Grounded Airline, Snowden Leak, and Mr. Robot – WSWiR Episode 158

If you’re feeling behind on critical information security news, you’re not alone. There are so many new InfoSec stories each week that only a dedicated few can keep up with the latest. If you need a little help following what’s important, let our weekly security news summary video keep you informed.

Last Friday’s episode covered an 0day Flash flaw, the latest Snowden leak, my review of a cool new infosec related show, and more. Watch the video below for the details, and check out the References section for other stories.

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=cvZCDHCc4ec

EPISODE REFERENCES:

• Monday: Hackers Ground Airline – Daily Security Byte EP.101
  • Attackers ground 1400 passengers in Warsaw – Reuters
  • Polish airline delays 10 planes due to cyber attack – Gizmodo
  • The attack against LOT could affect all airlines – Wired
• Tuesday: Spam Spreads 0day Flash Exploit – Daily Security Byte EP.102
  • Adobe releases out-of-cycle Flash update for 0day – Adobe
  • Alleged Chinese threat actors exploiting 0day Flash flaw – Forbes
  • Researchers write-up on Operation Clandestine Wolf – FireEye Blog
  • FireEye’s IoC for APT3 group – Github
• Wednesday: Nation States Spy on AV Vendors – Daily Security Byte EP.103
  • Latest Snowden leak accuses NSA/GCHQ of hacking/reversing AV– The Intercept
• Thursday: Ransomware Costs $18M – Daily Security Byte EP.104
  • Cyber criminal make over $18M from ransomware – Ars Technica
  • FBI’s official warning about ransomware – IC3.gov
• Friday: Mr. Robot Rocks! – Daily Security Byte EP.105
  • USA Network streams pilot of Mr. Robot of free – USA Network
  • Mr. Robot brings security paranoia to the mainstream – Ars Technica
  • Why you need to be watching Mr. Robot – Gizmodo

EXTRAS:

• Great long form article on L0pht – The Washington Post
• Uber collects location data with app is in the background – Ars Technica
• AV-Test audits wearable devices’ security posture – Graham Cluley
• Latest OPM Updates
  • Latest details about the OPM data breach – Ars Technica
  • Alleged analysis of how the OPM hack happened – Threat Connect
  • John McAfee’s thoughts on the OPM breach and AV – IBTimes
  • Richard Clarke has strong feelings on the OPM breach response – CNN
  • OPM attackers got FBI files too – Business Insider
  • OPM director says they are trying hard – Ars Technica
• Make sure you get Chrome’s security updates with auto-update – ThreatPost
• Wireless pita bread device sniffs leaked radio emissions – BBC
• UK Big Brother celeb’s Twitter feed hacked – Naked Security
• Was the first live hack on BBC in 1983? – Motherboard
• New password reset scam social engineers your SMS token – Symantec
• Analysis of ChinaZ, new Chinese Linux malware – MMD Blog
• FBI says crypto ransomware has made criminals over $18M in the US – Ars Technica
• Government log in details found all over the web – Wired
• Android accounts for 97% of mobile malware – The Inquirer
• Blackshades RAT author gets 5yrs in prison – NY Post
• “A Tech Dad’s” tool automatically emails password leak victims – Motherboard
• FUN: Funny skit on North Korea hacking a company – The Next Web
• ESET AV users should patch immediately – The Register
• Emoji passwords probably won’t catch on – Motherboard
• Research find many flaws in Font driver, but already patched – J00ru blog
• Anonymous claims to have leaked credit card info of Canadian officials – Motherboard
• Facebook can identify you without you face – Slate
• Cybercrime has gotten more organized – CSO Online
• Inside the Sony Pictures hack – Fortune
• Facebook’s AI chief on facial recognition – Motherboard
• Java updater still includes crapware – ZDNet
• Lots of government passwords leaked – BGR
• Researcher finds lots of font parsing vulnerabilities – J00ru Blog

— Corey Nachreiner, CISSP (@SecAdept)

Share This: