ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts
SN 848: XSinator – NSS Has a Bug, Botnet on the Blockchain, HP's Vulnerable Printers, Microsoft Edge Relief
Picture of the Week.
Tavis finds a bad bug in NSS.
Cheap Smartwatches for kids and babies?
Additional VPN vendors just say no to Roskomnadzor!
Windows 11 loosens its grip on Edge.
RTF Templates being used to inject malicious content.
A Malicious Botnet uses the...
Risky Business #648 — Adios, 2021, it's been real
On this week’s show Patrick Gray and Adam Boileau discuss the...
The Russo-US summit is expected to take up tension over Ukraine and tensions in cyberspace. Microsoft disrupts APT15. Google disrupts Glupteba. Satoshi Nakamoto is…out there still?
Notes on today’s Russo-America summit. Microsoft seizes websites used by the Chinese threat actor Nickel. Google takes technical and legal action against a Russian botnet. Ben Yelin unpacks Australia’s aim to...
DtSR Episode 478 – Beyond Buzzwords: XDR
Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we...
106: @Tennessee
How much online abuse are you willing to take before you decide to let your abuser have what they want? Unfortunately, this is a decision that many people have to ask...
ISC StormCast for Tuesday, December 7th, 2021
The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends
Hot wallets hacked. Pegasus found in US State Department personnel’s phones. Cozy Bear update. Cybersecurity on the Russo-US summit agenda. US Cyber Command says it’s imposing costs.
Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Group’s...
News & Analysis | No. 310
The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…
Web Version: https://danielmiessler.com/podcast/news-analysis-no-310/Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn
Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website...
ISC StormCast for Monday, December 6th, 2021
The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap
Episode 300 – Apple vs NSO: What can copyright do for you?
Josh and Kurt talk about Apple suing NSA using a copyright claim as their vehicle. Copyright is often used as a reason to bring lawsuits, even when it doesn't always make sense. Copyright has been used by open source to expand rights,...
Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as...
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats,...
Weekly Update 272
Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineCheck out that lighting! The Elgato Key Lights have made a massive difference and they're easily controlled via their Stream Deck or the...
Getting in and getting out with SnapMC. [Research Saturday]
Guest Christo Butcher of NCC Group's Research and Intelligence Fusion Team discusses their research into a cybercriminal group they dubbed SnapMC. Forget ransomware, too expensive and too much hassle. Randomly enter...
Espionage phishbait in South and Southwest Asia. A utility recovers from a cyber incident. GAO tells the US Congress cyber strategy is wanting. Investigations, Moscow and Missouri style.
SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO...
IoT Standards, NginRAT, AT&T Botnet, & Bad Wifi Routers – Wrap Up – SWN #172
This week in the Security Weekly News Wrap Up Dr. Doug talks: Ben Dorsey, NginRat, AT&T, Decryption, IoT, and Bad WIFI Routers! All this and Dr. Doug's favorite threat of the week, & the show wrap ups for this...
The Human Element – ESW #252
In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer...
Alien Invasion with Sherri Davidoff
The US government and military have recently confirmed investigations and sightings of UFOs, reigniting the phenomenon of aliens among us. Ironically, an unidentified spaceship descends into BarCode, and official contact is made.Sherri Davidoff is the CEO of LMG Security...
Virgin Media fined £50,000 after spamming 451,000 who didn’t want marketing emails
Data watchdog shows it's keeping its PECR up British telco Virgin Media is facing a £50k financial penalty after spamming more than 400,000 opted-out customers urging them to sign back up to receive marketing bumf.…
Canadian Man Faces Charges in Canada, U.S. for Ransomware Attacks
A Canadian national is facing cybercrime-related charges in the United States and Canada, with authorities saying that he was involved in ransomware attacks.
read more
Cybersecurity: Organizations face key obstacles in adopting zero trust
Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.
5 Tips to Stay on the Offensive and Safeguard Your Attack Surface
New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
