Cisco Patch, Twitch Breach, and BitWhisper – WSWiR Episode 145

If you want to be the best woodchopper, you need to sometimes sharpen your tools. In information security, this mean keeping track of the latest threats, vulnerabilities, attack methods, and news. Yet, most IT folks barely have the time to go home and sleep. If you struggle to follow security news yourself, my weekly video summarizes the big stuff for you.

In this week’s episode, I cover a new unlikely attack technique, warn you about dangerous documents, and notify you of the latest router patches. See all this and more in the video below, or just follow the links in the Reference section if you prefer.

(Episode Runtime: 11:18)

Direct YouTube Link: https://www.youtube.com/watch?v=ydnP5dZCeGA

EPISODE REFERENCES:

• Monday: Twitch Account Breach – Daily Security Byte EP.50
  • Twitch account warning blog post – Twitch
  • Article on all Twitch accounts getting reset – Network World
  • Twitch makes passwords short after the breach. What!? – IT Pro
  • Twitch Attack probably included CC data – The Inquirer
• Tuesday: BitWhisper: Hacking with Heat – Daily Security Byte EP.51
  • Ben-Gurion Cyber Security lab post on Bitwhisper – BGU.ac.il
  • Great Wired article on Bitwhisper –Wired
  • What is TEMPEST – Wikipedia
  • More information and videos about TEMPEST – Climate Viewer
• Wednesday: Disregard Dangerous Documents – Daily Security Byte EP.52
  • Macro-based malware gaining traction – Help Net Security
  • Trend Micro reports on increase in macro malware –Trend Micro
• Thursday: Win2003 EoL Danger – Daily Security Byte EP.53
  • Microsoft Windows Server 2003 migration page – Microsoft
  • Death of Win2003 is a big security threat – IT Pro Portal
  • Five security risks with Win2003 EoL – CIO
• Friday: Cisco Routers Need Patching – Daily Security Byte EP.54
  • Cisco IOS admins should get the latest patch – Computer World
  • Cisco’s advisory on IOS ANS vulnerabilities – Cisco

EXTRAS:

• Car hacking history (I made this prediction in 2010) – CNET
• Canadian Government into cyber espionage too – The Intercept
• Over 700K ISP issued routers still suffer from old vulnerabilities – PC World
• Interesting OpEd on whether or not DNSSEC is worth it – The Register
• Apple seems to be removing some iOS anti-malware apps – The Register
• Windows Mobile password unmasking vulnerability – Windows Central
• Protecting the power grid – USA Today
• $60 dollar car hacking tool – Wired
• Interpol says bad guys can hide porn and malware in virtual currencies – Kaspersky
• Akamai says most 2014 attacks came from China (US a close 2nd) – Network World
• PoSeiden: Cisco finds new PoS malware – Tech Radar
• New debugger helps find integer overflow vulnerabilities – Threatpost
• Attackers can still hijack APK installers to force Android malware – PCMag
• “ISIS hacker” probably just searched google – Motherboard
• Ransomware hits New Jersey school – iDigitalTimes
• New RC4 weaknesses exposed
  • The RC4 Bar Mitzvah attack – Security Week
  • Dark Reading covers Bar Mitzvah – Dark Reading
  • Two RC4 weaknesses disclosed recently – Ars Technica
• What out for Apple-themed phishing emails – Help Net Security
• More “adult” sites (Xtube) redirecting to malware – Help Net Security
• Many hotels exposed to router vulnerability – Wired
• Blue Coat tries to cover up a security talk – Forbes
• New router malware injects Ads and porn into other websites – Digital Trends
• Another Bitcoin exchange hacked (why do ppl use it?) – ZDNet
• Github suffered a DDoS attack on Thursday – Motherboard
• Let dice help with long passphrases – Gizmodo
• Your Fitbit is probably not that secure (big surprise there) – IT Pro Portal
• Spear Phishing is the most popular APT technique – Tech Crunch
• Attackers gained access to working Google certs again – ZDNet
• Top 10 web hacking techniques of 2014 – Whitehat Security
• Unpatch Amazon XSS flaw – The Inquirer
• All browsers hacked (as usual) at Pwn2Own – BGR
• Kevin Mitnick hacked the audience at CeBIT – PC Pro

— Corey Nachreiner, CISSP (@SecAdept)

Share This: