MS Patch Day, DarkHotel, and iOS Masque

Too much Information Security (InfoSec) news, too little time? I sometimes feel the same way. If you don’t have time to keep up yourself, why not watch our weekly InfoSec video to catch the highlights.

This week, I share the highlights from Microsoft Patch Day, talk about a targeted attack preying on executives in hotels, and warn of a new vulnerability that affects anyone with an iPhone or iPad. Click play below to learn all about it, and check out other stories from the week in the Extras section below.

Stay vigilant online and enjoy your weekend!

(Episode Runtime: 12:39)

Direct YouTube Link: https://www.youtube.com/watch?v=MwxEksw3j-Q

EPISODE REFERENCES:

• Patch Day:
  • Microsoft’s November Patch Day summary – WatchGuard Blog
  • Adobe’s November Flash Security update – WatchGuard Blog
• DarkHotel: Attack campaign targets hotel guests – Wired
  • Kaspersky’s full DarkHotel report [PDF] – Kaspersky
  • Kaspersky’s DarkHotel blog post – Securelist
  • Kaspersky’s DarkHotel video – YouTube
  • DarkHotel indicators of compromise (IoC) report – Kaspersky
• iOS Masque Attack replaces legitimate apps with malware – FireEye
  • iOS Masque demo video – YouTube

EXTRAS:

• Mobile phones fall like flies to Mobile Pwn2Own competition hacking – Ars Technica
  • NFC (for wireless payment) a primary culprit for mobile flaws – The Register
• US Postal Service (USPS) hacked; 800K employee records stolen – Time
• Attackers hack US weather system and cause a week of downtime – Washington Post
• Latest version of OS X, Yosemite, share more data than most suspect – LifeHacker
• Google study shows almost half their employees would fall for good phishing [PDF] – Google
• Some minor DoS vulnerabilities in Pidgin chat client – The Register
• Onion (Tor) site adminss share info on how authorities “decloaked” them – Ars Technica
• Over 6.5M social security numbers stolen this year – CNN
• Convicted hacker shares his story and his horrible password – Phys.org
• Microsoft updates EMET security tool to version 5.1 – Microsoft
• New book says Stuxnet infected five targets before Natanz – Ars Technica
• Latest DNS reflection DDoS technique stuffs traffic with White House PR – Akamai
• More than half of government breaches due to user security mistakes – Mashable
• How the FBI’s MLK suicide letter demonstrates the threat of unchecked surveillance – EFF
• EFF alleges that some ISP are trying to strip customer’s email encryption – EFF
• Yet another shady (IMHO) company selling 0day for use in attacks – The Slate
• Should we be trusting the CNNIC root certificate? – Tech Dirt
• With the latest Microsoft Schannel issue, all major TLS stacks have had issues this year – The Register
• Tibetan monks translate Buddists’ “non-attachment” belief to the cyber age – Top Tech News
• The psychology behind an “insider” turning malicious – Computer World
• Who needs zero day to hack when you have bombs – Gizmodo
• More proof that advanced techniques trickle down to average criminals – The Register
• On average, DDoS attacks cost victims $500K –  CBR Online

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at DarkHotel & iOS Masque – WSWiR Episode 129