Adult Ransomware and Hacked WhatsApp – WSWiR Episode 164

Do you have little time for security news, but wish you could keep abreast of the latest threats? In that case, our weekly summary video can help. Every Monday, we summarize last week’s infosec news for you, often in under ten minutes.

This week’s show includes Microsoft and Adobe patches, some adult-themed mobile ransomware, and a sneaky new malware command and control technique. Watch the episode below, and don’t forget to glance at the Reference section if you are interested in other news.

(Episode Runtime: 8:44)

Direct YouTube Link: https://www.youtube.com/watch?v=mnJivvR7nRw

EPISODE REFERENCES:

• Monday: N/A
  • Happy Labor Day!
• Tuesday: September Patch Day – Daily Security Byte EP.138
  • Microsoft September Patch Day summary post – Microsoft
  • Quick SANS summary of Microsoft Patch Day – SANS
  • Adobe’s Shockwave Advisory – Adobe
• Wednesday: WhatsApp Hacked – Daily Security Byte EP.139
  • Researcher finds critical flaw in WhatsApp web client – Checkpoint
  • Article describing the WhatsApp vulnerability (best headline) – The Register
• Thursday: Adult Mobile Ransomware – Daily Security Byte EP.140
  • Security group finds adult-themed mobile ransomware – Zscaler
  • Article describing the porn app ransomware – BBC
• Friday: Satellite C&C Channel – Daily Security Byte EP.141
  • Russian attackers use satellite internet to hide C&C – Wired
  • Kaspersky’s research on Satellite-based C&Cs – SecureList

EXTRAS:

• Apple pushes back against US gov. request for user data – NY Times
  • More news on Apple refusing DoJ order to decrypt data – TechDirt
• CopperheadOS: An open source “secure” android distro – Liliputing
• Grey hat researcher wants payment for FireEye 0day flaws – The Register
  • FireEye’s response to new flaws [PDF] – FireEye
  • Cluley’s comments on the FireEye 0day – Graham Cluley Blog
  • FireEye sues researcher to prevent disclosure – Ars Technica
• Using old email clients for security (don’t recommend) – Motherboard
• Researcher discloses critical vulnerability in Kaspersky AV – PC World
• James Clapper thinks the next state threat is data manipulation – The Guardian
• Group finds flaw that allows them to crack Ashley Madison passwords – CynosurePrime
  • Article on how the flaw allows faster bcrypt cracking – Ars Technica
• North Korea allegedly hacked popular South Korean word processor – Business Insider
• An “APT” group used a leaked criminal botnet – PC World
• Researcher hacks the sensors on self-driving cars – Techspot
• Major vulnerabilities in Seagate wireless hard drives – The Inquirer
• Health insurer loses 10M member records – Reuters
• Ashley Madison CTO is suing Krebs for claiming he hacked competitor – TechDirt
• John McAfee is running for president!?! WTH! – The Inquirer
  • His video campaign announcement – YouTube
  • More on why McAfee is running for president – Digital Trends
• Spear phishing is a big threat. Train your employees – Ars Technica
• Akamai reports an increase in DDoS from a particular gang – SC Magazine
• CoreBot includes banking crime modules – ZDNet
• GM took five years to fix an Onstar flaw – Business Insider
• Does GHCQ want simple passwords so they can crack them? – The Guardian
• Get your Google Nexus security updates for September – Android Police

— Corey Nachreiner, CISSP (@SecAdept)