The FBI just issued a VPNFilter malware warning saying, "Reboot your routers now!" But why? And will it help?
This week, we interview Steven Bellovin, the Professor of Computer Science at Columbia University! For the Technical Segment, we're joined by Sven Morgenroth, Security Researcher at Netsparker! In the news, GDPR's impact on U.S. consumer privacy, DOJ Sink ...
One more excuse for not using 2FA bites the dust.
"Upload your nudes to stop revenge porn" might sound crazy but it actually makes sense.
Researchers have found 14 security vulnerabilities affecting BMW i Series, X Series, 3 Series, 5 Series and 7 Series.
The president is banned from blocking users and could face legal action if he doesn't lift current blocks.
GDPR Going Into Effect May 25th https://en.wikipedia.org/
ion_RegulationBitcoin Gold Double Spent Attack https://forum.bitcoingold
k-on-exchanges/1362Amazon Alexa Forwards Random Conversations https://www.ki ...
Most crucially, two of those identities were senators who are now demanding the FCC find out who's behind the bots and the identity theft.
If you are one of the small number of Office 365 users who enjoyed embedding Flash, Shockwave or Silverlight content inside files, time is about to run out on your unusual pastime.
Investigators can't get into 7,775 devices? Nah, the FBI admits: it's more like 1,200... or 2000... pending an audit, it's not really sure.
Learn how to deal with the VPNFilter malware currently plaguing 500,000 home routers worldwide.
This week, John Strand returns and runs the show solo, presenting his Technical Segment entitled "Build A Purple Team"! In the news, we have updates from Skybox, Wombat Security, McAfee, AlgoSec, and more, on this episode of Enterprise Security Weekly! ...
VPNFilter Malware Affecting Cisco Routers https://blog.talosintelli
er.htmlDLink Vulnerabilities https://securelist.com/ba
rd/85530/Firefox Disabling "Spy APIs" and enabling 2FA https://www.fxsitecompat.
A Cisco paper reports on zombie malware that has apparently infected more than half-a-million home routers.
What's the only thing better than a bug bounty reward? A bug bounty reward you weren't expecting. Especially one that's worth $36,337.
The search giant could be looking at a giant fine of up to $4.3b.
This week, Keith and Paul interview James Wickett, Head of Research at Signal Sciences! In the news, we have updates from Nest, Node.js, Google, F.Secure, and more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securitywe ...
Malicious SYLK Files Used to Execute Code in Excel https://isc.sans.edu/foru
MW Releases Patches for Several Cars https://keenlab.tencent.c
This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threa ...
In this week’s feature interview we’ll be chatting with Shubham Shah and his friend Lord Tuskington about continuous asset discovery’s impact on testing methodologies. Shubs has worked as both a pentester and as a very successful bug bounty hunter. ...
The University of Greenwich might not have noticed the website but hackers did.
The "secure" monitoring app is used by over a million parents.
We've been nominated in 8 categories at the European Blogger Awards 2018... but we need your help to win!
DrayTek has announced a security hole in its Vigor range of routers.
Mugshots.com publishes people's mugshots and extorts a removal fee.
Scan4you crook is looking at a maximum penalty of 35 years
This week, Michael and Paul interview Corey Thuen and Kristopher Watts, Founders of Gravwell! In our second feature interview, Michael and Paul talk with Terry Mason on how to build a Third Party Risk Management program from the ground up! In Tracking Sec ...
Spectre NG Patches https://portal.msrc.micro
Facebook's Android app suddenly started making a bid for superuser access. Conspiracy theories popped up like fungi. (It's now fixed.)
From the carriers to LocationSmart to 3Cinteractive to Securus: there appears to be a chain pockmarked with lack of authentication and data lost to hackers.
When it comes to browser security, how important are the address bar icons and labels that tell users about a site’s security status? For Google at least, they matter a lot.
From Nest turning up the heat on password reuse and the Red Hat vulnerability to the Chili's PoS breach, and more!
Redis Cryptocoin Mining Worm https://isc.sans.edu/foru
ving Chrome's Security Indicator https://blog.chromium.org
DrayTek CSRF 0-Day Exploited to Change DNS ...
This week, we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club! Paul will deliver the Technical Segment this week entitled "Configuring Your Own Tra ...
Version 3.2.1 of the PCI DSS was just released by the PCI Security Standards Council (PCI-SSC). As a minor version, it primarily included clarification updates and one correction to a requirement reference. Most of the changes center around the removal o ...
This content is password protected. To view it please enter your password below: Password: The post Protected: Malware Analysis is for the (Cuckoo) Birds – Cuckoo Installation Notes for Debian appeared first on TrustedSec.
This content is password protected. To view it please enter your password below: Password: The post Protected: Malware Analysis is for the (Cuckoo) Birds appeared first on TrustedSec.
It's people-pleasing, but it's probably just symbolic.
It's got a name, a logo and some very big numbers, but does it deserve its star billing?
It's got a name, a logo and some very big numbers, but does it deserve its star billing?
The HoweyCoins scheme sounds too good to be true... it is, and it knows it!
Here's the latest Naked Security podcast - enjoy!
Claymore Miner Attack Insecure Claymore Miner Management API Exploited in the WildPCI DSS Version 3.2.1. Released https://isc.sans.edu/foru
321+is+out/23667/Keeper Releases Update https://keepersecurity.co
Here it is – this week’s feature interview with Marisa Emerson! Marisa is a security researcher who did a great talk at BSides Canberra in March all about game cheating. She was specifically talking about the cheating techniques PUBG gamers are using ...
On a daily basis, it disables millions of fake accounts before they ever hatch.
Researchers have shown how attackers could trick voice assistants.
The suspect worked for a CIA group that designed hacking tools at the time the cyber-spying arsenal was given to WikiLeaks.
Risk assessments methodologies in general are built before much of the information we have today was available. Thus, we need to take advantage of the latest advances in threat intelligence and attack intelligence to make security risk assessments more ...
This week, Paul interviews Ron Gula, Co-Founder of Tenable and Founder of Gula Tech Adventures! In the news, we have updates from ServiceNow, Red Hat, ExtraHop, SailPoint, and more on this episode of Enterprise Security Weekly! Full Show Notes: https:/ ...
Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7 https://access.redhat.com
/3442151UPnP Misconfiguration DDoS Attack https://www.theregister.c
ifies_ddos_attacks/Ubuntu Snap Store Miner Inc ...
Thomas Fischer joins us at Source Boston 2018. Thomas Fischer tells Paul about his talk at Source Boston on "GDPR: Why it Matters Now!". Michael Santarcangelo joins Paul Asadoorian at Source Boston 2018 for an Enterprise Security Weekly interview. Michael ...
A command injection bug in Red Hat's DHCP client could allow an attacker to run any command on your computer. As root.
Chili's is advising customers to check their bank records after discovering the point-of-sale breach.
There are too many factual disagreements for a quick judgment, the judge said, including over what a faceprint actually is.
Researchers have discovered a serious cross-site scripting (XSS) vulnerability affecting all desktop versions of Edward Snowden’s favourite security application, Signal.
This week, Keith and Paul interview Adam Gordon, Edutainer at ITPro.TV! In the news, we have updates from Uber, WhatsApp, Microsoft, and more on this episode of Application Security Weekly! →Full Show Notes: https://wiki.securityweek
PDF Exploit (and Windows Priv. Escalation) Leaked https://www.welivesecurit
-zero-days/Possible Vulnerability in Keeper Password Manager http://seclists.org/fulld
herWallet Phishing https://isc.sans.edu/foru ...
This week we will examine two incredibly clever, new (and bad) attacks named eFail and Throwhammer. But first we catchup on the rest of the past week's security and privacy news, including the evolution of UPnProxy, a worrisome flaw discovered in a very p ...
In this week’s weekly show we’re just going to drill in to the week’s extra long security news section with Adam Boileau then go straight to the sponsor interview. I’ve got a fantastic feature interview for you this week, but I’m going to publis ...
This week, Michael and Paul interview George Finney, Chief Security Officer at Southern Methodist University! In the Article Discussion, "Why People Really Quit Their Jobs", "Why You Need an Untouchable Day Every Week", and more! In Tracking Security Inno ...
Risk is a term that gets thrown around quite a bit, and like its distant cousin “pentest”, it has a tendency to be used to describe many very different things. There are many “standard” Risk formulas out in the world today that typically include ...
Highly sensitive user data collected from the app was left on a badly secured website for anybody to get at.
Police traced an "electronic trail" to the suspect's house where the USB drive was hidden.
Not before time, Google is addressing the mess it's made of Android updates
The EFAIL bug shows how to trick some mail clients into turning the email encryption tools S/MIME and OpenPGP against themselves.
The system requires that you have legal authority to use it, but doesn't check
PGP/SMIME efail Vulnerability https://efail.deAdobe PDF Reader / Acrobat Bulletins https://helpx.adobe.com/s
Nest's advice to its users gets a thumbs-up from the Online Trust Alliance.
Copiers' hard drives aren't typically encrypted or wiped. One result: a used copier with 300 people's medical records: just hit "print!"
Last week, Google CEO Sundar Pichai used the company’s annual I/O event to demo an experimental new feature of Google Assistant: Duplex.
An anonymous researcher recently disclosed two vulnerabilities in several older models of Dasan-made GPON routers.
What should be secret AWS and API keys were (un)secured with the default password credentials: "admin" as the name, "admin" for a password.
From the WhatsApp text bomb and iOS 11.4's 7-day USB shutout to the critical bug in 7-zip, and more!
Jordan Harbinger, formally from the Art of Charm, now hosts a new show called - The Jordan Harbinger Show. As a long time friend of the SEPodcast we wanted to discuss how Jordan restarted his life after parting ways with AOC. Instead our conversation too ...
Odd njRat Like Scans Reversed C2 traffic from ChinaSignal Vulnerability (Possibly in Electron, which affects Skype/Slack/others) https://twitter.com/orteg
002509313Electron Vulnerability https://www.trustwave.com
Chet Chat podcast: Sophos experts Chester Wisniewski and Greg Iddon discuss the latest cybersecurity issues.
This week, we interview Joe Gray from the Advanced Persistent Security Podcast! Paul will deliver the Technical Segment this week entitled “Docker Security Incident: Lessons Learned”! In the news, we have updates from Microsoft, Powerful Botnets, Mira ...
Can you blindly ban all USB drives, or will it lead to "shadow IT" where staff use them anyway? Sophos CISO Ross McKerchar has his say...
Passwords aren't dead, yet.
GDPR is coming and Apple's spring cleaning the App Store
After 7 days if there's no passcode, then there's no access.
DNS Exfiltration in Windows https://isc.sans.edu/foru
ronments/23645/Fake Electrun Wallet https://github.com/spesmi
reasure Hunter PoS Malware Source Code Le ...
As a former defender, there is a sense of “happiness” when I can put defenses in place that allow you to detect attacks and potential indicators of compromise (IoC). It’s like those old spy toys you would get as a kid that had the “laser” light ...
"Text bomb, text bomb, WhatsApp text bomb, you can crash my application when I want to get things done."
Innocent-looking apps with ad clicker malware have bypassed Google's safeguards
When is a bug not a bug? That's the question raised by researcher Marius Tivadar's latest Windows-crashing proof of concept.
The grade tampering came to light while drawing up a list of top students. Now it's unclear which students legitimately belong on that list.
Loyds Bank Phish Leads to Trickbot https://isc.sans.edu/foru
23641/Firefox Group Policy Engine https://www.bleepingcompu
to-firefox-60/OS Vendors Fix Intel D ...
...And the Microsoft vulnerabilities include 0-days. Get the patches now!
Uninitialised variables and no Address Space Layout Randomisation led to an exploitable vulnerability...
Uber has reportedly discovered that the fatal crash was likely caused by a software bug in its self-driving car technology.
Google will now require people or groups purchasing federal election ads to show that they're US citizens or lawful residents.
It’s password security’s Achilles heel: too many people make life easy for cybercriminals by re-using the same ones over and over. But what if there were a way for websites to compare notes on whether a password (or similar password) has been set by a ...
This week, Keith and Paul continue to talk about building your AppSec program! In the Learning and Tools Segment, Keith and Paul discuss Snipe-IT: Open Source Asset Management, Astra: Automated Security Testing for REST API's, GREP: A whiteboard by Julia ...
Microsoft Patch Tuesday https://isc.sans.edu/foru
sestriker Vulnerability Hitting Office 365 https://www.avanan.com/re
rability-office-365wget Cookie Injection Vulnerability http://s ...
This week we begin by updating the status of several ongoing security stories: Russia vs Telegram, DrupalGeddon2, and the return of RowHammer. We will conclude with MAJOR new bad news related to Spectre. We also have a new cryptomalware, Twitter's in-the- ...
On this week’s show we’re taking a look at some recent data out of Microsoft trumpeting its Defender antivirus install figures on Windows. They’ve got 18% market share on windows 7/9 and 50% on Win10. For the AV and endpoint security industry Micro ...
We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we ho ...
Huawei and ZTE are already telephones non gratae, tied too close for comfort to the Chinese Communist Party and People’s Liberation Army back home.
These are the phones that were calling home to Shanghai every 72 hours, with no opt-in or notice, to hand over a whole lot of PII.