Wow! This week’s been such a busy news week that the information security (InfoSec) stories kept pouring in, long after I finished this week’s video. The latest? CERT just warned about some critical vulnerabilities in NTPd, a popular network time protocol (NTP) service that many network devices and software uses. If you use NTPd, look into it (and I’ll post more soon). In the meantime, if you can’t keep up with the weekly deluge of security news, let our video summarize the important stuff for you.

Today’s episode covers a website hijacking campaign targeting WordPress plugins, a new SOHO router vulnerability called Misfortune Cookie, and a noteworthy breach affecting ICANN (the folks who manage domain names). I even throw in the latest Sony updates for good measure. Press play to learn more about those stories, but don’t forget to check out the References section too. It covers other interesting news, such as the last-minute, breaking NTPd issue.

Quick show note: I’m taking some time of for the Holidays, so I won’t be posting a video for two weeks. Have a happy holiday yourself, and I’ll see you next year.

(Episode Runtime: 12:47)

Direct YouTube Link: https://www.youtube.com/watch?v=T-gdqsB5Qiw

EPISODE REFERENCES:

• SoakSoak attackers pwn 100K WordPress blogs via plugin vulnerabilities – Ars Technica
  • Details on the old WordPress Slider Revolution vulnerability – Securi
• “Misfortune Cookie” allows attackers to take over consumer SOHO routers – Network World
  • Checkpoint’s official report on Misfortune Cookie [PDF] – Checkpoint
  • Checkpoint’s FAQ on Misfortune Cookie – Checkpoint
• ICANN breach via spear phishing email; CZDS data stolen – Threat Post
  • ICANN’s disclosure of their network breach – ICANN
• Sony Pictures Breach Updates
  • GOP, Sony attackers, promise a “Christmas Gift” – The Register
  • Sony receives a terror threat about The Interview premiere – Gizmodo
  • More details on GOP’s recent threat and leaks – Geekslop
  • Snapchat CEO affected by Sony hack – The Verge
  • GOP releases 50 Sony Pictures script – BGR
  • Clooney argues the industry should be defending Sony (they are the victim) – Deadline
  • Thoughts on media publishing Sony’s stolen data – Bloomberg
  • Latest Sony movie gossip – Gawker
  • Sony lawyers send letter warning journalists to stop publishing their data – Re/code
  • Employee’s file a class action suit against Sony for the breach – Hollywood Reporter
  • Sony officially caves to hackers terror threats – TechCrunch
  • Reactions to Sony throwing in the towel to hackers – Mashable
  • Reddit droped its Sony hack stolen file related threads – CNN
  • Watch out for attackers leveraging Sony news in scams – Help Net Security
  • White House says the Sony attack is a national security issue – Washington Post
  • Google mad at Sony’s piracy strategies (via leaked docs) – Hollywood Reporter
  • UPDATE: The FBI has confirmed that the North Korean government is involved – FBI
  • UPDATE: CERT published what appears to be the IoC info for Sony’s malware – CERT
• BREAKING UPDATE: Many network devices and Linux products affected by serious NTPd vulnerabilities – CERT
  • NTP’s advisory on the ntpd vulnerabilities (more technical detail) – NTP.org

EXTRAS:

• Chrome team to really push the use of HTTPS – Tech Dirt
• Shellshock leverage to hijack QNAP storage devices – Ars Technica
• Your personal wobble used to identify you by wearable cameras – The Verge
• Senator says a backdoor for feds is a backdoor for hackers (I agree) – LA Times
• London teen responsible for the Spamhaus DDoS – Krebs on Security
• CNN interview with ex-Anonymous & Lulsec FBI informant (Sabu)
  • Part1 – CNN
  • Part 2 – CNN
  • Part 3 – CNN
• IBtimes article hacked by Syrian Army – Business Insider
• Vulnerabilities found in Schneider ICS/SCADA software – Threatpost
• FBI warns of Iranian energy attacks – Tech World
• Xsser mobile malware still lurking around – SC Magazine
• Chrome leads the pack in browser vulnerabilities this year – PC Authority
• Bruce Schneier’s comments on the Sony hack – Motherboard
• TorrentLocker the latest ransomware affecting Europe and Australia – Silicon Republic
• The Top 10 breaches of 2014. Do you Agree? – Beta News
• Flaw in Delta’s airline software allows attackers to access someone else’s boarding pass – Uber Gizmo
• Schneier says the Snowden-effect has altered our browsing practices – Schneier Blog
• EFF challenging NSA’s surveillance practices in court – The Verge
• “Spark” is the latest modification to PoS malware – Computer World
• Ars Technica was hacked. If you have an account, change your password – Ars Technica
• “The Finest Squad” protects gamers from “The Lizard Squad” – Business Insider
• The FBI are “l33t h@x0rs” with their metasploit skills –  Wired
• Sony allegedly had learned attackers were stealing info from them a year ago – Bloomberg
• The Grinch vulnerability affects some Linux systems (local EoP) – Alert Logic
• North Korea’s Unit 121 cyber attackers – The Telegraph
• Neat video demonstration of the BadUSB attack – Gizmodo
• Severe security flaw allows attackers to read your texts – Gizmodo
• Update your Github; major vulnerability found – The Register
• ISIS developing malware? – The Register

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at ICANN Breach & More Sony – WSWiR Episode 133