security.didici.cc
Serious Security: What 2000 years of cryptography can teach us
1 day agoHere's a fascinating history of cryptography that has plenty to teach you - and you don't need a degree in mathematics to follow along!
Hellfire Dong Slinger - Paul's Security Weekly #590
1 day agoThis week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pe ...
Vast data-berg washes up 1.16 billion pwned records
2 days agoHave I Been Pwned? (HIBP) has revealed a huge cache of breached email addresses and passwords, which it has named Collection #1.
Google cracks down on access to your Android phone and SMS data
2 days agoAndroid apps that want access to your call and SMS data now have to pass muster with Google's team of reviewers.
Did you know you can see the ad boxes Facebook sorts us into?
2 days ago...or that they can edit the (often inaccurate) pigeon-holes Facebook likes to put us in, a study found.
Ep. 015 – USB anti-hacking, bypassing 2FA and government insecurity [PODCAST]
2 days agoHere's the latest Naked Security podcast - enjoy!
A Concise Introduction to DevSecOps
2 days agoThe inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". ...
YouTube bans dangerous and harmful pranks and challenges
2 days agoThe platform can't keep us from driving while blindfolded, but at least it can remove videos that glorify our more brainless moments.
ISC StormCast for Friday, January 18th 2019
2 days agoAndroid Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.c
om/trendlabs-security-int
elligence/google-play-app
s-drop-anubis-banking-mal
ware-use-motion-based-eva
sion-tactics/Twitter for Android Bug https://help.twitter.com/
en/protected ...
Too Many Logins - Enterprise Security Weekly #122
3 days agoThis week, Paul is joined by Matt Alderman to discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more! In this second segmen ...
Email crooks swindle woman out of $150K from home sale
3 days agoShe sent her bank account details three times, she said. Unfortunately, they wound up in crooks' hands, and her money wound up in their pockets.
Microsoft font gives away forgery in bankruptcy case
3 days agoIn a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.
Change your password! VoIP provider leaves huge database exposed online
3 days agoA researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.
Two charged with hacking company filings out of SEC’s EDGAR system
3 days agoThey're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.
ISC StormCast for Thursday, January 17th 2019
3 days agoEmotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/foru
ms/diary/Emotet+infection
s+and+followup+malware/24
532/Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.c
om/trendlabs-security-int
elligence/n ...
The Wind Beneath My Wings - Application Security Weekly #46
4 days agoThis week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA ...
Are you sure those WhatsApp messages are meant for you?
4 days agoAbby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone else’s messages waiting for her.
Intel patches another security flaw in SGX technology
4 days agoOf the six advisories Intel released last week, the most interesting is a flaw discovered in the company’s Software Guard Extensions (SGX).
Beware buying Fortnite’s V-Bucks, you could be funding organised crime
4 days agoCredit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.
Police can’t compel biometric phone unlocking, rules judge
4 days agoThe landmark decision asserts the same legal protection for biometrics that we're given for passcodes.
ISC StormCast for Wednesday, January 16th 2019
4 days agoMSFT Skype/Team Foundation Server Patches https://isc.sans.edu/foru
ms/diary/Microsoft+Publis
hes+Patches+for+Skype+for
+Business+and+Team+Founda
tion+Server/24540/SCP Client Vulnerabilities https://sintonen.fi/advis
ories/scp-client-multiple
-vulnerabilities.t ...
SN 697: Zerodium
4 days agoThe implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended consequences, the US Government shutdown has had some, too!A ...
Hack Naked News #203 - January 15, 2019
5 days agoThis week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are ...
What's In Store for the AppSec Cali Conference w/ Richard Greenberg
5 days agoAs if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core org ...
The Big Storm - Business Security Weekly #113
5 days agoThis week, Matt and Paul introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds, and acquisitions from the previous quarter! We've also created our own index to track public security companies c ...
Windows 7 users get fix for latest updating woe
5 days agoMicrosoft has vexed its Windows 7 users with a misbehaving update that caused licensing and networking errors.
Blockchain burglar returns some of $1m crypto-swag
5 days agoIn an interesting move for villainy, a thief who stole over $1 million from the Ethereum Classic blockchain has given some of it back.
Facebook to start fact-checking fake news in the UK
5 days agoFacebook's relying on demotion instead of removal, so users will still be able to share content, even if Full Fact rates it inaccurate.
Is fake-news sharing driven by age, not politics?
5 days agoResearchers say people over 65 are seven times more likely to share fake news than 18 to 29-year-olds.
Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial
6 days agoThis week’s podcast features Patrick and Adam talking about the week’s security news, including: Huawei staffer arrested for spying in Poland Conviction in DPRK SWIFT hack against Bangladesh central bank El Chapo used Flexispy to spy on mistresse ...
ISC StormCast for Tuesday, January 15th 2019
6 days agoMicrosoft LAPS - Blue Team / Red Team https://isc.sans.edu/foru
ms/diary/Microsoft+LAPS+B
lue+Team+Red+Team/24528/I
ntel SGX Platform Update https://www.intel.com/con
tent/www/us/en/security-c
enter/advisory/INTEL-SA-0
0203.htmlGodaddy Injecting JavaScript http ...
New year, new career? How some Sophos experts got into cybersecurity
6 days agoWe asked a number of people working in different roles at Sophos how they made their way into the industry.
Shutdown hits government websites as certificates begin to expire
6 days agoThe US government shutdown is affecting more than just physical sites like national parks and monuments.
10 years for Boston Children’s Hospital DDoSer
6 days agoMartin Gottesfeld said he wishes he “had done more” than knock out BCH’s network for at least two weeks.
USB-C Authentication sounds great, so why are people worried?
6 days agoUSB-C Authentication could banish USB threats forever, but it might also mean you're tied to buying ‘approved’ accessories.
Facebook exec gets SWATted
6 days agoThe imposter claimed to be the Facebook exec and said he'd shot his wife, tied up his kids and planted pipe bombs “all over the place.”
Monday review – the hot 22 stories of the week
6 days agoFrom vulnerable 2FA codes to phishing to critical flaws for Adobe Acrobat and Reader, and everything in between. It's weekly roundup time.
Ep 113 - Nutrition Facts for Online Information with Clint Watts
6 days agoJoin us with our guest Clint Watts as we ask questions about: Misinformation campaigns and their success. How is misinformation used? Why is it so powerful? How can we be safe from falling victim? So much more Clint can be followed on his Twitter Accoun ...
ISC StormCast for Monday, January 14th 2019
6 days agoGovernment Website TLS Certificates Expire due to Partial Shutdownhttps://news.netc
raft.com/archives/2019/01
/10/gov-security-falters-
during-u-s-shutdown.htmlF
irefox EOL Plan for Flashhttps://bugzilla.moz
illa.org/show_bug.cgi?id=
1519434Fake Movie File Malw ...
Pure Speculation - Paul's Security Weekly #589
1 week agoThis week, we welcome Bryson Bort, the Founder and CEO of SCYTHE to talk about Attack Simulation! In the Technical Segment, Kory Findley will be presenting a tool he created entitled “pktrecon”, for internal network segment reconnaissance using broadc ...
Ep. 014 – Rickrolls, Acrobat and zombie hands [PODCAST]
1 week agoHere's the latest Naked Security podcast - enjoy!
Episode 208 - All Good Things...
1 week agoIt's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't go ...
TrustedSec Podcast Episode 3.7 – Intelligence and an End to USB Espionage?
1 week agoWelcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, David Kennedy, and Alex Hamerstone. ...
Old tweets reveal hidden secrets
1 week agoOld Twitter posts could reveal more about you than you think, according to researchers, even if you didn’t explicitly mention it.
2FA codes can be phished by new pentest tool
1 week agoA researcher has published a tool called Modlishka, capable of phishing 2FA codes sent by SMS or authentication apps.
Trading site DX.Exchange spills gobs of user data
1 week agoA trader believes he could easily have obtained admin access to the site and potentially have stolen the funds of its 600,000 users.
El Chapo was brought down by a sysadmin
1 week agoChristian Rodriguez says he set up secure VoIP communications for the cartel: a system whose encryption keys he wound up giving to the FBI.
ISC StormCast for Friday, January 11th 2019
1 week agoOld Tricks still work: I love you Malspam https://isc.sans.edu/foru
ms/diary/Heartbreaking+Em
ails+Love+You+Malspam/245
12/Juniper Updates Released https://kb.juniper.net/In
foCenter/index?page=conte
nt&id=JSA10916&ca
t=SIRT_1&actp=LIST https://kb.juniper.net/I ...
You can’t delete Facebook from some Androids and people aren’t happy
1 week agoThe #DeleteFacebook movement may be growing, but many Samsung users are having a tough time scraping the social network’s preinstalled software from their phones.
Facebook violated tough new cybersecurity law, says Vietnam
1 week agoThe law brought sweeping new powers, allowing authorities to force technology companies to hand over user data and to censor posts.
Few cons to bringing in the pros: Why should you have a third-party risk and security assessment?
1 week agoAt TrustedSec, we get about 400-500 inquiries for security assessments every year. Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment?Why can’t we just do it ourselves?We already know ...
Epic Failures in DevSecOps w/ Aubrey Stearn
1 week agoAubrey Stearn is the Technical Lead for the Enterprise Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and ...
Update now! Microsoft and Adobe’s January 2019 Patch Tuesday is here
1 week agoAfter a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.
Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case
1 week agoThe court's action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.
Absolutely Massive - Enterprise Security Weekly #121
1 week agoThis week, we welcome Tony Cole, Chief Technology Officer at Attivo Networks for an interview! Tony joins us to discuss the cyber deception in the enterprises today, and gives a brief history of deception and its applicability to cybersecurity! In the Ent ...
ISC StormCast for Thursday, January 10th 2019
1 week agoSimple Mechanism for Creating Certificates https://blog.filippo.io/m
kcert-valid-https-certifi
cates-for-localhost/Revie
w of Smartphone Face Recognition https://www.consumentenbo
nd.nl/veilig-internetten/
gezichtsherkenning-te-hac
kenGoogle Public DNS now supp ...
IoT weaknesses leave hot tub owners in deep water
1 week agoIt looks as if at least one hot tub maker has left robust security off the to-do list.
Some Android apps are secretly sharing your data with Facebook
1 week agoApps have been secretly sharing usage data with Facebook, even when users are logged - or don’t have an account at all.
Zerodium’s waving fatter payouts for zero-day bug hunters
1 week agoAny chance we could appeal to your conscience and integrity and put in a call for ethical disclosure?
How to share photos – without using Facebook
1 week agoThere are other options for photo sharing that don't hand over every pixel to the Facebook megamind.
Politicians who block social media users are violating First Amendment
1 week agoThe difference between a personal vs. an official social media account was at the crux of the case decided on Monday.
The Iceberg Problem - Application Security Weekly #45
1 week agoThis week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure wha ...
SN 696: Here Comes 2019!
1 week agoThe NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and Microsoft.PewDiePie hacker strikes again.Prolific 0-day dropp ...
ISC StormCast for Wednesday, January 9th 2019
1 week agoMicrosoft Patch Tuesday https://isc.sans.edu/foru
ms/diary/Microsoft+Januar
y+2019+Patch+Tuesday/2450
4/ https://patchtuesdaydashb
oard.com/Adobe Updates https://helpx.adobe.com/s
ecurity.htmlGoogle Play Store Adware https://blog.trendmicro.c
om/trendlabs-secur ...
Risky Business #525 -- Back on deck for 2019!
1 week agoIn this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including: German politicians pwnt, suspect arrested Possible ransomware attack affects US newspapers Mass 2FA bypasses impacting Gmail users in Midd ...
Hack Naked News #202 - January 8, 2019
1 week agoThis week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to ...
SMS phishing is alive and well… and simply believable
1 week agoSometimes, the limited length of an SMS makes it easier for the crooks to 'get it to look right' and reel you in to a phishing site...
