Tuesday, March 31, 2020
The CyberWire Podcast

Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.

FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the COVID-19...
Darknet Diaries

62: Cam

Cam’s story is both a cautionary tale and inspirational at the same time. He’s been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars in damages with his attacks....
DtSR Podcast

DtSR Episode 388 – The SIEM is Dead Long May It Live

Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged...
SANS ISC

ISC StormCast for Tuesday, March 31st 2020

Crashing Windows Explorer Without a Clickhttps://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policyhttps://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom
The CyberWire Podcast

Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.

Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgia’s voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance of...
Unsuperivsed Learning Podcast

Unsupervised Learning: No. 222

Who's hiring, freezing, and laying off, models predict 100-200K US deaths, April distancing, Adversarial Capital, Booz Russia, Google State Phishes, Worker Monitoring, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Support the show.
The Shared Security Podcast

Staying Secure When Working From Home

In episode 114 for March 30th 2020: Co-host Tom Eston is joined with frequent guest Kevin Johnson to discuss how to stay more secure when working from home. If you find yourself working from home because of COVID-19 this...
SANS ISC

ISC StormCast for Monday, March 30th 2020

Covid19 Domain Classifierhttps://isc.sans.edu/covidclassifier.htmlhttps://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy
Open Source Security Podcast

Episode 189 – Video game hackers – speedrunning

Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers. Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super...

2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks

April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District   OpSecEdu - https://www.opsecedu.com/ Slack   https://www.a4l.org/default.aspx    https://clever.com/    BEC...
risky.biz

Risky Biz Soap Box: VPNs are out, identity-aware proxies are in

In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness. Akamai isn’t the...
Defensive Security Podcast

Defensive Security Podcast Episode 248

Be well, be safe, take care of yourselves, and take care of others (from an appropriate distance). https://www.businessinsider.com/coronavirus-apple-secrecy-work-from-home-difficult-2020-3 https://www.csoonline.com/article/3531963/8-key-security-considerations-for-protecting-remote-workers.html https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/
Reduce Cyber Risk

RCR 088: CISSP Exam Questions for Parallel Testing – CISSP Training and Study

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his...
The CyberWire Podcast

Hidden dangers inside Windows and LINUX computers.

Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr,...
Security Weekly

Wash Your Hands! – ESW #177

This week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First...
The CyberWire Podcast

Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.

Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North...
Security Weekly

Maze Ransomware, DEER.IO, & Unacast – Wrap Up – SWN #22

This week, Doug White brings you the latest and greatest news across all of our shows on the network, as well as all of the hot topics this week! Doug discusses Zoombombing, Russian Hackers, Zuck turns over the controls...

Weekly Update 184

Running “Hack Yourself First” Online; Our First Online “Cyber-Broken”; Coding for Kids With Ari; The USA Government Using Have I Been Pwned; Sponsored by Chroniclehttps://www.troyhunt.com/weekly-update-184/
SANS ISC

ISC StormCast for Friday, March 27th 2020

Very Large Sample as an Obfuscation Techniquehttps://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypasshttps://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
7 minute security

7MS #407: Four Fun Stay-at-Home Security Projects

In today's episode I share four fun stay-at-home security projects - three with a security focus and one centered around music. Let's gooooooooo! FoldingAtHome The Folding At Home project helps use your GPU/CPU cycles for COVID-19 research. ...

Huawei’s Worrying New China Problem Just Got Worse: Here’s Why

Huawei used its 2019 results to threaten retaliation against the U.S. But the company now has serious problems closer to home.

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...