Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the COVID-19...
62: Cam
Cam’s story is both a cautionary tale and inspirational at the same time. He’s been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars in damages with his attacks....
DtSR Episode 388 – The SIEM is Dead Long May It Live
Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged...
ISC StormCast for Tuesday, March 31st 2020
Crashing Windows Explorer Without a Clickhttps://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/ Zoom Privacy Policyhttps://blogs.harvard.edu/doc/2020/03/27/zoom/ Zoom
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgia’s voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance of...
Unsupervised Learning: No. 222
Who's hiring, freezing, and laying off, models predict 100-200K US deaths, April distancing, Adversarial Capital, Booz Russia, Google State Phishes, Worker Monitoring, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Support the show.
Staying Secure When Working From Home
In episode 114 for March 30th 2020: Co-host Tom Eston is joined with frequent guest Kevin Johnson to discuss how to stay more secure when working from home. If you find yourself working from home because of COVID-19 this...
ISC StormCast for Monday, March 30th 2020
Covid19 Domain Classifierhttps://isc.sans.edu/covidclassifier.htmlhttps://www.youtube.com/watch?v=yNIlyJ3gI-4 Attackers Mail Malicious USB Drives and Teddy
Episode 189 – Video game hackers – speedrunning
Josh and Kurt talk about video games and hacking. Specifically how speed runners are really just video game hackers. Show Notes Developer speedrun commentary Super Mario World end credits glitch explained Mario 3 RCE Breath of the Wild speedrun Super...
2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks
April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District OpSecEdu - https://www.opsecedu.com/ Slack https://www.a4l.org/default.aspx https://clever.com/ BEC...
Risky Biz Soap Box: VPNs are out, identity-aware proxies are in
In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness.
Akamai isn’t the...
Defensive Security Podcast Episode 248
Be well, be safe, take care of yourselves, and take care of others (from an appropriate distance).
https://www.businessinsider.com/coronavirus-apple-secrecy-work-from-home-difficult-2020-3
https://www.csoonline.com/article/3531963/8-key-security-considerations-for-protecting-remote-workers.html
https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/
RCR 088: CISSP Exam Questions for Parallel Testing – CISSP Training and Study
Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career. Shon utilizes his expansive knowledge while providing superior training from his...
Hidden dangers inside Windows and LINUX computers.
Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr,...
Wash Your Hands! – ESW #177
This week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First...
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North...
Maze Ransomware, DEER.IO, & Unacast – Wrap Up – SWN #22
This week, Doug White brings you the latest and greatest news across all of our shows on the network, as well as all of the hot topics this week! Doug discusses Zoombombing, Russian Hackers, Zuck turns over the controls...
Weekly Update 184
Running “Hack Yourself First” Online; Our First Online “Cyber-Broken”; Coding for Kids With Ari; The USA Government Using Have I Been Pwned; Sponsored by Chroniclehttps://www.troyhunt.com/weekly-update-184/
ISC StormCast for Friday, March 27th 2020
Very Large Sample as an Obfuscation Techniquehttps://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/ iOS VPN Bypasshttps://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
7MS #407: Four Fun Stay-at-Home Security Projects
In today's episode I share four fun stay-at-home security projects - three with a security focus and one centered around music. Let's gooooooooo!
FoldingAtHome
The Folding At Home project helps use your GPU/CPU cycles for COVID-19 research. ...
Huawei’s Worrying New China Problem Just Got Worse: Here’s Why
Huawei used its 2019 results to threaten retaliation against the U.S. But the company now has serious problems closer to home.
Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC
Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.
Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
OpenWRT is vulnerable to attacks that execute malicious code
Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
