Thursday, August 22, 2019
SANS ISC

ISC StormCast for Thursday, August 22nd 2019

KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/Attacks against Exposed
Smashing Security

142: Mercedes secret sensors, smart cities, and ransomware runs riot

Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the...
The CyberWire Podcast

China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.

China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account...

S2 Ep5 – Phishing, eavesdropping voice assistants and quick fire questions

This week on the Naked Security podcast we discuss whether big tech companies are spying on you and the latest phishing scams. Do you have a quesiton? Let us know and we’ll answer them next week. With Anna Brading, Ben Jones...
Security Weekly

No Spoilers – BSW #140

This week, we welcome Jessica Johnson and Amber Pedroncelli to discuss Hacker Halted and the Global CISO Forum! In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good,...
SANS ISC

ISC StormCast for Wednesday, August 21st 2019

Guildma Malware is Now Using Facebook and YouTube as Update
Security Now

SN 728: The KNOB is Broken

• Last Tuesday was another busy and important patch Tuesday• And speaking of Patch Tuesday... 3rd-Party A/V Strikes Again!• Kaspersky facilitates independent web tracking• So, what the heck is "CTF" ??• 23 Government agencies in Texas were hit with...
risky.biz

Risky Business #552 — Guest host Alex Stamos on all the week’s security news

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including: Confirmed: 30 companies affected by CapitalOne attacker China info-ops booted off Twitter, Facebook Real deal Bluetooth bugs Apple re-introduces kernel bug, jailbreaks...
The CyberWire Podcast

Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.

Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the “view as” bug. Vulnerabilities in Google’s Nest cams are patched. Instagram gets a data abuse...
Security Weekly

HNN #230 – August 20, 2019

This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and...
Security Weekly

The Dark Data – ASW #73

This week, in the Application Security News, HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS, Polaris...
DtSR Podcast

DtSR Episode 359 – Mind the Diversity Gap

This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time. Highlights from this week's show...
SANS ISC

ISC StormCast for Tuesday, August 20th 2019

iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2 https://github.com/pwn20wndstuff/Undecimus/releasesSHA2-Signed
Security Weekly

It Gets Really Hot! – PSW #616

This week, we welcome Tony Punturiero, Community Manager at Offensive Security, to talk about the journey of turning from a Blue Teamer to a Red Teamer, and kick starting an InfoSec community! In the Security News, BlackHat USA 2019...
The CyberWire Podcast

ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.

ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could...
CyberSecurityInterviews

#073 – Bernard Harguindeguy: Identity Is The Keystone

Bernard Harguindeguy is the Chief Technology Officer & General Manager Intelligence from Ping Identity. Bernard joined Ping in June 2018 through the acquisition of Elastic Beam, where he was the CEO and founder. His work at Elastic Beam revolutionized...
The Shared Security Podcast

Biometric Security Data Breach, Critical Windows Vulnerabilities, FBI Data Harvesting

You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 82 for August 19th 2019: The BioStar2 biometric security data breach, wormable vulnerabilities in Microsoft Windows,...
SANS ISC

ISC StormCast for Monday, August 19th 2019

Large Number of VoIP System Vulnerabilities Released https://www.sit.fraunhofer.de/en/cve/Confidential Company Documents
Unsuperivsed Learning Podcast

The Difference Between Data, Information, and Intelligence

The terms intelligence, information, and data are thrown around pretty loosely in most tech circles, and this inevitably leads to people confusing and/or conflating them. What follows is a simple explanation of how the related terms are different from...
Unsuperivsed Learning Podcast

Unsupervised Learning: No. 190

There are some seriously nasty Windows RDP bugs out there. If you have RDP facing the internet, make sure you're patched. And try to get to VPN as soon as possible. MoreA huge survey of firmware security has found...
SecurityWeek

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more
SecurityWeek

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
ZDNet

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.