Talk Security podcast hosts Brian Donohue and Chris Brook are back with the news edition of the Talk Security podcast, discussing the Regin APT attack platform and the movement toward encrypting everything on the Internet as well as this month’s bugs, malware and data breaches.
Music for the podcast by Bird Name courtesy of the Free Music Archives under creative commons.
SUPPLEMENTARY READING
Bugs and Fixes
Belkin fixed an arbitrary code execution vulnerability in its n750 router. The secure chat service Pidgin issued some fixes too. Microsoft and Adobe fixed a slew of bugs in its patch Tuesday release earlier this month. The company also dealt with a crypto implementation flaw and issued an out-of-band patch later in the month Apple fixed some bugs in its iOS mobile operating system while Google patched some nasty bugs in Android Lollipop. And WordPress fixed a serious XSS flaw.
Malware
You can do some additional reading on the CoinVault ransom ware malware on Threatpost and Securelist. Also a new variant of the Citadel trojan is targeting password management programs.
Data Breaches
A relatively light month data breach-wise, with just the National Oceanic and Atmospheric Administration and the United States Postal Service becoming victims.
#TalkSecurity: @Brokenfuses and @TheBrianDonohue Web #crypto, Regin #APT, data
Tweet
Encrypt All the Things
The Electronic Frontier Foundation is calling on the NIST to be more open and transparent in its encryption standards setting process. Meanwhile the U.S. Senate voted on but failed to pass the NSA surveillance-curtailing USA FREEDOM Act. The Internet Architecture Board is recommending that encryption become the default online and the EFF is trying to make Web encryption easier. WhatsApp is moving to encrypt all of its users traffic and the EFF issued score cards to illustrate what chat services are encrypting communications strongly and which aren’t.
Regin
Last but not least, there is a new APT actor out there and researchers are saying Regin might be the more sophisticated attack platform ever.