Did you catch all the important information security news this week? Do you know what you might learn from it? If not, watch our weekly security recap video to catch up.
Today’s episode covers yet another SSL vulnerability, explores a new Android worm, and mentions a controversy around Turbo Tax-related fraud. Watch the video for the details and check out the Reference section for more.
(Episode Runtime: 8:37 for main video with an extra at the end)
Direct YouTube Link: https://www.youtube.com/watch?v=y5dryp9wFhE
EPISODE REFERENCES:
- Daily Security Bytes:
- FREAK SSL Vulnerability
- Official FREAK page and description – Freakattack
- CVE listing for FREAK vulnerability – Mitre
- Good Ars Technica write-up on the FREAK flaw – Ars Technica
- FREAK affects Windows too – Microsoft Advisory
- Turbo Tax fraud controversy
- Whistleblowers claim Intuit doesn’t do enough to stop fraud – KrebsOnSecurity
- Intuit’s response to fraud handling allegations – Intuit
- Earlier interview with Intuit’s CISO – KrebsOnSecurity
- Original TurboTax Fraud Security Byte – WatchGuard Blog
- Gazon: Android malware SMSs Amazon card scam – AdaptiveMobile
- CSI: Cyber reviews
- CSI: Cyber website – CBS
- Space Rogue’s review of CSI: Cyber – Space Rogue
EXTRAS:
- Audience does not accept that NSA Director is a Libertarian – The Intercept
- Researcher finds 0day in Seagate’s 2-Bay NAS device – Beyond Binary
- A couple data/account breaches and disclosure:
- Toys ‘R US warns about fraudulent account access – SC Magazine
- Uber data breach leaks 50K drivers’ PII – Uber
- Someone stored Uber’s secret key on Github – Ars Technica
- Legally watch CitizenFour for free – ThoughMaybe
- GoPro WiFi reset mechanism exposes others’ passwords – IBTimes
- Device found in German Parliament Chairman’s mobile might illustrate interdiction – The Local
- Latest Chrome update fixes a lot of security flaws – Threatpost
- Malicious Blu-ray’s infect PCs and players – Ars Technica
- The Register’s article on the Blu-ray hack – The Register
- Malware authors hide C&C with Domain Shadowing – Help Net Security
- Criminals use Apple Pay to leverage stolen CCs – Ars Technica
- uTorrent uses your computer to mine Bitcoin – Independent
- D-Link fixes a bunch of consumer router vulnerabilities – Naked Security
- Apparently the FAA sucks at information security – Engadget
- US mad when other governments want backdoors too – Techdirt
- Do you play video games? You’ll probably become a hacker (whatever) – Huffpo
- Java installs adware on macs too (no thanks Oracle) – Gizmodo
- UK’s NCA shutdown 57 cyber criminals – Engadget
- Canadian arrested for not handing over his password at the Border – The Register
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply