• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Snowden, PowerOffHijack, and Router Phishing – WSWiR Episode 141

March 2, 2015 By Corey Nachreiner

From nation state espionage, to Internet rights, to router hijacking emails, each week is packed full on information security (infosec) news. Even if you don’t have time to follow it in depth, you can’t afford to miss the latest intelligence. Let our weekly summary video fill you in.

Today, we cover Snowden’s public interview on Reddit, a dangerous sounding Android threat that’s not so bad, and a spam campaign that’s hijacking Brazilian routers. Press play to learn more, and check out the References for details.

NOTE: Embarrassingly, I wrote this and posted the video on Friday, but forgot to actually publish the blog post. If you subscribe to the YouTune channel you probably already noticed it, but I apologize to blog readers for publishing this post late. 

(Episode Runtime: 9:52)

Direct YouTube Link: https://www.youtube.com/watch?v=ri8Sg1V8Y7k

EPISODE REFERENCES:

  • Daily Security Bytes:
    • Monday: Snowden Goes to the Oscars – Daily Security Byte EP.29
    • Tuesday: PowerOffHijack’s a Dud – Daily Security Byte EP.30
    • Wednesday: Anthem & SIM Heist Updates – Daily Security Byte EP.31
    • Thursday: Net Neutrality Wins – Daily Security Byte EP.32
    • Friday: Phishing Pops Routers – Daily Security Byte EP.33
  • Snowden, Poitras, and Greenwald do a Reddit AMA – Reddit
  • PowerOffHijack is not so bad:
    • PowerOffHijack spies when you phone is “off” – Slashgear
    • AVG’s source research on PowerOffHjiack – AVG
    • The Android PowerOffHijack isn’t as bad as it sounds – Tech Republic
  • Anthem & SIM Heist updates:
    • Anthem breach affects 8-18M other non-customers – Reuters
    • OTA key from the SIM heist allows NSA to plant backdoors – The Verge
    • Gemalto says a breach happened, but SIM keys not stolen – Gemalto
  • Net Neutrality pass the FCC:
    • FCC votes to pass Net Neutrality changes – Ars Technica
    • Long form article on why provides don’t like Net Neutrality – Ars Technica
    • Is the Net Neutrality battle over… nope – Gizmodo
    • Security implications of Net Neutrality – SANS
  • Spam leads to hijacked routers:
    • Spam campaign targets routers of specific carrier customers with XSS – KrebsonSecurity
    • ProofPoint’s blog post on this Brazilian phish-pharm campaign – ProofPoint

EXTRAS:

  • Suit against Lenovo for Superfish – Tech Radar
  • Almost half (44%) of attacks use 2 to 4 yr old vulnerabilities – Computing
  • Is the TurboTax fraud related to the Anthem breach – Forbes
  • PrivDog similar to Superfish – Tech Week
  • More products affected by the Superfish issue – Ars Technica
  • Yahoo exec grills NSA director on built in “golden keys” – BBC
    • More on the NSA/Yahoo showdown – Network World
    • NSA Director is grilled about “backdooring” encryption – Tech Dirt
  • Chrome continues to warn you of shady web stuff – PC World
  • Need an extra $3M? Find this Russian hacker – Times
    • This bounty is for the Zeus/Cryptolocker botherder – SC Magazine
    • More on why this guy has a $3M bounty – The Telegraph
  • Google releases a beta web app scanner – Google
  • Hacking Telegraph’s (iOS app) encryption – Zimperium
  • Israeli defense suffers from a spear phishing attack – Xedie
  • $162M = The cost of the Target breach so far – Techcrunch
  • Al Jazeera says they have hundreds of nation state intelligence documents – Business Insider
  • NCA claims to have taken down the Ramnit botnet – BBC
  • Remote code execution flaw found in Samba server – Redhat
  • Another WordPress plug-in flaw imperils millions – Ars Technica
  • Wired goes more in depth on NSA firmware hack –  Wired
  • UK parking ticket payment site suffers from a customer data breach – Neowin
  • Trend Micro’s Arid Viper report cause claimed innocent to run – Forbes
    • Trend Micro shares updates on Arid Viper – Trend Micro
  • Lizard Squad takes credit for Lenovo site hack – Winbeta
    • The Lenovo hijack accomplished via an upstream registrar – Ars Technica
  • Moxie Marlinspike is over GPG – Thoughtcrime
  • This password reset is too easy – CNET
  • Latest threat attaching malware to PNG images – Cisco
  • Clapper says Iran was behind the Las Vegas Sands cyber attack – Bloomberg
  • Firefox 36 fixes 16 vulnerabilities; three critical – Threatpost

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Cross-site scripting, Edward Snowden, Hacking, Infosec news, Net Neutrality, Phishing, PowerOffHijack, Snowden, Snowden leaks, Software vulnerabilities, xss

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use