In the news this month: the world’s premier security conferences, Black Hat and DEF CON, take center stage to open August; more advanced persistent threats emerge in China and elsewhere; malware is using webmail to communicate; and a bizarre tale surrounding a brief outage on Sony’s PlayStation Network. Threatpost’s Brian Donohue and Chris Brook review these stories and more in this August 2014 edition of the Kaspersky Daily podcast.
THE SUPPLEMENTARY READING LIST
As the Black Hat security conference transitions from a corporate-only affair to a consumer friendly one, you can expect to read more about it here on Kaspersky Daily. For a bit of context, read my thorough review of the event. My editors at Threatpost, Dennis Fisher and Mike Mimoso, and I also recorded podcasts recapping the first and second days of Black Hat, which will provide a more in depth look at the event commonly referred to as Security Summer Camp.
A trend seems to be emerging in the months, and now year, that has followed Edward Snowden’s National Security Agency revelations: more and more of the Internet is becoming encrypted. This month was no different as Yahoo vows to encrypt all email end-to-end by the end of the year and Google announced it will give search preference to sites that use secure SSL connections.
Lots of fixes this month, however the real story is of Microsoft’s patching fiasco. It released its standard patch Tuesday release, which broke a number of user machines, then Microsoft eventually released a new bulletin earlier this week. As I mentioned but did not elaborate upon in the podcast, Google released a pair of updates to Chrome, which you can read about here and here. And Apple has some security fixes as well.
You’ll find more in depth coverage of this month’s APT findings at Threatpost, whether its Turla or the Chinese crew that allegedly hacked into Community Health Systems. While we’re on the topic of Community Health Systems, we wrote an analysis of that breach and what it means for you here on the Daily.
On the malware front, you can read all about the new malware using Yahoo mail as a communications hub and a new, primarily Web-based piece of rogue antivirus malware.
Don’t forget to check out Chris Brook’s report on Verizon’s belief in the potential for using QR codes as mechanisms for authentication , and you probably want to read this very odd story about the incidents surrounding the DDoS attack that briefly took down the PlayStation Network last weekend.
Podcast: @TheBrianDonohue and @BrokenFuses review the security and privacy news from August 2014Tweet