Saturday, November 17, 2018
Security Weekly

PCI Piñata – Paul’s Security Weekly #583

This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR...
The CyberWire Podcast

Doubling down on Cobalt Group activity — Research Saturday

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings.  The research can be found here: https://asert.arbornetworks.com/double-the-infection-double-the-fun/...

Ep. 009 – Competitive hacking, threat report and crazy tweets!

In the Naked Security Podcast this week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. With Anna Brading, Paul Ducklin and Mark Stockley. (Music: purple-planet.com)
The CyberWire Podcast

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes...

Weekly Update 113

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Bit of a change of scenery this week; I've gone to the other end of the house whilst...
SANS ISC

ISC StormCast for Friday, November 16th 2018

Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/Crypto Miners Abusing Insecure Docker
DtSR Podcast

DtSR Episode 322 – The Ethics of Cyber Security Panel

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly. Highlights from...
The CyberWire Podcast

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter,...
Security Weekly

A Picture of the World – Enterprise Security Weekly #115

This week, Paul and Matt Alderman interview James Wickett, Head of Research at Signal Sciences! James talks about how security is moving to the application space and web applications! In the Enterprise News this week, AlgoSec delivers Native Cloud...
Darknet Diaries

Ep 26: IRS

The IRS processes $3 trillion dollars a year. A lot of criminals want to get a piece of that. In 2015 the IRS had a large data breach. Hundreds of thousands of tax records were leaked. What happened and...
SANS ISC

ISC StormCast for Thursday, November 15th 2018

Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
Smashing Security

104: The world’s most evil phishing test, and cyborgs in the workplace

Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again...? Oh, and the subject of erasable...
7 minute security

7MS #336: How to Succeed in Business Without Really Crying – Part 6

Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to run 7 Minute...
The CyberWire Podcast

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita...
Security Weekly

Boston Accent – Application Security Weekly #39

This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security...
Security Now

SN 689: Self-Decrypting Drives

Last month's Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that's making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare's release of a very cool...
SANS ISC

ISC StormCast for Wednesday, November 14th 2018

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/Adobe Security Bulletins https://helpx.adobe.com/security.html
The CyberWire Podcast

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account...
Security Weekly

Hack Naked News #196 – November 13, 2018

Vulnerabilities in SSD Encryption, Bypassing Windows UAC, Botnet Pwns over 100,00 routers w/ ancient security flaw, Google hit with IP Hijack, and 1 thing you can do to make your internet safer and faster! Jason Wood from Paladin Security...

Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains

An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.