Patches, APT Gangs, and Sony Wikileaks- WSWiR Episode 148

Want to know what went on this week in the InfoSec world? Well then, check out my weekly security news recap video. This week I cover a ton of software security patches, news of China’s DDoS and man-in-the-middle tool, and the latest drama in the Sony breach saga. Press play to learn more, and enjoy your weekend.

(Episode Runtime: 13:25)

Direct YouTube Link: https://www.youtube.com/watch?v=uBeOUz40tws

EPISODE REFERENCES:

• Monday: China’s Great Cannon – Daily Security Byte EP.65
  • Citizen Lab researchers uncover China’s Great Cannon – CitizenLab
  • Ars Technica on the Great Cannon – Ars Technica
  • Motherboard covers China’s Great Cannon – MotherBoard
• Tuesday: Patches, Patches Everywhere- Daily Security Byte EP.66
  • Consolidated alert covering Microsoft’s April Patch Day – WatchGuard Blog
  • Adobe’s Patch Day
    • Flash security bulletin – Adobe
    • ColdFusion security bulletin – Adobe
    • Flex security bulletin – Adobe
  • Oracle’s Critical Patch Update (CPU) for April – Oracle
  • Google fixes dozens of Chrome vulnerabilities – ThreatPost
• Wednesday: APT Spy vs. Spy – Daily Security Byte EP.67
  • Kaspersky’s report on Naikon vs Hellsing – Securelist
  • Article on the rival APT gangs – Ars Technica
• Thursday: Wikileaks Spread Sony Dirt – Daily Security Byte EP.68
  • Wikileaks creates searchable database of stolen Sony files – The Seattle Times
  • Sony condemns Wikileaks for leak – Reuters
  • Sony breach investigators interviewed on 60 minutes – TechTarget
• Friday: Match.com InfoSec Fail – Daily Security Byte EP.69
  • Reporter demonstrates clear text login for Match.com – Ars Technica
  • Twitter users tips Ars reporter to the issue – Twitter
  • Not sure how long the issue has gone on – Twitter
  • Netflix to default to HTTPS – Ars Technica

EXTRAS:

• Security researcher yanked from a plane by FBI after making a hacking joke – Network World
  • CNN’s article on the incident – CNN
• Oracle Quarterly Patch Day; 98 flaws fixed – Oracle
• Decade long Chinese cyber espionage campaign (APT 30( [PDF] – FireEye
• Cylance finds an new SMB weakness – Reuters
• Schneier really things IoT security is a disaster – Network World
• Web app attacks, PoS malware, and cyber espionage lead the threat landscape – Computer World
• Five out of six companies targeted by cyber attacks – Computer Weekly
• Voting machines are hackable again (no surprise) – The Guardian
• The latest airplanes are hackable story – Reuters
• 90% of security events are user based – Computer World
• Punkey: New PoS malware – Betanews
• 0day exploits sold on the Dark Web (old news) – Wired
• Google not paying back a customer for cyber fraud – The Register
• Google moving ads to HTTPS too – TechCrunch
• Evasive new banking malware – PC Advisor
• Sounds like CSI:Cyber is still bad – Gizmodo
• Kaspersky can decrypt CoinVault ransomware – Extremetech
• MineCraft DoS vulnerability – Ubergizmo
• DEA buying suspect off-the-shelf malware – Gizmodo
• Simda botnet takedown! – Ars Technica
• White House pushing for crypto backdoor – TechDirt
• Small Banks targeted by cyber attackers – Third Certainty
• Verizon says mobile threats are overblown – Engadget

— Corey Nachreiner, CISSP (@SecAdept)

Share This: