Thursday, July 19, 2018

Trends in malware – ransomware, cryptojacking, what next?

When it comes to learning about the latest trends in malware, there's no one we'd rather talk to than SophosLabs Principal Researcher Fraser Howard. Join us as Fraser explains how to "know your enemies" so you can fight them...

Shorts, Crocs, & Dress Socks – Enterprise Security Weekly #99

This week, Paul interviews John Moran, Senior Product Manager of DFLabs to talk about SOAR! Paul and John will then wrap up with the Enterprise News to give updates on McAfee, ThreatConnect, Optiv Security, CA Technologies, and more on...

2015-025-BsidesSPFD, threathunting, assessing risk

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...

ISC StormCast for Thursday, July 19th 2018

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/Oracle Quarterly Critical Patch

087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the...
The CyberWire Podcast

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch...

Don’t take fright – get web security right

No website is too small, and no website too big, that it is out of the reach of hacktivists, online vandals, bad actors and unreconstructed cybercrooks. So web security is vital - but how to get it right? Join us...

The World of History – Application Security Weekly #24

This week, Keith and Paul discuss AppSec Solutions is a DevOps World! In the news, Compromised JavaScript Package Caught Stealing npm Credentials, remote iOS bugs, a $39 device that can defeat iOS USB Restricted mode, Broadcom buys CA Technologies,...

ISC StormCast for Wednesday, July 18th 2018

Searching for Geographically Improbably Login Attempts https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/Typo3 CMS Update https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/GitHub

Risky Biz Soap Box: Cylance: Driving machine learning model development with threat research

There’s no weekly show this week, I’m on a beach somewhere tropical right now and I prepared this one so we’d have something to run while I’m away. The Soap Box is one of our wholly sponsored podcasts here...
The CyberWire Podcast

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found...

Welcome to the wonderful world of GDPR! Where next?

GDPR enforcement started in May 2018. Where next? Join Sophos Naked Security's Paul Ducklin and Vincent Vanbiervliet, Product Manager of Data Protection at Sophos, as they talk about how to turn security into a business asset - a value to...

Clean and Comfortable – Business Security Weekly #92

This week, Michael and Paul interview Mayank Varia, Research Associate Professor of Computer Science at Boston University! Mayank is also the co-director of BU's Center for Reliable Information Systems & Cyber Security. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode92   Visit...

DtSR Episode 305 – Security for the Mid-market

Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you,...

ISC StormCast for Tuesday, July 17th 2018

Encrypted SNI in TLS 1.3 https://tools.ietf.org/html/draft-rescorla-tls-esni-00Microsoft to Retire "Delta Updates"
The CyberWire Podcast

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments....

ISC StormCast for Monday, July 16th 2018

Processing JSON https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/Cryptocoin Mining Javascript (yet again) https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/Dahua Passwords Leaked/Cached

Episode 105 – More backdoors in open source

Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or...
The CyberWire Podcast

A new approach to mission critical systems — Research Saturday

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems. The CyberWire's Research Saturday is presented by...
The CyberWire Podcast

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

In today's podcast, we hear that Special Counsel Mueller has secured an indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine finds VPNFilter in a water treatment facility. Comment spam returns. Speculative execution issues. Mobile-device-management tool used against...

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.