Paul’s Security Weekly #526 - Lemonade and Salad Dressing

Bryson Bort of GRIMM joins us, Sven Morgenroth of Netsparker deploys filters for web applications, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode526 Visit https://www.securityweekl
y.com for all the latest ...

Enterprise Security Weekly #57 - They're Talking About Us!

Mike Nichols of Endgame joins us, we explore Paul’s IoC enchanting quadrants, and cover the latest enterprise news on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode57Visit https://www.securityweekl ...

ISC StormCast for Friday, August 18th 2017

Maldoc with auto-updated link https://isc.sans.edu/foru
ms/diary/Maldoc+with+auto
updated+link/22730/Rowham
mer is Back: SSD Memory Affected https://www.usenix.org/sy
stem/files/conference/woo
t17/woot17-paper-kurmus.p
dfNathaniel Quist: Active Defense in a Lab ...

ISC StormCast for Thursday, August 17th 2017

Analysis of a Paypal Phishing Kit https://isc.sans.edu/foru
ms/diary/Analysis+of+a+Pa
ypal+phishing+kit/22726/S
hadowPad Backdoor in NetSarang Equipment https://securelist.com/sh
adowpad-in-corporate-netw
orks/81432/Solving Captcha Audio Challenges http://unca ...

Hack Naked News #136 - August 15, 2017

Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News!Full Show Notes: https://wiki.securitywee ...

SN 624: Twelve and Counting

This week we have a Marcus Hutchins update, the backstory on the NIST's rewrite of their 15-year-old password guidance, can DNA be used to hack a computer? Can stop sign graffiti be used to misdirect autonomous vehicles?, the final nail in the WoSign/Star ...

ISC StormCast for Wednesday, August 16th 2017

Malspam Pushing Trickbot Banking Trojan https://isc.sans.edu/foru
ms/diary/Malspam+pushing+
Trickbot+banking+Trojan/2
2720/Banker Google Chrome Extension Targeting Brazil https://isc.sans.edu/foru
ms/diary/BankerGoogleChro
meExtensiontargetingBrazi
l/22722/DJI ...

Risky Business #465 -- Charlie Miller on owning cars

ISC StormCast for Tuesday, August 15th 2017

When A Malicious Looking E-Mail Turns Out to be "just" spam https://isc.sans.edu/foru
ms/diary/Sometimes+its+ju
st+SPAM/22716/Android iOS Intra-Library Collusion https://arxiv.org/abs/170
8.03520SonicSpy: Android Spyware Apps https://blog.lookout.com/
sonicsp ...

Startup Security Weekly #50 - Bootstrapped

Matt Alderman joins us for a recap of Black Hat and Hacker Summer Camp. In the news, how not to botch your pitch, why VCs love insurance, and updates from OpenText, WatchGuard, and more on this episode of Startup Security Weekly! Full Show Notes: https:// ...

Ep 096 - TKO Your Amygdala with Tim Larkin

Tim Larkin joined us LIVE at DEF CON 25 to be part of the SEPodcast Crew and discuss the importance of situational awareness.  Tim has an extensive background in working with people all over the globe in helping them stay safe. He discusses: How to remai ...

ISC StormCast for Monday, August 14th 2017

Outlook Web Access Based Attacks https://isc.sans.edu/foru
ms/diary/Outlook+Web+Acce
ss+based+attacks/22710/Th
e Good Phishing Email https://isc.sans.edu/foru
ms/diary/The+Good+Phishin
g+Email/22712/Git/CVS/Mer
curial and others: ssh vulnerablity http://blog.re ...

Talking North Korea, Featuring David Kennedy – CNN

  The post Talking North Korea, Featuring David Kennedy – CNN appeared first on TrustedSec.

Paul’s Security Weekly #525 - Baked-In Security

Aram Jivanyan of BeSafe joins us, our tech segment covers Paul’s recent printer hacking adventures, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode525 Visit https://www.securityweekl
y.com for all the lat ...

Attacking Self-Hosted Skype for Business/Microsoft Lync Installations

by @nyxgeek – TrustedSec TL;DR: How to attack self-hosted Skype for Business (Lync) servers. If you’re using O365 wait for the next post. Note: For the sake of brevity throughout this post, Skype for Business and Microsoft Lync will both be referred t ...

ISC StormCast for Friday, August 11th 2017

Maldoc Analysis With ViperMonkey https://isc.sans.edu/foru
ms/diary/Maldoc+Analysis+
with+ViperMonkey/22702/Mi
crosoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List https://blogs.technet.mic
rosoft.com/mmpc/2017/08/0
8/microsoft-to ...

Enterprise Security Weekly #56 - Tunable Discriminator

Paul and John discuss security policies and procedures. In the news, WatchGuard acquires Datablink, Cylance brings enterprise technology to home users, Oracle and SafeLogic join forces for OpenSSL, 12 security startups that raised new funding in 2017, and ...

ISC StormCast for Thursday, August 10th 2017

DirectDefense Accuses Carbon Black of Data Leak https://www.carbonblack.c
om/2017/08/09/directdefen
se-incorrectly-asserts-ar
chitectural-flaw-in-cb-re
sponse/ https://www.directdefense
.com/harvesting-cb-respon
se-data-leaks-fun-profit/
Vulnerabilities in Solar ...

Episode 199 - Building a Security Strategy - Part II

Episode 199 - Building A Security Strategy - Part II Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “H ...

SN 623: Inching Forward

This week we discuss and look into DigiCert's acquisition of Symantec's certificate authority business unit, LogMeIn's LastPass Premium price hike, the troubling case of Marcus Hutchins' post-Defcon arrest, another instance of WannaCry-style SMBv1 propaga ...

ISC StormCast for Wednesday, August 9th 2017

Microsoft Updates https://isc.sans.edu/foru
ms/diary/Microsoft+Patch+
Tuesday+August+2017/22694
/Adobe Updates https://isc.sans.edu/foru
ms/diary/How+are+people+f
ooled+by+this+Email+to+si
gn+a+contract+provides+ma
lware+instead/22696/Andro
id Patches https://sou ...

Risky Business #464 -- Why your game theory theories are wrong

On this week’s show we’ll be chatting with Kelly Shortridge, formerly a detection manager at BAE, all about her Black Hat talk. It’s all about why most of what you hear about applying game theory to detection strategies is total bullshit. This week ...

Hack Naked News #135 - August 8, 2017

Shame on Disney, shooting down customer drones, flaws in solar panels, Chrome extensions spreading adware, and more. Doug White of Roger Williams University joins us to discuss hacking back on this episode of Hack Naked News!Full Show Notes: https://wiki. ...

TrustedSec Expands with Four New Additions

TrustedSec continues to grow based on reputation, brand, and most importantly the services we provide to our customers. We have added four amazing new members for both the Force team (our technical crew) and the Advisory Services (PCI, Office of CISO, and ...

Less than 10 Minutes Series: OWASP DockerHub with Simon Bennetts

Earlier this week, Simon Bennetts from the OWASP ZAP Project announced the official availability of the OWASP DockerHub for housing projects. I caught up with Simon soon after to hear how ZAP was utilizing DockerHub and the benefits of containerization. ...

PCI Inventory List of Assets

The Payment Card Industry Data Security Standard (PCI DSS) requires that an inventory of system components (PCI Req. 2.4: Complete Inventory List) is maintained. This requirement was a requirement as of PCI DSS 3.0. Good governance would suggest that main ...

ISC StormCast for Tuesday, August 8th 2017

PHPMyAdmin Scans https://isc.sans.edu/foru
ms/diary/Increase+of+phpM
yAdmin+scans/22688/Hotspo
t Shield Leakes Private User Data https://cdt.org/files/201
7/08/FTC-CDT-VPN-complain
t-8-7-17.pdfDebian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org ...

Startup Security Weekly #49 - Speak Your Truth

Glenn Chisholm and Ben Johnson of Obsidian Security join us. In the news, how to keep your head without losing your heart, what aspiring founders need to know, supercharging sales, and how NOT to start a startup. Michael and Paul deliver updates from Call ...

Founder of TrustedSec, David Kennedy, discusses how he trained for his unconventional job.

The post Founder of TrustedSec, David Kennedy, discusses how he trained for his unconventional job. appeared first on TrustedSec.

ISC StormCast for Monday, August 7th 2017

Opengraph Used to Obfuscate Facebook Links https://isc.sans.edu/foru
ms/diary/Use+of+the+Open+
Graph+Protocol+to+Disguis
e+Malicious+Facebook+Link
s/22684/Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware http://blog.trendmicro.co
m/trendlabs-sec ...

Paul’s Security Weekly #524 - The Secret Sauce

Danny Miller of Ericom Software joins us, Larry and his intern Galen Alderson exfiltrate data from networks with inexpensive hardware, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode524 Visit https://www.s ...

Enterprise Security Weekly #55 - Wheatland, Wyoming

Ping Look of Optiv joins us, John delivers a tech segment on RITA, and we discuss the latest enterprise security news!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode55Visit https://www.securityweekl
y.com for all the latest episodes!

ISC StormCast for Friday, August 4th 2017

Raspberry Pi Honeypot https://github.com/DShiel
d-ISC/dshieldTroy Hunt Releases Password List https://haveibeenpwned.co
m/PasswordsTyposquatting npm Packages http://blog.npmjs.org/pos
t/163723642530/crossenv-m
alware-on-the-npm-registr
ySEC503: Intrusion Detec ...

Risky Business #463 -- Black Hat's 2017 keynote speaker Alex Stamos joins the show

This week’s feature interview is with Facebook CSO and Black Hat 2017 keynote speaker Alex Stamos. We’ll be digging a little deeper on some of the points he hit on in his talk in Las Vegas this year. I’ve linked through to a video of his keynote in ...

ISC StormCast for Thursday, August 3rd 2017

Attacking NoSQL Applications https://isc.sans.edu/foru
ms/diary/Attacking+NoSQL+
applications+part+2/22676
/Web Developer Chrome Toolbar Replaced with AdWare https://twitter.com/chris
pederickAndroid Banking Trojans https://securelist.com/a-
new-era-in-mobile- ...

Hack Naked News #134 - August 2, 2017

No more VPNs in Russia, hacking luxury cars, stolen Game of Thrones scripts, your Echo is spying on you, and more. Jason Wood of Paladin Security joins us to discuss Chrome plugin phishing attacks on this episode of Hack Naked News!Full Show Notes: https: ...

SN 622: Hack the Vote

This week we look at the expected DEF CON fallout including the hacking of US election voting machines, Microsoft's enhanced bug bounty program, the wormification of the Broadcom WiFi firmware flaw, the worries when autonomous AI agents begin speaking in ...

ISC StormCast for Wednesday, August 2nd 2017

Detect SMB Versions with nmap https://isc.sans.edu/foru
ms/diary/Rooting+Out+Host
s+that+Support+Older+Samb
a+Versions/22672/CopyFish Google Chrome Extension Replaced by Adware https://a9t9.com/blog/chr
ome-extension-adware/Star
tCom Applying to be Included in ...

ISC StormCast for Tuesday, August 1st 2017

MSFT Re-Releases June Outlook Update https://support.office.co
m/en-us/article/Outlook-k
nown-issues-in-the-June-2
017-security-updates-3f6d
bffd-8505-492d-b19f-b3b89
369ed9b?ui=en-US&rs=e
n-US&ad=US&fromAR
=1Iranian Hackers Use Social Media To Collect Data http ...

ISC StormCast for Monday, July 31st 2017

SMBloris DoS Attack Locks Up Windows https://twitter.com/jenna
magius/status/89143428621
2984832 https://isc.sans.edu/foru
ms/diary/SMBLoris+the+new
+SMB+flaw/22662/Text Banking Attacks https://isc.sans.edu/foru
ms/diary/Text+Banking+Sca
ms/22666/Nissan Leaf Wi ...

ISC StormCast for Friday, July 28th 2017

Targeting HTTP's Hidden Attack-Surface http://blog.portswigger.n
et/2017/07/cracking-lens-
targeting-https-hidden.ht
mlPetya/Goldeneye Decrypter https://blog.malwarebytes
.com/malwarebytes-news/20
17/07/bye-bye-petya-decry
ptor-old-versions-release
d/TinyPot, My ...

Happening Now-Fox News Channel

Happening Now-Fox News Channel Talking about hacking into government sites on Happening Now on Fox News. The post Happening Now-Fox News Channel appeared first on TrustedSec.

ISC StormCast for Thursday, July 27th 2017

Malspam Pushing Emotet Malware https://isc.sans.edu/foru
ms/diary/Malspam+pushing+
Emotet+malware/22650/Broa
dpwn Released http://blog.exodusintel.c
om/2017/07/26/broadpwn/Mi
crosoft Announces Windows 10 Bug Bounty https://blogs.technet.mic
rosoft.com/msrc/2017 ...

