Saturday, June 25, 2022
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

jon-dimaggio-part2-threat intel-hacking back-analyzing malware

Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare)  Topics: discusses his book,  threat intel as a service,  why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften...

Jon DiMaggio_Art-of-cyberwarfare_hacking_back-insider-threat-messaging_P1

Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare)  Topics: discusses his book,  threat intel as a service,  why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften...

news, infosystir's talk at RSA, conti has an 'image' problem

  https://www.reuters.com/technology/tesla-cars-bluetooth-locks-vulnerable-hackers-researchers-2022-05-17/ https://portswigger.net/daily-swig/us-revises-policy-regarding-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-research https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic https://portswigger.net/daily-swig/chicago-public-schools-data-breach-blamed-on-ransomware-attack-on-supplier https://www.helpnetsecurity.com/2022/05/23/protect-kubernetes-cluster/ https://www.darkreading.com/application-security/malicious-package-python-repository-cobalt-strike-windows-macos-linux   https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/ https://www.darkreading.com/application-security/6-scary-tactics-used-in-mobile-app-attacks  

Mieng Lim, Ransomware actions, using insurance to offset risk, good IR/PR comms

Full VOD here (must subscribe to Twitch): https://www.twitch.tv/videos/1478955254   Mieng Lim, VP of Product at Digital Defense by HelpSystems Topic she will discuss: Outsmarting RaaS: Strategies to Implement Before, During, and After a Ransomware Attack Webinar:...

Mieng-Lim-Ransomware-Best-Practices-p1

Mieng Lim, VP of Product at Digital Defense by HelpSystems Topic she will discuss: Outsmarting RaaS: Strategies to Implement Before, During, and After a Ransomware Attack Webinar: https://www.digitaldefense.com/resources/videos/webinar-outsmarting-raas-strategies-against-ransomware-attacks/ https://www.digitaldefense.com/blog/infographic-the-latest-ransomware-facts/ https://www.digitaldefense.com/wp-content/uploads/2020/07/Digital-Defense-Inc.-Ransomware-Infographic-070621.jpg https://www.digitaldefense.com/blog/the-terrifying-truth-about-ransomware/ Prepared questions...

Mick Douglas on threat intel, customer worries about being hacked, and more

@bettersafetynet @infosystir @boettcherpwned @bryanbrake @brakeSec   Discord Invite! "please click OK to accept the Code of Conduct in the 'Rules-and-info' channel" https://discord.gg/jhzm4bK9 #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast Apple Podcasts: https://podcasts.apple.com/us/podcast/brakeing-down-security-podcast/id799131292 #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite...

news, famers affected by ransomware, protestware for the 3rd time, trusting opensource

https://www.cyberscoop.com/dhs-bug-bounty-122-vulnerabilities-27-critical-hackers/ https://securityaffairs.co/wordpress/130564/hacking/atlassian-jira-authentication-bypass-issue.html     https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html https://www.coalfire.com/the-coalfire-blog/research-reveals-cyber-risk-is-the-best-language https://www.securityweek.com/audio-codec-made-apple-introduced-serious-vulnerabilities-millions-android-phones https://www.cnet.com/tech/mobile/verizon-wireless-customers-report-outages-across-us/ https://www.infosecurity-magazine.com/news/fbi-warns-us-farmers-of-ransomware/ https://www.bleepingcomputer.com/news/security/3-reasons-connected-devices-are-more-vulnerable-than-ever/ https://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/ https://securityaffairs.co/wordpress/130497/security/cyber-insurance-global-riskenvironment.html https://securityaffairs.co/wordpress/130443/hacking/cisco-umbrella-default-ssh-key.html https://www.helpnetsecurity.com/2022/04/19/open-source-usage-trends/ https://gizmodo.com/cia-nsa-spies-tracked-anomaly-6-product-demo-1848830150 https://www.infosecurity-magazine.com/news/hackers-gain-admin-rights-with/ https://scottbarrykaufman.com/podcast/ Discord invite (must read and heed the Code of Conduct...

Mick Douglas discusses What2Log, and guidance in light of Okta incident

https://what2log.com/ https://twitch.tv/brakesec https://www.brakeingsecurity.com     @bettersafetynet @infosystir @boettcherpwned @bryanbrake @brakeSec

logging analysis, log correlation, and threat analysis dicussion continues – p2

https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned

Amanda and Bryan discusses log analysis, finding, IOCs, and what to do about them.

https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned

Shannon Noonan and Stacey Cameron – process automation -p2

Shannon Noonan and Stacey Cameron - QoS Consulting https://www.bizagi.com/en/blog/digital-process-automation/4-ways-to-deliver-change-management-for-process-automation https://www.forrester.com/blogs/the-new-change-management-automated-and-decentralized/   https://www.tibco.com/reference-center/what-is-process-automation   https://kissflow.com/workflow/workflow-automation/an-8-step-checklist-to-get-your-workflow-ready-for-automation/   https://www.malwarearchaeology.com/cheat-sheets   https://overapi.com/   https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes

Shannon Noonan and Tracey Cameron – process automation

https://www.twitch.tv/brakesec Youtube video (full version): https://www.youtube.com/watch?v=eRwYB22XMNw Shannon Noonan and Stacey Cameron - QoS Consulting https://www.bizagi.com/en/blog/digital-process-automation/4-ways-to-deliver-change-management-for-process-automation https://www.forrester.com/blogs/the-new-change-management-automated-and-decentralized/   https://www.tibco.com/reference-center/what-is-process-automation   https://kissflow.com/workflow/workflow-automation/an-8-step-checklist-to-get-your-workflow-ready-for-automation/   https://www.malwarearchaeology.com/cheat-sheets   https://overapi.com/   https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes

K12SIX-project-Doug_Levin-Eric_Lankford-threat_intel-edusec-p2

For context, we at the K12 Security Information Exchange (K12 SIX) are a relatively new K12-specific ISAC – launched to help protect the US K12 sector from emerging cybersecurity risk. One of our signature accomplishments in our first year...

K12SIX's Eric Lankford and Doug Levin on helping schools get added security -p1

The K12 Security Information Exchange (K12 SIX) are a relatively new K12-specific ISAC – launched to help protect the US K12 sector from emerging cybersecurity risk. One of our signature accomplishments in our first year was the development and...

April Wright and Alyssa Miller – IoT platforms, privacy and security, embracing standards

Alyssa Milller (@AlyssaM_InfoSec) April Wright (@Aprilwright)   Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.) Log4j and OSS software management and profitability Free as in...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
Security Affairs

Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware

Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to...
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...