security.didici.cc

FBI issues VPNFilter malware warning, says “REBOOT NOW” [PODCAST]

11 hours ago

The FBI just issued a VPNFilter malware warning saying, "Reboot your routers now!" But why? And will it help?

Jazz Hands - Paul's Security Weekly #561

14 hours ago

This week, we interview Steven Bellovin, the Professor of Computer Science at Columbia University! For the Technical Segment, we're joined by Sven Morgenroth, Security Researcher at Netsparker! In the news, GDPR's impact on U.S. consumer privacy, DOJ Sink ...

Facebook 2FA no longer needs a phone number: here’s how to set it up

1 day ago

One more excuse for not using 2FA bites the dust.

Facebook’s counterintuitive way to combat nonconsensual porn

1 day ago

"Upload your nudes to stop revenge porn" might sound crazy but it actually makes sense.

Does your BMW need a security patch?

1 day ago

Researchers have found 14 security vulnerabilities affecting BMW i Series, X Series, 3 Series, 5 Series and 7 Series.

Trump’s blocking of Twitter users declared unconstitutional

1 day ago

The president is banned from blocking users and could face legal action if he doesn't lift current blocks.

ISC StormCast for Friday, May 25th 2018

1 day ago

GDPR Going Into Effect May 25th https://en.wikipedia.org/
wiki/General_Data_Protect
ion_RegulationBitcoin Gold Double Spent Attack https://forum.bitcoingold
.org/t/double-spend-attac
k-on-exchanges/1362Amazon Alexa Forwards Random Conversations https://www.ki ...

2 million stolen identities used to make fake net neutrality comments

2 days ago

Most crucially, two of those identities were senators who are now demanding the FCC find out who's behind the bots and the identity theft.

Office 365 will automatically block Flash and Silverlight

2 days ago

If you are one of the small number of Office 365 users who enjoyed embedding Flash, Shockwave or Silverlight content inside files, time is about to run out on your unusual pastime.

FBI admits to inflating number of crime-related devices it can’t crack

2 days ago

Investigators can't get into 7,775 devices? Nah, the FBI admits: it's more like 1,200... or 2000... pending an audit, it's not really sure.

VPNFilter router malware – what to do? [VIDEO]

2 days ago

Learn how to deal with the VPNFilter malware currently plaguing 500,000 home routers worldwide.

I've Taken Over - Enterprise Security Weekly #92

2 days ago

This week, John Strand returns and runs the show solo, presenting his Technical Segment entitled "Build A Purple Team"! In the news, we have updates from Skybox, Wombat Security, McAfee, AlgoSec, and more, on this episode of Enterprise Security Weekly!   ...

ISC StormCast for Thursday, May 24th 2018

2 days ago

VPNFilter Malware Affecting Cisco Routers https://blog.talosintelli
gence.com/2018/05/VPNFilt
er.htmlDLink Vulnerabilities https://securelist.com/ba
ckdoors-in-d-links-backya
rd/85530/Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.
com/ ...

VPNFilter – is a malware timebomb lurking on your router?

3 days ago

A Cisco paper reports on zombie malware that has apparently infected more than half-a-million home routers.

Surprise! Student receives $36,000 Google bug bounty for RCE flaw

3 days ago

What's the only thing better than a bug bounty reward? A bug bounty reward you weren't expecting. Especially one that's worth $36,337.

Google in court over ‘clandestine tracking’ of 4.4m iPhone users

3 days ago

The search giant could be looking at a giant fine of up to $4.3b.

Just Go With It - Application Security Weekly #17

3 days ago

This week, Keith and Paul interview James Wickett, Head of Research at Signal Sciences! In the news, we have updates from Nest, Node.js, Google, F.Secure, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securitywe ...

ISC StormCast for Wednesday, May 23rd 2018

3 days ago

Malicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/foru
ms/diary/Malware+Distribu
ted+via+slk+Files/23687/B
MW Releases Patches for Several Cars https://keenlab.tencent.c
om/en/Experimental_Securi
ty_Assessment_of_BMW_Cars
_by_KeenLab.pdfMa ...

SN 664: SpectreNG Revealed

3 days ago

This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threa ...

Risky Business #500 -- Web asset discovery is getting useful

3 days ago

In this week’s feature interview we’ll be chatting with Shubham Shah and his friend Lord Tuskington about continuous asset discovery’s impact on testing methodologies. Shubs has worked as both a pentester and as a very successful bug bounty hunter. ...

Server? What server? Site forgotten for 12 years attracts hacks, fines

4 days ago

The University of Greenwich might not have noticed the website but hackers did.

TeenSafe phone monitoring app leaks teens’ iCloud logins in plaintext

4 days ago

The "secure" monitoring app is used by over a million parents.

Please vote for Naked Security at the European Blogger Awards 2018!

4 days ago

We've been nominated in 8 categories at the European Blogger Awards 2018... but we need your help to win!

DrayTek router user? Patch now to keep the crooks out…

4 days ago

DrayTek has announced a security hole in its Vigor range of routers.

Mugshots.com’s alleged owners arrested for extortion

4 days ago

Mugshots.com publishes people's mugshots and extorts a removal fee.

Guilty! Anti-anti-virus crook convicted, could spend decades in jail

4 days ago

Scan4you crook is looking at a maximum penalty of 35 years

Rainbows and Skittles - Business Security Weekly #86

4 days ago

This week, Michael and Paul interview Corey Thuen and Kristopher Watts, Founders of Gravwell! In our second feature interview, Michael and Paul talk with Terry Mason on how to build a Third Party Risk Management program from the ground up! In Tracking Sec ...

ISC StormCast for Tuesday, May 22nd 2018

4 days ago

Spectre NG Patches https://portal.msrc.micro
soft.com/en-US/security-g
uidance/advisory/ADV18001
2 https://newsroom.intel.co
m/editorials/addressing-n
ew-research-for-side-chan
nel-analysis/ https://portal.msrc.micro
soft.com/en-US/security-g
uidance/advisory/ADV ...

Facebook conspiracy theories after Android app tries to “get root”

5 days ago

Facebook's Android app suddenly started making a bid for superuser access. Conspiracy theories popped up like fungi. (It's now fixed.)

Real-time cellphone location data leaked for all major US carriers

5 days ago

From the carriers to LocationSmart to 3Cinteractive to Securus: there appears to be a chain pockmarked with lack of authentication and data lost to hackers.

Chrome drops ‘secure’ label for HTTPS websites

5 days ago

When it comes to browser security, how important are the address bar icons and labels that tell users about a site’s security status? For Google at least, they matter a lot.

Monday review – the hot 20 stories of the week

5 days ago

From Nest turning up the heat on password reuse and the Red Hat vulnerability to the Chili's PoS breach, and more!

ISC StormCast for Monday, May 21st 2018

5 days ago

Redis Cryptocoin Mining Worm https://isc.sans.edu/foru
ms/diary/Anatomy+of+a+Red
is+mining+worm/23673/Evol
ving Chrome's Security Indicator https://blog.chromium.org
/2018/05/evolving-chromes
-security-indicators.html
DrayTek CSRF 0-Day Exploited to Change DNS ...

Sandy Lube - Paul's Security Weekly #560

1 week ago

This week, we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club! Paul will deliver the Technical Segment this week entitled "Configuring Your Own Tra ...

PCI v3.2.1 is here!

1 week ago

Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal o ...

Protected: Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian

1 week ago

This content is password protected. To view it please enter your password below: Password: The post Protected: Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian appeared first on TrustedSec.

Protected: Malware Analysis is for the (Cuckoo) Birds

1 week ago

This content is password protected. To view it please enter your password below: Password: The post Protected: Malware Analysis is for the (Cuckoo) Birds appeared first on TrustedSec.

Senate votes to restore net neutrality… but don’t get your hopes up

1 week ago

It's people-pleasing, but it's probably just symbolic.

ZipperDown catches 170,000 iOS apps with their pants down

1 week ago

It's got a name, a logo and some very big numbers, but does it deserve its star billing?

ZipperDown catches 16,000 iOS apps with their pants down

1 week ago

It's got a name, a logo and some very big numbers, but does it deserve its star billing?

Don’t invest! The ICO scam that doesn’t want your money

1 week ago

The HoweyCoins scheme sounds too good to be true... it is, and it knows it!

How to find lost USB drives (even if you don’t want to) [PODCAST]

1 week ago

Here's the latest Naked Security podcast - enjoy!

ISC StormCast for Friday, May 18th 2018

1 week ago

Claymore Miner Attack Insecure Claymore Miner Management API Exploited in the WildPCI DSS Version 3.2.1. Released https://isc.sans.edu/foru
ms/diary/PCI+DSS+version+
321+is+out/23667/Keeper Releases Update https://keepersecurity.co
m/blog/2018/05/15/respons
e ...

Risky Business feature interview: Hacking PUBG

1 week ago

Here it is – this week’s feature interview with Marisa Emerson! Marisa is a security researcher who did a great talk at BSides Canberra in March all about game cheating. She was specifically talking about the cheating techniques PUBG gamers are using ...

Facebook crushes 583 million fake accounts in 3 months

1 week ago

On a daily basis, it disables millions of fake accounts before they ever hatch.

Alexa, Siri and Google can be tricked by commands you can’t hear

1 week ago

Researchers have shown how attackers could trick voice assistants.

CIA’s “Vault 7” mega-leak was an inside job, claims FBI

1 week ago

The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.

How to Leverage Threat and Attack Intelligence in your Risk Assessments

1 week ago

Risk assessments methodologies in general are built before much of the information we have today was available.  Thus, we need to take advantage of the latest advances in threat intelligence and attack intelligence to make security risk assessments more ...

Very Special Friend - Enterprise Security Weekly #91

1 week ago

This week, Paul interviews Ron Gula, Co-Founder of Tenable and Founder of Gula Tech Adventures! In the news, we have updates from ServiceNow, Red Hat, ExtraHop, SailPoint, and more on this episode of Enterprise Security Weekly!   Full Show Notes: https:/ ...

ISC StormCast for Thursday, May 17th 2018

1 week ago

Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com
/security/vulnerabilities
/3442151UPnP Misconfiguration DDoS Attack https://www.theregister.c
o.uk/2018/05/16/upnp_ampl
ifies_ddos_attacks/Ubuntu Snap Store Miner Inc ...

Live at SOURCE Boston - Enterprise Security Weekly #90

1 week ago

Thomas Fischer joins us at Source Boston 2018. Thomas Fischer tells Paul about his talk at Source Boston on "GDPR: Why it Matters Now!". Michael Santarcangelo joins Paul Asadoorian at Source Boston 2018 for an Enterprise Security Weekly interview. Michael ...

RedHat admins, patch now – don’t let your servers get pwned!

1 week ago

A command injection bug in Red Hat's DHCP client could allow an attacker to run any command on your computer. As root.

Chili’s PoS breach: Want some credit card theft with your baby back ribs?

1 week ago

Chili's is advising customers to check their bank records after discovering the point-of-sale breach.

Facebook can’t wiggle out of facial recognition lawsuit, judge says

1 week ago

There are too many factual disagreements for a quick judgment, the judge said, including over what a faceprint actually is.

Serious XSS vulnerability discovered in Signal

1 week ago

Researchers have discovered a serious cross-site scripting (XSS) vulnerability affecting all desktop versions of Edward Snowden’s favourite security application, Signal.

Happy Dances - Application Security Weekly #16

1 week ago

This week, Keith and Paul interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Uber, WhatsApp, Microsoft, and more on this episode of Application Security Weekly!   →Full Show Notes: https://wiki.securityweek
ly.com/ASW_Episod ...

ISC StormCast for Wednesday, May 16th 2018

1 week ago

PDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurit
y.com/2018/05/15/tale-two
-zero-days/Possible Vulnerability in Keeper Password Manager http://seclists.org/fulld
isclosure/2018/May/41MyEt
herWallet Phishing https://isc.sans.edu/foru ...

SN 663: Ultra-Clever Attacks

1 week ago

This week we will examine two incredibly clever, new (and bad) attacks named eFail and Throwhammer. But first we catchup on the rest of the past week's security and privacy news, including the evolution of UPnProxy, a worrisome flaw discovered in a very p ...

Risky Business #499 -- Is PGP actually busted and Signal pwnt? Noooope

1 week ago

In this week’s weekly show we’re just going to drill in to the week’s extra long security news section with Adam Boileau then go straight to the sponsor interview. I’ve got a fantastic feature interview for you this week, but I’m going to publis ...

Tickling My Fancy - Business Security Weekly #85

1 week ago

This week, Michael and Paul interview George Finney, Chief Security Officer at Southern Methodist University! In the Article Discussion, "Why People Really Quit Their Jobs", "Why You Need an Untouchable Day Every Week", and more! In Tracking Security Inno ...

Ensuring Risk Assessments have a (Business) Impact

1 week ago

Risk is a term that gets thrown around quite a bit, and like its distant cousin “pentest”, it has a tendency to be used to describe many very different things. There are many “standard” Risk formulas out in the world today that typically include ...

Facebook app left 3 million users’ data exposed for four years

1 week ago

Highly sensitive user data collected from the app was left on a badly secured website for anybody to get at.

Police dog sniffs out USB drive to snare school hacker

1 week ago

Police traced an "electronic trail" to the suspect's house where the USB drive was hidden.

The next Android version’s killer feature? Security patches

1 week ago

Not before time, Google is addressing the mess it's made of Android updates

The EFAIL vulnerability – why it’s OK to keep on using email

1 week ago

The EFAIL bug shows how to trick some mail clients into turning the email encryption tools S/MIME and OpenPGP against themselves.

Prison phone service can expose the location of anyone with a phone

1 week ago

The system requires that you have legal authority to use it, but doesn't check

ISC StormCast for Tuesday, May 15th 2018

1 week ago

PGP/SMIME efail Vulnerability https://efail.deAdobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/s
ecurity/products/acrobat/
apsb18-09.html

Nest turns up the temperature on password reusers

1 week ago

Nest's advice to its users gets a thumbs-up from the Online Trust Alliance.

Warehouse full of digital copiers yields truckloads of secrets

1 week ago

Copiers' hard drives aren't typically encrypted or wiped. One result: a used copier with 300 people's medical records: just hit "print!"

Is Google’s Duplex AI helpful or plain creepy?

1 week ago

Last week, Google CEO Sundar Pichai used the company’s annual I/O event to demo an experimental new feature of Google Assistant: Duplex.

Remote code execution bug found in GPON routers, but how bad is it really?

1 week ago

An anonymous researcher recently disclosed two vulnerabilities in several older models of Dasan-made GPON routers.

2 million lines of source code left exposed by phone company EE

1 week ago

What should be secret AWS and API keys were (un)secured with the default password credentials: "admin" as the name, "admin" for a password.

Monday review – the hot 18 stories of the week

1 week ago

From the WhatsApp text bomb and iOS 11.4's 7-day USB shutout to the critical bug in 7-zip, and more!

Title: Ep. 105 – Networking is a Bad Word with Jordan Harbinger

1 week ago

Jordan Harbinger, formally from the Art of Charm, now hosts a new show called - The Jordan Harbinger Show. As a long time friend of the SEPodcast we wanted to discuss how Jordan restarted his life after parting ways with AOC. Instead our conversation too ...

ISC StormCast for Monday, May 14th 2018

1 week ago

Odd njRat Like Scans Reversed C2 traffic from ChinaSignal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/orteg
aalfredo/status/995017143
002509313Electron Vulnerability https://www.trustwave.com
/Resources/SpiderL ...

When it comes to patches, how urgent is urgent? [Chet Chat Podcast 268]

1 week ago

Chet Chat podcast: Sophos experts Chester Wisniewski and Greg Iddon discuss the latest cybersecurity issues.

Dropping Knowledge Bombs - Paul's Security Weekly #559

2 weeks ago

This week, we interview Joe Gray from the Advanced Persistent Security Podcast! Paul will deliver the Technical Segment this week entitled “Docker Security Incident: Lessons Learned”! In the news, we have updates from Microsoft, Powerful Botnets, Mira ...

IBM bans USB drives – but will it work?

2 weeks ago

Can you blindly ban all USB drives, or will it lead to "shadow IT" where staff use them anyway? Sophos CISO Ross McKerchar has his say...

Firefox support for WebAuthn shows passwords the door

2 weeks ago

Passwords aren't dead, yet.

Apple boots out apps that abuse location data collection

2 weeks ago

GDPR is coming and Apple's spring cleaning the App Store

iOS 11.4 to come with 7-day USB shutout

2 weeks ago

After 7 days if there's no passcode, then there's no access.