Computer hackers increasingly eyeing ‘smart appliances’ in homes

  Computer hackers increasingly eyeing ‘smart appliances’ in homes CLEVELAND, OH (WOIO) – The Black Hat and Defcon cyber security conventions get underway this week in Las Vegas. Tens of thousands of computer experts will be gathering to discuss th ...

Faux Ransomware Does Damage — WSJ

Cyberattack wasn’t intended to extort money, rather aimed to cripple businesses… Read This Article: Faux Ransomware Does Damage — WSJ The post Faux Ransomware Does Damage — WSJ appeared first on TrustedSec.

SN 621: Crypto Tension

We start off this week with a fabulous picture of the week and for the first time in this podcast's 12-year history, our first quote of the week. Then we'll be discussing the chilling effects of arresting ethical hackers, the upcoming neutrality debate co ...

ISC StormCast for Wednesday, July 26th 2017

Adobe Announces End of Flash for 2020 https://blogs.adobe.com/c
onversations/2017/07/adob
e-flash-update.htmlJA3 Hash To Fingerprint SSL/TLS Connections https://github.com/salesf
orce/ja3 https://engineering.sales
force.com/open-sourcing-j
a3-92c9e53c3c41New W ...

ISC StormCast for Tuesday, July 25th 2017

Uber Drivers Targeted in Social Engineering Scam https://isc.sans.edu/foru
ms/diary/Uber+drivers+new
+threat+the+passenger/226
26/Mac Malware FruitFly2 https://motherboard.vice.
com/en_us/article/zmv79w/
mysterious-mac-malware-ha
s-infected-hundreds-of-vi
ctims- ...

Startup Security Weekly #48 - Exiting Stealth

Ali Golshan of StackRox and special guest host Doug White join us on this containerized episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweek
ly.com/SSWEpisode48Visit https://www.securityweekl
y.com for all the latest episodes!

Startup Security Weekly #47 - Cupcakes For Breakfast

Ronnie Feldman of Learnings & Entertainments joins us. In the news, how to be “customer first”, four components of a successful sales strategy, and updates from Symantec, Nok Nok Labs, Flashpoint, HyTrust, and more! Full Show Notes: https://wiki.secur ...

ISC StormCast for Monday, July 24th 2017

Malicious .iso Attachments https://isc.sans.edu/foru
ms/diary/Malicious+iso+At
tachments/22636/Maldoc with .lnk File https://isc.sans.edu/foru
ms/diary/Another+lnk+File
/22640/Large Ethereum Hack http://hackingdistributed
.com/2017/07/22/deep-dive
-parity-bug/

New Tool Release: NPS_Payload

Over the past year, we have seen a lot of research come out which highlights several of Microsoft’s native binaries which can be leveraged by an attacker to compromise or gain access to a system. One of these binaries, msbuild.exe, has proven very relia ...

Pauls Security Weekly 523 - Hack My NAS

Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA, Sven Morgenroth of Netsparker bypasses corporate firewalls, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode523 Visit https://w ...

Enterprise Security Weekly #54 - Complete Gibberish

Thomas Fischer of Digital Guardian joins us to discuss GDPR, Paul talks about monitoring infrastructure with Nagios, and we discuss the latest enterprise security news!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode54Visit https://www.security ...

ISC StormCast for Friday, July 21st 2017

Symantec Sloppy Key Verification Leads To Revocation of Certificates https://blog.hboeck.de/ar
chives/888-How-I-tricked-
Symantec-with-a-Fake-Priv
ate-Key.htmlGnome Thumbnailer Executes Code http://news.dieweltistgar
nichtso.net/posts/gnome-t
humbnailer-msi-fa ...

ISC StormCast for Thursday, July 20th 2017

Bots Searching for Keys and Config Files https://isc.sans.edu/foru
ms/diary/Bots+Searching+f
or+Keys+Config+Files/2263
0/Apple Updates Everything https://support.apple.com
/en-us/HT201222Trend Micro Sees SambaCry Exploits http://blog.trendmicro.co
m/trendlabs- ...

Faux Ransomware Does Damage-WSJ

http://www.foxbusiness.co
m/features/2017/06/30/fau
x-ransomware-does-damage-
wsj.html     The post Faux Ransomware Does Damage-WSJ appeared first on TrustedSec.

SN 620: Calm Before the Storm

This week, while waiting for news from the upcoming BlackHat & DefCon conventions, we discuss another terrific security eBook bundle offer, a Net Neutrality follow-up, a MySpace account recovery surprise, another new feature coming to Win10, the wronghead ...

ISC StormCast for Wednesday, July 19th 2017

Oracle Quarterly Critical Patch Update http://www.oracle.com/tec
hnetwork/security-advisor
y/cpujul2017verbose-32366
25.htmlCisco WebEx Plugin Update https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20170717-webex https://bugs.c ...

Risky Business #462 -- Does the Australian government want to break encryption?

In this week’s feature interview I speak with the Australian Prime Minister’s cyber security advisor Alastair MacGibbon about what it is that the Australian government is pushing for in terms of industry cooperation around surveillance. There’s bee ...

Hack Naked News #133 - July 18, 2017

Forgetting your Windows password, bidding farewell to SMS authentication, reviewing Black Hat USA 2017, Ubuntu Linux for Windows 10, and more. Jason Wood of Paladin Security joins us to discuss companies being breached due to misconfiguration on this epis ...

ISC StormCast for Tuesday, July 18th 2017

SMS Phishing Asks Victims to Upload Picture of Token Card https://isc.sans.edu/foru
ms/diary/SMS+Phishing+ind
uces+victims+to+photograp
h+its+own+token+card/2261
6/Critical FreeRADIUS Update https://guidovranken.word
press.com/2017/07/17/11-r
emote-vulnerabilit ...

Risky Biz Soap Box: Keep your vendors honest with attack simulation

This month’s Soap Box podcast is brought to you by AttackIQ, a company that makes attack simulation software. This is a wholly sponsored podcast that won’t bore you to tears. There are countless CISOs who listen to this podcast who’ve shovelled an ...

ISC StormCast for Monday, July 17th 2017

NemucodAES UPS Malspam https://isc.sans.edu/foru
ms/diary/NemucodAES+and+t
he+malspam+that+distribut
es+it/22614/Analyzing Malicious Office Document With LNK https://isc.sans.edu/foru
ms/diary/Office+maldoc+ln
k/22618/Gandi Breach Leads to Domain Compromise ht ...

Crypto-Gram 15 July 2017

In this issue: Book Review: "Twitter and Tear Gas," by Zeynep Tufekci Amazon Patents Measures to Prevent In-Store Comparison Shopping Separating the Paranoid from the Hacked from the July 15, 2017 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henag ...

Paul's Security Weekly #522 - It's a Nerdgasm!

Joe Desimone of Endgame joins us to discuss fileless attacks, Don Pezet of ITProTV delivers a technical segment on hardening weak software RNGs and hardware entropy sources, and we discuss the latest security news! Full Show Notes: https://wiki.securitywe ...

ISC StormCast for Friday, July 14th 2017

Malware Loads ffmpeg For Video Recording Features https://blog.malwarebytes
.com/threat-analysis/2017
/07/malware-abusing-ffmpe
g/Password Managers and Cloud Storage https://discussions.agile
bits.com/discussion/76956
/can-i-still-buy-standalo
ne-license-for-th ...

Enterprise Security Weekly #53 - Look At the Beards

Ferruh Mavituna of Netsparker joins us to discuss CI level automated web security, Paul talks about hardening Docker containers, and the latest enterprise security news!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode53Visit https://www.securit ...

ISC StormCast for Thursday, July 13th 2017

Simple File Integrity Monitoring With Backup Scripts https://isc.sans.edu/foru
ms/diary/Backup+Scripts+t
he+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers http://www.ibtimes.co.uk/
ethereum-under-siege-scam
mers-make-700000-6-days-s
lack-r ...

SN 619: All the Usual Suspects

This week we have all the usual suspects: Governments regulating their citizenry, evolving Internet standards, some brilliant new attack mitigations and some new side-channel attacks, browsers responding to negligent certificate authorities, specious trac ...

Risky Business #461 -- AWS security with Atlassian's Daniel Grzelak

On this week’s show we chat with Atlassian’s head of security, Daniel Grzelak, all about some AWS security tools he’s come up with. He also previews a new tool for generating AWS access key honeytokens at scale, which is really neat. This week’s ...

