Threat intelligence discussion with Chris Krebs. [Special Edition]
In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your...
Content Creation, Mental Health in Cyber, The MGM Ransomware Attack
In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt’s background as one of the original “Security Twits”, his career journey, his passion for mental...
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants
Episode 394 – The lie anyone can contribute to open source
Josh and Kurt talk about filing bugs for software. There's the old saying that anyone can file bugs and submit patches for open source, but the reality is most people can't. Filing bugs for both closed and open source...
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to...
Behind the Google shopping ad masks. [Research Saturday]
Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce...
NIcole Sundin – CPO at Axio – SEC compliance, usable security, setting up risk mgmt programs
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time,...
2024 Security Planning, Better Tabletop Exercises – Merritt Maxim, Ryan Fried – ESW #332
Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research...
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power....
Passkeys, bots, hotels, conning the con, TrendMicro, Pizza & Aaran Leyland – SWN #327
This week on the Security Weekly News: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, & more! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for...
7MS #590: Hacking Billy Madison – Part 2
https://youtube.com/watch?v=VYUeNZYRfrw
Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things:
You can fuzz a URL with a specific file type using a format like this:
wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.cap
To...
Weekly Update 366
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSiteWell that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa,...
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238 WebP Vulnerability https://blog.isosceles.com/the-webp-0day/ MOVEit Transfer
Snake Oilers: Sublime Security, Vulncheck and Devicie
In this edition of Snake Oilers you’ll hear product pitches from:
...
AI Attacks and LLM Security Matters – Nathan Hamiel – PSW #799
Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more! In the Security News: LVFS is not...
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist...
ISC StormCast for Thursday, September 21st, 2023
What's Normal: DNS TTL Values https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/ CISA Highlights Snatch Ransomware
Heated seats, car privacy, and Graham’s porn video
Do you know what data your car is collecting about you? Do you think it's right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email...
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks...
ISC StormCast for Wednesday, September 20th, 2023
Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230 Trend
In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers.
The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.
The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.
BEC Scammer Pleads Guilty to Part in $6m Scheme
Nigerian was extradited to the US from Canada
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
