PCI Piñata – Paul’s Security Weekly #583
This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR...
Doubling down on Cobalt Group activity — Research Saturday
The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. The research can be found here: https://asert.arbornetworks.com/double-the-infection-double-the-fun/...
Ep. 009 – Competitive hacking, threat report and crazy tweets!
In the Naked Security Podcast this week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. With Anna Brading, Paul Ducklin and Mark Stockley. (Music: purple-planet.com)
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes...
Weekly Update 113
Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Bit of a change of scenery this week; I've gone to the other end of the house whilst...
ISC StormCast for Friday, November 16th 2018
Emotet Spreading IcedID Banking Malware https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/Crypto Miners Abusing Insecure Docker
DtSR Episode 322 – The Ethics of Cyber Security Panel
This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly. Highlights from...
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter,...
A Picture of the World – Enterprise Security Weekly #115
This week, Paul and Matt Alderman interview James Wickett, Head of Research at Signal Sciences! James talks about how security is moving to the application space and web applications! In the Enterprise News this week, AlgoSec delivers Native Cloud...
Ep 26: IRS
The IRS processes $3 trillion dollars a year. A lot of criminals want to get a piece of that. In 2015 the IRS had a large data breach. Hundreds of thousands of tax records were leaked. What happened and...
ISC StormCast for Thursday, November 15th 2018
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
104: The world’s most evil phishing test, and cyborgs in the workplace
Does your employer want to turn you into a cyborg? Was this phishing test devised by an evil genius? And how did a cinema chain get scammed out of millions, time and time again...?
Oh, and the subject of erasable...
7MS #336: How to Succeed in Business Without Really Crying – Part 6
Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to run 7 Minute...
When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.
In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita...
Boston Accent – Application Security Weekly #39
This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security...
SN 689: Self-Decrypting Drives
Last month's Patch Tuesday, this monthA GDPR-inspired lawsuit filed by Privacy InternationalCheck these two router ports to protect against a new botnet that's making the roundsAnother irresponsibly disclosed zero-day, this time in Virtual BoxCloudFlare's release of a very cool...
ISC StormCast for Wednesday, November 14th 2018
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/Adobe Security Bulletins https://helpx.adobe.com/security.html
GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.
In today’s podcast, we hear that Finland is investigating GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account...
Hack Naked News #196 – November 13, 2018
Vulnerabilities in SSD Encryption, Bypassing Windows UAC, Botnet Pwns over 100,00 routers w/ ancient security flaw, Google hit with IP Hijack, and 1 thing you can do to make your internet safer and faster! Jason Wood from Paladin Security...
Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains
An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