ISC StormCast for Wednesday, July 12th 2017

Microsoft Patch Tuesday https://isc.sans.edu/diar
y//22602AT&T Cell Phone Takeover https://carpeaqua.com/201
7/07/07/hack-the-planet/S
ystemd Invalid Username Bug To Be Fixed https://github.com/system
d/systemd/pull/6300

Hack Naked News #132 - July 11, 2017

Solving artificial stupidity, Petya’s decryption key is released, sleeping with the enemy, burned laptops for DEF CON, and more. Jason Wood of Paladin Security joins us to discuss the FTC shutting down a loan application firm on this episode of Hack Nak ...

Social-Engineer Toolkit (SET) v7.7 “Blackout” Released

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and ...

Social-Engineer Toolkit (SET) v7.7 “Blackout” Released

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and ...

ISC StormCast for Tuesday, July 11th 2017

Takeover of .io TLD https://thehackerblog.com
/the-io-error-taking-cont
rol-of-all-io-domains-wit
h-a-targeted-registration
/Malwarebytes Quarterly Malware Report https://www.malwarebytes.
com/pdf/white-papers/Cybe
rcrimeTacticsAndTechnique
s-Q2-2017.pdfOpenBSD ...

Startup Security Weekly #46 - All Black Everything

James Jardine of Jardine Software joins us. In the news, the hells of being a founder, killing projects before they kill you, intellectual property 101, and updates from Auth0, Upstream, Palo Alto Networks, Symantec, and more! Full Show Notes: https://wik ...

Ep 094 - Spies Like Us: From Standup to the CIA

The SEPodcast Panel

ISC StormCast for Monday, July 10th 2017

More DDoS Ransom Demands https://isc.sans.edu/foru
ms/diary/Adversary+huntin
g+with+SOFELK/22592/Adver
sary Hunting With SOF-ELK https://isc.sans.edu/foru
ms/diary/Adversary+huntin
g+with+SOFELK/22592/Petya Master Key Published https://twitter.com/Janus
Secreta ...

Paul's Security Weekly #521 - Bad Guy Walmart

Tim Helming of DomainTools joins us, Paul Ewing of Endgame demystifies the art of hunting, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode521 Visit https://www.securityweekl
y.com for all the latest episode ...

Enterprise Security Weekly #52 - Sweaty Lawyers

Doug White joins us to discuss network hardening using egress filtering, and we discuss the latest enterprise news!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode52Visit https://www.securityweekl
y.com for all the latest episodes!

ISC StormCast for Friday, July 7th 2017

Finding Odd Domain Names https://isc.sans.edu/foru
ms/diary/Selecting+domain
s+with+random+names/22580
/BitTorrent Sync 2.0 Log Files https://isc.sans.edu/foru
ms/diary/Investigation+of
+BitTorrent+Sync+v20+as+a
+P2P+Cloud+Service+Part+2
+Log+Files+artefacts/225 ...

ISC StormCast for Thursday, July 6th 2017

AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows https://www.av-test.org/f
ileadmin/pdf/security_rep
ort/AV-TEST_Security_Repo
rt_2016-2017.pdfMicrosoft Will Promp Users to Update Windows 10 https://support.microsoft
.com/en-us/h ...

CNBC’s iCONIC Conference on Information Security

David Kennedy speaking at CNBC’s iCONIC Conference on Information Security and the threats towards businesses. Watch this video on Vimeo The post CNBC’s iCONIC Conference on Information Security appeared first on TrustedSec.

Risky Business #460 -- Haroon Meer talks Kaspersky's drama, NotPetya, the cryptowars and more

Adam Boileau has some out of town business to handle this week so he can’t join us in the news segment. But that’s ok, because industry legend Haroon Meer has very kindly agreed to fill in for him! We chat to Haroon shortly about all the latest NotPet ...

ISC StormCast for Wednesday, July 5th 2017

Microsoft Patches Skype Vulnerablity https://www.vulnerability
-lab.com/get_content.php?
id=2071SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug) https://github.com/system
d/systemd/issues/6237Cisc
o Fixes SNMP Vulnerability in IOS and IOS ...

