Talk Security podcast hosts Brian Donohue and Chris Brook, are back with the news edition of the Talk Security podcast. Here, they discuss the Regin APT attack platform, the movement towards encrypting everything on the Internet and this month’s bugs, malware and data breaches.
Music for the podcast by Bird Name courtesy of the Free Music Archives under creative commons
Bugs and Fixes
Belkin fixed an arbitrary code execution vulnerability in its n750 router. The secure chat service, Pidgin, issued some fixes too. Microsoft and Adobe fixed a slew of bugs in its patch Tuesday, released earlier this month. The company also dealt with a crypto implementation flaw and issued an out-of-band patch later in the month. Apple fixed some bugs in its iOS mobile operating system, while Google patched some nasty bugs in Android Lollipop. Lastly, WordPress fixed a serious XSS flaw.
You can do some additional reading on the CoinVault ransomware malware on Threatpost and Securelist. Additionally, a new variant of the Citadel trojan is targeting password management programs.
It was a relatively light month in terms of data breaches, with just the National Oceanic and Atmospheric Administration and the United States Postal Service victimized.
#TalkSecurity: @Brokenfuses and @TheBrianDonohue discuss Web #crypto, Regin #APT, data breaches, #malware and moreTweet
Encrypt All Things
The Electronic Frontier Foundation is calling on the NIST to be more open and transparent in its process of setting encryption standards. Meanwhile the U.S. Senate voted on, but failed to pass, the NSA surveillance-curtailing, USA FREEDOM Act. The Internet Architecture Board is recommending that encryption become the default online and the EFF is trying to make Web encryption easier. WhatsApp is moving to encrypt all of its users’ traffic and the EFF issued scorecards to illustrate which chat services are strongly encrypting communications and which aren’t.
Last but not least, there is a new APT actor out there and researchers are saying that Regin might be the most sophisticated attack platform ever.