• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Tax Time Security Woes – WSWiR Episode 139

February 13, 2015 By Corey Nachreiner

There’s tons of security news each week. If you can’t keep up, I try to summarize the most important stuff for you in my weekly video.

This week’s show covers a researcher leaking 10M credentials, Forbes’ website getting hacked, a TurboTax security scare, and much more. Watch the video for all the details, or check out the Reference section for other interesting stories.

(Episode Runtime: 9:50)

Direct YouTube Link: https://www.youtube.com/watch?v=mTycl-zSbVA

EPISODE REFERENCES:

  • Daily Security Bytes:
    • Monday: 10M Passwords Leaked (see weekly video)
    • Tuesday: February Microsoft Patch Day – Daily Security Byte EP.21
    • Wednesday: Forbes Forces Malware – Daily Security Byte EP.22
    • Thursday: TurboTax Security Scare – Daily Security Byte EP.23
    • Friday: White House Cybersecurity Summit – Daily Security Byte EP.24
  • White House Cybersecurity Summit:
    • The White House Summit on Cybersecurity and Consumer Protection schedule – WhiteHouse.gov
    • Live YouTube Stream to view the summit – YouTube
    • Another view on Obama’s proposals – The Intercept
  • TurboTax Security Scare:
    • Attackers hijack TurboTax accounts to file fake returns – WTVR
    • TurboTax investigation the filing fraud reports – Intuit
    • TurboTax resumes efiling after finding no breach – Intuit
    • News report on TurboTax incident – YouTube
  • Forbes Forces Malware:
    • Targeted Forbes infection went after specific visitors – Reuters
      • iSight blog post on the Forbes watering hole attack – iSight Partners
      • Invincea blog post on the Forbes watering hole – Invincea
    • Chained 0day used in Forbes attack (Flash and IE) – Ars Technica
  • February Patch Day:
    • Microsoft’ February Patch Day summary – Microsoft
    • WatchGuard’s February Patch Day summary blog post – WatchGuard Blog

EXTRAS:

  • Researcher released 10M password combos for “security” (media stunt?) – Xato.net
  • Twitter CFO’s account hijacked. Embarassing! – Business Insider
  • Newsweek’s twitter also hijacked with Obama-related threats – RawStory
  • US Government sets up the Cyber Threat Intelligence Integration Center (CTIIC) – Computing
  • Facebook creates a social network for Infosec intelligence – fb.com
  • IBM finds vulnerabilities in online dating apps – Business Insider
  • Anonymous hijacks ISIS accounts – IT Pro
  • Cryptolocker 3.0 getting even more evasive – V3.co.uk
  • US Senator points out issues with cars’ digital security – The Register
  • Financial advisors and brokers should beware network attacks – SC Magazine
  • Good write-up on Fessleak ransomware – Invincea
  • Jeb Bush’s “transparent” email disclosure invades many constituents privacy – The Verge
    • Bush apologizes for this security flub – Gizmodo
  • SmartTV’s listening is not a big deal, as far as real world risk (IMHO) – SlashGear
  • Delta Airline’s Facebook page temporarily hijacked – Time
  • Watch out for IoT devices sharing your credentials – SANS ISC
  • Facebook fixed a flaw that allowed attackers to delete all Facebook pics – ZDNet
  • More sophisticated fake Paypal sites may be due to phishing kits – OpenDNS
  • Extra detail on one of the Patch Tuesday Windows flaws – The Register
  • Many MongoDBs exposed on the Internet – Help Net Security
  • Latest on Anthem attack suggest spear phishing started the breach – Knowbe4
  • Pretty basic web application flaws found on Moonpig’s site – Forbes
  • Pwn2Own hackers can’t earn as much this year – Computer World
  • Simplocker: Android ransomware more successfully encrypts mobile files – Help Net Security
  • Me talking about the dangers of public WiFi – Third Certainty
  • Interesting story about USB dead drops – Vocativ
  • Watch out of Chrome and Facebook phishing emails with ransomware – SC Magazine
  • Google changes its 90-day disclosure policy a bit – Google
  • Be aware of sexy scammers during Valentine’s Day – We Live Security
  • Rig exploit kit source code leaked – MalwareTech
  • Some 0day malware stays undetected for six months – PC Advisor
  • 16M mobile devices hit with malware – ZDNet

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: cyber attack, cyber security, drive-by download, Forbes, Forbes hack, Hacking, Infosec news, intelligence sharing, Internet Explorer, Microsoft, nation state, NSA, password leak, Snowden, tax fraud, TurboTab, Updates and patches, watering hole attack, White House

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use