Hacking for Lazy People – Application Security Weekly #58
This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file...
Hack Naked News #215 – April 23, 2019
This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of...
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. It’s...
DtSR Episode 343 – The 31st Human Right
This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of Hu-manity.co. What's a human data ethicist, you ask? Listen to the podcast,...
Snake Oilers 9 part 1: The best Snake Oilers edition we’ve ever run
On this edition of Snake Oilers you’ll be hearing from three vendors offering what I believe to be excellent security technology. I haven’t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You’ll...
ISC StormCast for Tuesday, April 23rd 2019
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250 https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/Malware Senders Become Younger
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services’...
#067 – Fred Kneip: Compliance Does’t Equal Security
Fred Kneip is the CEO and Founder of CyberGRX. Since founding the company in 2015, Fred has led the creation of the world’s first global third-party cyber risk management (TPCRM) exchange. During his tenure at CyberGRX, Fred has been...
Microsoft Email Hacked, Instagram Nasty List Phishing Scam, Facebook Third-Party Data Deals
This is your Shared Security Weekly Blaze for April 22nd 2019 with your host, Tom Eston. In this week’s episode: Microsoft email services hacked, the Instagram “Nasty List” phishing scam, and Facebook’s attempted deals to sell your data.
Protect your...
ISC StormCast for Monday, April 22nd 2019
Analyzing UDF Files Using Python https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/HTML Ping To Be Adopted
2019-015-Kevin_johnson-incident_response_aftermath
Announcements: https://www.workshopcon.com/ SpecterOps (red Team operations) and Tim Tomes (PWAPT) Bsides Nashville https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html “We take security seriously and other trite statements“ Wordpress infrastructure (supply chain failure) WordPress plugin called Woocommerce was at...
Episode 142 – Hypothetical security: what if you find a USB flash drive?
Josh and Kurt talk about what one could do if you find a USB drive. The context is based on the story where the Secret Service was rumored to have plugged a malicious USB drive into a computer. The purpose of...
Undetectable vote manipulation in SwissPost e-voting system — Research Saturday
Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne,...
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Some observations on the Mueller Report, in particular its insight into what two specific GRU units were up to. (And some naming of DCLeaks and Guccifer 2.0 as GRU fronts.) Someone is doxing Iran’s OilRig cyberespionage group. A French...
7MS #359: Windows 10 Security Baselining
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!
In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping...
Weekly Update 135
Presently sponsored by: Twilio: Learn about why building your own 2FA solution is risky and expensive. Use our Authy API to add 2FA to your app in a matter of days.It's another episode with Scott Helme this week as...
ISC StormCast for Friday, April 19th 2019
Malware Delivered As a UDF .img file https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/Facebook Stored Passwords
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
The US Justice Department releases the redacted Mueller Report: investigators found no evidence sufficient to establish conspiracy or coordination between any US persons and the Russians over the 2016 campaign, but the Bears were busy. The Sea Turtle campaign...
Send Me Proof – Enterprise Security Weekly #133
This week, we interview Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop, to discuss "The Three Horsemen of SOC Intel"! In the news segment, Solarwinds to acquire Samanage for $350M, Tufin goes public, and Tenable releases Predictive Prioritization....
ISC StormCast for Thursday, April 18th 2019
DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.htmlBroadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/NamPoHyu
Stuxnet Family Tree Grows
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Another dark web marketplace bites the dust –Wall Street Market
Two major dark web marketplaces for buying illegal products shut down in the span of a month.
Google File Cabinet Plays Host to Malware Payloads
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
Demonstration Showcase Brings DevOps to Interop19
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
What Home Buying Can Teach Us About Continuous Monitoring
Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...
