Wednesday, December 19, 2018
Security Weekly

In Flames – Application Security Weekly #44

This week, Keith and Paul interview Harry Sverdlove, CTO and Founder of Edgewise! Harry joins us to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! In the Application Security News, Facebook...
DtSR Podcast

DtSR Episode 327 – Experienced Security Leadership

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a...
Security Now

SN 694: The SQLite RCE Flaw

Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in Android HijinksConfusion surrounding the Windows v5 releaseAnother Facebook API mistakeThe 8th annual most common passwords...
SANS ISC

ISC StormCast for Wednesday, December 19th 2018

ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilitiesGIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitiesApple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receiptsKibana
Security Weekly

Hack Naked News #201 – December 18, 2018

This week, when meme's attack, how Google's taking steps to secure Kubernetes, suggestions for last minute Holiday IT gifts, Twitter fixes bug that exposed data, and how WordPress was targeted with clever SEO Injection Malware! Ed Sattar from Quickstart...
The CyberWire Podcast

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’....
OWASP Podcast

Threat Modeling – A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about...

2018-044: Mike Samuels discusses NodeJS hardening initiatives

Mike Samuels https://twitter.com/mvsamuel https://github.com/mikesamuel/attack-review-testbed https://nodejs-security-wg.slack.com/ Hardening NodeJS   Speaking engagement talks: A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009 Achieving Secure Software through Redesign at...
Security Weekly

The Mistake People Make – Business Security Weekly #111

This week, Matt and Paul interview Bob Ackerman, a legend in venture capital investing, and is referred to as one of "Cyber's Money Men". Bob is also the Founder and Managing Director of venture capital firm AllegisCyber! In the...
SANS ISC

ISC StormCast for Tuesday, December 18th 2018

Password Protected ZIP with Maldoc https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/Memes Used as Covert Command
The CyberWire Podcast

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian...
Security Weekly

Nuggets of Learning – Paul’s Security Weekly #586

This week, how Taylor Swift used Facial Recognition to thwart stalkers, unlocking Android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, to Hell with it, just patch your stuff...
The Shared Security Podcast

Equifax Data Breach Details Released, More Google+ API Bugs, Supermicro Strikes Back – WB47

Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 17th 2018 with your host, Tom Eston. In this week’s episode: Equifax data breach details released, more Google+ API bugs and Supermicro strikes back. Silent Pocket...
SANS ISC

ISC StormCast for Monday, December 17th 2018

Magellan Sqlite Vulnerability https://blade.tencent.com/magellan/index_en.htmlLogitech Options Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1663Intel NUC BIOS Protection
Open Source Security Podcast

Episode 127 – Walled gardens, appstores, and more

Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here,...
Purple Squad Security

Episode 46 – Holiday Special – Storytime with Jayson E. Street

Continuing our storytime theme for the holidays, on this week’s show we have a special guest, Jayson E. Street!  For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places.  Jayson shares a...

Weekly Update 117

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...
Darknet Diaries

Ep 28: Unit 8200

Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode.This episode was sponsored by...
The CyberWire Podcast

The Sony hack and the perils of attribution — Research Saturday

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when...
The CyberWire Podcast

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible...

Vote for Blockchain [Voting]

While the internet has been around for nearly two decades, our society has failed to devise a reliable, fraud-proof way to implement a digital voting system. As it stands, our current election process is not particularly conducive to the...

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
TechRepublic

Why CXOs are leading the charge for AI-based security

While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.
SecurityWeek

Servers Can Be Bricked Remotely via BMC Attack

Hackers could remotely brick servers by launching firmware attacks that involve the Baseboard Management Controller (BMC), researchers at firmware security company Eclypsium have demonstrated. read more

Threatpost Poll: Do You Hate Facebook?

Weigh in on Facebook and privacy in our short poll.