Incident Response Team Adds Senior Consultant Justin Vaicaro
1 week agoFrom TrustedSec Incident Response Team Lead Tyler Hudak: TrustedSec is a multi-disciplined company with many service offerings outside of the world-renowned penetration testing we are known for. Included in those offerings is our Incident Response team ...
How to Reduce PCI Compliance Anxiety
1 week agoWhat type of emotions are created in you when you hear the term ‘PCI?’ Anxiety? Possibly fear? For some, it may be disgust. Most favorably, some may feel a sense confidence or enthusiasm. Ok, I agree that enthusiasm is rarely listed as an emotion ...
Facial recognition on 42 Android phones beaten by photo test
1 week agoHow easy is it to bypass the average smartphone’s facial recognition security? In the case of Android, a lot easier than owners may think.
How to spot a social media hoax
1 week agoStop shaking your head about "WhatsApp Gold" flimflam and start spreading these REAL nuggets of hoax-clobbering advice!
Hacker uses early warning system for fake message campaign
1 week agoAustralians got scary texts, emails and phone calls from a trusted emergency warning service late last week after a hacker broke into its systems and used it to send fake messages.
LA sues The Weather Channel over selling users’ location data
1 week agoThe app is accused of being a “location data company powered by weather” and profiting from users' data without being upfront about it.
Lift It & Shift It - Business Security Weekly #112
1 week agoThis week, Matt and Paul interview Tim Callahan, Global Chief Security Officer of Aflac, to discuss communicating threat intelligence to executives and the board! In the Leadership Articles, Matt and Paul discuss how to moderate a panel discussion, the se ...
ISC StormCast for Tuesday, January 8th 2019
1 week agoMalware of the Day: Encrypted Word Document https://isc.sans.edu/foru
ms/diary/Analyzing+Encryp
ted+Malicious+Office+Docu
ments/24498/Apple iOS Apps Reaching Out to Malware Server https://www.wandera.com/r
isky-apps/NCSC Offers Assistance Against Attacks from ...
No Android passcode? No problem! Skype unlocked it for you
1 week agoMicrosoft closed the hole, which let any unauthenticated phone-grabber answer a Skype call and then roam around on your mobile.
Hacker doxes hundreds of German politicians
1 week agoFor over a month, hackers published data from hundreds of German politicians in a Twitter advent calendar - a massive government assault.
Update now! Adobe Acrobat and Reader have critical flaws
1 week agoAdobe has patched two critical flaws in Acrobat and Reader that warrant urgent attention.
Monday review – the hot stories of the new year
1 week agoFrom same old, same old Facebook hoaxes to PewDiePie's Chromecast-hacking fans, here are the top stories of the new year.
ISC StormCast for Monday, January 7th 2019
1 week agoMalware in TAR Files https://isc.sans.edu/foru
ms/diary/Malicious+tar+At
tachments/24496/ReiKey MacOS Keystoke Logger Detector https://objective-see.com
/products/reikey.htmlPhis
hing Tool Kit uses Simple Substituion Fonts https://www.proofpoint.co
m/us/threat ...
Only the Gin Knows - Paul's Security Weekly #588
2 weeks agoThis week, we welcome back Dameon Welch-Abernathy, or “Phoneboy”, a Cyber Security Evangelist at Check Point Software Technologies for an interview! Dameon joins us to discuss how to help people in the security community, a topic near and dear to our ...
Crypto-Gram 15 December 2018
2 weeks agoIn this issue: Information Attacks against Democracies How Surveillance Inhibits Freedom of Expression Propaganda and the Weakening of Trust in Government from the December 15, 2018 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage
Facebook hoaxes – harmless fun or security risk? [VIDEO]
2 weeks agoHere's what you need to know about Facebook hoaxes, all in plain English.
Nest cam hacks show risk of internet-connected devices
2 weeks ago“They didn’t actually hack Nest. They used somebody’s password from something else that they were able to get into.” – CEO Dave Kennedy CEO Dave Kennedy shares fundamental security advice for household consumer IoT (Internet of Things) devic ...
