I can barely keep up with my daily work tasks and home errands; How do you expect me to know the latest information security news?
Does that sound like you? If so, this security video was designed to help. I cover an important security story every day, and then summarize them all in this quick weekly video. Check it out to keep informed.
Today’s episodes has stories about nation-state sponsored DDoS attacks, President Obama’s latest cyber security executive order, a banking trojan that relies on a phone scam, and much more. Watch the video, and check out the references for more detail.
(Episode Runtime: 12:11)
Direct YouTube Link: https://www.youtube.com/watch?v=vLUAUTvSNoQ
EPISODE REFERENCES:
Monday: Hackers Pilfer Air Miles – Daily Security Byte EP.55
BBC article on unauthorized British Airway account activity – BBC
BA admits frequent flyer account hacks – V3.co.uk
Users point out account issues on Flyertalk forums – FlyerTalk
British Airway’s FAQ on the incident – British Airways
Tuesday: Chinese GitHub DDoS – Daily Security Byte EP.56
WSJ says attack comes from China due to anti-censorship tools – WSJ
GitHub DDoS attack continues to evolve over four days – Motherboard
GreatFire accuses Cyber Administration of China (CAC) for DDoS – Greatfire.org
China responds to accusations – ZDNet
Technical details around Biadu/Github hack – Netresec
Github survives five days of DDoS – The Next Web
Wednesday: Obama Orders Cyber Sanctions – Daily Security Byte EP.57
White House cyber attack executive order – Whitehouse.gov
White House’s FAQ on today’s executive order – Whitehouse.gov
Article on President’s cyber executive order – Engadget
Hacking is a national emergency – Motherboard
Thursday: Google vs. CNNIC – Daily Security Byte EP.58
Blog post on unauthorized Google certificates and CNNIC involvement – Google
Article about Google removing CNNIC CA from Chrome – The Verge
Friday: The Dyre Wolf Bites – Daily Security Byte EP.59
IBM details the Dyre Wolf banking attack campaign – Security Intelligence
Original post on the Dyre banking trojan – Security Intelligence
Dyre Wolf attackers still over $1M from businesses – NBC News
EXTRAS:
DDoS against Seattle Times site too (unrelated to GitHub) – Seattle Times
Slack suffers a data breach – Tech Central
Slack’s advisory, they handle the breach well, IMHO – Slack
Uber credentials being sold on the underground market – Threatpost
Taiwan wants to partner with US against Chinese hackers – The Diplomat
Two Feds associated with Silk Road charged with fraud – NY Times
DEA agent alleged to be a paid Silk Road mole – Wired
A shooting at NSA’s gates – Motherboard
Symantec’s blog post in their discovery – Symantec
An “Ask Me Anything” from /r/darknetmarket moderator – Reddit
Authorities subpoena Reddit’s Darknet market – Wired
Great example of a phone scam – Teche Blog
How zmap was used to scan for FREAK vulnerability – Mashable
Puush screen sharing web app infected with malware – SC Magazine
Checkpoint report alleging a Lebanese cyber espionage campaign [PDF] – CheckPoint
Tuesday is World Backup Day – World Backup Day
mDNS leveraged in DDoS attack – Network World
YouTube closes a hole that hackers could’ve used to delete videos – ZDNet
Criminal DarkNet (Tor) sites under attack – Forbes
Fake PirateBay sites forcing WordPress visitors to malware – The Register
Grab the latest Firefox (37) security update – Tom’s Hardware
EFF says the US government still hoards 0day – The Register
New trojan allegedly targets ME energy sector – Ars Technica
CISA bill due to hit Senate – The Intercept
Sony making customers pay for account fraud – Uber Gizmo
3rd party audit doesn’t find backdoors in NSA’s TrueCrypt – BetaNews
Google reposts how it’s improving Android security – The Register
Snapchat blocks 3rd party apps for security – Digital Trends
Research finds vulns in online wind turbines – Motherboard
Another teen pleads guilty to Value and Microsoft game hacking – The Register
HTTPS usage could have protected Github from DDoS – Computer World
New malware targeting energy companies
Symantec’s original Trojan.Laziok research – Symantec
Ars article on the energy sector trojan – Ars Technica
Premera audit turned up vulnerabilities weeks before breach – Business Insider
— Corey Nachreiner, CISSP (@SecAdept)