Episode 2.8 (July 3rd, 2017) – NSA and Exploit Tools, Petya, Russia, and Ransomware, systemd, Deathstar, and Office persistence methods

Episode 2.8 (July 3rd, 2017) – NSA and Exploit Tools, Petya, Russia, and Ransomware, systemd, Deathstar, and Office persistence methods Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security a ...

Episode 2.8 – NSA and Exploit Tools, Petya, Russia, and Ransomware, systemd, Deathstar, and Office persistence methods

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Ben Tenjamin, Geoff Walton, Chris Prewitt, Justin Bollinger Sh ...

Risky Biz Soap Box: Bugcrowd founder and CEO Casey Ellis on the future of crowdsourced security

In this edition of the Risky Business Soap Box podcast we chat with the founder and CEO of Bugcrowd, Casey Ellis, about the establishment of the bug bounty market and how things have shaped up. We also look at where it’s going. The days of bounty progr ...

Paul's Security Weekly #520 - Pickle Your Python

Moses Hernandez of Cisco Systems joins us, our friends at Javelin Networks discuss admin hunting and methods of credential theft for high privileged accounts, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episod ...

Enterprise Security Weekly #51 - Idempotency

Apollo Clark joins us to discuss managing AWS cloud resources, docker security in the enterprise is our topic for the week, and we discuss the latest enterprise news!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode51Visit https://www.securitywe ...

ISC StormCast for Friday, June 30th 2017

Catching up With Blank Slate https://isc.sans.edu/foru
ms/diary/Catching+up+with
+Blank+Slate+a+malspam+ca
mpaign+still+going+strong
/22570/Azure AD Connect Vulnerability https://technet.microsoft
.com/library/security/403
3453.aspx#ID0ENExploit Available For S ...

ISC StormCast for Thursday, June 29th 2017

Petya Ransomware Updatehttps://isc.sans.ed
u/forums/diary/Petya+I+ha
rdly+know+ya+an+ISC+updat
e+on+the+20170627+ransomw
are+outbreak/22566/Ubuntu systemd Vulnerabilityhttps://www.
ubuntu.com/usn/usn-3341-1
/Microsoft Will Include EMET in Windows 10https://blog ...

Hack Naked News #131 - June 28, 2017

DoD networks have been compromised, the Shadow Brokers continue their exploits, a Pennsylvania healthcare system gets hit with Petya, and more. Jason Wood of Paladin Security joins us to discuss nations' offensive technical strengths and defensive weaknes ...

SN 618: Research: Useful and Otherwise

This week we discuss another terrific NIST initiative, RSA crypto in a quantum computing world, Cisco's specious malware detection claims, the meaning of post-audit OpenVPN bug findings, worrisome bugs revealed in Intel's recent Skylake and KabyLake proce ...

ISC StormCast for Wednesday, June 28th 2017

Petya/Goldeneye Variant Makes the Rounds https://isc.sans.edu/foru
ms/diary/Checking+out+the
+new+Petya+variant/22562/

Risky Business #459 -- Actually yes, "cyber war" is real for Ukraine

This week we’ll be chatting with Andy Greenberg from Wired about his cover story for that magazine. He travelled to Ukraine back in March to research his story on Russian attacks against the Ukrainian power network. He joins us this week to share the in ...

ISC StormCast for Tuesday, June 27th 2017

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1) https://isc.sans.edu/foru
ms/diary/Investigation+of
+BitTorrent+Sync+v20+as+a
+P2P+Cloud+Part+1/22554/R
ansomware Payment Spurres More DDoS Ransomware Attacks https://www.bleepingcompu
ter.com/ne ...

Startup Security Weekly #45 - Walking In Pajamas

Fred Kneip of CyberGRX joins us. In the news, why most startups fail, conference season tips, the question you need to ask before solving any problem, and updates from GreatHorn, Cybereason, Amazon, and more!Full Show Notes: https://wiki.securityweek
ly.co ...

ISC StormCast for Monday, June 26th 2017

Fake DDoS Extortions Continuehttps://isc.sans.
edu/forums/diary/Fake+DDo
S+Extortions+Continue+Ple
ase+Forward+Us+Any+Threat
s+You+Have+Received/22550
/Traveling with a Laptophttps://isc.sans.ed
u/forums/diary/Traveling+
with+a+Laptop+Surviving+a
+Laptop+Ban+How+ ...