• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

APTs, Updates, and OPM – WSWiR Episode 156

June 17, 2015 By Corey Nachreiner

Information Security is a hot topic right now; unfortunately not for all the right reasons. Nowadays, it’s not unusual to have a big data breach, new zero day malware, and a ton of security updates all in the same week. If you’re part of an IT organization that’s concerned with protecting your network, but that doesn’t have time to keep up with the deluge of InfoSec news, this weekly video is for you.

Last week’s episode covered a nasty new variant of point-of-sale (POS) malware, Microsoft and Adobe’s monthly security updates, and a significant network breach of a well-respected security company. If you want to learn about all these stories and more, watch the episode below. Also, take a peek at the Reference section if you are interested in other InfoSec items from the week.

(Episode Runtime: 13:25)

Direct YouTube Link: https://www.youtube.com/watch?v=52reUvOR6FE

Show Note: On some occasions, I will not be able to post the blog update associated with these videos immediately, even though the video is already online. If you’d like to know about the latest video as soon as it’s posted, subscribe to my YouTube channel. Also, if you want email updates for each blog post, don’t forget to subscribe to this blog in the top right corner.

EPISODE REFERENCES:

  • Monday: MalumPOS Targets Oracle MICROS – Daily Security Byte EP.93
    • Memory scraping malware targets Oracle POS systems – Network World
    • Trend Micro’s blog post on MalumPOS – Trend Micro
    • In depth white paper on MalumPOS [PDF] – Trend Micro
  • Tuesday: US Federal Sites Use HTTPS – Daily Security Byte EP.94
    • US Government makes HTTPS a federal standards – Silicon Republic
    • The HTTPS-Only standard – CIO.gov
  • Wednesday: Microsoft Posts Critical Patches – Daily Security Byte EP.95
    • Microsoft’s June Patch Day Summary Bulletin – Microsoft
    • Nice blog write up will all you need for June Patch Day – Ghacks.net
  • Thursday: Kaspersky Gets an APT – Daily Security Byte EP.96
    • Kaspersky’s network breached by nation state actors – Kaspersky blog
    • The mystery of Duqu 2.0 – Securelist
    • Duqu 2.0 FAQ [PDF] – Securelist
    • In-depth report on Duqu 2.0 [PDF] – Securelist
    • Duqu 2.0 Indicators of Compromise (IoC) – Securelist
    • Kaspersky’s Forbes editorial on Duqu 2.0 – Forbes
    • P5+1 hotels also affected by Duqu 2 – WSJ
    • Graham Cluley on the Kaspersky hack –  Graham Cluley blog
  • Friday: OPM Breach Gets Worse – Daily Security Byte EP.97
    • OPM breach is worse than first realized – The Guardian
    • 14M records stolen during OPM breach – Seattle Times
    • Federal union president says no encryption on OPM SSNs – Tech Dirt
    • Cyber criminal claims credit for OPM breach and drops emails – Motherboard
    • Good article on how using PII for authentication is bad – Network World

EXTRAS:

  • Research hacks hospital drug pumps – Wired
  • Hackers target SMBs too – NY Times
  • 80% of firms have been breached – Phys.org
  • WordPress spread Linux bot is still out there – The Register
    • More detailed article on Mumblehard – Ars Technica
  • Adware spreading through Skype – Betanews
  • US Energy sector worried about power grid attacks – Scientific America
  • Australian web provider hit by database attack – Reuters
  • FreeParking hit by DDoS – The Register
  • SEA defaces US Army web site – Raw Story
  • DDoS attacks used in Bitcoin extortion – The Register
  • Changing passwords is not enough after a breach, replace certs – Computer World
  • AUSCert speaker talks about how SDN helps security – The Register
  • Some good news. Cyber crime arrests in Europe – Reuters
  • Tech industry asks US gov. not to weaken encryption – The Guardian
  • FBI seizes computers related to celebrity photo hack – The Guardian
  • Powerliks; the fileless trojan – ZDNet
  • Ransomware and CTB Locker blow up – Business Insider
  • NK threatens US with cyber attacks – Computer World
  • Nearly all UK orgs have been breached –  Computer Weekly
  • Wikipedia added to list of sites defaulting to HTTPS – Tech Crunch
  • IE adds HTTPS Strict Transport Security – The Register

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Advanced Persistent Threat, APT, encryption, Garage door opener, hacker, Hacking, Infosec news, Japan Pension System, Nation state attackers, NSA, Office Of Personnel Management (Government Agency), OPM, People's Liberation Army (Armed Force), PLA, Security breach, Software vulnerabilities

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use