ISC StormCast for Friday, May 11th 2018

2 weeks ago

DNS Exfiltration in Windows https://isc.sans.edu/foru
ms/diary/Exfiltrating+dat
a+from+very+isolated+envi
ronments/23645/Fake Electrun Wallet https://github.com/spesmi
lo/electrum-docs/blob/mas
ter/decompiling_guide.mdT
reasure Hunter PoS Malware Source Code Le ...

The Art of Detecting Kerberoast Attacks

2 weeks ago

As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light ...

The WhatsApp text bomb – no, it won’t destroy your phone!

2 weeks ago

"Text bomb, text bomb, WhatsApp text bomb, you can crash my application when I want to get things done."

Watch out: photo editor apps hiding malware on Google Play

2 weeks ago

Innocent-looking apps with ad clicker malware have bypassed Google's safeguards

Windows-crashing bug not patch-worthy, says Microsoft

2 weeks ago

When is a bug not a bug? That's the question raised by researcher Marius Tivadar's latest Windows-crashing proof of concept.

Grade hacking may cost high school its valedictorian

2 weeks ago

The grade tampering came to light while drawing up a list of top students. Now it's unclear which students legitimately belong on that list.

ISC StormCast for Thursday, May 10th 2018

2 weeks ago

Loyds Bank Phish Leads to Trickbot https://isc.sans.edu/foru
ms/diary/Nice+Phishing+Sa
mple+Delivering+Trickbot/
23641/Firefox Group Policy Engine https://www.bleepingcompu
ter.com/news/software/gro
up-policy-support-coming-
to-firefox-60/OS Vendors Fix Intel D ...

Patch now! Microsoft and Adobe release critical security updates

2 weeks ago

...And the Microsoft vulnerabilities include 0-days. Get the patches now!

Critical bug in 7-Zip – make sure you’re up to date!

2 weeks ago

Uninitialised variables and no Address Space Layout Randomisation led to an exploitable vulnerability...

Uber car software detected woman before fatal crash but failed to stop

2 weeks ago

Uber has reportedly discovered that the fatal crash was likely caused by a software bug in its self-driving car technology.

Google cracks down on election meddling advertisers

2 weeks ago

Google will now require people or groups purchasing federal election ads to show that they're US citizens or lawful residents.

Could this be the end of password re-use?

2 weeks ago

It’s password security’s Achilles heel: too many people make life easy for cybercriminals by re-using the same ones over and over. But what if there were a way for websites to compare notes on whether a password (or similar password) has been set by a ...

Creating An Awesome Dish - Application Security Weekly #15

2 weeks ago

This week, Keith and Paul continue to talk about building your AppSec program! In the Learning and Tools Segment, Keith and Paul discuss Snipe-IT: Open Source Asset Management, Astra: Automated Security Testing for REST API's, GREP: A whiteboard by Julia ...

ISC StormCast for Wednesday, May 9th 2018

2 weeks ago

Microsoft Patch Tuesday https://isc.sans.edu/foru
ms/diary/Microsoft+May+20
18+Patch+Tuesday/23637/Ba
sestriker Vulnerability Hitting Office 365 https://www.avanan.com/re
sources/basestriker-vulne
rability-office-365wget Cookie Injection Vulnerability http://s ...

SN 662: Spectre - NextGen

2 weeks ago

This week we begin by updating the status of several ongoing security stories: Russia vs Telegram, DrupalGeddon2, and the return of RowHammer. We will conclude with MAJOR new bad news related to Spectre. We also have a new cryptomalware, Twitter's in-the- ...

Risky Business #498 -- There sure is a lot of Microsoft Defender out there these days

2 weeks ago

On this week’s show we’re taking a look at some recent data out of Microsoft trumpeting its Defender antivirus install figures on Windows. They’ve got 18% market share on windows 7/9 and 50% on Win10. For the AV and endpoint security industry Micro ...

Episode 205 - LIve from BSides Atlanta!

2 weeks ago

We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event.  It was a great time and we ho ...

Pentagon orders military exchanges to pull Chinese smartphones over security risks

2 weeks ago

Huawei and ZTE are already telephones non gratae, tied too close for comfort to the Chinese Communist Party and People’s Liberation Army back home.

Budget Android manufacturer Blu settles with FTC over privacy fiasco

2 weeks ago

These are the phones that were calling home to Shanghai every 72 hours, with no opt-in or notice, to hand over a whole lot of PII.