This week’s security news covered topics from biometrics, to nation-state cyber teams, to big data breaches, to new vulnerabilities. How’s the average network Joe to keep up? Let my weekly video help by quickly summarizing the important stuff.
Today’s show covers a US healthcare data breach, a new OpenSSL update, and the US CISA law. You’ll find it all in this week’s video, and more in the Reference section below.
(Episode Runtime: 11:23)
Direct YouTube Link: https://www.youtube.com/watch?v=nigzxITwPvI
EPISODE REFERENCES:
- Daily Security Bytes:
- HTTPS continues becoming a default
- Pinterest beefs up security with HTTPS – Venture Beat
- WatchGuard Firebox M500 keeps HTTPS safe – eWeek
- WatchGuard Infographic on accelerated security – WatchGuard
- Premera data breach
- Chinese government confirms cyber teams
- Article describing proof that China admits to cyber attack teams – The Daily Beast
- My article on how government hacking makes us all less secure – Dark Reading
- OpenSSL update not so bad
- OpenSSL update to fix critical vulnerabilities – Krebs on Security
- OpenSSL update is not as critical as first worried – Ars Technica
- The OpenSSL advisory – OpenSSL
- CISA passes first Senate step
EXTRAS:
- Popular Viner alleges that a hacker deleted all his Vines – BBC
- Snowden says Gov. will target IT admins – ZDNet
- Healthcare IoT exposes risk – Help Net Security
- More health insurers report breaches – Dark Reading
- Healthcare the new targeted vertical? – Dark Reading
- German Vice Chancellor said US threatened them over Snowden – The Intercept
- Tails (a secure OS) still vulnerable to BIOS malware – Forbes
- Bad software still found on Google Play – Betanews
- Great article on the increase InfoSec attack surface – Network World
- US gov. wants researchers to trust them about CFAA changes – Motherboard
- Is the President’s (US) fitbit a risk to his security? – IB Times
- Safari uses should update to fix 17 issues – ITPro
- DDoSers target Xbox’s latest popular online FPS – Daily Star
- Operation Woolen Goldfish targets European firms – Trend Micro
- Kaspersky allegedly has ties to Russian gov. – Bloomberg
- Litchfield finds critical Yahoo! Stores vulnerabilities – The Register
- $300 device cracks iOS passcodes in 17 hours – The Register
- Facial recognition becomes nouveau
- Alibaba to use facial recognition for payments – Ubergizmo
- Windows 10 Hello; built in biometric support – Microsoft News
- Yet, it’s still easy to trick facial recognition – Popsci
- South Korea blames North Korea for nuclear reactor hacks – Reuters
- X-Force say 1B records leaked in 2014 – ZDNet
- Malware sets records in 2014 (again) – ITPro Portal
- Google play will adopt a human vetting process – Neowin
- Will USB-C limit our ability to avoid potentially malicious USB? – The Verge
- Krebs finds another healthcare hack [PDF] – KrebsonSecurity
- PCI Security Standards site suffers from XSS – Xssposed
- Cisco to change shipping practices to avoid interdiction – The Register
- Judicial committee approves FBI remote hacks – TechDirt
- Fed says it warned Premera of security issues – Seattle Times
- China wants source code and new encryption if you bank with them – Reuters
- Why law firms are a “cyber” target – Bloomberg
- Individual apps may still be vulnerable to FREAK – V3.co.uk
- A simple fake ID evades GoDaddy security (social engineering) – CSO Online
- Techniques link healthcare hacks – Computer World
- Great post on Anthem attack techniques – Threat Connect
- Did China hack Register.com? – Reuters
- Lots of new vulnerabilities ousted at Pwn2Own – The Register
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply