Here's a fascinating history of cryptography that has plenty to teach you - and you don't need a degree in mathematics to follow along!
This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pe ...
Have I Been Pwned? (HIBP) has revealed a huge cache of breached email addresses and passwords, which it has named Collection #1.
Android apps that want access to your call and SMS data now have to pass muster with Google's team of reviewers.
...or that they can edit the (often inaccurate) pigeon-holes Facebook likes to put us in, a study found.
Here's the latest Naked Security podcast - enjoy!
The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". ...
The platform can't keep us from driving while blindfolded, but at least it can remove videos that glorify our more brainless moments.
Android Malware Uses Motion Detection to Evade Analysis https://blog.trendmicro.c
sion-tactics/Twitter for Android Bug https://help.twitter.com/
This week, Paul is joined by Matt Alderman to discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more! In this second segmen ...
She sent her bank account details three times, she said. Unfortunately, they wound up in crooks' hands, and her money wound up in their pockets.
In a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.
A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.
They're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.
Emotet and Other Malspam Campaigns Resume After Holiday Break https://isc.sans.edu/foru
532/Magecart Delivered Via Compromised Advertising Sites https://blog.trendmicro.c
This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA ...
Abby Fuller got a shock when she logged into WhatsApp using a new telephone number. She found someone else’s messages waiting for her.
Of the six advisories Intel released last week, the most interesting is a flaw discovered in the company’s Software Guard Extensions (SGX).
Credit card thieves are laundering money by purchasing the in-game currency V-Bucks, then selling it back at a discount to players.
The landmark decision asserts the same legal protection for biometrics that we're given for passcodes.
MSFT Skype/Team Foundation Server Patches https://isc.sans.edu/foru
tion+Server/24540/SCP Client Vulnerabilities https://sintonen.fi/advis
The implications of the recent increase in bounty for the purchase of 0-day vulnerabilities. The intended and unintended consequences of last week's Windows Patch Tuesday.Speaking of unintended consequences, the US Government shutdown has had some, too!A ...
This week, US Government shutdown leaves dozens of .gov sites vulnerable, Firefox 69 to disable Adobe Flash, an unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are ...
As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core org ...
This week, Matt and Paul introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds, and acquisitions from the previous quarter! We've also created our own index to track public security companies c ...
Microsoft has vexed its Windows 7 users with a misbehaving update that caused licensing and networking errors.
In an interesting move for villainy, a thief who stole over $1 million from the Ethereum Classic blockchain has given some of it back.
Facebook's relying on demotion instead of removal, so users will still be able to share content, even if Full Fact rates it inaccurate.
Researchers say people over 65 are seven times more likely to share fake news than 18 to 29-year-olds.
This week’s podcast features Patrick and Adam talking about the week’s security news, including: Huawei staffer arrested for spying in Poland Conviction in DPRK SWIFT hack against Bangladesh central bank El Chapo used Flexispy to spy on mistresse ...
Microsoft LAPS - Blue Team / Red Team https://isc.sans.edu/foru
ntel SGX Platform Update https://www.intel.com/con
We asked a number of people working in different roles at Sophos how they made their way into the industry.
The US government shutdown is affecting more than just physical sites like national parks and monuments.
Martin Gottesfeld said he wishes he “had done more” than knock out BCH’s network for at least two weeks.
USB-C Authentication could banish USB threats forever, but it might also mean you're tied to buying ‘approved’ accessories.
The imposter claimed to be the Facebook exec and said he'd shot his wife, tied up his kids and planted pipe bombs “all over the place.”
From vulnerable 2FA codes to phishing to critical flaws for Adobe Acrobat and Reader, and everything in between. It's weekly roundup time.
Join us with our guest Clint Watts as we ask questions about: Misinformation campaigns and their success. How is misinformation used? Why is it so powerful? How can we be safe from falling victim? So much more Clint can be followed on his Twitter Accoun ...
Government Website TLS Certificates Expire due to Partial Shutdownhttps://news.netc
irefox EOL Plan for Flashhttps://bugzilla.moz
1519434Fake Movie File Malw ...
