Wednesday, 23 May 2018

Beware of phishers leveraging a new zero day Internet Explorer (IE) 11 flaw that affects the latest, fully-patched version of Windows. Click play for details. (Episode Runtime: 1:35) Direct YouTube Link:  https://www.youtube.com/watch?v=AIKDoTGBaTU EPISODE REFERENCES: New XSS vulnerability affects IE 11 running on Windows 8.1  – Computer World Full Disclosure post about the flaw – Seclists Follow up post on Full Disclosure – Seclists Proof-of-Concept exploit illustrating the issue  – Packet Storm —  Corey Nachreiner, CISSP  ( @SecAdept )

Bad actors have always tried to lure us into doing things we shouldn’t by appealing to our base, carnal instincts. Today’s daily infosec video shares why you might want to avoid “hot girls” in general online. (Episode Runtime: 1:38) Direct YouTube Link:  https://www.youtube.com/watch?v=TyivxEiCuKM EPISODE REFERENCES: “Hot Girls” are still an effective lure, even among nation-state attackers – Gizmodo FireEye’s report on the Syrian “Hot Girl” attack campaign [PDF] – FireEye —  Corey Nachreiner, CISSP  ( @SecAdept )

Every network admin I know is buried under a list of tasks, and has little time to spend learning about the latest information security news. If that sounds like you, check out our weekly news recap video. This episode, from the third week of January, covers rumors the NSA hacked North Korea, a warning about attackers exploiting an zero day Flash flaw, Oracle’s quarterly critical patch day, and more

During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually  covered GHOST  already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here