As if every week wasn’t busy enough with new information security (InfoSec) news, this week was the RSA Conference, which brings with it a whole new batch of security news. If you find yourself struggling to keep up, follow my daily or weekly videos to get a quick summary of the latest relevant news.
This week, I was too busy at the RSA Conference to post my daily videos, but you can still catch some of the week’s news in today’s summary episode. In it, I cover the latest updates about the White House breach, I share some interesting tidbits from an RSA PoS security presentation, and I point out some great new research highlighting a side-channel attack that affect most web browsers. Watch the video for the details, and check out the references for more stories.
As an aside, I will be attending another industry conference next week as well, so I may not be able to post my regular Daily Security Byte. However, I’ll still post a weekly video at the very least. I’ll continue with the Daily Bytes the week following next. Have a great weekend, and stay safe out there.
(Episode Runtime: 7:20)
Direct YouTube Link: https://www.youtube.com/watch?v=gGqDplwMJA4
EPISODE REFERENCES:
- Latest updates on WhiteHouse and State Department Breaches
- RussianDoll campaign uses 0day, and related to APT28 – FireEye
- Kaspersky disects CozyDuke malware – Securelist
- Trend Micro covers Operation Pawn Storm – Trend Micro
- FireEye releases APT28 report on russian cyber actors – FireEye
- Reuter’s article on the RussianDoll 0day – Reuters
- PoS Vendor uses default password since 1990s
- The Point of Sale is a PoS presentation [PDF] – RSA Conference
- Major unnamed PoS systems use same password (RSA) – The Register
- Google search suggests the PoS vendor is Verifone – Computer World
- The Spy in the Sandbox
EXTRAS:
- Brute Logic denied bounty for 32 Groupon XSS vulnerabilities – BetaNews
- Verizon’s Latest Breach report says phishing accounts for most attacks – TechDirt
- Verizon’s 2015 Data Breach Report – Verizon
- A NASA scientists pleas against the Federal HTTPS Only campaign – Github
- The federal HTTPS-Only standard proposal – CIO.gov
- An evil WiFi network can lock your iOS device (RSA) – SkyCure
- RSA CEO says the security industry has failed to protect (RSA) – Tech Radar
- FBI sends alert to airlines after a researcher is banned for a joke – BBC
- SANS directors offers three technologies that prevent breaches (RSA) – Search Security
- Homeland Security still against encryption (RSA) – Digital Trends
- “Aaron’s Law” is going through Congress again – Naked Security
- Two “cyber security” bills pass through the US House (like CISA) – Network World
- FireEye researcher finds flaw to pull fingerprints from Samsung phones – Forbes
- Sony breach may have been caused by Apple ID phishing emails – Computer World
- The patched “rootpipe” vulnerability is still exploitable in OS X – Tech Spot
- 1500 iOS apps still suck at HTTPS – Ars Technica
- Fox-IT develops signatures to help detect Quantum Insert – Fox-IT