This week, we welcome Bryson Bort, the Founder and CEO of SCYTHE to talk about Attack Simulation! In the Technical Segment, Kory Findley will be presenting a tool he created entitled “pktrecon”, for internal network segment reconnaissance using broadc ...
Here's the latest Naked Security podcast - enjoy!
It's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't go ...
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, David Kennedy, and Alex Hamerstone. ...
Old Twitter posts could reveal more about you than you think, according to researchers, even if you didn’t explicitly mention it.
A researcher has published a tool called Modlishka, capable of phishing 2FA codes sent by SMS or authentication apps.
A trader believes he could easily have obtained admin access to the site and potentially have stolen the funds of its 600,000 users.
Christian Rodriguez says he set up secure VoIP communications for the cartel: a system whose encryption keys he wound up giving to the FBI.
Old Tricks still work: I love you Malspam https://isc.sans.edu/foru
12/Juniper Updates Released https://kb.juniper.net/In
t=SIRT_1&actp=LIST https://kb.juniper.net/I ...
The #DeleteFacebook movement may be growing, but many Samsung users are having a tough time scraping the social network’s preinstalled software from their phones.
The law brought sweeping new powers, allowing authorities to force technology companies to hand over user data and to censor posts.
At TrustedSec, we get about 400-500 inquiries for security assessments every year. Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment?Why can’t we just do it ourselves?We already know ...
Aubrey Stearn is the Technical Lead for the Enterprise Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and ...
After a busy sequence of updates in October, November, and December, the new year’s first Patch Tuesday promises a lighter workload.
The court's action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.
This week, we welcome Tony Cole, Chief Technology Officer at Attivo Networks for an interview! Tony joins us to discuss the cyber deception in the enterprises today, and gives a brief history of deception and its applicability to cybersecurity! In the Ent ...
Simple Mechanism for Creating Certificates https://blog.filippo.io/m
w of Smartphone Face Recognition https://www.consumentenbo
kenGoogle Public DNS now supp ...
It looks as if at least one hot tub maker has left robust security off the to-do list.
Apps have been secretly sharing usage data with Facebook, even when users are logged - or don’t have an account at all.
Any chance we could appeal to your conscience and integrity and put in a call for ethical disclosure?
There are other options for photo sharing that don't hand over every pixel to the Facebook megamind.
The difference between a personal vs. an official social media account was at the crux of the case decided on Monday.
This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure wha ...
The NSA announces the forthcoming release of an internal powerful reverse-engineering tool for examining and understanding other people's code.Emergency out-of-cycle patches from both Adobe and Microsoft.PewDiePie hacker strikes again.Prolific 0-day dropp ...
Microsoft Patch Tuesday https://isc.sans.edu/foru
oard.com/Adobe Updates https://helpx.adobe.com/s
ecurity.htmlGoogle Play Store Adware https://blog.trendmicro.c
In this week’s show Adam Boileau and Patrick Gray discuss the security news of the last few weeks, including: German politicians pwnt, suspect arrested Possible ransomware attack affects US newspapers Mass 2FA bypasses impacting Gmail users in Midd ...
This week, Ethereum hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype glitch allowed Android Authentication Bypass, Zerodium offers $2 Million for remote iOS jailbreaks, and tens of thousands of hot tubs are exposed to ...
Sometimes, the limited length of an SMS makes it easier for the crooks to 'get it to look right' and reel you in to a phishing site...
From TrustedSec Incident Response Team Lead Tyler Hudak: TrustedSec is a multi-disciplined company with many service offerings outside of the world-renowned penetration testing we are known for. Included in those offerings is our Incident Response team ...
What type of emotions are created in you when you hear the term ‘PCI?’ Anxiety? Possibly fear? For some, it may be disgust. Most favorably, some may feel a sense confidence or enthusiasm. Ok, I agree that enthusiasm is rarely listed as an emotion ...
How easy is it to bypass the average smartphone’s facial recognition security? In the case of Android, a lot easier than owners may think.
Stop shaking your head about "WhatsApp Gold" flimflam and start spreading these REAL nuggets of hoax-clobbering advice!
Australians got scary texts, emails and phone calls from a trusted emergency warning service late last week after a hacker broke into its systems and used it to send fake messages.
