Information Security is a hot topic right now; unfortunately not for all the right reasons. Nowadays, it’s not unusual to have a big data breach, new zero day malware, and a ton of security updates all in the same week. If you’re part of an IT organization that’s concerned with protecting your network, but that doesn’t have time to keep up with the deluge of InfoSec news, this weekly video is for you.
Last week’s episode covered a nasty new variant of point-of-sale (POS) malware, Microsoft and Adobe’s monthly security updates, and a significant network breach of a well-respected security company. If you want to learn about all these stories and more, watch the episode below. Also, take a peek at the Reference section if you are interested in other InfoSec items from the week.
(Episode Runtime: 13:25)
Direct YouTube Link: https://www.youtube.com/watch?v=52reUvOR6FE
Show Note: On some occasions, I will not be able to post the blog update associated with these videos immediately, even though the video is already online. If you’d like to know about the latest video as soon as it’s posted, subscribe to my YouTube channel. Also, if you want email updates for each blog post, don’t forget to subscribe to this blog in the top right corner.
EPISODE REFERENCES:
- Monday: MalumPOS Targets Oracle MICROS – Daily Security Byte EP.93
- Memory scraping malware targets Oracle POS systems – Network World
- Trend Micro’s blog post on MalumPOS – Trend Micro
- In depth white paper on MalumPOS [PDF] – Trend Micro
- Tuesday: US Federal Sites Use HTTPS – Daily Security Byte EP.94
- US Government makes HTTPS a federal standards – Silicon Republic
- The HTTPS-Only standard – CIO.gov
- Wednesday: Microsoft Posts Critical Patches – Daily Security Byte EP.95
- Microsoft’s June Patch Day Summary Bulletin – Microsoft
- Nice blog write up will all you need for June Patch Day – Ghacks.net
- Thursday: Kaspersky Gets an APT – Daily Security Byte EP.96
- Kaspersky’s network breached by nation state actors – Kaspersky blog
- The mystery of Duqu 2.0 – Securelist
- Duqu 2.0 FAQ [PDF] – Securelist
- In-depth report on Duqu 2.0 [PDF] – Securelist
- Duqu 2.0 Indicators of Compromise (IoC) – Securelist
- Kaspersky’s Forbes editorial on Duqu 2.0 – Forbes
- P5+1 hotels also affected by Duqu 2 – WSJ
- Graham Cluley on the Kaspersky hack – Graham Cluley blog
- Friday: OPM Breach Gets Worse – Daily Security Byte EP.97
- OPM breach is worse than first realized – The Guardian
- 14M records stolen during OPM breach – Seattle Times
- Federal union president says no encryption on OPM SSNs – Tech Dirt
- Cyber criminal claims credit for OPM breach and drops emails – Motherboard
- Good article on how using PII for authentication is bad – Network World
EXTRAS:
- Research hacks hospital drug pumps – Wired
- Hackers target SMBs too – NY Times
- 80% of firms have been breached – Phys.org
- WordPress spread Linux bot is still out there – The Register
- More detailed article on Mumblehard – Ars Technica
- Adware spreading through Skype – Betanews
- US Energy sector worried about power grid attacks – Scientific America
- Australian web provider hit by database attack – Reuters
- FreeParking hit by DDoS – The Register
- SEA defaces US Army web site – Raw Story
- DDoS attacks used in Bitcoin extortion – The Register
- Changing passwords is not enough after a breach, replace certs – Computer World
- AUSCert speaker talks about how SDN helps security – The Register
- Some good news. Cyber crime arrests in Europe – Reuters
- Tech industry asks US gov. not to weaken encryption – The Guardian
- FBI seizes computers related to celebrity photo hack – The Guardian
- Powerliks; the fileless trojan – ZDNet
- Ransomware and CTB Locker blow up – Business Insider
- NK threatens US with cyber attacks – Computer World
- Nearly all UK orgs have been breached – Computer Weekly
- Wikipedia added to list of sites defaulting to HTTPS – Tech Crunch
- IE adds HTTPS Strict Transport Security – The Register
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply