• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Evasive Malware & No More Patch Day – WSWiR Episode 151

May 11, 2015 By Corey Nachreiner

In one short week there’s been two new variants of evasive malware, a zero day flaw in a popular blogging framework, some proof-of-concept GPU malware, and a major change to the biggest OS vendor’s patching cycle. How is one poor IT guy to keep up with this every changing Information Security (InfoSec) news? Don’t worry. We got you covered in our weekly InfoSec news round up!

Last week’s episode details that evasive malware and how WatchGuard helps, informs you of the important changes in Microsoft Patch Day, and warns you about the latest Lenovo security flaws. Watch the video for all the details, and check out the Reference section if you’re curious what else happened last week.

As an aside, I’m experimenting with the timing of this weekly blog post. While I will continue to post the weekly video on Friday, I will schedule this blog post the Monday after. If you’d rather see the video on Friday, be sure to subscribe to the YouTube channel.

(Episode Runtime: 14:03)

Direct YouTube Link: https://www.youtube.com/watch?v=hGEPKUqR1mU

EPISODE REFERENCES:

  • Monday: Uber Account Hacking – Daily Security Byte EP.75
    • Uber accounts hijacked in the United States – Motherboard
    • How hackers are likely cracking Uber accounts – Motherboard
    • Original Uber account hacking story from last March – Motherboard
  • Tuesday: Rombertik Destruction – Daily Security Byte EP.76
    • Cisco’s Talos group research on Rombertik – Cisco
    • General article on Rombertik – The Register
  • Wednesday: Bye Bye Patch Day – Daily Security Byte EP.77
    • Microsoft ditches their monthly Patch Day – PCMag
    • Another interesting security announcement from Ignite – Ars Technica
      • Preview Advanced Threat Analytics – Microsoft
    • Microsoft’s Ignite Conference (if you hadn’t heard of it) – Microsoft
  • Thursday: Lenovo Security Fail – Daily Security Byte EP.78
    • Security advisory detail three new Lenovo Software Update flaws – IOActive
    • Article about the latest Lenovo security fail – Gizmodo
  • Friday: WatchGuard Sees Evasive Malware – Daily Security Byte EP.79
    • Latest Dyre variant evades sandboxes – Seculert
    • Cisco’s Talos group research on evasive Rombertik – Cisco
    • How WatchGuard APT Blocker catches evasive malware (via LastLine) – LastLine

EXTRAS:

  • The FBI has a dossier on DEF CON’s “Spot the Fed” – Motherboard
  • Cyber attacks cost health industry $6B a year – Bloomberg
    • Short video on why health attacks are on the rise – Bloomberg
  • Another 0day flaw in a WordPress plug-in – ZDNet
  • WordPress also patches the older 0day flaw – Tech Spot
  • Ex-NSA researcher reiterates that Mac are vulnerable too – The Register
  • Teams release PoC trojans for GPU malware – Ars Technica
  • Latest Google & university research finds 5M adware victims – Tech Radar
  • Congress continues to push NSA backdoors despite weak public support – Tech Dirt
    • A more “colorful” article on this topic – The Register
  • More support for HTTPS everything – Phys.org
    • As well as EFF’s latest post supporting HTTPS – EFF
    • Meanwhiile, Zuckerberg won’t allow HTTPS on Internet.org – Tech Dirt
  • Chrome’s Password Alert keeps failing – Network World
  • Congress wonders why the DEA is buying hacking tools – Motherboard
  • China blames country traffic hijacking on hackers – Motherboard

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Evasive malware, Hacking, Infosec news, lenovo, Microsoft, Rombertik, Software vulnerabilities, Superfish, Uber, Uber Hacking, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use