October Patch Bonanze, Leaky Apps, and POODLE

Cyber security has gone main stream, which means we’re getting a lot more security news each week than we used to. This week was even busier than usual, with updates fixing hundreds and hundreds of security vulnerabilities, as well as a significant vulnerabilities in a encryption standards. If you’re having trouble keeping track of the most important security info on your own, let our week video summary do it for you.

Today’s episode covers a ton of updates for October’s Patch Day, data leaks affecting SnapChat and DropBox, and a relatively serious SSL vulnerability called POODLE. The video is a bit longer than usual in order to better describe the POODLE flaw. Press play to learn more, and check the references for other interesting stories.

Enjoy your weekend, and beware what you click online.

(Episode Runtime: 16:37)

Direct YouTube Link: https://www.youtube.com/watch?v=AFX9DXDizu4

Episode References:

• Software Updates:
  •  Microsoft October Patch Day Summary – Microsoft
  • Adobe releases ColdFusion and Flash Updates– Adobe
  • Oracle Quarterly CPU for October 2014 – Oracle
  • UPDATE: Apple fixes 144 vulnerabilities in a number of products – ZDNet
• The Snappening: 13Gb of SnapChat images and video stolen from SnapSaved.com – Kenny Withers blog
• 7M Dropbox password leaked through 3rd party services (not a Dropbox hack) – Dropbox Blog
  • Pastebin post about leaked Dropbox password – Pastebin
• POODLE vulnerability affects web-based SSL connections – WGSC

Extras:

• Russian hackers allegedly spy on NATO and the west with Sandworm – IT Pro Portal
• iSight’s report on Russian Sandworm campaign (patched this month) – iSight Partners
• Kmart infected with PoS malware, but claim no data stolen – eSecurity Planet
• New PoS malware variant called FrameworkPoS uses DNS exfiltration – GData
• Obama’s cyber czar says drop passwords, use selfies (bad idea IMHO) – The Register
• SSDP reflection attacks on the rise – SC Magazine
• Hacker sophistication evolution timeline – Business Insider
• FBI Director wants to take about encryption. Don’t let him – The Register
• Sweet Orange malvertising campaign targets popular YouTube videos – Business Insider
• Drupal suffers from a SQLi vulnerability – The Register
• New web vulnerability helps phishers – Computer World

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at POODLE Bites SSL – WSWiR Episode 125