Sunday, September 19, 2021
The CyberWire Podcast

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came...
The CyberWire Podcast

An IoT educational exercise reveals a far-reaching vulnerability. [Research Saturday]

Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability...

Weekly Update 261

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineNever a dull moment! Most important stuff this week is talking about next week, namely because Scott Helme and I will be dong...
The CyberWire Podcast

Patch that password manager. The hidden hand of the troll farm. Election meddling. Coin-mining’s costs, and a crackdown in China. If you really loved me, you’d speculate in Dogecoin….or something.

Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas....
Security Weekly

Playing Hanky Panky – PSW #710

This week, we kick off the show with an interview featuring Sinan Eren, VP of Zero Trust Access at Barracuda Networks, to discuss The State of Network Security in 2021! Then, we welcome Justin Collins from the People Empowerer...
Security Weekly

Infosec Training Advice & Soft Skills From Offensive Security – Wrap Up – SWN #150

Offensive Security expert Jeremy Miller walks us through his own career progression and training, revealing what it takes to be successful in infosec, especially the soft skills required. He comments on a recent article from TechRepublic entitled, "Don't forget...
Security Weekly

Not That Mysterious – ESW #242

This week, we welcome Tolga Kayas, Assistant Application Security Manager at Invicti Security, to discuss Web Asset Discovery in Application Security! Next up, we welcome back John Loucaides, VP Federal Technology at Eclypsium, to talk about The Device Security...
The CyberWire Podcast

A CSO's 9/11 Story: CSO Perspectives Bonus.

For the 20th anniversary of 9/11, Rick Howard, the Cyberwire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations...
SANS ISC

ISC StormCast for Friday, September 17th, 2021

Phishing 101: why depend on one suspicious message subject when

Face Off Part I with Sophie Zhang

A former data scientist at Facebook, Sophie Zhang was tasked with investigating “fake engagements” although instead, discovered global political manipulation and opposition haassment in 25 countries. She was fired from Facebook in September 2020, after declining a $64,000 severance...
The CyberWire Podcast

Election-season cyber incidents in Germany. South Africa works to recover from a ransomware attack on government networks. Cryptojacking botnet moves to Windows targets. Ransomware notes.

Denial-of-service at a German election agency, as Federal prosecutors investigate GhostWriter. More nation-states get into election meddling. South Africa works to recover from a ransomware attack against government networks. A cryptojacking...

SPONSOR: Blumira's Patrick Garrity

Blumira-  Per crunchbase:“Blumira's end-to-end platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and...

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
Security Weekly

Chocolate Bar Bounty – SCW #86

This week, we welcome Jim Henderson, Insider Threat Mitigation Training Course Instructor & Consultant at Insider Threat Defense Group, Inc., to discuss Insider Threats Overview - Going Beyond The Norm!   Show Notes: https://securityweekly.com/scw86 Visit https://www.securityweekly.com/scw for all the...
SANS ISC

ISC StormCast for Thursday, September 16th, 2021

Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers
Smashing Security

243: Breaking news, Apple zero-clicks, and bad blood

A Walmart press release says it's jumping aboard the cryptocurrency bus - but is it true? Theranos's Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect...
The CyberWire Podcast

No crackdown on ransomware from Moscow (at least so far). Cyber Partisans in Belarus. A long-running Chinese cyber campaign. Phishing and other cybercrime. Mercenaries.

That Russian crackdown on ransomware gangs people thought they were seeing? Hasn’t happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenka’s government in...
DtSR Podcast

Where to find DtSR on the Internet

Where can you find us on the Internet? Twitter: https://twitter.com/dtsr_podcast LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ YouTube: https://www.youtube.com/channel/UCeLgLsw08zJk-XczD7v38mw Thanks for following, and I hope to see you out there!

S3 Ep50: Two 0-days plus another 0-day plus a fast food bug

Apple patches two zero-day bugs. Microsoft patches one zero-day bug. A security researcher finds a fast-food bug (non-insect sort). And a touchpad user turns right into left, and vice versa. https://nakedsecurity.sophos.com/apple-products-vulnerable-to-forcedentry https://nakedsecurity.sophos.com/windows-zero-day-mshtml-attack https://news.sophos.com/big-office-bug-squashed-for-september-2021 https://nakedsecurity.sophos.com/serious-security-how-to-make-sure-you-dont-miss-bug-reports With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge...
7 minute security

7MS #485: Interview with Christopher Fielder

Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet soup terms (like SIEM, SOC, EDR/MDR/XDR, ML, AI and more!), optimizing your SOC...

How to Set Up a NAS to Securely Share Files

From file backups to movie streaming, network attached storage drives offer plenty of functions and features.
Security Affairs

The Biden administration plans to target exchanges supporting ransomware operations with sanctions

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...

Former US Intelligence Operatives Admit They Hacked for UAE

Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news.
Security Affairs

Expert discloses details and PoC code for Netgear Seventh Inferno bug

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...

A new app helps Iranians hide messages in plain sight

Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images) Amid ever-increasing government Internet control, surveillance, and censorship in...