security.didici.cc
Paul's Security Weekly #519 - Whiskey Tango Foxtrot
6 hours agoEric Conrad of SANS joins us, Justin Henderson reverse analyzes attacks for detection purposes, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode519 Visit https://www.securityweekl
y.com for all the latest ep ...
Episode 198 - Building a Security Strategy Part 1
14 hours agoEpisode 198 – Building a Security Strategy – Part 1 Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach… What is a Strategy? What’s the difference between a strategy and a policy? ...
Enterprise Security Weekly #50 - Losing More Hair
1 day agoBrian Ventura of SANS Institute and Ted Gary of Tenable join us. In the news, five ways to maximize your IT training, pocket-sized printing, 30 years of evasion techniques, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wi ...
ISC StormCast for Friday, June 23rd 2017
1 day agoObfuscating Without XOR https://isc.sans.edu/foru
ms/diary/Obfuscating+with
out+XOR/22544/Airbnb OAUTH Token Theft https://www.arneswinnen.n
et/2017/06/authentication
-bypass-on-airbnb-via-oau
th-tokens-theft/Critical Drupal Vulnerablity https://www.drupal.or ...
ISC StormCast for Thursday, June 22nd 2017
2 days agoNew Vulnerabilities Found in OpenVPN https://guidovranken.word
press.com/2017/06/21/the-
openvpn-post-audit-bug-bo
nanza/RAR Unpack Vulnerability Affects BitDefender https://bugs.chromium.org
/p/project-zero/issues/de
tail?id=1278&desc=6Ho
nda Plant Shuts Down ...
SN 617: When Governments React
3 days agoThis week we discuss France, Britain, Japan, Germany & Russia each veering around in their Crypto Crash Cars, Wikileaks' Vault7 reveals widespread CIA WiFi router penetration, why we can no longer travel with laptops, HP printer security insanity, how lon ...
ISC StormCast for Wednesday, June 21st 2017
3 days agoCisco Ships Private Key For drmlocal.cisco.com With Video Player https://groups.google.com
/forum/#!topic/mozilla.de
v.security.policy/T6emeoE
-lCUWindows Error Reporting: DFIR Benefits and Privacy Concernshttps://isc.sans.
edu/forums/diary/Windows+
Error+Repo ...
Hack Naked News #130 - June 20, 2017
3 days agoHacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old Linux bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News!Full Show Notes: ht ...
ISC StormCast for Tuesday, June 20th 2017
4 days agoStack Clash Vulnerability Affects Various Unix Based Operating Systems https://www.qualys.com/20
17/06/19/stack-clash/stac
k-clash.txtSeparation Of Duties / Malicious Administrators https://isc.sans.edu/foru
ms/diary/As+Your+Admin+Wa
lks+Out+the+Door/22530/Pr ...
ISC StormCast for Monday, June 19th 2017
5 days agoUptick in Port 83 Traffic https://isc.sans.edu/foru
ms/diary/What+is+going+on
+with+Port+83/22524/WINS DoS Vulnerability will not be fixed by Microsoft https://blog.fortinet.com
/2017/06/14/wins-server-r
emote-memory-corruption-v
ulnerability-in-microsoft
-wind ...
Paul's Security Weekly #518 - Floppy Lemons
1 week agoTrey Forgety of NENA joins us, Carrie Roberts of Black Hills Information Security shows us how to prevent blacklisting while password spraying with Burp and ProxyCannon, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly ...
Enterprise Security Weekly #49 - 7 Layers
1 week agoPaul and John discuss malware and endpoint defense. In the news, Carbon Black releases Cb Response 6.1, what to ask yourself before committing to a cybersecurity vendor, Malwarebytes replaces antivirus with endpoint protection, and more on this episode of ...
ISC StormCast for Friday, June 16th 2017
1 week agoWikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit https://wikileaks.org/vau
lt7/#Cherry%20BlossomMore DVR Vulnerabilities https://www.pentestpartne
rs.com/security-blog/what
-did-mirai-miss-making-a-
better-bigger-botnet/More Microsoft Wi ...
ISC StormCast for Thursday, June 15th 2017
1 week agoSystemd Odd Defaults https://isc.sans.edu/foru
ms/diary/Systemd+Could+Fa
llback+to+Google+DNS/2251
6/Voice over LTE Vulnerabilities https://www.sstic.org/med
ia/SSTIC2017/SSTIC-actes/
remote_geolocation_and_tr
acing_of_subscribers_usin
/SSTIC2017-Article-remote
_ ...
SN 616: Things Are Getting Worse
1 week agoThis week we discuss clever malware hiding its social media communications, the NSA documents the Russian election hacking two-factor authentication bypass, meanwhile, other Russian attackers leverage Google's own infrastructure to hide their spoofing, Ta ...
ISC StormCast for Wednesday, June 14th 2017
1 week agoMSFT June Patchday Fixes Remaining Known NSA Vulnerabilities https://isc.sans.edu/foru
ms/diary/Microsoft+and+Ad
obe+June+2017+Patch+Tuesd
ay+Two+Exploited+Vulnerab
ilities+Patched/22512/ North Korea Building DDoS Botnet https://www.us-cert.gov/n
cas/alerts/TA ...
Hack Naked News #129 - June 13, 2017
1 week agoHow to delete an entire company, GameStop suffers a breach, Macs do get viruses, Docker released LinuxKit, and more. Jason Wood of Paladin Security joins us to discuss the military beefing up their cybersecurity reserve on this episode of Hack Naked News! ...
ISC StormCast for Tuesday, June 13th 2017
1 week agoIndustropyer / CrashOverride Malware Analysis From Power System Attackshttps://www.welive
security.com/2017/06/12/i
ndustroyer-biggest-threat
-industrial-control-syste
ms-since-stuxnet/https://
dragos.com/blog/crashover
ride/CrashOverride-01.pdf
MacSpy Spyware A ...
Startup Security Weekly #43 - Never Stop Believing
1 week agoThe six secrets to starting smart, a startup’s guide to protecting trade secrets, knowing what your customers value, and more articles for discussion. In the news, updates from Netskope, Yubikey, CybelAngel, and more on this episode of Startup Security ...
Startup Security Weekly #44 - Selling Ice to an Eskimo
1 week agoTarun Desikan of Banyan joins us alongside guest host Matt Alderman. In the news, negotiation mistakes that are hurting your deals, hiring re-founders, updates from Hexadite, Amazon, Sqrrl, and more on this episode of Startup Security Weekly! Full Show No ...
Ep 094 - The Art of Charm Imitates Life
1 week agoJoin us this month with our long time friend, Jordan Harbinger. Jordan comes back to the SEPodcast to discuss a few important topics with us: How is marriage treating him? How has The Art of Charm changed over the years? How did he even start The Art o ...
ISC StormCast for Monday, June 12th 2017
1 week agoSAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78
674/sambacry-is-coming/In
tel's AMT Technology Used For Covert Channel https://blogs.technet.mic
rosoft.com/mmpc/2017/06/0
7/platinum-continues-to-e
volve-find-ways-to-mainta
in-i ...
Paul's Security Weekly #517 - Welcome To Reality
2 weeks agoGraham Cluley joins us, our friends at Javelin Networks explain how to defend against performing one-click domain admin attacks, and we discuss the latest information security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode517 Visit https:/ ...
Enterprise Security Weekly #48 - Making Everybody Mad
2 weeks agoPaul and John discuss building an internal penetration testing team. In the news, automating all the things, Juniper Networks opens a software-defined security ecosystem, millions of devices are running out-of-date systems, Duo and McAfee join forces, and ...
ISC StormCast for Friday, June 9th 2017
2 weeks agoCisco Prime Data Center Network Manager Vulnerabilities https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20170607-dcnm1 https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20170607-dcnm2Oracle Peopl ...
