Another week, another batch of information security (infosec) news. Would you like a quick summary, rather than hunting it down yourself? No problem! Just check out our weekly video every Friday.

Today’s episode covers the Patch Day bonanza, lots of updates on the Sony Pictures breach, and a new twist on the “Poodle” SSL/TLS vulnerability. Press play for the scoop, and check our the References and Extras section for more stories and details.

(Episode Runtime: 7:13)

Direct YouTube Link: https://www.youtube.com/watch?v=WbbZjRtyODA

EPISODE REFERENCES:

• December Patch Day
  • Microsoft December 2014 Patch Day – WatchGuard Blog
  • UPDATE: Microsoft pulled the Exchange patch. Don’t install it yet! – Microsoft
  • Adobe December 2014 Patch Day – Adobe
  • Apple’s December Security Updates – Apple
• Sony Pictures Breach Updates
  • Sony attackers knew all about Sony’s network beforehand – Dark Reading
  • Attacker’s Also threaten Sony employees – The Guardian
  • North Korea denies Sony hack again, but says it was righteous – Computer World
  • FBI can’t attribute Sony hack to North Korea – CNET
  • FBI says GOP’s attack would beat 90% of defenses – IT Pro Portal
  • Details on Sony breach malware; Destover – Securelist
  • Sony breach traced to Bangkok hotel – Gizmodo
  • Sony allegedly hacks back – Re/code
  • Sony malware signed with Sony certificate; probably prank – SC Magazine
  • GOP threatens Sony employees in email – WSJ
  • Sony exec calls Angelina Jolie a “spoilt brat” in stolen email – The Guardian
  • Sony cancels “The Interview” marketing and interviews – Bloomberg
  • What one alleged employee feels about the Sony breach – Gizmodo
  • UPDATE: GOP sends some Sony employees yet another threatening message – Time
• Poodle Bites Again
  • The Poodle SSL/TLS flaw is back – Network World
  • Details on the new Poodle variant – Imperial Violet
  • Even more details on Poodle 2.0 – Vivaldi.net
  • CVE advisory for new Poodle variant – NIST
  • F5’s advisory on the new Poodle issue – F5
  • Scan your site for the new Poodle issue – Qualys SSL Labs

EXTRAS:

• Lizard Squad DDoSes PSN after Xbox Live – Forbes
• Anonymous warns Lizard Squad to back off on gaming DDoS attacks – CNR Online
• Fake malicious site warning helps distribute Zeus bot – Maximum PC
• Mobile payments company, Charge Anywhere, has been breached for five years – The Register
• The Sand’s allegedly hacked by Iranian hacktivists – Slashgear
• Some information security tips for retails (and everyone really) – Forbes
• Three ways the US government can help fight cyber crime – Network World
• Did a Russian cyber attack cause a Turkish pipeline fire? – Slate
• Nintendo plugs the first software 3DS exploit – Ars Technica
• Trip Advisor site suffers from major XSS vulnerability – Tech Week Europe
• Old vulnerabilities found in Linux X Windows –  The Register
• Rock guitarist sentenced to 10-day for being part of Anonymous attack – The Verge
• Smart watched have been hacked (no surprise there) – Phys.org
• The Pirate Bay raided; watch out for torrent-related scams – WatchGuard Blog
• A new market around surveillance – Daily Dot
• Inception malware hits European governments – Sky.com
• Attackers still using cloud servers for C&C – CBR Online
• Mobile malware might rack up your cell bill – The Guardian
• Canadian teen arrested for SWATing – Kotaku
• FUN: Watch the trailer for “Blackhat” the movie – Gizmodo

— Corey Nachreiner, CISSP (@SecAdept)

You Can Learn More About the WatchGuards’ Product Line By Going to www.FirewallShop.com/WatchGuard.

The original article/video can be found at Poodle’s Back – WSWiR Episode 132