Password Protected Word Documents Push AZORult and Hermes Ransomware https://isc.sans.edu/foru
nux IP Fragmentation DoS https://www.kb.cert.org/v
Shock! It appears Google can track the location of anyone using some of its apps on Android or iPhone even when they’ve told it not to.
Last month the crooks were throwing old passwords into their scams to make you sit up and take notice. Now it's phone numbers.
This simple setup will help you discover if your apps are listening in on you.
Researchers call the scenario BlackIoT: an IoT botnet of high-wattage devices that could crash the power grid.
Microsoft Patch Tuesday Summary https://isc.sans.edu/foru
/Oracle Database Patch http://www.oracle.com/tec
2149.htmlIntel Fixes Three More CPU Flaws https:// ...
This type of multinational ATM cashout could drain cash machines of millions within the span of hours.
This week, Keith is joined by Dr. Doug White to discuss Secure Coding Practices! In the news, Comcast security flaws, Facebook plans to partner with banks, hacker finds ‘God Mode’ in x86 CPU’s, bypassing CSP using polyglot JPEGs, and more on this ep ...
This week we cover lots of discoveries revealed during last week's Black Hat 2018 and DEF CON 26 Las Vegas security conferences. Among them, 47 vulnerabilities across 25 Android smartphones, Android "Disk-In-The-Middle&
quot; attacks, Google tracking when asked ...
This week, Las Vegas, Linux vulnerabilities, malicious faxes, Apple macOS vulnerabilities, and police body cams open to attack. We air a pre recorded interview with Matt Alderman and Torin Sandall from Styra at Black Hat 2018, and more on this episode of ...
A security researcher revisited an old bug of his that Apple had patched, made a blunder - and found the old bug was still there after all.
A popular brand of heart pacemaker is still vulnerable to compromise more than a year and a half after the company that makes them was told of weaknesses in its security, researchers have claimed.
A security researcher has revealed that police body cameras could put evidence - and even police officers themselves - at risk.
It took him less than 10 minutes to change election results on a replica of Florida's state website.
One scoop of "copy & paste to screw with the algorithm" between two slices of "limiting news feed posts to 25 friends". A baloney sandwich!
New Sextorition Wave Using Partial Phone Numbers New Extortion Tricks: Now Including Your (Partial) Phone Number!Intel Releases Patch for Puma Modem Chips https://www.dslreports.co
It might not come as a shock to you that we here at SEORG love Neil Fallon and Clutch. Having Neil out at DEF CON was an amazing experience. After 4 long days at DEF CON we hosted our annual live podcast for Episode 108. Join us as: Neil fixes Chris' ...
A researcher recently revealed how he found a bug that could have brought the fourth largest cryptocurrency to its knees – and how he was almost unable to report it.
Apple's working to keep iPhones from eavesdropping on us, through privacy policies, short buffer windows, local storage, and app review.
They allegedly hacked into phone accounts, convinced retailers they were who they weren't, and upgraded to shiny new gadgets for small fees.
IOActive’s researcher Ruben Santamarta is the sort of person anyone interested in computer security would probably enjoy sitting next to on a long flight. Take the journey he made last November between Madrid and Copenhagen on Norwegian during which (na ...
From the unpopular Windows 10 updates and the Snapchat source code leaked on GitHub to the 'unhackable' BitFi hardware that got hacked, and more!
VIA C3 "God Mode" https://github.com/xoreax
eaxeax/rosenbridgeApple MDM Vulnerablity https://www.wired.com/sto
nterprise/Peeking into MSG Files https://isc.sans.edu/foru
nting SSL/TLS ...
An inadvertently exposed login key could have spelled cybersecurity disaster for the Homebrew project, beloved of Mac developers everywhere.
It's one thing to discover a data leak, it's another to find out from a journalist that your website is leaking customer data.
Researchers unearthed an army of 150,000 robot Twitter accounts plying a cryptocurrency scam.
Facebook apologizes for animated confetti and balloons that appeared on "I'm safe" posts during the Lombok earthquake.
Vulnerabilities in Pacemaker Programmer and Insulin Pumps https://arstechnica.com/i
sy/"Panic Attacks" Against City Infrastructure https://www.bbc.com/news/ ...
G Suite admins will have the option of enabling alerts if Google suspects government-backed hacking attempts.
An FCC Office of Inspector General (OIG) report has found no evidence of DDoS attacks on the FCC's comments system.
DARPA's MediaFor project has come up with tools it says can spot AI-created fakes.
Fortnite for Android will sidestep Google Play and be an “off market” experience - is that good or bad? We discuss the issues...
Homebrew Exposed Github Credentials https://brew.sh/2018/08/0
osure/WhatsApp Vulnerability https://research.checkpoi
x Releases Tool To Detected Cloud Credential Compromise https://m ...
What just befell a "small" piece of SnapChat’s source code, and should users be concerned?
Facebook says to banks: tell us who your customers are, and we'll get them talking to you in Messenger.
For those tempted to delay migration away from Secure Sockets Layer (SSL)/early Transport Layer Security (TLS)—don’t wait! This includes all versions of SSL and version 1.0 of TLS (TLS v1.1 and newer are fine). For Payment Card Industry Data Security ...
A new study argues that bogging black hats down in fake flaws might be better approach to security.
This week, Keith and James Wickett interview Galen Hunt, Distinguished Engineer and Director at Microsoft! In the news, hackers automate the laundering of money via Clash of Clans, Epic Games sidesteps the Play Store with Fortnite for Android launch, the ...
Linux TCP DoS Vulnerability https://www.kb.cert.org/v
uls/id/962459Let's Encrypt Now Trusted By All Major Root CA Programs https://letsencrypt.org/2
ndroid Updates https://source.android.co
This week we discuss yet another new and diabolical router hack and attack, Reddit's discovery of SMS 2FA failure, WannaCry refuses to die, law enforcement's ample unused forensic resources, a new and very clever BGP-based attack, Windows 10 update dissat ...
Bitcoin and the Dark Web are familiar terms, but what are they and how do they help SamSam operate in plain sight?
Taiwan chipmaker TSMC is back up and running, and pinning the blame for its shutdown on an infection by WannaCry ransomware.
Is Mozilla’s enthusiasm for DNS-over-HTTPS getting out of hand?
Like it or not, the Play Store is a walled garden that keeps out malware.
This week, we air our pre-recorded interview with Eric Bednash, CEO of RackTop! In our second interview, Paul interviews Katie Stebbins, Research Associate Professor of Computer Science at UMASS! Full Show Notes: https://wiki.securityweek
Numeric Obfuscation https://isc.sans.edu/foru
/Crestron Touchscreen Vulnerability https://blog.securitycomp
f1a71a926a5Facebook Rele ...
Windows 10 is on track to be the most popular Microsoft OS but some security professionals aren't happy.
Police have arrested a man for blackmailing women through Facebook using digitally manipulated images of them.
Getting root access and patching firmware doesn't count as successful hacking, apparently.
Martin Gottesfeld set off DDoS attacks against hospitals in #opJustina, fled the country in a boat, and had to be rescued by a Disney ship.
From the routers turning into zombie cryptojackers and the prisoners exploiting a vulnerability to steal $225K to SamSam, the $6 million ransomware, and more!
New WPA Attack https://hashcat.net/forum
/thread-7717.htmlFake Techsupport Uses More Intelligent Call Routing https://www.symantec.com/
ptimizationHP Printer Updates https://support.hp.com/us
This week, Paul interviews Josh Abraham, Staff Engineer at Praetorian! In the Technical Segment, our very own Larry Pesce gives an introduction to FL2K! In the Security News, Microsoft Edge flaws, Ransomware attacks, Yale university data breaches, Reddit ...
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger, and Scot Berner Show Links ...
A patch was turned into an exploit and the exploit was turned into... why, CRYPTOCOINS, of course! Fortunately, there's an easy fix.
The DOJ says it's arrested three members of the highly professional Fin7 group.
A group of DNA collection and genealogy websites have agreed on new guidelines for handling sensitive genetic and family data.
Pegasus spyware is supposed to be used solely by governments, to enable them to invisibly track criminals and terrorists
Malware in Animated GIF Files https://isc.sans.edu/foru
ikroTik Miner Botnet https://www.trustwave.com
Reddit suffered a serious "security incident" in mid-June. This is what we know, and what you can do.
Drawing on new research we look at how best to defend your organisation against SamSam.
Facebook says it has removed 32 Pages and accounts from Facebook and Instagram for violating its policies.
Microsoft’s Edge browser has finally joined Mozilla Firefox and Google’s Chrome in supporting a working version of the emerging WebAuthn.
The app review deadline has come and gone and Facebook has now cut off API access to those apps that failed to submit.
This week, Paul is joined by Security Weekly’s very own Jeff Man, to talk about Evaluating Security Vendors at Trade shows! In the Enterprise News, Mimecast snaps up Solebit for $88 Million, NetSpectre attack could enable remote CPU exploitation, Oracle ...
Facebook Smishing Attack https://isc.sans.edu/foru
g+via+SMS/23940/Port 52869 UPNP Attacks https://isc.sans.edu/foru
42/Microsoft Im ...
Let’s say you run an operational environment and you’ve spent years figuring out how to keep your production processes and core, life-enabling systems running at high efficiency and efficacy. But now, your IT group wants to connect your production an ...
"Hi Daddy Love you," texted the daughter of one of the hacker's alleged victims. The reply: "TELL YOUR DAD TO GIVE US BITCOIN"
Malware has taken down systems in at least two Alaskan municipalities in an attack that officials say is the worst they have ever seen.
Millions of students' data is being sold after being harvested from college-planning questionnaires or surveys that come with the SAT or PSAT tests.
Mozilla’s Firefox browser doesn’t have site isolation security yet, but plans to enable it are in the works.
This week, Keith and Paul interview Jessica Rozhin, Security Engineer at Marqeta! In the news, New Spectre attack can remotely steal secrets, Microsoft discovers supply chain attack at unnamed maker of PDF Software, XSS filter in edge, and OWASP iGoat is ...
Powershell Inside Certificates https://blog.nviso.be/201
PEST is Back http://youtu.be/BpNP9b3aI
fY?aBig Star Labs Spyware https://adguard.com/en/bl
It's a toll free "Apple Care" number, meaning that in theory it shouldn't cost you a thing - so what's the harm in calling just in case?
This week we examine still another new Spectre processor speculation attack, we look at the new "Death Botnet", the security of the US DoD websites, lots of Google Chrome news, a push by the US Senate toward more security, the emergence and threat of clon ...
This week, hacking AOL style, DHS attempts to secure critical infrastructure, hacking for poison, ERP targeting, hacking 10,000 Wordpress sites, prisoners steal things, wiping your car and get paid to hack your printer. Ed Sattar from QuickStart joins us ...
New research reveals that SamSam ransomware has affected far more victims, and raised far more ransom, than previously thought.
One of three problems found in an audit: two-person access controls haven't been properly implemented at data centers and equipment rooms.
An investigation found that Braden River High football coaching staff got unauthorized access to rivals' practice and game video footage.
Researchers at EURECOM S3 Group found that they can extract crypto keys from a set of run-of-the-mill communications chips just by listening to the noise it makes.
Researchers have found a new variant of the Spectre CPU flaw that shows how attackers could steal data remotely without having to run malicious code on a local system.
Cryptojacking has hit the headlines in recent months. But what is it? And do you need to be worried?
This week, Paul is joined by Matt Alderman in the absence of Michael to talk about reducing the number of decisions that you have to make on any given day. In Tracking Security Innovation, we have updates from Tenable, Carbon Black, Sophos, and Imperva! F ...
;s Encrypt Outagehttps://letsencrypt
.status.ioMalvertising Campaign Insideshttps://research.c
On this week’s show we hear from Greg Shipley. Greg works at an initiative spun up by In-Q-Tel called Cyber Reboot. Its goal is to develop open source tools that can push things forward in security – things the private sector aren’t doing. He’ll ...
– JOIN TRUSTEDSEC and MARSH ON September 12th, 2018 AT 2:00 PM EDT – The automotive industry is experiencing a level of change and innovation not seen since the introduction of the passenger car. While this sector has traditionally been dominated by ...
364 of them hacked the JPay tablets they use for email, music and games and transferred money into their own accounts.
...so take down those 3,412 Facebook links, 20,244 Facebook posts, 242 YouTube videos, 6 Instagram links, and 562 tweets ... by court order.
Google has cracked down on apps that mine for cryptocurrency, banning them entirely from its official Google Play Store.
From why your website is officially no longer secure and Whatsapp limiting messaging forward after lynchings to your guide to what sysadmins really mean, and more!
Summary of Earchings in Recent Sextortion Attackhttps://isc.sans.ed
dware Distributed with Legitimate Applicationshttps://www.b
What you’re about to hear is a long form interview with Zane Lackey, a former pentester turned director of security engineering for Etsy turned co-founder and CSO of Signal Sciences. Signal Sciences can be broadly, kinda described as “next generation ...
This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug ...
You're a sysadmin and you're misunderstood, until now.
Google has increased its efforts to protect online accounts by releasing its own hardware-based security key.
Anybody with a common, free security tool could create a valid camera serial number and intercept somebody else's stream, researchers discover.
There's a bit of poetry in everyone, so we're asking you to write an amusing limerick to celebrate #SysAdminDay... how hard can it be?
It's 1337 times better than /dev/random, which means it will bring a smile to any sysadmin's face. (Warning: requires scissors.)
The US network of one of the world’s largest shipping companies, COSCO (China Ocean Shipping Company), has been hit by a disruptive ransomware attack.
Let's not wind up with another Windows XP mess, he said, noting that there's been no public guidance in spite of Flash's looming death date.