Did you catch all the important information security news this week? Do you know what you might learn from it? If not, watch our weekly security recap video to catch up.
Today’s episode covers yet another SSL vulnerability, explores a new Android worm, and mentions a controversy around Turbo Tax-related fraud. Watch the video for the details and check out the Reference section for more.
(Episode Runtime: 8:37 for main video with an extra at the end)
Direct YouTube Link: https://www.youtube.com/watch?v=y5dryp9wFhE
EPISODE REFERENCES:
Daily Security Bytes:
Monday: TurboTax Doesn’t Stop Fraud? – Daily Security Byte EP.35
Tuesday: Don’t FREAK Out – Daily Security Byte EP.36
Wednesday: Gazon Android Worm – Daily Security Byte EP.37
Thursday: CSI: Cyber? NOPE! – Daily Security Byte EP.38
Friday: FREAK affects Windows – Daily Security Byte EP.39
FREAK SSL Vulnerability
Official FREAK page and description – Freakattack
CVE listing for FREAK vulnerability – Mitre
Good Ars Technica write-up on the FREAK flaw – Ars Technica
FREAK affects Windows too – Microsoft Advisory
Turbo Tax fraud controversy
Whistleblowers claim Intuit doesn’t do enough to stop fraud – KrebsOnSecurity
Intuit’s response to fraud handling allegations – Intuit
Earlier interview with Intuit’s CISO – KrebsOnSecurity
Original TurboTax Fraud Security Byte – WatchGuard Blog
Gazon: Android malware SMSs Amazon card scam – AdaptiveMobile
CSI: Cyber reviews
CSI: Cyber website – CBS
Space Rogue’s review of CSI: Cyber – Space Rogue
EXTRAS:
Audience does not accept that NSA Director is a Libertarian – The Intercept
Researcher finds 0day in Seagate’s 2-Bay NAS device – Beyond Binary
A couple data/account breaches and disclosure:
Toys ‘R US warns about fraudulent account access – SC Magazine
Uber data breach leaks 50K drivers’ PII – Uber
Someone stored Uber’s secret key on Github – Ars Technica
Legally watch CitizenFour for free – ThoughMaybe
GoPro WiFi reset mechanism exposes others’ passwords – IBTimes
Device found in German Parliament Chairman’s mobile might illustrate interdiction – The Local
Latest Chrome update fixes a lot of security flaws – Threatpost
Malicious Blu-ray’s infect PCs and players – Ars Technica
The Register’s article on the Blu-ray hack – The Register
Malware authors hide C&C with Domain Shadowing – Help Net Security
Criminals use Apple Pay to leverage stolen CCs – Ars Technica
uTorrent uses your computer to mine Bitcoin – Independent
D-Link fixes a bunch of consumer router vulnerabilities – Naked Security
Apparently the FAA sucks at information security – Engadget
US mad when other governments want backdoors too – Techdirt
Do you play video games? You’ll probably become a hacker (whatever) – Huffpo
Java installs adware on macs too (no thanks Oracle) – Gizmodo
UK’s NCA shutdown 57 cyber criminals – Engadget
Canadian arrested for not handing over his password at the Border – The Register
— Corey Nachreiner, CISSP (@SecAdept)