Take 1 Security Podcast: Episode 5
Unsupervised Learning8 Helmi 2015

Take 1 Security Podcast: Episode 5



START CONTENT


* Anthem, the second largest healthcare company, had a major breach


* They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach
* There’s speculation that it was China, trying to penetrate government, but it’s early
* Watch for phishing scams related to it
* The megabreaches continue…weee!

* A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites


* If you’re going to run WordPress, understand that Plugins are the best way to get yourself hacked
* Specifically, the type of plugins that handle user input and do something with it that affects the site’s output
* Image manipulation plugins have been particularly vulnerable, usually to XSS

* There was another critical Flash vulnerability this week


* Like I said last week, and the week before, there’s a first time for everything

* Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer


* Because they work for HP they couldn’t take the cash, and instead donated it to charity

* Microsoft released Outlook for iOS last week, which looks pretty slick


* Unfortunately it is riddled with security flaws
* Recommendation: wait for a few updates, and for them to get a security assessment


END CONTENT


Play Podcast

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(541)

T1SP: Episode 27

T1SP: Episode 27

[ Subscribe to the Podcast: iTunes | Android | RSS ] News [ ] Heavy surveillance around the Super Bowl [ ] A new BlackEnergy spear phishing campaign is targeting more Ukrainian companies [ ] Magneto, ...

2 Helmi 201622min

T1SP: Episode 26

T1SP: Episode 26

[ Subscribe to the Podcast: iTunes | Android | RSS ] News [ ] Backdoor found in AMX devices that run corporate and government conference rooms [ ] Autopwn every Android device on your network using Be...

25 Tammi 201649min

T1SP: Episode 25

T1SP: Episode 25

[ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet * [ ] SSH backdoor found in Fortinet f...

19 Tammi 201626min

T1SP: Episode 24

T1SP: Episode 24

[ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] Norse lays of 20 people; not clear what percentage that is; threat intel not going so well? * [ ] OPM declines to release details on ...

11 Tammi 201628min

T1SP: Episode 23

T1SP: Episode 23

[ Subscribe to the Podcast: iTunes | Android | RSS ] News * [ ] Juniper backdoor; could have been found with diff; signs point to NSA * [ ] RCE on FireEye appliances * [ ] Hyatt got hacked; malware...

4 Tammi 201655min

Security and Obscurity

Security and Obscurity

[ Subscribe to the Podcast: iTunes | Android | RSS ] In this episode I explore the topic of Security and Obscurity by reading my popular essay on the topic. Notes * The intro track is from one of ...

13 Joulu 201510min

T1SP: Episode 21

T1SP: Episode 21

[ Subscribe to the Podcast: iTunes | Android | RSS ] Topics for this episode: News * [ ] Stringing Shodan to exploitation * [ ] Why you need to check HaveIBeenPwned * [ ] Another DELL root cert ...

13 Joulu 201518min

Take 1 Security Podcast: Episode 20

Take 1 Security Podcast: Episode 20

Topics for this episode: News and analysis * [ ] Ads using high frequency sound to communicate across devices. The ultrasonic pitches are embedded into TV commercials or are played when a user enco...

7 Joulu 201523min