Emergency Windows Patch, Malware Vs. Passwords, and #OpKKK

Nowadays, researchers, hackers, and the media bombard us with tons of information security (InfoSec) news each week. There’s so much, it’s hard to keep up—especially when it’s not your primary job. However, I believe everyone needs to be aware of the latest InfoSec threats. If you want to protect your network, follow our weekly video so I can quickly get you up to speed every Friday.

Today’s episode covers a critical out-of-cycle Microsoft patch, talks about the latest updates to a nasty piece of mobile malware, and explores the ethical issues surrounding a recent Anonymous attack campaign, Operation KKK. Press play for the details, and see the references below for more stories.

As an aside, after shooting this week’s video, I learned attackers may have stolen a bunch of passwords from many popular online services. It may be a hoax, but if you use Windows Live, PSN, or 2K Games, you should probably change you password… just to be safe. Have a great weekend!

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=XUsqxsHvVZc

EPISODE REFERENCES:

• Microsoft Out-of-Cycle patch fixed Windows AD Server flaw – WatchGuard Blog
• Citadel Targets Password Vaults – Ars Technica
  • Original IBM research on the Citadel variant updates – Security Intelligence
• Anonymous pwns KKK for Ferguson comments – ZDNet
  • MSNBC about Anonymous and #OpKKK – MSNBC
• BREAKING: A hacker group claims to have stolen PSN, Windows Live, and 2K Games credentials – PasteBin
  • However, it could be a hoax – The Guardian

EXTRAS:

• NotCompatible variant, an Android botnet, gets more dangerous – Lookout Blog
• State Dept. Hacked; Related to White House Attack? – NYTimes
• Citadel variant targets password vaults – ThreatPost
• Let’s Encrpyt offers free certificates to encourage web encryption – Betanews
• Beware the naked shark attack scam on Facebook – IBTimes
• Fasthosts down for five hours due to DDoS attack – The Register
• The FBI’s most wanted cyber criminals – CNN
• Chinese authorities arrest three suspects over Wirelurker malware – BBC
• Private PoC released for WinShock vulnerability (hard to exploit) – The Register
• Q3 2014 breaches by the numbers – HNS
• Chrome 39 fixes 42 security vulnerabilities – Google
  • Article on the Chrome 39 Update – SC Magazine
• US Gov. doing all they can to weaken citizen’s cryptography – Ars Technica
• New potential reflection-based DDoS attack – Cymru
• BadUSB may have wider sprad ramifications – Threatpost
• Vulnerabilities in BitTorrentSync (BTSync) – Hackito Ergo Sum
• Software flaw in specific game allows Nintendo 3DS hacking – Ars Technica
• Hacker’s hijack child cancer FaceBook page – NBC News
• Was Jeremy Clarkson’s Twitter account hijacked? – Naked Security
• Major DDoS attacks against Hong Kong media sites – Forbes
• Vulnerability allows attackers to delete DVRs – The Register
• Hackers steal a Detroit city database… Detroit doesn’t care – The Register
• Run a WordPress blog? You should update – Network World
• Four arrested in the UK for RATS and webcam malware – The Guardian
• Amnesty International releases a free tool to detect nation-state spying malware – Resist Surveillance

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at #OpKKK – WSWiR Episode 130