Talk Security Podcast: Crypto and Regin

In this Talk Security podcast, Threatpost’s Chris Brook and Brian Donohue discuss the move to encrypt the Web, the Regin APT campaign and more.

Talk Security podcast hosts Brian Donohue and Chris Brook, are back with the news edition of the Talk Security podcast. Here, they discuss the Regin APT attack platform, the movement towards encrypting everything on the Internet and this month’s bugs, malware and data breaches.

rss-podcasts rss-podcasts

Music for the podcast by Bird Name courtesy of the Free Music Archives under creative commons

SUPPLEMENTARY READING 

Bugs and Fixes

Belkin fixed an arbitrary code execution vulnerability in its n750 router. The secure chat service, Pidgin, issued some fixes too. Microsoft and Adobe fixed a slew of bugs in its patch Tuesday, released earlier this month. The company also dealt with a crypto implementation flaw and issued an out-of-band patch later in the month. Apple fixed some bugs in its iOS mobile operating system, while Google patched some nasty bugs in Android Lollipop. Lastly, WordPress fixed a serious XSS flaw.

Malware

You can do some additional reading on the CoinVault ransomware malware on Threatpost and Securelist. Additionally, a new variant of the Citadel trojan is targeting password management programs.

Data Breaches

It was a relatively light month in terms of data breaches, with just the National Oceanic and Atmospheric Administration and the United States Postal Service victimized.

Encrypt All Things

The Electronic Frontier Foundation is calling on the NIST to be more open and transparent in its process of setting encryption standards. Meanwhile the U.S. Senate voted on, but failed to pass, the NSA surveillance-curtailing, USA FREEDOM Act. The Internet Architecture Board is recommending that encryption become the default online and the EFF is trying to make Web encryption easier. WhatsApp is moving to encrypt all of its users’ traffic and the EFF issued scorecards to illustrate which chat services are strongly encrypting communications and which aren’t.

Regin 

Last but not least, there is a new APT actor out there and researchers are saying that Regin might be the most sophisticated attack platform ever.

Tips