I can barely keep up with my daily work tasks and home errands; How do you expect me to know the latest information security news?
Does that sound like you? If so, this security video was designed to help. I cover an important security story every day, and then summarize them all in this quick weekly video. Check it out to keep informed.
Today’s episodes has stories about nation-state sponsored DDoS attacks, President Obama’s latest cyber security executive order, a banking trojan that relies on a phone scam, and much more. Watch the video, and check out the references for more detail.
(Episode Runtime: 12:11)
Direct YouTube Link: https://www.youtube.com/watch?v=vLUAUTvSNoQ
EPISODE REFERENCES:
- Monday: Hackers Pilfer Air Miles – Daily Security Byte EP.55
- BBC article on unauthorized British Airway account activity – BBC
- BA admits frequent flyer account hacks – V3.co.uk
- Users point out account issues on Flyertalk forums – FlyerTalk
- British Airway’s FAQ on the incident – British Airways
- Tuesday: Chinese GitHub DDoS – Daily Security Byte EP.56
- WSJ says attack comes from China due to anti-censorship tools – WSJ
- GitHub DDoS attack continues to evolve over four days – Motherboard
- GreatFire accuses Cyber Administration of China (CAC) for DDoS – Greatfire.org
- China responds to accusations – ZDNet
- Technical details around Biadu/Github hack – Netresec
- Github survives five days of DDoS – The Next Web
- Wednesday: Obama Orders Cyber Sanctions – Daily Security Byte EP.57
- White House cyber attack executive order – Whitehouse.gov
- White House’s FAQ on today’s executive order – Whitehouse.gov
- Article on President’s cyber executive order – Engadget
- Hacking is a national emergency – Motherboard
- Thursday: Google vs. CNNIC – Daily Security Byte EP.58
- Friday: The Dyre Wolf Bites – Daily Security Byte EP.59
- IBM details the Dyre Wolf banking attack campaign – Security Intelligence
- Original post on the Dyre banking trojan – Security Intelligence
- Dyre Wolf attackers still over $1M from businesses – NBC News
EXTRAS:
- DDoS against Seattle Times site too (unrelated to GitHub) – Seattle Times
- Slack suffers a data breach – Tech Central
- Uber credentials being sold on the underground market – Threatpost
- Taiwan wants to partner with US against Chinese hackers – The Diplomat
- Two Feds associated with Silk Road charged with fraud – NY Times
- DEA agent alleged to be a paid Silk Road mole – Wired
- A shooting at NSA’s gates – Motherboard
- Symantec’s blog post in their discovery – Symantec
- An “Ask Me Anything” from /r/darknetmarket moderator – Reddit
- Authorities subpoena Reddit’s Darknet market – Wired
- Great example of a phone scam – Teche Blog
- How zmap was used to scan for FREAK vulnerability – Mashable
- Puush screen sharing web app infected with malware – SC Magazine
- Checkpoint report alleging a Lebanese cyber espionage campaign [PDF] – CheckPoint
- Tuesday is World Backup Day – World Backup Day
- mDNS leveraged in DDoS attack – Network World
- YouTube closes a hole that hackers could’ve used to delete videos – ZDNet
- Criminal DarkNet (Tor) sites under attack – Forbes
- Fake PirateBay sites forcing WordPress visitors to malware – The Register
- Grab the latest Firefox (37) security update – Tom’s Hardware
- EFF says the US government still hoards 0day – The Register
- New trojan allegedly targets ME energy sector – Ars Technica
- CISA bill due to hit Senate – The Intercept
- Sony making customers pay for account fraud – Uber Gizmo
- 3rd party audit doesn’t find backdoors in NSA’s TrueCrypt – BetaNews
- Google reposts how it’s improving Android security – The Register
- Snapchat blocks 3rd party apps for security – Digital Trends
- Research finds vulns in online wind turbines – Motherboard
- Another teen pleads guilty to Value and Microsoft game hacking – The Register
- HTTPS usage could have protected Github from DDoS – Computer World
- New malware targeting energy companies
- Symantec’s original Trojan.Laziok research – Symantec
- Ars article on the energy sector trojan – Ars Technica
- Premera audit turned up vulnerabilities weeks before breach – Business Insider
— Corey Nachreiner, CISSP (@SecAdept)