Bsides Seattle and Austin, SecureBoot patch, and more
BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin ...
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations...
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
Show Topic Summary (less than 300 words) 3CX supply chain attack, Mark Russinovich and Sysinternals, ransomware notifications from CISA, and emotional ...
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like...
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
Guest info Name and Title: Nickolas Means, VP of Engineering at SYM Email/Social...
SPECIAL INTERVIEW: John Aron and Jerod Brennen
BrakeSec Show Outline (all links valid as of 27 Jan 2023, subject to change) Is it scheduled? Yes || No|| Completed ...
Layoff discussions, another TMO breach, OneNote Malware, and more!
Lots of Layoffs (meta, Microsoft, Amazon, Sophos, Alphabet, Google) talk about the future effects of that, did it affect security? Attack surface management is risk management, Breaches and the TSA no-fly list leaked, and more!...
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
topics What were the biggest stories of 2022? Any notable trends that you saw https://acut3.github.io/bug-bounty/2023/01/03/fetch-diversion.html (fetch Diversion)...
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
Full stream video on Youtube: https://youtu.be/i1xpAfNFCvY John's Youtube channel, to find more training/contact information: https://www.youtube.com/channel/UC3ctyx980M8jLa_cEiQveLQ https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
John Whalen, data visualization tools, risk management, handling org risk-p1
https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
Interview with Infrared – one of the Seattle Community Network organizers
https://youtu.be/iW39Mugj4OM -Full stream video (interview starts at 28m22s) Broadcasted live on Twitch -- Watch live at https://www.twitch.tv/brakesec Seattle Community Network - https://seattlecommunitynetwork.org/ https://medium.com/seattle-community-network/
JAMBOREE – an Android App testing platform from @operat0r -part2
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA
JAMBOREE – an Android App testing platform from @operat0r
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part 2 will be available soon! Part 1: https://youtu.be/U5SFav9h1L4
07-oct-news-twitch streaming
https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://medium.com/@johnblatt23/uber-hack-reveals-weakness-in-the-human-firewall-8b44a87d43b4 https://securityintelligence.com/articles/what-to-know-honda-key-fob-vulnerability/ https://www.theregister.com/2022/10/07/binance_hack_566m/ https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://www.bbc.com/news/business-58193396 https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting https://www.coindesk.com/business/2022/10/06/celsius-top-execs-cashed-out-17m-in-crypto-before-bankruptcy/ https://jpgormally.medium.com/cybersecurity-is-a-successfully-failure-9bcf92a1bc88 https://www.bitsight.com/blog/zero-50k-infections-pseudomanuscrypt-sinkholing-part-1
Uber Breach, MFA fatigue, who can help communicate biz risk?
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/ https://twitter.com/RachelTobac/status/1571542949606957057 Twitter: @boettcherpwned @infosystir @brakeSec @bryanbrake www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec
2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords
https://nostarch.com/packetanalysis3 -- Excellent Book! You must buy it. DetSEC mention ShowMe Con panel and keynote SeaSec East standing room only. Crispin gave a great toalk about running as Standard user Bsides Cleveland - ...
2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs
https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...
BDIR-001: Credential stealing emails, How do you protect against it?
BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO Join us for Episode-001,...
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
