Do you want to know about the latest security threats, but find yourself too busy solving business critical IT problems to keep up to date? Well maybe our videos can help. This weekly video summarizes the most interesting InfoSec news from the week. Or if you prefer, you can catch the shorter dailies.
Last Friday’s episode covered a cracked cloud password vault, an unusual baseball franchise data breach, and a couple threats affecting the most popular mobile platforms. Press play in the window below to learn more.
(Episode Runtime: 9:19)
Direct YouTube Link: https://www.youtube.com/watch?v=n1fnylUcBzk
EPISODE REFERENCES:
- Monday:LastPass Hacked – Daily Security Byte EP.98
- Thursday: Baseball Cyber Espionage – Daily Security Byte EP.99
- Original article about the Astros data breach – NY Times
- How the baseball attack is similar to nation state attacks – The Washington Post
- Baseball gets a rude awakening to the age of cyber espionage – Five Thirty Eight
- Friday:Two Mobile Platform Threats – Daily Security Byte EP.100
- Researcher disclose vulnerabilities to steal iOS and OS X passwords – MacRumors
- XARA password stealing flaws – ThreatPost
- What you need to know about XARA – iMore
- A detailed, layman friendly, description of the XARA flaws – iMore
- The complete XARA research paper (very technical) [PDF] – Google Drive
- 600M Samsung mobiles vulnerable to new vulnerability – BGR
- Samsung promises to fix the flaw – Samsung Tomorrow
- Many Android apps fail at HTTPS login – Ars Technica
EXTRAS:
- OPM breach allegedly tied to Chinese intelligence – Reuters
- Sites not moving to HTTPS have no excuse – ZDNet
- Reddit defaults to HTTPS – SC Magazine
- A 2015 botnet research report [PDF] – Level 3
- Duqu 2.0 allegedly uses a stolen signature from Foxconn – Ars Technica
- Interesting documentary on Romania’s Hackerville – Motherboard
- Drupal fixes critical OpenID vulnerabilities – The Register
- Anonymous DDoSes Canadian government web sites – NBC
- The Sunday Times claims Snowden leaks docs to Russia: Others disagree – Ars Technica
- Stegoloader hides malicious communications in images – IT Pro Portal
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply