Saturday, July 11, 2020
Reduce Cyber Risk

RCR 094: CISSP Exam Questions around Data Hiding – CISSP Training and Study!

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need...
The CyberWire Podcast

Are you running what you think you’re running?

Built into virtually every hardware device, firmware is lower-level software that is programmed to ensure that hardware functions properly. As software security has been significantly hardened over the past two decades, hackers have responded by moving down the stack...
7 minute security

7MS #422: Eating the Security Dog Food – Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today's episode continues the work...
Security Weekly

Don’t Touch My XP Dongle – PSW #657

This week, we welcome our very own Joff Thyer, Security Analyst at Black Hills Information Security, to deliver a Technical Segment on IPv6 Tunneling! In our second segment, we welcome Terry Dunlap, Co-Founder at ReFirm Labs, to talk about...
Security Weekly

Zoom 0-Day, F5-BIGIP RCE, & Apache Guacamole RCE – Wrap Up – SWN #48

Look, this week, it's all about the RCE. Seriously, there were so many RCE stories, wow. Oh and a creepy guy story. All this and more on the Security Weekly News Wrap Up!   Show Notes: https://wiki.securityweekly.com/SWNEpisode48 Visit https://www.securityweekly.com/swn...
The CyberWire Podcast

The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.

Unpatched and beyond-end-of-life systems are (again) at risk. Conti ransomware appears to be steadily displacing its ancestor Ryuk in criminal markets. Are privacy laws as consumer friendly as they’re often taken to be? There may be some grounds for...

Weekly Update 199

I’m Now in 4K; Amazing Suport on Stress; IoT Progress; I Got a Legal Notice; A Decade of Microsoft MVP; Duo Security Sponsoring https://www.troyhunt.com/weekly-update-199/
SANS ISC

ISC StormCast for Friday, July 10th 2020

Citrix Scanninghttps://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo Juniper Patcheshttps://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES Google Releases Tsunami Security Scannerhttps://github.com/google/tsunami-security-scanner SANS.edu
Security Weekly

Take the Power Back – ESW #190

This week, we talk Enterprise News, to talk about Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and...
The CyberWire Podcast

Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.

Facebook takes down more coordinated inauthenticity. Preinstalled malware is found in discount phones available under the FCC’s Lifeline program. The Evilnum APT continues its attacks against fintech platforms and services. Joker Android malware adapts and overcomes its way back...
SANS ISC

ISC StormCast for Thursday, July 9th 2020

Obfuscated Malwarehttps://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/ PaloAlto Networks PAN-OS CVE-2020-2034https://security.paloaltonetworks.com/CVE-2020-2034 Citrix Vulnerability Details (CVE-2020-8194)https://dmaasland.github.io/posts/citrix.html
Smashing Security

186: This one’s for all the Karens!

A high-rolling Hushpuppi gets extradited to the United States, Carole details her problems with clipboards and Disposophobia, and our guest becomes the subject of fake news during the Sengalese election. All this and much much more is discussed in the...
Security Weekly

Knock-Knock Jokes – SCW #34

This week, we welcome Kimber Dowsett (@mzbat) for a two part interview! @mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews!   Show Notes:...
The CyberWire Podcast

Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.

The Natanz blast looks like traditional sabotage. CISA releases its strategy for securing industrial control systems. Authorities in Germany seize DDoSecrets’ server pursuant to a US request. Microsoft takes down COVID-19-themed BEC and phishing infrastructure. FBI Director denounces China’s...
Reduce Cyber Risk

RCR 093: CISSP Exam Questions for Software Development

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS Description: Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need...

2020-026- WISP PSA, PAN-OS vuln redux, F5 has a bad weekend, vuln scoring, Twitter advice, and more!

1st: WISP.org PSA from Rachel Tobac (@racheltobac) & @wisporg talking about #shareTheMicInCyber #SAML PAN-OS: https://twitter.com/RyanLNewington/status/1278074919092289537  F5 vulnerability: https://www.wired.com/story/f5-big-ip-networking-vulnerability/ https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/   F5 Mitigation (if patching is not immediately possible): https://twitter.com/TeamAresSec/status/1280590730684256258 Redirect 404 /  ...
SANS ISC

ISC StormCast for Wednesday, July 8th 2020

F5 Big IP Wrapuphttps://twitter.com/NCCGroupInfosec/status/1280593966879125504https://www.sans.org/webcasts/116065 Citrix ADC / Citrix Gateway Patcheshttps://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Security Now

SN 774: 123456

Boston bans face recognition, bad passwords.Boston bans facial recognition123456 is still the most popular passwordiOS 14 catches Linked-In, Tik Tok, and others red handed!US-CERT notes two Emergency Windows UpdatesHackerOne shares their top 10 public bug bounty programsSony launches PlayStation...
risky.biz

Risky Business #591 — EncroChat user experience includes getting owned, going to prison

On this week’s show Patrick and Adam discuss the week’s security news, including: The latest on the EncroChat hack-related arrests Details about the fresh F5 and Citrix bugs Natanz go boom Paying Wastedlocker ransoms violates Treasury sanctions ...
Security Weekly

So Precious – BSW #179

This week, we welcome Juan Canales, an ExtraHop customer, and Matt Cauthorn, VP Sales Engineering at ExtraHop, to discuss An Honest Conversation About "Response"! In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business...

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.