Patch Management

PewDiePie, DOOM Roomba, and 9/11 – Paul’s Security Weekly #588

January 5, 2019

 

 

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there'san Adobe PDF app patch to install!

Paul's Stories

  1. The Worst Hacks of 2018 - Uhm, dear Wired, you made an error in the title. These are the "best" hacks of 2018, or maybe even "the most successful" hacks of 2018. I was really hoping for a list of hacks that totally failed, hard. That would be an article I would actually read, rather than this regurgitated crap.
  2. Apple Keeps Malware Info from Antivirus Firms: Researcher - Patrick Wardle, about whose discoveries we've written many times on Tom's Guide, last month analyzed a new strain of Mac malware called Windshift. He noticed that Apple had revoked the digital certificate that let the malware install on Macs. That's good. But when Wardle checked VirusTotal, an online repository of known malware, only two of some 60-odd antivirus malware-detection engines could spot Windshift.
  3. Hackers Hijack Smart TVs to Promote PewDiePie - According to a website for the latest campaign, the duo targeted a router setting called Universal Plug and Play (UPnP), which is used to help smart devices easily connect to other devices on a private network – however, the feature can also publicly expose the devices’ internet ports if configured that way. Also, do not expose the ADB service to the Internet. This is happening exactly as I predicted years ago, you now have pop-ups on your TV.
  4. Hackers Attempt to Sell Stolen 9/11 Documents - The demands are EPIC, they are going after all parties involved, exposing information with a series of decryption keys. But, is the information really worth protecting? We may never know, or will we?
  5. Hope you're over that New Year's hangover there's an Adobe PDF app patch to install - Okay, there is always a patch to install. So everytime you have a hangover, you can install a patch. When you don't have a hangover, install a patch. When you are drunk, install a patch. If you use Adobe PDF reader, you must be drunk.
  6. Over 19,000 Orange modems are leaking WiFi credentials | ZDNet
  7. Turn Your House into a DOOM Level with a Roomba - I LOVE this: The DOOMba, created by game engineer and programmer Rich Whitehouse, is designed to turn the sensors on one of the newer Roomba models, the Roomba 980, into real-life map-making tools that can inject some demon-slaying into your home.. Also, a great way to create a map of a place that you are going to rob, stealing is wrong kids, but a cool idea.
  8. Hackers Make a Fake Hand to Beat Vein Authentication - Cool stuff, however the fake hands look like cookies, or cake. Yum? Jeffery Dommer ate my fake hand again?
  9. wget utility potential leaked password via extended filesystem attributes
  10. Cloud Hosting Provider DataResolution.net hit by the Ryuk ransomware - Oh, same Ransomeware that is responsible for stopping newspaper production for the 2 people that still read newspapers.
  11. Cyberattack Halts Publication for US Newspapers
  12. Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs

Larry's Stories

  1. Equifax congressional report and some great [https://www.sans.org/security-awareness-training/blog/just-released-congressional-report-equifax-hack commentary Great timelines and lots of notes about more than one point of failure]
  2. Windows internal sandbox. So cool. Now we wait for an escape…
  3. IE scripting engine RCE…it's been a while!
  4. US ballistic missile systems have crappy security
  5. Hackers making attacks look like they come from the Chinese government….no shit. Attribution is hard.
  6. Fighting deepfakes, the next technological frontier.
  7. LA times (and others) distribution delayed because hax.

Lee Neely's Stories

  1. Nova Entertainment suffers data breach What can happen when you don't decommission legacy systems?
  2. LA Times and other papers impacted by Ransomware Ransomware encrypted files used by typesetting and was spread over interconnections
  3. Wannacry still lurking on infected computers What happens if the killswitch site ever goes offline?

Full Show Notes

Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant, Online Business Systems.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst , Lawrence Livermore National Laboratory.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst, Black Hills Information Security.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research, InGuardians.[/caption]

[audio src="http://traffic.libsyn.com/sw-all/PewDiePie_DOOM_Roomba_and_9_11_-_Pauls_Security_Weekly_588_converted.mp3" ]

prestitial ad