In Flames – Application Security Weekly #44
This week, Keith and Paul interview Harry Sverdlove, CTO and Founder of Edgewise! Harry joins us to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! In the Application Security News, Facebook...
DtSR Episode 327 – Experienced Security Leadership
This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a...
SN 694: The SQLite RCE Flaw
Rhode Island's response to Google's recent API flawSignal's response to Australia's anti-encryption legislationThe return of PewDiePieUS border agents retaining traveler's private dataThis Week in Android HijinksConfusion surrounding the Windows v5 releaseAnother Facebook API mistakeThe 8th annual most common passwords...
ISC StormCast for Wednesday, December 19th 2018
ASUS Vulnerabilities https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilitiesGIGABYTE Vulnerabilities https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitiesApple App Store Phishing https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receiptsKibana
Hack Naked News #201 – December 18, 2018
This week, when meme's attack, how Google's taking steps to secure Kubernetes, suggestions for last minute Holiday IT gifts, Twitter fixes bug that exposed data, and how WordPress was targeted with clever SEO Injection Malware! Ed Sattar from Quickstart...
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.
In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’....
Threat Modeling – A Disaster Story with Edwin Kwan
We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about...
2018-044: Mike Samuels discusses NodeJS hardening initiatives
Mike Samuels https://twitter.com/mvsamuel https://github.com/mikesamuel/attack-review-testbed https://nodejs-security-wg.slack.com/ Hardening NodeJS Speaking engagement talks: A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009 Achieving Secure Software through Redesign at...
The Mistake People Make – Business Security Weekly #111
This week, Matt and Paul interview Bob Ackerman, a legend in venture capital investing, and is referred to as one of "Cyber's Money Men". Bob is also the Founder and Managing Director of venture capital firm AllegisCyber! In the...
ISC StormCast for Tuesday, December 18th 2018
Password Protected ZIP with Maldoc https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/Memes Used as Covert Command
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian...
Nuggets of Learning – Paul’s Security Weekly #586
This week, how Taylor Swift used Facial Recognition to thwart stalkers, unlocking Android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, to Hell with it, just patch your stuff...
Equifax Data Breach Details Released, More Google+ API Bugs, Supermicro Strikes Back – WB47
Watch this episode on our YouTube channel!
This is your Shared Security Weekly Blaze for December 17th 2018 with your host, Tom Eston. In this week’s episode: Equifax data breach details released, more Google+ API bugs and Supermicro strikes back.
Silent Pocket...
ISC StormCast for Monday, December 17th 2018
Magellan Sqlite Vulnerability https://blade.tencent.com/magellan/index_en.htmlLogitech Options Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1663Intel NUC BIOS Protection
Episode 127 – Walled gardens, appstores, and more
Josh and Kurt talk about Mozilla pulling a paywall bypassing extension. We then turn our attention to talking about walled gardens. Are they good, are they bad? Something in the middle? There is a lot of prior art to draw on here,...
Episode 46 – Holiday Special – Storytime with Jayson E. Street
Continuing our storytime theme for the holidays, on this week’s show we have a special guest, Jayson E. Street! For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places. Jayson shares a...
Weekly Update 117
Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...
Ep 28: Unit 8200
Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode.This episode was sponsored by...
The Sony hack and the perils of attribution — Research Saturday
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when...
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible...
Vote for Blockchain [Voting]
While the internet has been around for nearly two decades, our society has failed to devise a reliable, fraud-proof way to implement a digital voting system. As it stands, our current election process is not particularly conducive to the...
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Why CXOs are leading the charge for AI-based security
While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.
Servers Can Be Bricked Remotely via BMC Attack
Hackers could remotely brick servers by launching firmware attacks that involve the Baseboard Management Controller (BMC), researchers at firmware security company Eclypsium have demonstrated.
read more
Threatpost Poll: Do You Hate Facebook?
Weigh in on Facebook and privacy in our short poll.
