There’s tons of security news each week. If you can’t keep up, I try to summarize the most important stuff for you in my weekly video.
This week’s show covers a researcher leaking 10M credentials, Forbes’ website getting hacked, a TurboTax security scare, and much more. Watch the video for all the details, or check out the Reference section for other interesting stories.
(Episode Runtime: 9:50)
Direct YouTube Link: https://www.youtube.com/watch?v=mTycl-zSbVA
EPISODE REFERENCES:
- Daily Security Bytes:
- Monday: 10M Passwords Leaked (see weekly video)
- Tuesday: February Microsoft Patch Day – Daily Security Byte EP.21
- Wednesday: Forbes Forces Malware – Daily Security Byte EP.22
- Thursday: TurboTax Security Scare – Daily Security Byte EP.23
- Friday: White House Cybersecurity Summit – Daily Security Byte EP.24
- White House Cybersecurity Summit:
- The White House Summit on Cybersecurity and Consumer Protection schedule – WhiteHouse.gov
- Live YouTube Stream to view the summit – YouTube
- Another view on Obama’s proposals – The Intercept
- TurboTax Security Scare:
- Forbes Forces Malware:
- Targeted Forbes infection went after specific visitors – Reuters
- iSight blog post on the Forbes watering hole attack – iSight Partners
- Invincea blog post on the Forbes watering hole – Invincea
- Chained 0day used in Forbes attack (Flash and IE) – Ars Technica
- Targeted Forbes infection went after specific visitors – Reuters
- February Patch Day:
- Microsoft’ February Patch Day summary – Microsoft
- WatchGuard’s February Patch Day summary blog post – WatchGuard Blog
EXTRAS:
- Researcher released 10M password combos for “security” (media stunt?) – Xato.net
- Twitter CFO’s account hijacked. Embarassing! – Business Insider
- Newsweek’s twitter also hijacked with Obama-related threats – RawStory
- US Government sets up the Cyber Threat Intelligence Integration Center (CTIIC) – Computing
- Facebook creates a social network for Infosec intelligence – fb.com
- IBM finds vulnerabilities in online dating apps – Business Insider
- Anonymous hijacks ISIS accounts – IT Pro
- Cryptolocker 3.0 getting even more evasive – V3.co.uk
- US Senator points out issues with cars’ digital security – The Register
- Financial advisors and brokers should beware network attacks – SC Magazine
- Good write-up on Fessleak ransomware – Invincea
- Jeb Bush’s “transparent” email disclosure invades many constituents privacy – The Verge
- Bush apologizes for this security flub – Gizmodo
- SmartTV’s listening is not a big deal, as far as real world risk (IMHO) – SlashGear
- Delta Airline’s Facebook page temporarily hijacked – Time
- Watch out for IoT devices sharing your credentials – SANS ISC
- Facebook fixed a flaw that allowed attackers to delete all Facebook pics – ZDNet
- More sophisticated fake Paypal sites may be due to phishing kits – OpenDNS
- Extra detail on one of the Patch Tuesday Windows flaws – The Register
- Many MongoDBs exposed on the Internet – Help Net Security
- Latest on Anthem attack suggest spear phishing started the breach – Knowbe4
- Pretty basic web application flaws found on Moonpig’s site – Forbes
- Pwn2Own hackers can’t earn as much this year – Computer World
- Simplocker: Android ransomware more successfully encrypts mobile files – Help Net Security
- Me talking about the dangers of public WiFi – Third Certainty
- Interesting story about USB dead drops – Vocativ
- Watch out of Chrome and Facebook phishing emails with ransomware – SC Magazine
- Google changes its 90-day disclosure policy a bit – Google
- Be aware of sexy scammers during Valentine’s Day – We Live Security
- Rig exploit kit source code leaked – MalwareTech
- Some 0day malware stays undetected for six months – PC Advisor
- 16M mobile devices hit with malware – ZDNet
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply