Did you miss last week’s security news since you were too busy keeping your network running? If so, you’re not alone. However, staying up to date with the latest threats is important, so let our short weekly security summary keep you informed. If you don’t have time to follow our daily security videos, I summarize them in this video every Monday.
Today’s episode includes a root vulnerability in popular consumer routers, a zero day Adobe Flash issue, and drone hacking. If that’s not enough, you should watch just to learn about last week’s Microsoft and Adobe patches. Watch the video for the details, and check the References section for links to other security stories from the past few weeks.
(Episode Runtime: 10:56)
Direct YouTube Link: https://www.youtube.com/watch?v=77R3I5fw9Ao
EPISODE REFERENCES:
- Monday: 0day Root Netgear Flaw – Daily Security Byte EP.156
- Attackers starting to exploit 0day Netgear router flaws – ISPreview
- Blog post on 0day Netgear authentication bypass flaw – Shellshock Labs
- Blog post on 0day Netgear command injection flaw – Shellshock Labs
- Full Disclosure post on Netgear vulnerabilities – Full Disclosure
- Tuesday: Patch Day Improves Browser Security – Daily Security Byte EP.157
- Summary post for October’s Microsoft Patch Day – Microsoft
- October’s Internet Explorer update – Microsoft
- October’s Edge update – Microsoft
- October’s Windows Jscript/VBscript update – Microsoft
- October’s Windows Shell update – Microsoft
- October’s Office update – Microsoft
- October’s Windows Kernel update – Microsoft
- Don’t forget to check out Microsoft’s new security advisories – Microsoft
- Latest security update for Adobe Flash – Adobe
- Summary post for October’s Microsoft Patch Day – Microsoft
- Wednesday: Computer Frying USB Stick – Daily Security Byte EP.158
- Researcher creates malicious USB key that fries devices (Russian) – Habrahabr
- Original USB Killer idea – Habrahabr
- Video of USB Killer 2.0 in action – YouTube
- English article about USB Killer 2.0 – Graham Cluley
- Reddit post discussion the video – Reddit
- Thursday: Flash 0day Surfaces – Daily Security Byte EP.159
- Friday: Drone Hacking – Daily Security Byte EP. 160
- Researcher post about a MAVLink vulnerability – Shellntel
- Video showing the Shellntel researchers’ attack – YouTube
- Reddit discusses a multicopter attack – Reddit
- Exploiting drones with MAVLink – Hackaday
EXTRAS:
- Obama says no to encryption backdoors, but Fed has other ways in – Wired
- Silly Chrome extension allows a “friend” to force sites on your browser – Wired
- Zhone routers, used by an unnamed ISP, are full of vulnerabilities – The Register
- Dow Jones hacked, 3500 records stolen – Slashgear
- Swatter sentenced to 1yr community service – FoxCT
- Hacking costs US firms $15M a year – CNN
- Journalist found guilty of helping Anonymous deface the Times – Motherboard
- Attackers tried to hack Clinton’s email server – Seattle Times
- Uber suspects they were hacked by Lyft – Business Insider
- Paper on a malware free “insider” attack [PDF] – Crowd Strike
- US authorities out Chinese companies that allegedly benefit from IP theft – Financial Times
- US-CERT warns about a resurgence in Dridex banking malware – US-CERT
- Microsoft plugs a XSRF hole in Outlook.com – The Register
- The Wall Street Journal’s database hacked – Engadget
- Researcher rewarded for temporarily taking over Google.com – BBC
- His Linkedin post describing how he did it – Linkedin
- “Weev” threatens prosecutors with Doxing – Motherboard
- Attackers exploit old Cisco SSL VPN flaw to install backdoor – Volexity
- Researcher finds vulnerabilities in Huawei 4G USB modems – The Register
- LoopPay hacked. Samsung Pay not affected – Digital Trends
- Kemoge: Yet another Android malware variant – Ars Technica
- A botnet that can generate “fake” listens on Spotify – Motherboard
- Malaysian student arrested for hacking for ISIS – The Register
- And he was very careless – Motherboard
- New Siri hack isn’t that big a real world threat – Wired
- Bit9 says OS X malware is exploding – Document Cloud
- Mandiant fights a very sophisticated threat actor – The Register
- UK bank plugs a pretty big security hole – The Register
- TPP could hurt security research – Slate
- Daily Mail affected by Angler kit malvertising – The Register
- Hackers steal 150K credit card records from casino – The Register
- FBI take down Dridex – ZDNet
- Yahoo offers password free sign-in – Engadget
- NSA leveraging flaw to crack crypto – Threatpost
- The value of stolen data by type – Dark Reading
- Older posts from the week before
- Biometric authentication has issues too – Forbes
- Saudi Arabia allegedly wanted to buy The Hacking Team – The Register
- Surprise, Surprise! A pirate site serves malware – The Register
- Hilton still researching if they’ve been hacked or not – The Inquirer
- Nice article on new Windows 10 security features – Expert Reviews
- Researcher finds holes in Dendroid Android exploit kit – The Register
- Researcher finds vulnerabilities in Starbucks servers – Fouad’s Blog
- PoC allows you to steal other’s keys in Amazon EC2 – Ars Technica
- Political propaganda spread via Twitter botnet – Motherboard
- Video blog on whether or not China is hacking the US – Network World
- Elevation of privilege flaws patched in TrueCrypt – Threatpost
- Apple fixes last week’s iOS lock screen bypass issue – Apple
- New report confirms ICS under attack & supply chain a weakness – Network World
- Researchers find iOS pwning vulnerability in 3rd party app – SC Magazine
- Security vulnerability puts nail in TrueCrypt’s legacy coffin – ZDNet
- Kaspersky update on the Gaza cybergang hacktivists – Securelist
- A Linux botnet capable of 150Gb DDoS attacks – Akamai
- New study shows the danger in patching late – Kenna Security
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply