Trending Now
LATEST
USPS Informed Delivery Vulnerabilities, Holiday Credit Card Fraud, Huge SMS Database Leak – WB43
This is your Shared Security Weekly Blaze for November 19th 2018 with your host, Tom Eston. In this week’s episode: USPS Informed delivery vulnerabilities, protecting yourself from credit card fraud and a huge SMS database leak.
Silent Pocket is a...
2018-040- Jarrod Frates discusses pentest processes
Jarrod Frates Inguardians @jarrodfrates “Skittering Through Networks” Ms. Berlin in Germany - How’d it go? TinkerSec’s story: https://threadreaderapp.com/thread/1063423110513418240.html Takeaways Blue Team: - Least Privilege Model - Least Access Model “limited remote access to only a small...
Episode 123 – Talking about Kubernetes and container security with Liz Rice
Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.
Some notes about HTTP/3
HTTP/3 is going to be standardized. As an old protocol guy, I thought I'd write up some comments.Google (pbuh) has both the most popular web browser (Chrome) and the two most popular websites (#1 Google.com #2 Youtube.com). Therefore, they...
ISC StormCast for Monday, November 19th 2018
Multipurpose PCAP Analysis Tool https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/Quickly Investigating Websites with Lookyloo https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/From
Worst-Case Thinking Breeds Fear and Irrationality
Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking "it must be a father and daughter, which happens millions of times a day and is...
Episode 44 – SANS Holiday Hack Challenge with Ed Skoudis
So, a very popular season is coming up shortly. I’m not talking about Thanksgiving (for my US listeners) and I’m not talking about Christmas for my Christian listeners. No, I’m talking about the season that all good little hackers...
Israeli Surveillance Gear
The Israeli Defense Force mounted a botched raid in Gaza. They were attempting to install surveillance gear, which they ended up leaving behind. (There are photos -- scroll past the video.) Israeli media is claiming that the capture of...
Suspected Russian Hackers Impersonate State Department Aide
WASHINGTON (AP) — U.S. cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia.
The "spear phishing" attempts began on...
Popular Dark Web hosting provider got hacked, 6,500 sites down
Hosting provider is still looking for the hacker's point of entry.
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
PCI Piñata – Paul’s Security Weekly #583
This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR...
Elasticsearch Sales Leads – 5,788,169 breached accounts
In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained...
Week in security with Tony Anscombe
GDPR-themed WordPress plugin flaw exploited. Google’s data charts path to avoiding malware on Android. Plus security researchers bypass encryption on self-encrypting drives
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Japanese government’s cybersecurity strategy chief has never used a computer
The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability.
Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government,...
Doubling down on Cobalt Group activity — Research Saturday
The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. The research can be found here: https://asert.arbornetworks.com/double-the-infection-double-the-fun/...
KnownCircle – 1,957,600 breached accounts
In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and...
Russian APT comes back to life with new US spear-phishing campaign
Cozy Bear (APT29) makes a comeback after last year's Dutch and Norwegian hacking campaigns.
Could have sworn I deleted that photo from my phone! [PODCAST]
This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. Enjoy!
Children’s smartwatches once again found vulnerable
China-based company MiSafe is once again making headlines with its unsecured products after a pen tester found that its child tracking smartwatches were found to be highly insecure.
MiSafe previously made controversy after firm’s Mi-Cam baby monitors were found to...
Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in
A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page.
In a company blog post yesterday, researchers at WebARX disclosed...
Change of stRATegy? Cybercrime group TA505 tests new tRAT malware
A newly discovered remote access trojan nicknamed tRAT has apparently attracted the interest of TA505, a cybercriminal group known for launching prolific banking malware and ransomware attacks.
In a company blog post yesterday, researchers at Proofpoint reported observing several phishing...
Friday Squid Blogging: Squid Sculptures
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
LEADERS
Worst-Case Thinking Breeds Fear and Irrationality
Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking "it must be a father and daughter, which happens millions of times a day and is...
Israeli Surveillance Gear
The Israeli Defense Force mounted a botched raid in Gaza. They were attempting to install surveillance gear, which they ended up leaving behind. (There are photos -- scroll past the video.) Israeli media is claiming that the capture of...
Friday Squid Blogging: Squid Sculptures
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Mailing Tech Support a Bomb
I understand his frustration, but this is extreme:
When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb or, rather, two pipe bombs, which is what investigators found when they picked apart the...
Hidden Cameras in Streetlights
Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.
According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since...
