Patches and Pwns – WSWiR Episode 143

What do DRAM, Jamie Oliver, Half Life 2, Apple, and Microsoft all have in common? They were all affected by information security issues this week. The amount of information security news coming out each day is off the charts. If you need help keeping up, check out this weekly video summary.

Today’s show covers Apple and Microsoft security updates, a new science fiction-like DRAM hack, some gamer focused ransomware, and much more. Learn about it in the video, or peruse the References section for details if you prefer.

(Episode Runtime: 10:55)

Direct YouTube Link: https://www.youtube.com/watch?v=SG5xRcNMZbc

EPISODE REFERENCES:

• Daily Security Bytes:
  • Monday: Apple Patches Freak – Daily Security Byte EP.40
  • Tuesday: Microsoft March Patch Madness – Daily Security Byte EP.41
  • Wednesday: Rowhammer Pwns DRAM – Daily Security Byte EP.42
  • Thursday: Gamer Ransomware – Daily Security Byte EP.43
  • Friday: Jamie Oliver Hacked Again – Daily Security Byte EP.44

• Apple’s March Patch Day
  • OS X Security Update 2015-002 – Apple
  • iOS 8.2 security update – Apple
  • Apple TV 7.1 security update– Apple
  • Xcode 6.2 security update – Apple
• Microsoft’s March Patch Day
  • WatchGuard’s March Patch day summary post – WatchGuard Blog
  • Microsoft’s March Summary bulletin – Microsoft
  • Stuxnet’s .LNK vulnerability was not fixed until now – HP blog
• Rowhammer Pwns DRAM
  • Google researchers’ blog disclosure about Rowhammer – Google Project Zero
  • Easy to understand Slate article on Rowhammer – Slate
  • The original research Rowhammer was based on – CMU.edu
• Gamer Ransomware
  • Bleeping Computer unveils TeslaCrypt Gamer Ransomware – Bleeping Computer
  • Bromium post on Gamer Cryptolocker – Bromium
• Jamie Oliver’s web site was hacked again! – Business Insider

EXTRAS:

• Popular Viner alleges that a hacker deleted all his Vines – BBC
• Ulbricht wants a new trial against Fed for allegedly hacking Tor – Wired
• FBI looking into a bunch web site defacements allegedly from ISIS – IT Pro Portal
• The CIA is restructuring to focus on Cyber Espionage – The Washington Post
• The French allegedly have state-sponsored malware too – Computer World
• The NCC Group to audit OpenSSL for security – ZDNet
• Serious flaw in Asus routers allow local pwnage – PC Advisor
  • PoC exploit for Asus flaw – Github
• Xiaomi smart phone ships with malware (they say it’s counterfeit) – SC Magazine
• Can DNS help us spot malicious sites before they’re born? – The Register
• Three charged for stealing over a billion email addresses – Phys.org
• Anthem turned down a government audit before breach – The Register
• US-CERT recommendations on preparing for Destructive malware – US-Cert
• Man detained at Canadian border for not sharing his password – The Register
• Full recording of a Window’s phone tech support scammer – CSO Online
• New Point-of-Sale malware called LogPoS – Morphick.com
• Malicious USB devices can fry computers – The Register
• Adobe released an critical Flash update; get it – Adobe
• Congress quietly pushing through CISA bill – Wired
• The latest on Hilary Clinton’s email security issue – Business Insider
• Major vulnerability in WordPress SEO plugin – ZDNet
• Zoup soup franchise may have suffered a data breach – Dark Reading
• CIA has targeted iOS for year – The Intercept
• Malware infects router and then erases itself – TechWorld
• Hacker says he has more info from South Korean Nuclear hack – Reuters
• Kaspersky publishes more info about Equation Group (NSA?) malware – Securelist
• CryptoWall 3.0 spreads via help (.chm) files – NetworkWorld
• A new trojan can bypass CAPTCHA systems – Securelist
• Panda AV recognizes itself as malware and breaks your computer – The Register
• Think CSI: Cyber couldn’t get worse? Think again! – Gizmodo

— Corey Nachreiner, CISSP (@SecAdept)

Share This: