Windows 0day, iCloud MitM, and Cryptowall Rises

You’re a busy IT guy that barely has time to brush your teeth before running off to work, so who has time to follow security news too? Does this sound like you? If so, let our short weekly video inform you of the most important security news in the time it takes you to enjoy your first cup of coffee.

Today’s episode covers another Microsoft zero day flaw, a recent man-in-the-middle (MitM) attack against iCloud, and the latest developments with a nasty piece of ransomware called CryptoWall. Press play below to learn about all that and more, and peruse the Reference section for other stories.

(Episode Runtime: 8:40)

Direct YouTube Link: https://www.youtube.com/watch?v=0y5lBIQ0CEI

Episode References:

• Software Updates:
  • Check out all Apple’s Security Updates for October – Apple
  • Microsoft warns of an 0day OLE vulnerability – Microsoft
    • An article talking about the OLE 0day – The Register
• Chinese actors allegedly intercepting iCloud communications – The Guardian
  • The GreatFire’s original post alleging Chinese actors responsible for iCloud MitM – Greatfire
• Malvertising used to spread CryptoWall on Yahoo, AOL, and others – Forbes
  • US-CERT releases general warning on Crypto Ransomeware – US-CERT
  • Good post on CryptoWall ransomware – Tech Republic

Extras:

• Seven Destiny video game tactics that translate to cyber security – Corey Nachreiner on HNS
• Bitcoin trader, another bitcoin company, collapses allegedly due to breach – IBTimes
• Facebook proactively searching for stolen credentials to mitigate (kudos!) – The Register
• What happened to stolen Target data? Attackers sold it – Business Insider
• Access control security company tries to hide vulnerability via legal action – Slashdot
• DHS investigating security vulnerabilities in 24 medical devices – Reuters
• 183% increase in high volume, DNS-based DDoS attacks in 2014 – CBR Online
• Beware of spam campaigns leveraging Ebola fear – Spiderlabs blog
• Misconfigured NGFW leaking NTLM credentials – The Register
• Ten Windows 10 security enhancements – Neowin
• Survey suggests 51% of UK residents have been a victim of cyber crime – IT Pro Portal
• Koler Android ransomware now spreads via SMS – TechWorld
• Ventir: Modular trojan for Mac OS X – Securelist
• Staples now investigating a potential data breach – Computing
• Intel working on TrustLite to help secure IoT – Silicon Valley Watch
• Twitter launches Digits to get rid of password (SMS auth) – Tech Crunch
• Viral marketing campaign interpreted as a DDoS attack – Computer World
• TOOL: Improve Firefox security with Metascan – Beta News
• Operation Pawn Storm – Help Net Security
• Backoff malware continues harassing PoS systems – Computer World
• Man arrested over the recent spat of ATM hackings – Computing
• Regular cyber attacks affect 40% of citizens (everyone is a target) – Computer Weekly

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Cryptowall Malvertising – WSWiR Episode 126