• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

iOS Bounties, Android Auto-root, and Guy Fawkes Day – WSWiR Episode 168

November 9, 2015 By Corey Nachreiner

Nowadays, each week has more information security news that we used to have each month. If you find yourself falling behind, and need a shortcut to stay informed, this is the weekly video for you. Every Monday, I summarize our daily security video from last week.

Today’s episode covers a new Android malware variant, an iOS zero day that’s bad for the industry, a couple hacktivism campaigns, and more. Watch the YouTube video for all the details, and check out the references below to learn more.

(Episode Runtime: 13:13)

Direct YouTube Link: https://www.youtube.com/watch?v=z7Xgnd8CHQ8

EPISODE REFERENCES:

  • Monday: 000Webhost has 000 Security – Daily Security Byte EP. 169
    • 13M+ password leaked from popular web hosting company – Forbes
    • Original blog disclosing the 000webhost breach – Troy Hunt
    • 000Webhost’s breach due to outdated PHP – Computer Weekly
  • Tuesday: Claimed iOS Bounty is Bad News – Daily Security Byte EP. 170
    • Vulnerability researchers claim a $1M iOS 9.1 hack bounty – Motherboard
    • iOS bounty claimed, but Apple won’t be informed – Wired
    • The original iOS 9 hack bounty – Zerodium
  • Wednesday: vBulletin Breach and 0day – Daily Security Byte EP. 171
    • vBulletin’s site and forum software hacked – Ars Technica
    • vBulletin asks users to reset password – vBulletin
    • vBulletin released patch for forum software – vBulletin
    • Researcher discloses his vBulletin RCE vuln – Twitter
      • His actual Pastie disclosure – Pastie
    • Hacker claims responsibility for breach – The Admin Zone
    • Coldzer0 attempts to sell vBulletin 0day – oday.today
    • Video demonstrating the vBulletin exploit –  YouTube
  • Thursday: Auto-rooting Android Malware – Daily Security Byte EP. 172
    • Three Android malware families quietly roots phones and digs in – Ars Technica
    • Researcher’s blog post describing these new Android threats – Lookout
  • Friday: Guy Fawkes Day Hacktivism – Daily Security Byte EP. 173
    • Anonymous Doxxes 1000 alleged KKK members as part of #OpKKK – ZDNet
    • Anonymous threatens #OpKKK on Nov. 5th: Epic fail – USA Today
    • CWA doxxed more government employees – Motherboard
    • CIA Director hackers break into arrest database – Wired
    • Information about Guy Fawkes night – Wikipedia

EXTRAS:

  • 11yr old girl will give you a secure password for $2 – The Telegraph
  • CISA passes the Senate despite privacy issues – Wired
  • Big tech companies don’t like CISA either – CNN
  • EFF unveils vulnerabilities in automatic license plate readers – EFF
  • Can humanity build a computer security AI? – TechCrunch
  • BGP is still a security risk (nothing new here) – SC Magazine
  • Nice article on man-in-the-middle attacks – Network World
  • Millions of passwords leaked from a free web hoster – Forbes
  • Lots of issues with SSL certificate revocation systems – Phys
    • Google warns Symantec to clean up certificates – Ars Technica
  • More browser vulnerabilities allow for zombie cookies –  Ars Technica
  • Duuzer trojan seems to target South Korean manufacturing industry – Computer World
  • Strengthen your security with passive DNS – Network World
  • It’s ok to hack stuff you own for research – Wired
  • NSA director says state sponsored attacks increasing – Time
  • Tennis star recommends affirmations as passwords – Wired
  • Chipped cards get hacked too – Network World
  • DARPA keeping an eye on security researchers – Motherboard
  • A third of stolen cars in France were hacked – Telegraph
  • UK to ban strong encryption on social sites – The Telegraph
  • No three arrested in association with the TalkTalk hack – Dark Reading
  • Citrix patches some serious (and old) Xen vulnerabilities – The Register
  • Researchers collect the $1M iPhone root vulnerability bounty – Forbes
  • Zerodium to pay a $1M iOS hack bounty – Motherboard
  • Apple doesn’t approve security conference app because of hacking talks – The Register
  • Fascinating piece on ex-employees of The Hacking Team – Motherboard
  • Will ransomware threaten to disclose your files publicly? – Tripwire Blog
  • DMCA exemptions allow hacking for security research – SC Magazine
  • British Gas data breach affects 2200 customers – IBTimes
  • UK national arrested in association with DroidJack – BBC
  • Cyber criminals suck at information security too – The Register
  • CCTV (or Linux) botnet DDoSes victims – Incapsala
  • Anti-adblocker CDN hijacked and served malicious fake Flash update – The Register
  • KeeFarce targets popular password manager – Ars Technica
  • Latest Android update fixes 23 vulns including another “Stagefright” – Forbes
  • Researchers find new Windows flaw that bypasses EMET – Threatpost
  • Cryptowall’s revenue may go to one criminal group – PC World
  • Backdoor found in Chinese iOS ad SDK – Threatpost
  • UK government wants to increase surveillance – The Intercept
  • Tinba still spreading, and targeting Japanese and Russian banks – Threatpost
  • FBI is budging a bit on back doors. Servants to the people – Ars Technica
  • Longest DDoS attack lasted 320 hours – IT Pro
  • Signing malware with valid certs has become an underground service – The Register
  • XcodeGhost still lurking, this time on US Appstore – Dark Reading
  • Google’s project Zero found 11 vulnerabilities in latest Samsung phone – The Inquirer
  • White House reveals the Cybersecurity Strategy Implementation Plan (CSIP) – WhiteHouse.gov
  • U.S. Officials targeted by cyber attacks after Iranian hacker’s arrest – Reuters
  • Hackers pull heist on a heist video game over microtransactions – Motherboard
  • Details surface about two older gambling payment processor breaches – Forbes
  • Like the NSA, MI5 uses hacking for investigations – Motherboard
  • 14yr old Japanese boy arrested for having the Zeus trojan (video) – NBC News
  • Apparently, CIA Director’s email hackers are targeting others – Motherboard
  • Good article asking if we learned from Stuxnet – Dark Reading
  • Proton email suffers DDoS and pays extortionists $6000 in bitcoin – Forbes
  • A look at the person modeled for the CSI:Cyber character – Telegraph
  • Finfisher government spyware company still alive and well – Motherboard

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Anonymous, Apple, data, Google, Guy Fawkes, Hacking, hacktivism, Infosec news, Malware, OpKKK, Security breach, Software vulnerabilities, Updates and patches, vBulletin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use