Episode 197 - After the Penetration Test
2 weeks agoEpisode 197 - After the Penetration Test We've kind of talked about how to choose your vendors, and we’ll get more into services soon, but we wanted to take some time to talk about penetration tests and especially what to do as they wrap up, how they ...
ISC StormCast for Thursday, June 8th 2017
2 weeks agoDeceptive Advertisements: What They Do And Where They Come From https://isc.sans.edu/foru
ms/diary/Deceptive+Advert
isements+What+they+do+and
+where+they+come+from/224
94/Instagram as Covert Channel https://www.welivesecurit
y.com/2017/06/06/turlas-w
atering-ho ...
Hack Naked News #128 - June 6, 2017
2 weeks agoExploiting Windows 10, mimicking Twitter users, vulnerabilities in new cars, security issues surrounding virtual personal assistants, and more. Jason Wood of Paladin Security joins us to discuss sniffing out spy tools with ridesharing cars on this episode ...
SN 615: Legacy's Long Tail
2 weeks agoThis week we discuss an embarrassing high-profile breach of an online identity company, an over-hyped problem found in Linux's sudo command, the frightening software used by the UK's Trident nuclear missile submarine launch platforms, how emerging nations ...
Risky Business #458 -- Reality Winner, Qatar hax and Internet regulation calls
2 weeks agoOn this week’s show we’re covering off all the big news of the week: the arrest of Reality Winner, the apparent hacks that have ratcheted up the political crisis in Qatar and the renewed calls for Internet companies to be more government-friendly. In ...
ISC StormCast for Wednesday, June 7th 2017
2 weeks agoFinding XOR Keys Part 2 https://isc.sans.edu/foru
ms/diary/Malware+and+XOR+
Part+2/22490/Instagram Stories Not Using TLS https://vvyper.com/2017/0
5/22/instagram-stories-ss
l/Printer "Dots" May Have Lead to Arrest of NSA Contractor http://blog.erratasec.com
/2 ...
ISC StormCast for Tuesday, June 6th 2017
2 weeks agoFinding XOR Keys Used To Encode Malware https://isc.sans.edu/foru
ms/diary/Malware+and+XOR+
Part+1/22486/Citywide IMSI Discovery https://seaglass.cs.washi
ngton.eduHijacking Country Level Domains https://thehackerblog.com
/the-journey-to-hijacking
-a-countrys- ...
Startup Security Weekly #42 - A Holistic Startup Approach
2 weeks agoMatt Alderman joins us. In the news, how startups can stand out, Honeywell launches a $100 million venture fund, why you should think twice about listening to business gurus, and more on this episode of Startup Security Weekly! Full Show Notes: https://wi ...
ISC StormCast for Monday, June 5th 2017
2 weeks agoPhishing Campaigns for Bitcoin https://isc.sans.edu/foru
ms/diary/Phishing+Campaig
ns+Follow+Trends/22482/Mo
useover May Trigger Powerpoint Macro https://www.dodgethissecu
rity.com/2017/06/02/new-p
owerpoint-mouseover-based
-downloader-analysis-resu
lts/Vault 7 ...
Paul's Security Weekly #516 - What's The Deal With Backups?
3 weeks agoDon Pezet of ITPro.TV joins us, Moses Hernandez of Cisco/SANS Institute delivers a tech segment on Node.js, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode516 Visit https://www.securityweekl
y.com for all t ...
Enterprise Security Weekly #47 - You Burn, You Learn
3 weeks agoCorey Bodzin of Tenable joins us. In the news, the power of exploits, Carbon Black’s open letter to Cylance, security measures increase due to ransomware attacks, and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.secur ...
ISC StormCast for Friday, June 2nd 2017
3 weeks agoSharing Private Data With Webcast Invitations https://isc.sans.edu/foru
ms/diary/Sharing+Private+
Data+with+Webcast+Invitat
ions/22478/onelogin breach https://www.onelogin.com/
blog/may-31-2017-security
-incidentGoogle AMP Phishing https://citizenlab.org/20
17/ ...
ISC StormCast for Thursday, June 1st 2017
3 weeks agoAnalysis of Competing Hypotheses, WCry and Lazarus https://isc.sans.edu/foru
ms/diary/Analysis+of+Comp
eting+Hypotheses+WCry+and
+Lazarus+ACH+part+2/22470
/Windows XP Not Stable Enough for WannaCry https://blog.kryptoslogic
.com/malware/2017/05/29/t
wo-weeks- ...
ISC StormCast for Wednesday, May 31st 2017
3 weeks agoFreeRADIUS Vulnerability https://isc.sans.edu/foru
ms/diary/FreeRadius+Authe
ntication+Bypass/22466/Mi
crosoft Malware Protection Engine Update http://seclists.org/micro
soft/2017/q2/8Chrome UI Bug May Allow Unnoticed Recording https:[email protected]
k/the- ...
SN 614: Vulnerabilities Galore!
3 weeks agoThis week we discuss a new non-eMail medium for spear phishing, Chipotle can't catch a break, social engineering WannaCry exploits on Android, video subtitling now able to take over our machines, a serious Android UI design flaw that Google appears to be ...
Risky Business #457 -- Shadow Brokers turn to ZCash, plus special guest John Safran
3 weeks agoOn this week’s show we’re taking a detour: This week’s feature interview has absolutely nothing to do with infosec. But it is related to the Internet. Sort of. If you squint a little. This week’s feature guest is John Safran. He’s been gracing ...
Hack Naked News #127 - May 30, 2017
3 weeks agoBugs found in pacemaker code, NTP is more secure, the most polite hackers ever, Microsoft is patching away, and more. Jason Wood of Paladin Security joins us to discuss government regulation on this episode of Hack Naked News! Full Show Notes: https://wik ...
ISC StormCast for Tuesday, May 30th 2017
3 weeks agoAnalysis of Competing Hypotheses https://isc.sans.edu/foru
ms/diary/Analysis+of+Comp
eting+Hypotheses+ACH+part
+1/22460/Microsoft Master File Table BSOD Exploit http://www.theregister.co
.uk/2017/05/29/microsoft_
master_file_table_bug_exp
loited_to_bsod_windows ...
Startup Security Weekly #41 - From a Startup Perspective
3 weeks agoDon Pezet and Tim Broom of ITPro.TV join us. In the news, starting up on the right foot, the key to growth, marketing automation, financial modeling, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweek
ly.com/SSW ...
Paul’s Security Weekly #515 - Crankin’ Out the Dubs
4 weeks agoDr. Branden R. Williams joins us, Almog Ohayon of Javelin Networks delivers part two of Javelin’s active directory series, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode515 Visit https://www.securitywee ...
Enterprise Security Weekly #46 - Sexy Cryptography
4 weeks agoAtif Ghauri of Herjavec Group joins us. In the news, stopping insider threats with machine learning, uncovering encrypted threats, end-user experience matters everywhere, and are too many SEIM alerts overwhelming your staff? All that and more in this epis ...
ISC StormCast for Friday, May 26th 2017
4 weeks agoSamba Remote Code Execution Vulnerability https://isc.sans.edu/foru
ms/diary/Critical+Vulnera
bility+in+Samba+from+350+
onwards/22452/Pacemaker Vulnerabilities http://blog.whitescope.io
/2017/05/understanding-pa
cemaker-systems.htmlPatch
ing May have Affected A ...
Episode 196 - WannaCry: Woulda, Coulda, Shoulda
1 month agoSFS Podcast - Episode 196 Wannacry: Woulda, Coulda, Shoulda First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/ The Lead-Up Threat Intelligence is A ...
ISC StormCast for Thursday, May 25th 2017
1 month agoJaff Ransomware Gets a Makeover https://isc.sans.edu/foru
ms/diary/Jaff+ransomware+
gets+a+makeover/22446/Ope
nVPN Access Server Vulnerability http://seclists.org/oss-s
ec/2017/q2/332Large Credential Dumps Used in Password Brute Forcing Attacks http://info.di ...
SN 613: WannaCry Aftermath
1 month agoThis week we examine a bunch of WannaCry follow-ups, including some new background, reports of abilities to decrypt drives, attacks on the Killswitch, and more. We also look at what the large StackOverflow site had to do to do HTTPS, the Wi-Fi security of ...
ISC StormCast for Wednesday, May 24th 2017
1 month agoMultiple Video Players are Vulnerable to Code Execution via Subtitle Files http://blog.checkpoint.co
m/2017/05/23/hacked-in-tr
anslation/Samsung Galaxy S8 Iris Scanner Bypass https://www.ccc.de/en/upd
ates/2017/iridenVerizon XSS Flaw in Web Messaging Applica ...
Risky Business #456 -- Your MSP *will* get you owned
1 month agoOn this week’s show Adam pops in to discuss the week’s news. (Links below) After the news segment Adam and Patrick both chat about topics near and dear to their hearts: Shoddy infosec marketing and shoddy MSP security. This week’s show is brought t ...
Hack Naked News #126 - May 23, 2017
1 month agoBooby-trapped subtitles, Netgear is recording your IP and MAC addresses, net neutrality is on the chopping block, and more. Jason Wood of Paladin Security joins us to explain why companies should hack back on this episode of Hack Naked News!Full Show Note ...
ISC StormCast for Tuesday, May 23rd 2017
1 month agoFake "Uber Disputes" Site Lures Victims With Valid TLS Certificate https://isc.sans.edu/foru
ms/diary/Investigating+Si
tes+After+They+are+Gone+A
nd+a+Case+of+Uber+Phishin
g+With+SSL/22440/Let'
;s Encrypt Outage http://letsencrypt.status
.io/pages/history/55957a9 ...
Startup Security Weekly #40 - I’m On a Roll
1 month agoHow to come up with worthy startup ideas, why your explainer video matters, and what does “Minimum Viable Product” actually mean, anyway? Paul and Michael give updates on their startup journeys and report on Karamba, Crowdstrike, Wandera, and more on ...
ISC StormCast for Monday, May 22nd 2017
1 month agoTyposquatting: A recent example and what to do with look alike domains https://isc.sans.edu/foru
ms/diary/Typosquatting+Aw
areness+and+Hunting/22436
/Netgear Collecting Analytics Data in Recent Update https://kb.netgear.com/00
0038663/What-router-analy
tics-da ...
Paul’s Security Weekly #514 - Sausage Asadoorian
1 month agoJoel Scambray of NCC Group joins us, we show you how to disable SMBv1, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode514Visit http://www.securityweekly
.com for all the latest episodes!
Enterprise Security Weekly #45 - The Memes Were Great
1 month agoApril Wright of Verizon Enterprise and Matt Ploessel of Markley Group join us to discuss vendor response to WannaCry. In the news, Identropy and Exabeam team up, five pitfalls to avoid during a CASB evaluation, FirstWave partners with Fortinet, and more i ...
ISC StormCast for Friday, May 19th 2017
1 month agoDiscovering Relevant CVEs with CVE Bot https://isc.sans.edu/foru
ms/diary/My+Little+CVE+Bo
t/22432/Probablility of Vulnerability Re-Discovery https://papers.ssrn.com/s
ol3/papers.cfm?abstract_i
d=2928758Wannakey May Recover WannaCry Keys https://github.com/ag ...
ISC StormCast for Thursday, May 18th 2017
1 month agoHandbreak Proton Malware Used to Steal Sourcecode https://panic.com/blog/st
olen-source-code/NIST Password Guidance Update https://isc.sans.edu/foru
ms/diary/Wait+What+We+don
t+have+to+change+password
s+every+90+days/22428/Exp
loiting XXE Vulnerabilities in Pe ...
Hack Naked News #125 - May 16, 2017
1 month agoNetflix blocks rooted devices, HP laptops are logging your keystrokes, Google Chrome is vulnerable, and more. Jason Wood of Paladin Security joins us to discuss a global tech support scheme on this episode of Hack Naked News! Full Show Notes: http://wiki ...
ISC StormCast for Wednesday, May 17th 2017
1 month agoDocusign Breach Leads to Increase in Phishing Email https://trust.docusign.co
m/en-us/personal-safeguar
ds/HP Updates Audio Drivers (twice) to Remove Keylogger https://support.hp.com/us
-en/document/c05519670Chr
ome File Download Behaviour Can Lead to SMB Cre ...
SN 612: Makes You WannaCry
1 month agoThis week Steve and Leo discuss an update on the FCC's Net Neutrality comments, the discovery of an active keystroke logger on dozens of HP computer models, the continuing loss of web browser platform heterogeneity, the OSTIF's just-completed OpenVPN secu ...
Risky Business #455 -- What a mess
1 month agoOn this week’s show, of course, we are taking a deep dive on WannaCry. Most of the coverage of this debacle has actually been pretty bad, and there’s been nothing that I’ve seen that even approaches being comprehensive, so we’re going to try to fi ...
Hack Naked News #124 - The Ransomware Special
1 month agoAmanda Rousseau of Endgame joins us to discuss ransomware and malware protection on this episode of Hack Naked News! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/HNNE
pisode124 Visit http://www.securityweekly
.com for all the latest episo ...
ISC StormCast for Tuesday, May 16th 2017
1 month agoApple Updates Everything https://support.apple.com
/en-us/HT201222OpenVPN Audit Results https://www.privateintern
etaccess.com/blog/2017/05
/openvpn-2-4-evaluation-s
ummary-report/Italian Car Insurance Leaks User Driving Data https://www.andreascarpin
o.it/pos ...
Startup Security Weekly #39 - Listen With Intent
1 month agoBonnie Halper of StartupOneStop joins us. In the news, why companies aren’t startups, how to be insanely well-connected, CyberArk acquires Conjur, and more! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/SSWE
pisode39 Visit http://securit ...
Crypto-Gram 15 May 2017
1 month agoIn this issue: Who is Publishing NSA and CIA Secrets, and Why? The Quick vs. the Strong: Commentary on Cory Doctorow's "Walkaway" Securing Elections Surveillance and our Insecure Infrastructure from the May 15, 2017 Crypto-Gram Newsletter by Bruce Schneie ...
ISC StormCast for Monday, May 15th 2017
1 month agoWannaCry Malware Links Latest updates see https://isc.sans.edu Webcast: https://www.sans.org/webc
asts/special-webcast-wann
acry-ransomeware-threat-1
05160 PowerPoint: https://isc.sans.edu/pres
entations/WannaCry.ppt
Paul’s Security Weekly #513 - Two iPhones & A Pocket Full of Dongles
1 month agoSteve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/Epis
ode513 Visit http://www. ...
Enterprise Security Weekly #44 - What Are We Bethesing Today
1 month agoRyan Hays of TBG Security joins us. In the news, VMware falls out with Tanium, machine learning at Invincea, the war on legacy IT, Cisco Cloudlock releases an apps firewall, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://w ...
Less than 10 Minutes Series - ModSecurity Core Rule Set Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the ModSecurity Core Rule Set Project with project co-lead Christian Folini. The OWASP ModSecurity CRS Project's goal is to provide an e ...
ISC StormCast for Friday, May 12th 2017
1 month agoConexant Audio Drivers Log Keystrokes; https://www.modzero.ch/mo
dlog/archives/2017/05/11/
en_keylogger_in_hewlett-p
ackard_audio_driver/index
.htmlRig Exploit Kit Used to Send Ramnit Trojan https://isc.sans.edu/foru
ms/diary/Seamless+Campaig
n+using+Rig+Exploi ...
Episode 2.7 Tavis breaks the Internet, Executive Orders, Diskless Persistence Methods, and more!
1 month agoDownload Episode 2.7 here. Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Scott White, Geoff Walton, Costa Pe ...
Less than 10 Minutes Series: OWASP Summit 2017
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the OWASP Summit 2017 with conference organizer Sebastien (Seba) Deleersnyder. OWASP Summit 2017 is a 5-day participant driven event, dedi ...
Less than 10 Minutes Series: WebGoat Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the WebGoat Project with project co-leads Jason White and Nanne Baars. WebGoat is a deliberately insecure web application maintained by OW ...
Less than 10 Minutes Series: Vicnum Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Vicnum Project with project lead Nicole Becher. The Vicnum Project is a collection of intentionally vulnerable web applications. Vicnu ...
ISC StormCast for Thursday, May 11th 2017
1 month agoHow to Review OAUTH Application Permissions for Popular Sites https://isc.sans.edu/foru
ms/diary/OAuth+and+Its+Hi
gh+Time+for+Some+Personal
+SecurityScaping+Today/22
400/Apple Working on Firmware Integrity Check http://apple.stackexchang
e.com/questions/282028 ...
Episode 195 - Annual Policy Review - Making it Worthwhile
1 month agoEpisode 195 - Annual Policy Review - Making It Worthwhile Define policy vs. standards vs. procedures What is a Policy? It is a guiding principle to set the direction of an organization. High level, governing, statements. Do not include technical detai ...
Less than 10 Minutes Series: Defect Dojo Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Defect Dojo Project with project lead Greg Anderson. The Defect Dojo is an open source vulnerability management tool that streamlines ...
Less than 10 Minutes Series: Virtual Village Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Virtual Village Project with project lead Evin Hernandez. The Virtual Village provides users with access to numerous operating system' ...
Less than 10 Minutes Series: The Juice Shop Project
1 month agoThis segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Juice Shop Project with project lead Bjoern Kimminich. The Juice Shop is an intentionally insecure webapp for security training, writt ...
SN 611: Go FCC Yourself
1 month agoThis week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft's built-in malware scanning technology, Patch Tuesday, Google's Android patches, SMS 2-factor authentication breached, Googl ...
Risky Business #454 -- Intel AMT latest, TavisO's horror-show Windows bug, Macron leaks and more!
1 month agoWe’ve got a real bread-and-butter show for you this week. Adam is along in this week’s news segment to talk about the latest on the Intel AMT bugs, Tavis Ormandy’s horror-show Windows Defender bug, the Macron email dump and more. In this week’s f ...
ISC StormCast for Wednesday, May 10th 2017
1 month agoMicrosoft Path Tuesday Summary https://isc.sans.edu/foru
ms/diary/Microsoft+Patch+
Tuesday+and+Adobe/22396/S
nake For Mac OS X Included in Handbrake https://blog.fox-it.com/2
017/05/03/snake-coming-so
on-in-mac-os-x-flavour/Ci
sco Patches CMP-Telnet Vulnerabil ...
Hack Naked News #123 - May 9, 2017
1 month agoPhishing in Google’s waters, HandBrake has been compromised, Dell releases patches galore, and more. Jason Wood of Paladin Security delivers expert commentary on how ultrasonic beacons can track your phone on this episode of Hack Naked News! Full Show N ...
ISC StormCast for Tuesday, May 9th 2017
1 month agoExploring a P2P Transient Botnet - From Discovery to Enumeration https://isc.sans.edu/foru
ms/diary/Exploring+a+P2P+
Transient+Botnet+From+Dis
covery+to+Enumeration/223
92/Video Conversion Application Handbrake Compromised https://forum.handbrake.f
r/viewtopic ...
Startup Security Weekly #38 - We Need To Pivot!
1 month agoSteven Grossman of Bay Dynamics joins us. In the news, why your startup doesn’t necessarily need early stage funding, Cisco acquires Viptela, the risks of startup debt, and why do chefs and soldiers make the best product managers? Full Show Notes: http ...
Ep. 093 - How Diet Pepsi Almost Landed Jayson Street In a Lebanese Prison
1 month agoJayson E. Street is an author of “Dissecting the Hack: The F0rb1dd3n Network” from Syngress and creator of dissectingthehack.com. He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Securi ...
Risky Biz Soap Box: A microvirtualisation primer with Bromium co-founder Ian Pratt
1 month agoThis Soap Box edition is all about desktop microvirtualisation! Bromium has been around for about six years now, and they make an endpoint security package that is really, really different to other solutions in the market. The whole thing hinges on what t ...
ISC StormCast for Monday, May 8th 2017
1 month agoTenable Discovers Details Regarding Intel AMT Vulnerability http://www.tenable.com/bl
og/rediscovering-the-inte
l-amt-vulnerabilityAndroi
d Apps Use Ultrasound Beacons To Track Users http://christian.wressneg
ger.info/content/projects
/sidechannels/2017-euros ...
Paul’s Security Weekly #512 - It’s All About Length
1 month agoJavvad Malik of AlienVault joins us, Ferruh Mavituna of Netsparker delivers a demo on second order attacks, and we discuss the security news for the week! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/Epis
ode512Visit http://www.securityw ...
Episode 2.6 – Special Guest Jayson E. Street, Shadow Brokers, Google OAuth, and more!
1 month agoDownload Episode 2.6 here. Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Scott White, Justin Bollinger, Cost ...
Enterprise Security Weekly #43 - There’s Always Time For Lube
1 month agoDon Pezet of ITPro.TV talks about deception technologies and honeypots. In the news, Duo launches its MSP program, Fortscale beefs up its partner programs, integrating threat intelligence into your operations, and more in this episode of Enterprise Securi ...
ISC StormCast for Friday, May 5th 2017
1 month agoGoogle OAUTH Spam Wrapup https://threatpost.com/1-
million-gmail-users-impac
ted-by-google-docs-phishi
ng-attack/125436/Artifici
al Master Fingerprint Set https://wp.nyu.edu/memon/
the-master-print/rpcbind denial of service https://guidovranken.word
press.com/2 ...
Risky Business #453 -- The Intel bugs: How freaked out should you be?
1 month agoOn this week’s show we’re looking at an issue that kicked up last week when creepware scumbags Flexispy announced they were moving their bug bounty program to HackerOne. VICE journalist Josoph Cox asked HackerOne CEO Marten Mickos if he’d be happy t ...
ISC StormCast for Thursday, May 4th 2017
1 month agoGoogle Docs OAUTH Phishing E-Mails https://isc.sans.edu/foru
ms/diary/OAUTH+phishing+a
gainst+Google+Docs+beware
/22372/ Review Google App Permissions https://myaccount.google.
com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks http://www.s ...
Hack Naked News #122 - May 2, 2017
1 month agoMicrosoft VB macro barriers have been penetrated, the website that doesn’t let you change your password, IBM flash drives have malware, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on NATO’s cyberwar games on this epi ...
SN 610: Intel's Mismanagement Engine
1 month agoThis week Steve and Leo discuss the long-expected remote vulnerability in Intel's super-secret motherboard Management Engine technology, exploitable open ports in Android apps, another IoT blows a suspect's timeline, newly discovered problems in the Ghost ...
ISC StormCast for Wednesday, May 3rd 2017
1 month agoScans Sighted for Ports Used by Intel Remote Management Interface https://isc.sans.edu/port
.html?port=16992 https://isc.sans.edu/port
.html?port=16993Outlook Forms Can Run Macros https://sensepost.com/blo
g/2017/outlook-forms-and-
shells/Jenkins Vulnerabilit ...