Take 1 Security Podcast: Episode 5

START CONTENT

• Anthem, the second largest healthcare company, had a major breach

  • They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach

  • There’s speculation that it was China, trying to penetrate government, but it’s early

  • Watch for phishing scams related to it

  • The megabreaches continue…weee!

• A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites

  • If you’re going to run WordPress, understand that Plugins are the best way to get yourself hacked

  • Specifically, the type of plugins that handle user input and do something with it that affects the site’s output

  • Image manipulation plugins have been particularly vulnerable, usually to XSS

• There was another critical Flash vulnerability this week

  • Like I said last week, and the week before, there’s a first time for everything

• Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer

  • Because they work for HP they couldn’t take the cash, and instead donated it to charity

• Microsoft released Outlook for iOS last week, which looks pretty slickEND CONTENT

  • Unfortunately it is riddled with security flaws

  • Recommendation: wait for a few updates, and for them to get a security assessment

Related posts:

1. Vim Config Update: 2019 Edition

2. What They Don’t Tell You About Being a Bounty Hunter or Content Creator