{"id":5146,"date":"2014-12-02T10:57:51","date_gmt":"2014-12-02T15:57:51","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5146"},"modified":"2020-08-28T08:53:50","modified_gmt":"2020-08-28T07:53:50","slug":"talk_security_regin_apt_crypto","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/talk_security_regin_apt_crypto\/5146\/","title":{"rendered":"Talk Security Podcast: Crypto and Regin"},"content":{"rendered":"<p>Talk Security podcast hosts Brian Donohue and Chris Brook are back with the news edition of the Talk Security podcast, discussing the Regin APT attack platform and the movement toward encrypting everything on the Internet as well as this month\u2019s bugs, malware and data breaches.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/12\/05195910\/podcast.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-5147\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2014\/12\/05195910\/podcast.png\" alt=\"podcast\" width=\"1024\" height=\"767\"><\/a><\/p>\n<p><iframe loading=\"lazy\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/3205345\/height\/270\/width\/270\/theme\/standard\/direction\/no\/autoplay\/no\/autonext\/no\/thumbnail\/yes\/preload\/no\/no_addthis\/no\/\" frameborder=\"0\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" width=\"270px\" height=\"270px\"><\/iframe><\/p>\n<div class=\"podcast-subscribe\"><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-itunes\" class=\"itunes\" href=\"https:\/\/itunes.apple.com\/us\/podcast\/talk-security\/id909407206\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.uk\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-apple.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-spotify\" class=\"spotify\" href=\"https:\/\/open.spotify.com\/show\/1VGCKlOoQ9C24dJiCHGTK5\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.uk\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-spotify.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-rss\" class=\"rss\" href=\"http:\/\/talksecurity.kaspersky-podcasts.libsynpro.com\/rss\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.uk\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-rss.png\"><\/a><\/div>\n<p>Music for the podcast by Bird Name courtesy of the <a href=\"http:\/\/freemusicarchive.org\/music\/Bird_Names\/For_the_Love_of_Rod\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Free Music Archives under creative commons<\/a>.<\/p>\n<p><em>SUPPLEMENTARY READING<\/em><\/p>\n<p><strong>Bugs and Fixes<\/strong><\/p>\n<p><a href=\"https:\/\/threatpost.com\/serious-root-access-bug-in-belkin-n750-router\/109247\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Belkin fixed an arbitrary code execution vulnerability<\/a> in its n750 router. The secure chat service <a href=\"https:\/\/threatpost.com\/ssl-mitm-vulnerability-among-vulns-patched-in-pidgin\/109263\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Pidgin issued some fixes too<\/a>. <a href=\"https:\/\/threatpost.com\/microsoft-patches-ole-zero-day-recommends-emet-5-1-before-applying-ie-patches\/109302\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Microsoft<\/a> and Adobe fixed a slew of bugs in its patch Tuesday release earlier this month. The company also dealt with a <a href=\"https:\/\/threatpost.com\/microsoft-schannel-bug-latest-in-long-line-of-serious-crypto-flaws\/109321\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">crypto implementation flaw<\/a> and <a href=\"https:\/\/threatpost.com\/microsoft-to-release-critical-out-of-band-windows-patch\/109433\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">issued an out-of-band patch<\/a> later in the month <a href=\"https:\/\/threatpost.com\/apple-ios-8-1-1-fixes-several-code-execution-flaws\/109423\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Apple fixed some bugs in its iOS<\/a> mobile operating system while Google patched some <a href=\"https:\/\/threatpost.com\/nasty-security-bug-fixed-in-android-lollipop-5-0\/109476\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">nasty bugs in Android Lollipop<\/a>. And <a href=\"https:\/\/threatpost.com\/wordpress-4-0-1-update-patches-critical-xss-vulnerability\/109519\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">WordPress fixed a serious XSS flaw<\/a>.<\/p>\n<p><strong>Malware<\/strong><\/p>\n<p>You can do some additional reading on the CoinVault ransom ware malware on <a href=\"https:\/\/threatpost.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Threatpost<\/a> and <a href=\"https:\/\/securelist.com\/blog\/virus-watch\/67699\/a-nightmare-on-malware-street\/\" target=\"_blank\" rel=\"noopener noreferrer\">Securelist<\/a>. Also a new variant of the <a href=\"https:\/\/threatpost.com\/citadel-variant-targets-password-managers\/109493\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Citadel trojan is targeting password management programs<\/a>.<\/p>\n<p><strong>Data Breaches<\/strong><\/p>\n<p>A relatively light month data breach-wise, with just the National Oceanic and Atmospheric Administration and the <a href=\"https:\/\/threatpost.com\/u-s-postal-service-breach-affects-employees-customers\/109289\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">United States Postal Service<\/a> becoming victims.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>#TalkSecurity: @Brokenfuses and @TheBrianDonohue Web #crypto, Regin #APT, data<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FLxy4&amp;text=%23TalkSecurity%3A+%40Brokenfuses+and+%40TheBrianDonohue+Web+%23crypto%2C+Regin+%23APT%2C+data\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Encrypt All the Things<\/strong><\/p>\n<p>The <a href=\"https:\/\/threatpost.com\/eff-privacy-groups-say-nist-crypto-standards-must-be-free-from-backdoors\/109537\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Electronic Frontier Foundation is calling on the NIST<\/a> to be more open and transparent in its encryption standards setting process. Meanwhile the U.S. Senate voted on but failed to pass the NSA <a href=\"https:\/\/threatpost.com\/freedom-act-rejection-should-keep-encrypt-everything-bandwagon-rolling\/109482\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">surveillance-curtailing USA FREEDOM<\/a> Act. The Internet Architecture Board is recommending that <a href=\"https:\/\/threatpost.com\/iab-urges-designers-to-make-encryption-the-default\/109404\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">encryption become the default<\/a> online and the <a href=\"https:\/\/threatpost.com\/eff-others-plan-to-make-encrypting-the-web-easier-in-2015\/109451\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">EFF is trying to make Web encryption easier<\/a>. WhatsApp is moving to encrypt all of its users traffic and the EFF issued score cards to illustrate what chat services are <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/nine-secure-messengers\/\" target=\"_blank\" rel=\"noopener\">encrypting communications strongly<\/a> and <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/11_insecure_messengers\/\" target=\"_blank\" rel=\"noopener\">which aren\u2019t<\/a>.<\/p>\n<p><strong>Regin<\/strong><\/p>\n<p>Last but not least, there is a new APT actor out there and researchers are saying <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/regin-apt-attacks-among-the-most-sophisticated-ever-analyzed\/\" target=\"_blank\" rel=\"noopener\">Regin might be the more sophisticated attack platform ever<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Talk Security podcast hosts Brian Donohue and Chris Brook are back with the news edition of the Talk Security podcast, discussing the Regin APT attack platform and the movement toward<\/p>\n","protected":false},"author":42,"featured_media":5150,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[423,845,568,314,261,36,844,268],"class_list":{"0":"post-5146","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-apt","9":"tag-bugs","10":"tag-crypto","11":"tag-data-breach","12":"tag-encryption","13":"tag-malware-2","14":"tag-regin","15":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/talk_security_regin_apt_crypto\/5146\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/talk_security_regin_apt_crypto\/4410\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/talk_security_regin_apt_crypto\/4336\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/talk_security_regin_apt_crypto\/4877\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/talk_security_regin_apt_crypto\/6899\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/talk_security_regin_apt_crypto\/6899\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/talk_security_regin_apt_crypto\/6899\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/apt\/","name":"apt"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5146"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5146\/revisions"}],"predecessor-version":[{"id":21275,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5146\/revisions\/21275"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5150"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}