• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

PWNed CIA, hacked Fitbit, and Fake Chrome- WSWiR Episode 167

October 26, 2015 By Corey Nachreiner

Are you feeling overwhelmed by your normal IT job, but wish you had time to keep up with information security (infosec)? No worries! Let our weekly security video fill you in. Every Monday, I quickly summarize the biggest network and information security stories from the previous week, so you can keep up with the latest threats.

Today’s episode includes a story about a teenager hacking the CIA Director’s email, a new Fitbit hack, a malicious Chrome lookalike, and lots of patches. Press play to learn more, and check the references for other stories.

(Episode Runtime: 13:27)

Direct YouTube Link: https://www.youtube.com/watch?v=aqb7WIjuv94

EPISODE REFERENCES:

  • Monday: CIA Director’s Email Hacked – Daily Security Byte EP. 161
    • Teen claims to have hacker CIA Director’s AOL account – New York Post
    • CIA Director’s personal email had documents with SSN numbers – Motherboard
    • Hacker shares some emails with Wikileaks – Wikileaks
    • UPDATE: More details on how the 20yr old did it – Wired
    • UPDATE: Brennan’s hacker doesn’t want to go to jail – Motherboard
  • Tuesday: Oracle CPU for Oct. 2015 – Daily Security Byte EP. 162
    • Oracle’s Critical Patch Update advisory for October 2015 – Oracle
    • Great blog post summarizing the most important details of Oracle’s CPU – Oracle
    • Oracle’s general security page – Oracle
  • Wednesday: Malicious Chrome Look-alike – Daily Security Byte EP. 163
    • PC Risk’s write up on the  potentially malicious eFast browser – PC Risk
    • Malware Bytes analysis on eFast’s file and URL associations – Malware Bytes
    • Article on evil Chrome-browser look-alike – Network World
  • Thursday: Apple’s October Updates – Daily Security Byte EP. 164
    • Apple’s Security page with the latest October updates – Apple
  • Friday: Overstated Fitbit Hack – Daily Security Byte EP. 165
    • The 10 second Fitbit hack – The Register
    • Fitbit vulnerability allows trackers to spread malware – Darknet
    • The actual Fitbit presentation released on Wednesday [PDF] – Hack.lu
    • The Fitbit hack PoC video – YouTube
    • The research admits limitation on Twitter – Twitter
    • Fitbit denies that malware vector too – NBC

EXTRAS:

  • You’re more likely to download something bad if you are multitasking – Phys.org
  • Researchers hack and boil over iKettles – The Register
  • Facebook will inform users of state sponsored hacking – BigThink
  • Chinese attackers allegedly already break cyber pact – CBR Online
  • HTTPS everywhere is a bit closer with free trusted certs – Lets Encrypt
  • NSA Director’s three cyber security nightmares – Business Insider
  • More threats and malware using the Dark Web to hide C&C – Motherboard
  • Tim Cook says, “No!” to backdoors in Apple encryption – Ars Technica
  • Apple identifies 256 apps collecting private data via ad SDK – Slashgear
  • Anonymous DDoSes two Japanese airports for dolphin hunting – SC Magazine
  • Sony’s settlement with employees for hack may reach $8M  – Reuters
  • How to make threat intel work for you – Computer World
  • Support scams starting to plague Mac users – Ars Technica
  • Flaw in self-encrypting HDs allow attackers to see your data – Network World
  • Hackers can “Dox” non-connected people too – NYTimes
  • Vulnerability found in a particular 1password feature – Apple Insider
  • A few companies join battle against US CISA bill – Information Week
  • Attackers DDoS and extort e-retailers in UK – Channel Register
  • Avoid fake Apple refund phishing scam – Digital Spy
  • Shakespeare can help you with strong passwords – Slate
  • Interesting research on us how we fall for cyber scams – Phys
  • CISA is advancing in US Senate – Reuters
  • Congress’ car hacking bill not going well – Motherboard
  • Cyber criminals targeting security researchers – Computing
  • LowLevel04: New ransomware spreads via RDP – Bleeping Computer
  • Bad David Pogue article about car hacking – Scientific America
    • Response article about Pogues bad reporting – Wired
  • Just for fun: Remember the old Half-Life 2 source code hack – Kotaku

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Apple, Chrome, Fitbit, Hacking, Infosec news, IoT, Netgear, Oracle, Software vulnerabilities, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use