Unsupervised Learning8 Feb 2015

Take 1 Security Podcast: Episode 5

START CONTENT

* Anthem, the second largest healthcare company, had a major breach

* They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach
* There’s speculation that it was China, trying to penetrate government, but it’s early
* Watch for phishing scams related to it
* The megabreaches continue…weee!

* A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites

* If you’re going to run WordPress, understand that Plugins are the best way to get yourself hacked
* Specifically, the type of plugins that handle user input and do something with it that affects the site’s output
* Image manipulation plugins have been particularly vulnerable, usually to XSS

* There was another critical Flash vulnerability this week

* Like I said last week, and the week before, there’s a first time for everything

* Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer

* Because they work for HP they couldn’t take the cash, and instead donated it to charity

* Microsoft released Outlook for iOS last week, which looks pretty slick

* Unfortunately it is riddled with security flaws
* Recommendation: wait for a few updates, and for them to get a security assessment

END CONTENT

Play Podcast

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(532)

News & Analysis | NO. 337

In this episode we talk about China Surveillance, Cyber Bills, and Recon Tools… The episode was sponsored by ZeroFox and CrowdSec.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Juni 202220min