Last week, I talked about a Flash 0day vulnerability that attackers were only exploiting in limited, targeted attacks. This week, the vulnerability has been added to popular exploit kits, so I expect it to become more popular. Watch today’s video to learn more about it.
Wow, it’s been 100 daily videos already?! I started this daily security video experiment in January of this year, and though I haven’t been able to cover every single day, we’ve had quite a ride of InfoSec related stories so far. If you find this daily post useful, or if you have suggestions on ways we might improve it to fit your needs, let us know. Meanwhile, the InfoSec news doesn’t pause despite the 100th episode
Original release date: June 15, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information.
It happens every month… Microsoft released their June patches on Tuesday, fixing 45 vulnerabilities in a range of popular products. If you manage a Windows network, you should watch this video to get the Patch Day highlights, and to learn which products to update first. As an aside, I recorded this video Wednesday, but was not able to edit and post it until today due to travel. (Episode Runtime: 2:07) Direct YouTube Link: h ttps://www.youtube.com/watch?v=1dUGG1eP3A8 EPISODE REFERENCES: Microsoft’s June Patch Day Summary Bulletin – Microsoft Nice blog write up will all you need for June Patch Day – Ghacks.net — Corey Nachreiner, CISSP ( @SecAdept )
If you want to know why spear phishing is a big threat, ask the managers of Japan’s Pension System. They recently had attackers steal 1.25 million records due to a user clicking on the wrong attachment.
This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, SSH, and other TLS implementations, use it to set up shared secrets.
The Firebox M440 continues to rack up the accolades! Most recently, SC Magazine published the results of its Security Information and Event Management (SIEM) and Unified Threat Management (UTM) product group test. M440 not only received a 5-star rating, but also their coveted “recommended” stamp of approval. Moreover, it was called the “pick of the litter” of the group that included Check Point Software, Cyberoam, Dell SonicWALL, LogRhythm, McAfee, NetIQ, SolarWinds, and more.
Original release date: May 12, 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader, and Acrobat.