Glibc is the standard C library that ships with mosts version of Linux. It includes many functions that handle the common tasks programs might need, such as looking up IP addresses associated with domain names
A Hacker (likely Hacktivist) claims to have breached the Department of Justice’s network, and has dumped FBI and DHS employee records to prove it. If you think he used some advanced attack to crack the government’s systems, you’d be wrong
If you’re an IT administrator, you probably know that yesterday was Microsoft Patch Day.
Normally, Oracle only releases patches every three months. However, they broke that cycle to release an emergency Java update. Watch today’s video to learn what it fixes, (Episode Runtime: 1:58 ) Direct YouTube Link: https://www.youtube.com/watch?v=u3OjtxHzZFs EPISODE REFERENCES: Oracle’s out-of-cycle Java advisory – Oracle Story on Oracle’s emergency Java patch – V3.co.uk Old Java installer might install malware – Digital Trends — Corey Nachreiner, CISSP ( @SecAdept )
Usually, we discuss spear phishing as an external attack. However, a recent Department of Justice case proves insiders leverage spear phishing too. Watch today’s video to learn how a former Nuclear Regulatory Committee employee tried to spear phish his ex-coworkers, and how you might avoid such attacks
TaoBao, China’s Ebay, suffered a major account hijack where attackers accessed over 20M user accounts. However, the attack wasn’t the fault of the e-commerce site itself. Watch today’s video to learn how this happened, why it should concern everyone in the world, and what you can do about it. (Episode Runtime: 2:47 ) Direct YouTube Link: https://www.youtube.com/watch?v=DVFmSIz4ITQ EPISODE REFERENCES: Over 20M TaoBao accounts hijacked in China – The Stack — Corey Nachreiner, CISSP ( @SecAdept )
Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected. (Episode Runtime: 3:17 ) Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM EPISODE REFERENCES: OpenSSL fixes a serious vulnerability related to DSA – Ars Technica Details on OpenSSL key recovery attack – Blogspot OpenSSL security advisory for update – OpenSSL WatchGuard’s knowledge base article on our exposure [ Requires login ] – WatchGuard — Corey Nachreiner, CISSP ( @SecAdept )
This week, two different organization’s in two different industry verticals suffered security incidents that either lost them tons of money, or tons of time. What do they both have in common, and what can we learn from them? Watch today’s video to find out! (Episode Runtime: 3:26 ) Direct YouTube Link: https://www.youtube.com/watch?v=crBB4CU-cTs EPISODE REFERENCES: Ransomware infects Israel Energy Authority and disrupts network – ComputerWorld Cyber criminals steal $55M from an aerospace manufacturer – IBTimes A article on the changes in phishing emails – IT Pro Portal — Corey Nachreiner, CISSP ( @SecAdept )
First the NSA, and now GCHQ.