Wednesday, November 14, 2018
7 minute security

7MS #336: How to Succeed in Business Without Really Crying – Part 6

Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to run 7 Minute...
The CyberWire Podcast

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita...
Security Weekly

Boston Accent – Application Security Weekly #39

This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security...
Security Now

SN 689: Self-Decrypting Drives

Last month's Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that's making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare's release of a very cool...
SANS ISC

ISC StormCast for Wednesday, November 14th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/Adobe Security Bulletins https://helpx.adobe.com/security.html
The CyberWire Podcast

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account...
Security Weekly

Hack Naked News #196 – November 13, 2018

Vulnerabilities in SSD Encryption, Bypassing Windows UAC, Botnet Pwns over 100,00 routers w/ ancient security flaw, Google hit with IP Hijack, and 1 thing you can do to make your internet safer and faster! Jason Wood from Paladin Security...

Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains

An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.
Security Weekly

Crawl to the Office – Business Security Weekly #106

This week, Matt and Paul interview Dario Forte, Chief Executive Officer and Founder of DFLabs! Dario explains his journey to the position he is in now, DFLabs recent press release about Open Integration Framework, and what it allows people...
The CyberWire Podcast

Regulation in the U.S. — CyberWire X

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S.  Joining us are Dr. Christopher Pierson from...
SANS ISC

ISC StormCast for Tuesday, November 13th 2018

Google BGP Hijack via Russia https://twitter.com/thousandeyes/status/1062102171506765825 https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392Microcode Bootloader USB https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/Wordpress
Defensive Security Podcast

Defensive Security Podcast Episode 228

https://www.zdnet.com/article/this-is-how-artificial-intelligence-will-become-weaponized-in-future-cyberattacks/ https://www.securityinfowatch.com/article/12434583/everyone-needs-to-take-responsibility-for-cybersecurity-in-the-workplace https://www.zdnet.com/article/adobe-coldfusion-servers-under-attack-from-apt-group/ https://www.securityweek.com/troubled-waters-how-new-wave-cyber-attacks-targeting-maritime-trade https://securityaffairs.co/wordpress/77676/malware/industrial-facilities-malware.html

2018-039-Ian Coldwater, kubernetes, container security

Ian Coldwater- @IanColdwater  https://www.redteamsecure.com/ *new gig*   So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home?     https://kubernetes.io/docs/setup/minikube/   Kubernetes - up and running     ...
The Shared Security Podcast

Midterm Election Security, Gait Recognition Surveillance Technology, Caller ID Authentication – WB42

This is your Shared Security Weekly Blaze for November 12, 2018 with your host, Tom Eston. In this week’s episode: Midterm Election Security, Gait Recognition Surveillance Technology and Caller ID Authentication Silent Pocket is a proud sponsor of the Shared...
Open Source Security Podcast

Episode 122 – What will Apple’s T2 chip mean for the rest of us?

Josh and Kurt talk about Apple's new T2 security chip. It's not open source but we expect it to change the security landscape in the coming years.
SANS ISC

ISC StormCast for Monday, November 12th 2018

Cloudflare Releases Mobile Apps To Use 1.1.1.1 https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/Crypto Coin Miners
Security Weekly

A Million Voices – Paul’s Security Weekly #582

This week, we welcome Corin Imai, Senior Security Advisor for DomainTools! She joins Paul and the crew to talk about DNS, phishing tools, and tease what DomainTools has in store for 2019! In our Technical Segment, we welcome back...
The CyberWire Podcast

Establishing international norms in cyberspace — Research Saturday

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner...
The CyberWire Podcast

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more resilient...

Threatpost News Wrap Podcast for Nov. 9

The Threatpost editors break down the top news stories from this week.
ZDNet

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
SC Magazine

‘DarkGate’ password-stealer could open up world of hurt for Windows users

Windows users in Europe are the target of a sophisticated new malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed...
The Security Ledger

Survey Finds Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.  The post Survey Finds Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks...

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.