Weekly Update 226
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
There Was Definitely Harm Done – PSW #680
This week, we welcome Ryan Noon, Co-Founder and CEO from Material Security, joins us first, to discuss Beyond Phishing Blockers: risks to email, phishing, and beyond! Next up, Jon Gorenflo, Founder & Principal Consultant of Fundamental Security LLC, to...
Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.
Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with...
7MS #450: DIY Pentest Dropbox Tips – part 4
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit SafePass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Hey friends! We're continuing...
Shut You Down – ESW #213
This week, in the Enterprise Security News, Beyond Security partners with Vicarius, Amazon’s Parler removal and what it means for cloud confidence, Kount sold to Equifax, McAfee vs Crowdstrike, Jumpcloud raises some funds, Red Hat Acquires StackRox, and SolarWinds...
ISC StormCast for Friday, January 15th, 2021
Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File
SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?
There are other things going on besides Solorigate and deplatforming. There’s news about the SideWinder threat actor and its interest in South Asian cyberespionage targets. Google’s Project Zero describes a complex...
S3 Ep15: Titan keys, hacked certs and Solarwinds
We explain how two French researchers hacked the Google Titan security key product (but why you don't need to panic), and dig into the Mimecast certificate compromise story to see what we can all learn from it.
https://nakedsecurity.sophos.com/google-titan-security-keys-hacked
With Kimberly Truong,...
How to Write Well
What I've learned over two decades of writing online, condensed into four simple rules.Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
News & Analysis | No. 263
Congressional System Integrity, FBI Egregor, Parler Dox, Clearview Spike, JetBrains Speculation, Chinese Finacial APTs, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
News & Analysis | No. 260
New Content, Sunburst Analysis, Shipping Alert Shipping, Malwarebytes RDP Ports, DJI Badlist, Sophos ReversingLabs Samples, Capella Space, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
News & Analysis | No. 262
Solarwinds Microsoft Source, Ticketmaster Fined, T-Mobile Breach Again, Zyxel Backdoor, Pollard Spy, Marines Prepping for China, Goldman Sachs White Ops, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for...
News & Analysis | No. 259
Recon/Attack Surface Management Analysis, The Pentester's BluePrint, Amazon's 10,000 Small Bets, Sunburst APT29 Hack, Data Dump on the CCP, Ransomware Makes Half of All Major Incidents, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly...
News & Analysis | No. 257
Amazon Curate (I Wish), Tesla Hack, IoT Security Bill, Iran Assassination, Robot Dogs, Drupal, TikTok Cartels, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
News & Analysis | No. 256
Reading & Meditation, Social Media & AI, Mudge Twitter, CCP Research, UK National Cyber Force, Facial Recognition of Police, Drupal Extensions, AWS Firewall, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Support the show:...
News & Analysis | No. 255
Tim Berners-Lee's Solid Idea, Police Looking Through Ring Cameras, Feinstein's Chinese Spy, Trump Banned 31 Chinese Companies, Microsoft on MFA, US Trolling Russian APT, Zoom Thanksgiving, Facbook Copying Snap, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations,...
ISC StormCast for Thursday, January 14th, 2021
Hancitor Activity Resumes After a Holiday Break https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/ Intel Hardware-Enabled
210: DC rioters ID'd, Energydots, and ransomware gets you in a pickle
Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation?
All this and much much more is discussed in the latest edition of the...
Massive Problems – SCW #58
This week, we welcome Jim McKee, Founder & CEO at Red Sky Alliance for an interview!We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep...
Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.
Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor. Notes on Patch Tuesday....
Joker's Stash, The Largest Carding Marketplace, Announces Shutdown
Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.
In a message board post on a Russian-language underground cybercrime forum, the operator of...
Iconic BugTraq security mailing list shuts down after 27 years
BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.
Weekly Update 226
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
FIN11 e-crime group shifted to CL0P ransomware and big game hunting
The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise.
“Several...
Joker's Stash, the internet's largest carding forum, is shutting down
Joker's Stash to shut down on February 15, 2021.
