – Tech World
  • Google’s revamped security warnings may have made things worse – The Register
  • Fake Google Chrome update used to spread Ransomware –   CBR Online
  • White House asks for a 10% increase in cybersecurity spending – Computer World
  • Could this new “wrinkle” prediction theory affect fingerprint biometrics? – MIT
  • Tor, the technology of the “Darknet,” has legitimate purpose – Computer Weekly
  • One good reason to avoid adult videos on Facebook – The Inquirer
  • WOW! A third Flash 0day. This is getting old – Forbes
    • Make sure you’ve patched the third Flash 0day flaw – Ars Technica
  • A 2015 Security Prediction roundup – ZDNet
  • The US Army open source’s their Dshell forensic tool – Github
  • InfoSec lessons from the 2015 SuperBowl – Information Week
  • Google to prove grants for security research – ThreatPost
  • The Great Firewall of China more aggressively blocking VPNs – WSJ
  • Raptr gaming social network had data leak – Help Net Security
  • Microsoft to make security by design a priority to protect IoT – IT Pro
  • Full Disclosure post about the flaw – Seclists
  • Follow up post on Full Disclosure – Seclists
  • More details on GHOST exploited by WordPress – SpiderLabs Blog
  • Internet-connected “Adult” toys suffer security flaws (potentially NSFW) – Forbes
  • Chrome beta is moving forward on calling non-HTTPS sites insecure – CNET
  • GHOST can also get exploited through WordPress – Network World
  • Security vulnerability could allow thiefs to steal your BMW – Phys.org
  • Brokers and financial advisors often targets of cyber attacks – Reuters
  • Recent research show criminals are more sophisticated the state actors – Naked Security Blog
    • Actual paper on evaluating different groups exploit skill [PDF] –  Sophos
  • Web masters should watch for RansomWeb attacks – The Guardian
    • Documented case of the attack – High-Tech Bridge
  • Outlook for iOS allegedly has bad security – The Register
  • Arsenal football (soccer) team has bad site security – The Verge
  • Malicious ads piggy-back on Grindr app – The Register
  • FreeBSD administrators should update – ThreatPost
  • Sage Pay temporarily re-introduces POODLE – The Register
  • US says China need to stop its espionage campaigns – Politico
  • Google claims to have blocked half a billion bad ads – Tech Week
  • Breach cost Sony from 15-35M so far – Computer World
  • One security firm claims the Sony hack came from Russia – Forbes
  • Is the US using security fear to pay for cyber snooping? – The Guardian
  • More malvertising, this time from HuffPo and others – Computer World
  • Operation Pawn Storm includes iOS malware – Dark Reading
    • Trend Micro’s blog post on Pawn Storm – Trend Micro
  • Ulbricht convicted on all counts for running the Silk Road – Bloomberg
  • Zero day vulnerability in WordPress FancyBox plugin – ThreatPost
  • A playlist for the MotherBoard Hacking video series – YouTube
  • Sony Picture’s co-chair steps down due to embarrassing leaked emails – The Guardian
  • Lizard Squad claim to be starting new Silk Road-like site – CBR Online
  • Learn about passport security features from forgery pros – Gizmodo
  • Siemen’s patches vulnerabilities in industrial wireless gear – Network World
  • Apparently the US government’s drones still have basic security flaws – Wired
  • Fake gaming chat app comes with malware – PC World
  • Ransomware; alive and well, and growing – CSO Online
  • Interested in web exploit kits in gorey technical detail, read this – blog.0x3a.com
  • UK court rules Prism spying unlawful – NY Times
  • Good opinion piece on governments and information security attacks – Big Think
  • Linux DD0S malware and rootkit – PC World
  • Do a DDoS, go to jail – Computer Weekly

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: cyber attack, cyber security, GCHQ, Google, Google Play, Hacking, Healthcare, hot girls, IE11, Infosec news, Internet Explorer, Lovely Horse, Malware, mobile security, nation state, NSA, Security breach, Snowden, Software vulnerabilities, Syria, Updates and patches, Zero day exploit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use