Don’t fall victim to the Chromecast hackers – here’s what to do
2 weeks agoFirst they came for your printer... and then they came for your Chromecast - learn how to tighten up your router security.
Vein authentication beaten by wax hand and photograph
2 weeks agoA new presentation shows how vein authentication systems can be fooled using a fake wax hand model.
EU to offer nearly $1m in bug bounties for open-source software
2 weeks agoRewards on 15 bug bounty programs start at $28,600 and include open source software such as KeePass, FileZilla, Drupal and VLC media player.
ISC StormCast for Friday, January 4th 2019
2 weeks agoMalware Leaks Victim Data via FTP https://isc.sans.edu/foru
ms/diary/Malicious+Script
+Leaking+Data+via+FTP/244
84/Hijacking Dormant Twitter Accounts https://techcrunch.com/20
19/01/02/hackers-islamic-
state-propaganda-twitter/
Android Authentication Bypass via ...
US newspapers battle ransomware
2 weeks agoOn 29 December one of America's largest publishing groups, Tribune Media, found itself battling a major ransomware attack.
Dark Overlord hackers release alleged 9/11 lawsuit documents
2 weeks agoThe extortionists leaked a “small sample” of what they say are 18k classified legal documents containing 9/11 “truth” stolen from a law firm.
Warn your friends they can’t bypass Facebook with this hoax
2 weeks agoNo, none of us can "bypass" Facebook's newsfeed algorithms by copy-pasting our way past them.
ISC StormCast for Thursday, January 3rd 2019
2 weeks agoGift Card Scams https://isc.sans.edu/foru
ms/diary/Gift+Card+Scams+
on+the+rise/24482/WiFi Chipset Exploit https://2018.zeronights.r
u/wp-content/uploads/mate
rials/19-Researching-Marv
ell-Avastar-Wi-Fi.pdf?fbc
lid=IwAR07FmZGKLKdJAKI4g0
o-Wm-dLGwclV8Hhi-L4_HRlkl ...
Strategic Asymetry - Leveling the Playing Field w/ Chetan Conikee
2 weeks ago"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the entire applicatio ...
ISC StormCast for Wednesday, January 2nd 2019
2 weeks agoBypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35
c3-9545-venenerkennung_ha
ckenHacking Smart Lightbulbs and Firmware Exploits https://media.ccc.de/v/35
c3-9723-smart_home_-_smar
t_hackEuropean Union Offers Bug Bounty for Open Source ...
Major US newspapers hit by Cyberattack
2 weeks agoNewspapers aren’t immune to technology’s risk. CEO Dave Kennedy spoke with FOX Business on the latest hack and motives that affected newspapers across the country. View the full video “Major US newspapers get hit by cyberattack” The post Majo ...
How to secure your Instagram account using 2FA
2 weeks agoIt's a good idea to set up multi-factor authentication (2FA) on all your social accounts, so here we explain how to do that for Instagram.
How to secure your Twitter account
3 weeks agoThere's no need to make it easier for someone who wants to hijack your Twitter account. Here's how to lock it down in just a few minutes.
How to protect your Facebook account: a walkthrough
3 weeks agoWe walk you through the important settings you can change and behaviors you can implement to lock down your privacy on Facebook.
Hacking is getting easier and easier. What you can do to avoid falling victim?
3 weeks ago“Once you got one [device], it’s pretty common you can get all of them.” – Alex Hamerstone Your new electronic gifts from the holidays can make life easier but it can also make your chances of falling victim to hacking easier too. GRC Practice ...
ISC StormCast for Friday, December 28th 2018
3 weeks agoPhishing Attack Uses IP Counter https://isc.sans.edu/foru
ms/diary/Matryoshka+Phish
/24460/JungleSec Ransomware Attacks via IPMI https://www.bleepingcompu
ter.com/news/security/jun
glesec-ransomware-infects
-victims-through-ipmi-rem
ote-consoles/Microsoft Edge ...