Wednesday, April 21, 2021
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2021-014-Slipstreaming blocked by Chrome, Slack being used for malware, plus dork and deskjockeys!

Chrome Blocks Port 10080 to Prevent Slipstreaming Hacks - E Hacking News - Latest Hacker News and IT Security News https://www.reddit.com/r/netsec/comments/jlu3cf/nat_slipstreaming/   Samy Kamkar - NAT Slipstreaming v2.0 Slack and Discord are Being Hijacked...

2021-013-Liana_McCrea-Garrison_Yap-cecil_hotel, Elisa_Lam-physical_security-part2

Reparations.tech *Public Safety Coordinators-Field Operations (Road Incidents)-Specialized Buildings (The Library, Medical Facilities, CCR)*Public Safety OfficersA. Discuss Training-SOP Creation *SOPs are very custom and dependent on the organization. There are no “NIST” standards.   *Think on your feet, many...

2021-012-physical security discussion with @geecheethreat and @garrisony75 -pt1

Bios for guests   Reparations.tech *Public Safety Coordinators -Field Operations (Road Incidents) -Specialized Buildings (The Library, Medical Facilities, CCR) *Public Safety Officers A. Discuss Training -SOP Creation *SOPs are very custom and dependent on the...

2021-010- Dr. Catherine J Ullman, the art of communication in an Incident – Part 2

In this episode: knowing your audience - discussing the IR impact how did this happen? how deep do you want to tailor your potential discussion? Every level must be asking "what, when, why, how?", not just those in the...

2021-010- Dr. Catherine J Ullman, the art of communication in an Incident – Part 1

Dr. Catherine J. Ullman (@investigatorchi)   Incident Response communications   Reminders: Patreon Jeff T. just became a $2 patron! Accepted to CircleCityCon on IR communications! Bsides Rochester Security B-Sides Rochester   Spoke at SeaSec meetups: ...

2021-009-Jasmine_Jackson-TheFluffy007-analyzing_android_apps-FRida-Part2

@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade...

2021-008-Jasmine jackson – TheFluffy007, Bio and background, Android App analysis – part 1

@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade...

2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion

Links to discussed items: Yandex Employee Caught Selling Access to Users' Email Inboxes (thehackernews.com) Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple | Threatpost Google pitches security standards for 'critical' open-source projects | SC...

2021-006-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh – part2

Ronnie Watson (@secopsgeek) Youtube: watson infosec - YouTube watsoninfosec (Watsoninfosec) · GitHub   Feel free to add anything you like Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)   GitHub -...

2021-005-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh

Ronnie Watson (@secopsgeek) Youtube: watson infosec - YouTube watsoninfosec (Watsoninfosec) · GitHub Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)   GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based...

2021-004-Danny Akacki talks about Mergers and Acquisitions – Part 2

Discussion on Mergers and acquisitions processes On being acquired, but also if you’re acquiring a company Best Practices Best Practices of Mergers and Acquisitions (workforce.com) Best Practices In Merger Integration - Institute for Mergers, Acquisitions and Alliances...

2021-003- Danny Akacki, open communications, mergers&acquistions

Discussion on Mergers and acquisitions processes On being acquired, but also if you’re acquiring a company Best Practices Best Practices of Mergers and Acquisitions (workforce.com)   Best Practices In Merger Integration - Institute for Mergers, Acquisitions and...

2020-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin

  Secure RPC issue -  Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center How to manage the changes in Netlogon...

2021-001-news, youtuber 'dream' doxxed, solarwind passwords bruteforced, malware attacks

Dream Doxxed: Minecraft YouTuber Dream Doxxed Following Speedrun Controversy (screenrant.com) Def Noodles on Twitter: "STANS TAKING IT TOO FAR: Dream doxed after posting a picture of his kitchen on his 2nd Twitter account. Dream has not published...

2020-046-solarwinds-fireeye-breaches-GE-medical-device-issues-and-2021_predictions

End of year podcast   Blumeria sponsorship NEWS:   IT company SolarWinds says it may have been hit in 'highly sophisticated' hack | Reuters   FireEye hacked: US cybersecurity firm FireEye hit by 'state-sponsored' attack -...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
The Hacker News

3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...