Wednesday, June 19, 2019
DtSR Podcast

Deeper Into the Microsoft Security Ecosystem

Thank you to Microsoft for sponsoring this show, and our podcast over the years...   Highlights from this week's show include... Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today Rob gives us some context...
SANS ISC

ISC StormCast for Wednesday, June 19th 2019

Critical Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707Bitdefender Releases GandCrap Decryptor https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/Google Launches New
Security Now

SN 719: Exim Under Siege

• A new DRAM problem called "RAMBleed"• A bad Linux TCP SACK server kernel crashing flaw• Last week's patch Tuesday• A Bluetooth surprise• Another useless warning about the BlueKeep vulnerability• Microsoft misses a 90-day Tavis Ormandy deadline• Good news...
Security Weekly

Buzzword Bingo – Application Security Weekly #65

This week, we interview Shannon Lietz, the Director Information Security at Intuit, to talk about DevOps! In the Application Security News, there's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards...
The CyberWire Podcast

Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.

Investigation into Argentina’s power failure continues, with preliminary indications suggesting “operational and design errors were responsible for the outage. Russia reacts to reports that the US staged malware in its power grid. Iran says it stopped US cyberespionage. ISIS...
Unsuperivsed Learning Podcast

Unsupervised Learning: No. 182

The US is supposedly ramping up attacks against Russian power grid through the use of new cyberattack powers granted by Trump. I am happy to hear of this, but it's an example of where we as outsiders can only...

2019-023-Tanya Janca, Dev Slop, DevOps tools for free or cheap

Announcements: InfoSec Campout Conference (Eventbrite, social contract, etc): https://www.infoseccampout.com All Day Devops (https://www.alldaydevops.com) free talks online... Next conference starts 06 November 2019 ------ Tanya Janca (@shehackspurple) @wosectweets - Women of Security DevOps Tools for free/cheap.     They are...
SANS ISC

ISC StormCast for Tuesday, June 18th 2019

TCP SACK Panic DoS in Linux https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://tools.ietf.org/html/rfc879Logitech Pointer Recall
Security Weekly

Nerdy Love Fest – Paul’s Security Weekly #608

This week, we welcome Peter Smith, Founder and CEO of Edgewise, to talk about Edgewise's 1 Click Micro Segmentation! In the second segment, we welcome back Corey Thuen, Co-Founder and CEO of Gravwell, to talk about security analytics using...
The CyberWire Podcast

Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.

The New York Times reports that the US has staged malware in Russia’s power grid, presumably as deterrence against Russian cyberattacks against the US. South America has largely recovered from a large-scale power outage that seems, so far, to...
The Shared Security Podcast

US Customs and Border Protection Data Breach, Sign in with Apple, Leaked Facebook Emails

This is your Shared Security Weekly Blaze for June 17th 2019 with your host, Tom Eston. In this week’s episode: the US Customs and Border Protection data breach, the new sign in with Apple button, and more leaked Facebook...
SANS ISC

ISC StormCast for Monday, June 17th 2019

Whats App Phishing https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.htmlEncrypted EMail Phishing https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/Android Apps Link to
7 minute security

7MS #367: DIY Two-Hour Risk Assessment

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Hey! I'm on the road again - this time with a tale encompassing: How to conduct a mini risk assessment in...
7 minute security

7MS #366: Tales of Internal Pentest Pwnage – Part 3

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today's episode was recorded on the way to a new assessment, and since I had nothing but miles and time in...
Open Source Security Podcast

Episode 150 – Our ad funded dystopian present

Josh and Kurt talk about the future Chrome and ad blockers. There is a lot of nuance to unpack around this one. There are two versions of the Internet today. One with an ad blocker and one without. The Internet...
Defensive Security Podcast

Defensive Security Podcast Episode 236

Get well soon, Mr. Kalat!
Security Weekly

The New Perimeter – Enterprise Security Weekly #141

This week, we're joined by John Strand and Matt Alderman, to talk about how Rapid7 is integrating access to Insight Platform Applications, Ixia releases a new Scalable, modular packet broker, Sonatype's Nexus user conference to bring 2000 DevSecOps leaders...
The CyberWire Podcast

Apps on third-party Android store carry unwelcome code — Research Saturday

Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security research and operations and Zscaler, and he joins us to share their findings.  The original research...
risky.biz

Feature podcast: An interview with Jim Baker, former general counsel, FBI

This is the first edition of a new series of podcasts we’re doing here at Risky.Biz that will focus on cyber policy issues. The Hewlett Foundation approached us a while back to see if we’d be interested in doing...
The CyberWire Podcast

Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.

Xenotime is detected snooping around the North American power grid. Hacking groups exploit the Return of the Wizard vulnerability in Exim servers. Hearings on the extradition of WikiLeaks’ Julian Assange have begun. Online gamers are being chased with credential...

6 Security Tips That’ll Keep the Summer Fun

Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
TechRepublic

How AI-enhanced malware poses a threat to your organization

Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.
TechRepublic

Tech news roundup: HPE Discover 2019, Facebook’s Libra cryptocurrency, and Google Cloud’s debacle

This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.
SC Magazine

ACLU tells Ga. Supreme Court Fourth Amendment should apply to personal data stored by cars

Fourth Amendment protections should apply to personal data in a car’s Event Data Recorder, the American Civil Liberties Union (ACLU) will argue before the Georgia Supreme Court today. The state’s high court is hearing oral arguments in Mobley v. State, which challenges law...
PC Mag

Can Anything Protect Us From Deepfakes?

Along with fake news, forged videos have become a national security concern, especially as the 2020 presidential elections draw near. Researchers at the University of Surrey have developed a solution that might solve the problem.