Wednesday, April 24, 2019
Security Weekly

Hacking for Lazy People – Application Security Weekly #58

This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file...
Security Weekly

Hack Naked News #215 – April 23, 2019

This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of...
The CyberWire Podcast

ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.

ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. It’s...
DtSR Podcast

DtSR Episode 343 – The 31st Human Right

This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of Hu-manity.co. What's a human data ethicist, you ask? Listen to the podcast,...
risky.biz

Snake Oilers 9 part 1: The best Snake Oilers edition we’ve ever run

On this edition of Snake Oilers you’ll be hearing from three vendors offering what I believe to be excellent security technology. I haven’t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You’ll...
SANS ISC

ISC StormCast for Tuesday, April 23rd 2019

.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/Malware Senders Become Younger
The CyberWire Podcast

Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.

Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services’...
CyberSecurityInterviews

#067 – Fred Kneip: Compliance Does’t Equal Security

Fred Kneip is the CEO and Founder of CyberGRX. Since founding the company in 2015, Fred has led the creation of the world’s first global third-party cyber risk management (TPCRM) exchange. During his tenure at CyberGRX, Fred has been...
The Shared Security Podcast

Microsoft Email Hacked, Instagram Nasty List Phishing Scam, Facebook Third-Party Data Deals

This is your Shared Security Weekly Blaze for April 22nd 2019 with your host, Tom Eston. In this week’s episode: Microsoft email services hacked, the Instagram “Nasty List” phishing scam, and Facebook’s attempted deals to sell your data. Protect your...
SANS ISC

ISC StormCast for Monday, April 22nd 2019

Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/HTML Ping To Be Adopted

2019-015-Kevin_johnson-incident_response_aftermath

Announcements: https://www.workshopcon.com/     SpecterOps (red Team operations) and Tim Tomes (PWAPT)   Bsides Nashville   https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html   “We take security seriously and other trite statements“   Wordpress infrastructure (supply chain failure)     WordPress plugin called Woocommerce was at...
Open Source Security Podcast

Episode 142 – Hypothetical security: what if you find a USB flash drive?

Josh and Kurt talk about what one could do if you find a USB drive. The context is based on the story where the Secret Service was rumored to have plugged a malicious USB drive into a computer. The purpose of...
The CyberWire Podcast

Undetectable vote manipulation in SwissPost e-voting system — Research Saturday

Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes.  Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne,...
The CyberWire Podcast

Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.

Some observations on the Mueller Report, in particular its insight into what two specific GRU units were up to. (And some naming of DCLeaks and Guccifer 2.0 as GRU fronts.) Someone is doxing Iran’s OilRig cyberespionage group. A French...
7 minute security

7MS #359: Windows 10 Security Baselining

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping...

Weekly Update 135

Presently sponsored by: Twilio: Learn about why building your own 2FA solution is risky and expensive. Use our Authy API to add 2FA to your app in a matter of days.It's another episode with Scott Helme this week as...
SANS ISC

ISC StormCast for Friday, April 19th 2019

Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/Facebook Stored Passwords
The CyberWire Podcast

Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.

The US Justice Department releases the redacted Mueller Report: investigators found no evidence sufficient to establish conspiracy or coordination between any US persons and the Russians over the 2016 campaign, but the Bears were busy. The Sea Turtle campaign...
Security Weekly

Send Me Proof – Enterprise Security Weekly #133

This week, we interview Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop, to discuss "The Three Horsemen of SOC Intel"! In the news segment, Solarwinds to acquire Samanage for $350M, Tufin goes public, and Tenable releases Predictive Prioritization....
SANS ISC

ISC StormCast for Thursday, April 18th 2019

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.htmlBroadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/NamPoHyu

Stuxnet Family Tree Grows

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
ZDNet

Another dark web marketplace bites the dust –Wall Street Market

Two major dark web marketplaces for buying illegal products shut down in the span of a month.

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...