The app is accused of being a “location data company powered by weather” and profiting from users' data without being upfront about it.
This week, Matt and Paul interview Tim Callahan, Global Chief Security Officer of Aflac, to discuss communicating threat intelligence to executives and the board! In the Leadership Articles, Matt and Paul discuss how to moderate a panel discussion, the se ...
Malware of the Day: Encrypted Word Document https://isc.sans.edu/foru
ments/24498/Apple iOS Apps Reaching Out to Malware Server https://www.wandera.com/r
isky-apps/NCSC Offers Assistance Against Attacks from ...
Microsoft closed the hole, which let any unauthenticated phone-grabber answer a Skype call and then roam around on your mobile.
For over a month, hackers published data from hundreds of German politicians in a Twitter advent calendar - a massive government assault.
Adobe has patched two critical flaws in Acrobat and Reader that warrant urgent attention.
From same old, same old Facebook hoaxes to PewDiePie's Chromecast-hacking fans, here are the top stories of the new year.
Malware in TAR Files https://isc.sans.edu/foru
tachments/24496/ReiKey MacOS Keystoke Logger Detector https://objective-see.com
hing Tool Kit uses Simple Substituion Fonts https://www.proofpoint.co
This week, we welcome back Dameon Welch-Abernathy, or “Phoneboy”, a Cyber Security Evangelist at Check Point Software Technologies for an interview! Dameon joins us to discuss how to help people in the security community, a topic near and dear to our ...
In this issue: Information Attacks against Democracies How Surveillance Inhibits Freedom of Expression Propaganda and the Weakening of Trust in Government from the December 15, 2018 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage
Here's what you need to know about Facebook hoaxes, all in plain English.
“They didn’t actually hack Nest. They used somebody’s password from something else that they were able to get into.” – CEO Dave Kennedy CEO Dave Kennedy shares fundamental security advice for household consumer IoT (Internet of Things) devic ...
First they came for your printer... and then they came for your Chromecast - learn how to tighten up your router security.
A new presentation shows how vein authentication systems can be fooled using a fake wax hand model.
Rewards on 15 bug bounty programs start at $28,600 and include open source software such as KeePass, FileZilla, Drupal and VLC media player.
Malware Leaks Victim Data via FTP https://isc.sans.edu/foru
84/Hijacking Dormant Twitter Accounts https://techcrunch.com/20
Android Authentication Bypass via ...
On 29 December one of America's largest publishing groups, Tribune Media, found itself battling a major ransomware attack.
The extortionists leaked a “small sample” of what they say are 18k classified legal documents containing 9/11 “truth” stolen from a law firm.
No, none of us can "bypass" Facebook's newsfeed algorithms by copy-pasting our way past them.
Gift Card Scams https://isc.sans.edu/foru
on+the+rise/24482/WiFi Chipset Exploit https://2018.zeronights.r
"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the entire applicatio ...
Bypassing Vein Scanner Authentication (in german) https://media.ccc.de/v/35
ckenHacking Smart Lightbulbs and Firmware Exploits https://media.ccc.de/v/35
t_hackEuropean Union Offers Bug Bounty for Open Source ...
Newspapers aren’t immune to technology’s risk. CEO Dave Kennedy spoke with FOX Business on the latest hack and motives that affected newspapers across the country. View the full video “Major US newspapers get hit by cyberattack” The post Majo ...
It's a good idea to set up multi-factor authentication (2FA) on all your social accounts, so here we explain how to do that for Instagram.
There's no need to make it easier for someone who wants to hijack your Twitter account. Here's how to lock it down in just a few minutes.
We walk you through the important settings you can change and behaviors you can implement to lock down your privacy on Facebook.
“Once you got one [device], it’s pretty common you can get all of them.” – Alex Hamerstone Your new electronic gifts from the holidays can make life easier but it can also make your chances of falling victim to hacking easier too. GRC Practice ...
Phishing Attack Uses IP Counter https://isc.sans.edu/foru
/24460/JungleSec Ransomware Attacks via IPMI https://www.bleepingcompu
ote-consoles/Microsoft Edge ...