.CN DDoS and DNS Hijacking Do you want to hear about the week's biggest InfoSec news, while learning a few security tips in the process? Well this is the weekly vlog for you. In today's video, I share a potential cause for China's recent distributed denial of service (DDoS) attack, warn about a serious vulnerability in Cisco's ACS, and explain how a hacktivist group took down … [Read more...]
WatchGuard Security Week in Review: Episode 58 – Darkleech Apache Attack
Telephony DoS, OpFreeKorea, and Darkleech What do zombie video games, North Korea, and emergency telephone systems have in common? They've all been compromised by cyber attackers this week. If you're too busy dousing IT fires to keep up with InfoSec news on your own, give our weekly security news summary a try. In this short video, I quickly highlight the biggest security … [Read more...]
WatchGuard Security Week in Review: Episode 57 – 300Gb DDoS
POS Trojans, Android Spear Phishing, and Record DDoS Extra, Extra, the Internet almost broke (no it didn't). Read... View all about it! Too much security news, and too little time? Let me summarize the highlights for you in my weekly InfoSec recap video. This week I cover two trojans targeting point-of-sale (POS) computers, a few software updates, a targeted spear phishing … [Read more...]
Cisco Patch Day: Multiple DoS Flaws in IOS
As part of their semiannual patch day, Cisco released seven security advisories describing different Denial of Service (DoS) vulnerabilities affecting the IOS software that primarily ships with their routers. The seven flaws differ technically, and lie within various IOS components, including NAT, IKE, RSVP, etc. However, most of them share the same essential scope and impact. … [Read more...]
Cisco Cooks Up Bad Passwords by Forgetting to Salt Their Hashes
Earlier this week, Cisco released a security alert describing a weakness in one of the password encryption algorithms they use on certain Cisco IOS and IOS XE devices. Devices that store user credentials tend to use hash algorithms to encrypt plaintext passwords, making it more difficult for attackers to recover those passwords if they somehow gain access t0 the hashed … [Read more...]