If you want to be the best woodchopper, you need to sometimes sharpen your tools. In information security, this mean keeping track of the latest threats, vulnerabilities, attack methods, and news. Yet, most IT folks barely have the time to go home and sleep. If you struggle to follow security news yourself, my weekly video summarizes the big stuff for you.
In this week’s episode, I cover a new unlikely attack technique, warn you about dangerous documents, and notify you of the latest router patches. See all this and more in the video below, or just follow the links in the Reference section if you prefer.
(Episode Runtime: 11:18)
Direct YouTube Link: https://www.youtube.com/watch?v=ydnP5dZCeGA
EPISODE REFERENCES:
Monday: Twitch Account Breach – Daily Security Byte EP.50
Twitch account warning blog post – Twitch
Article on all Twitch accounts getting reset – Network World
Twitch makes passwords short after the breach. What!? – IT Pro
Twitch Attack probably included CC data – The Inquirer
Tuesday: BitWhisper: Hacking with Heat – Daily Security Byte EP.51
Ben-Gurion Cyber Security lab post on Bitwhisper – BGU.ac.il
Great Wired article on Bitwhisper -Wired
What is TEMPEST – Wikipedia
More information and videos about TEMPEST – Climate Viewer
Wednesday: Disregard Dangerous Documents – Daily Security Byte EP.52
Macro-based malware gaining traction – Help Net Security
Trend Micro reports on increase in macro malware -Trend Micro
Thursday: Win2003 EoL Danger – Daily Security Byte EP.53
Microsoft Windows Server 2003 migration page – Microsoft
Death of Win2003 is a big security threat – IT Pro Portal
Five security risks with Win2003 EoL – CIO
Friday: Cisco Routers Need Patching – Daily Security Byte EP.54
Cisco IOS admins should get the latest patch – Computer World
Cisco’s advisory on IOS ANS vulnerabilities – Cisco
EXTRAS:
Car hacking history (I made this prediction in 2010) – CNET
Canadian Government into cyber espionage too – The Intercept
Over 700K ISP issued routers still suffer from old vulnerabilities – PC World
Interesting OpEd on whether or not DNSSEC is worth it – The Register
Apple seems to be removing some iOS anti-malware apps – The Register
Windows Mobile password unmasking vulnerability – Windows Central
Protecting the power grid – USA Today
$60 dollar car hacking tool – Wired
Interpol says bad guys can hide porn and malware in virtual currencies – Kaspersky
Akamai says most 2014 attacks came from China (US a close 2nd) – Network World
PoSeiden: Cisco finds new PoS malware – Tech Radar
New debugger helps find integer overflow vulnerabilities – Threatpost
Attackers can still hijack APK installers to force Android malware – PCMag
“ISIS hacker” probably just searched google – Motherboard
Ransomware hits New Jersey school – iDigitalTimes
New RC4 weaknesses exposed
The RC4 Bar Mitzvah attack – Security Week
Dark Reading covers Bar Mitzvah – Dark Reading
Two RC4 weaknesses disclosed recently – Ars Technica
What out for Apple-themed phishing emails – Help Net Security
More “adult” sites (Xtube) redirecting to malware – Help Net Security
Many hotels exposed to router vulnerability – Wired
Blue Coat tries to cover up a security talk – Forbes
New router malware injects Ads and porn into other websites - Digital Trends
Another Bitcoin exchange hacked (why do ppl use it?) – ZDNet
Github suffered a DDoS attack on Thursday – Motherboard
Let dice help with long passphrases – Gizmodo
Your Fitbit is probably not that secure (big surprise there) – IT Pro Portal
Spear Phishing is the most popular APT technique – Tech Crunch
Attackers gained access to working Google certs again – ZDNet
Top 10 web hacking techniques of 2014 – Whitehat Security
Unpatch Amazon XSS flaw – The Inquirer
All browsers hacked (as usual) at Pwn2Own – BGR
Kevin Mitnick hacked the audience at CeBIT – PC Pro
— Corey Nachreiner, CISSP (@SecAdept)
