Thursday, June 1, 2023
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

Bsides Seattle and Austin, SecureBoot patch, and more

BrakeSec Show Outline – No Guest   Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin ...

lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.

Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations...

3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence

Show Topic Summary (less than 300 words) 3CX supply chain attack, Mark Russinovich and Sysinternals, ransomware notifications from CISA, and emotional ...

Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?

Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like...

Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend

  Guest info Name and Title: Nickolas Means, VP of Engineering at SYM Email/Social...

SPECIAL INTERVIEW: John Aron and Jerod Brennen

BrakeSec Show Outline (all links valid as of 27 Jan 2023, subject to change)   Is it scheduled?  Yes || No|| Completed ...

Layoff discussions, another TMO breach, OneNote Malware, and more!

Lots of Layoffs (meta, Microsoft, Amazon, Sophos, Alphabet, Google) talk about the future effects of that, did it affect security? Attack surface management is risk management, Breaches and the TSA no-fly list leaked, and more!...

GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)

topics What were the biggest stories of 2022? Any notable trends that you saw https://acut3.github.io/bug-bounty/2023/01/03/fetch-diversion.html (fetch Diversion)...

Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2

Full stream video on Youtube: https://youtu.be/i1xpAfNFCvY John's Youtube channel, to find more training/contact information: https://www.youtube.com/channel/UC3ctyx980M8jLa_cEiQveLQ https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693

John Whalen, data visualization tools, risk management, handling org risk-p1

https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693  

Interview with Infrared – one of the Seattle Community Network organizers

https://youtu.be/iW39Mugj4OM  -Full stream video (interview starts at 28m22s)   Broadcasted live on Twitch -- Watch live at https://www.twitch.tv/brakesec Seattle Community Network - https://seattlecommunitynetwork.org/ https://medium.com/seattle-community-network/ 

JAMBOREE – an Android App testing platform from @operat0r -part2

introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy   Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA

JAMBOREE – an Android App testing platform from @operat0r

introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy   Check out the Youtube videos, including demo! Part 2 will be available soon! Part 1:  https://youtu.be/U5SFav9h1L4 

07-oct-news-twitch streaming

https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://medium.com/@johnblatt23/uber-hack-reveals-weakness-in-the-human-firewall-8b44a87d43b4 https://securityintelligence.com/articles/what-to-know-honda-key-fob-vulnerability/ https://www.theregister.com/2022/10/07/binance_hack_566m/ https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://www.bbc.com/news/business-58193396 https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting https://www.coindesk.com/business/2022/10/06/celsius-top-execs-cashed-out-17m-in-crypto-before-bankruptcy/ https://jpgormally.medium.com/cybersecurity-is-a-successfully-failure-9bcf92a1bc88 https://www.bitsight.com/blog/zero-50k-infections-pseudomanuscrypt-sinkholing-part-1  

Uber Breach, MFA fatigue, who can help communicate biz risk?

https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/ https://twitter.com/RachelTobac/status/1571542949606957057   Twitter: @boettcherpwned @infosystir @brakeSec @bryanbrake www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec  

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
The Register

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...