Wednesday, December 8, 2021

ISC StormCast for Wednesday, December 8th, 2021

Webshells, Webshells everywhere! AWS Outage Misconfigured Kafdrop Puts
Security Now

SN 848: XSinator – NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief

Picture of the Week. Tavis finds a bad bug in NSS. Cheap Smartwatches for kids and babies? Additional VPN vendors just say no to Roskomnadzor! Windows 11 loosens its grip on Edge. RTF Templates being used to inject malicious content. A Malicious Botnet uses the...

Risky Business #648 — Adios, 2021, it's been real

On this week’s show Patrick Gray and Adam Boileau discuss the...
The CyberWire Podcast

The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is…out there still?

Notes on today’s Russo-America summit. Microsoft seizes websites used by the Chinese threat actor Nickel. Google takes technical and legal action against a Russian botnet. Ben Yelin unpacks Australia’s aim to...
DtSR Podcast

DtSR Episode 478 – Beyond Buzzwords: XDR

Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we...
Darknet Diaries

106: @Tennessee

How much online abuse are you willing to take before you decide to let your abuser have what they want? Unfortunately, this is a decision that many people have to ask...

ISC StormCast for Tuesday, December 7th, 2021

The Importance of Out of Band Networks Kaseya Unitrends
The CyberWire Podcast

Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.

Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Group’s...
Unsuperivsed Learning Podcast

News & Analysis | No. 310

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: the show: for privacy information.
The Shared Security Podcast

Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn

Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website...

ISC StormCast for Monday, December 6th, 2021

The UPX Packer will never die Survey of Airgap
Open Source Security Podcast

Episode 300 – Apple vs NSO: What can copyright do for you?

Josh and Kurt talk about Apple suing NSA using a copyright claim as their vehicle. Copyright is often used as a reason to bring lawsuits, even when it doesn't always make sense. Copyright has been used by open source to expand rights,...
The CyberWire Podcast

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as...
The CyberWire Podcast

Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]

It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats,...

Weekly Update 272

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineCheck out that lighting! The Elgato Key Lights have made a massive difference and they're easily controlled via their Stream Deck or the...
The CyberWire Podcast

Getting in and getting out with SnapMC. [Research Saturday]

Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. Forget ransomware, too expensive and too much hassle. Randomly enter...
The CyberWire Podcast

Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.

SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO...
Security Weekly

IoT Standards, NginRAT, AT&T Botnet, & Bad Wifi Routers – Wrap Up – SWN #172

This week in the Security Weekly News Wrap Up Dr. Doug talks: Ben Dorsey, NginRat, AT&T, Decryption, IoT, and Bad WIFI Routers! All this and Dr. Doug's favorite threat of the week, & the show wrap ups for this...
Security Weekly

The Human Element – ESW #252

In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer...

Alien Invasion with Sherri Davidoff

The US government and military have recently confirmed investigations and sightings of UFOs, reigniting the phenomenon of aliens among us. Ironically, an unidentified spaceship descends into BarCode, and official contact is made.Sherri Davidoff is the CEO of LMG Security...
The Register

Virgin Media fined £50,000 after spamming 451,000 who didn’t want marketing emails

Data watchdog shows it's keeping its PECR up British telco Virgin Media is facing a £50k financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf.…

Canadian Man Faces Charges in Canada, U.S. for Ransomware Attacks

A Canadian national is facing cybercrime-related charges in the United States and Canada, with authorities saying that he was involved in ransomware attacks. read more

Cybersecurity: Organizations face key obstacles in adopting zero trust

Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.

5 Tips to Stay on the Offensive and Safeguard Your Attack Surface

New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.