WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit

Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.

[Friday Fun] WatchGuard’s Security Shop Music Video

First, a fair warning. This post serves no practical purpose, and is just for your entertainment. If you only visit this blog for practical security news and alerts, and you don’t have time for a bit of fun right now, feel free to skip this post. That said, you might find it entertaining, and it does still carry a security theme.

Remote Desktop and IE Updates Top April’s Patch Day List

Unless you’re new to IT, you’re probably aware that today—the second Tuesday of the month—is Microsoft Patch Day. As expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like Internet Explorer (IE), Windows and its components, Sharepoint Server, and a few other Office server products. The worst two, Critical-rated updates fix security problems in IE and the Remote Desktop Client (RDC) that ships with Windows (specifically, its ActiveX control).

PostgreSQL Update Fixes Critical Security Flaw

If you’re a web developer or database administrator, you’ve surely heard of PostgreSQL (or Postgres for short); a relatively popular object-relational database management system (ORDBMS). According to an alert posted today, the PostgreSQL Global Development Group (PGDG) released security updates for the latest releases of the popular Postgres database system.

Microsoft Kicks Off Spring with Nine Security Bulletins

Next Tuesday, Microsoft will release nine security bulletins, two of which the Redmond-based software company rates as Critical. The bulletins will fix flaws in Windows, Internet Explorer (IE), Office, and some of Microsoft’s server and security software. As usual, they haven’t shared many details yet, but some experts expect the critical IE update to fix the zero day vulnerabilities disclosed at CanSecWest’s recent Pwn2Own contest. Either way, I expect the IE flaws to pose the greatest risk to most users, so you should plan on applying that patch as quickly as possible.

March Radio Free Security: Record Breaking DDoS

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. If you’re looking for the latest security news and best practice tips, this show is for you.

Breaking Update: ByteMarx Virus Targets Computing Devices with “Zombification”

WatchGuard’s LiveSecurity team has discovered an alarming new strain of computer virus that is plaguing devices of all types, and even spreading to household electronics such as microwaves, electric toothbrushes and coffee makers. The new threat, known colloquially as ByteMarx (based on its file attachment ByteMarx.exe)

WatchGuard Security Week in Review: Episode 56 – ICS Honeypot

Currently, I’m attending a security expo in Helsinki, Finland, so I had to produce this week’s episode quickly, while on the road. Nonetheless, it’s still been a busy security week so far, and there’s a lot of InfoSec news to cover

Microsoft Black Tuesday: Security Flaws in a Menagerie of Products

Though today’s Patch Day might seem pretty average as far as the number of security bulletins released, it does cover a rather eclectic range of Microsoft products. In fact, a few of the updates affect Mac users as well, and one is even exclusive to Mac.

WatchGuard Security Week in Review: Episode 54 – Nuke Hackers

Want a quick way to catch up on weekly information and network security (InfoSec) highlights? Well you’ve found the right place. In this episode of our InfoSec summary video, I talk about Evernote’s 50 million user data leak, web browsers falling to the Pwn2Own contest, and a U.S. government