“To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?”
It’s old news that Uber has legal troubles on its plate - but the plot has thickened considerably in recent weeks.
A look at five RaaS kits and how each is marketed and priced
Apple just can’t seem to get away from the theme of security flaws right now.
Microsoft Patch Tuesday Summary https://isc.sans.edu/foru
23123/EV Certificate Model Broken? https://stripe.ian.shROBO
T Attack Against TLS https://robotattack.org
This week we discuss the details behind the "USB / JTAG takeover" of Intel's Management Engine, a rare Project Zero discovery, Microsoft's well-meaning but ill-tested IoT security project, troubles with EV certs, various Cryptocurrency woes, a clever DNS ...
This is the last show for the year, Risky Business will return on January 10th 2018. In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacu ...
Paul reports on Google patches, vulnerability in two keyless entry locks, Mozilla security updates, and 1.4 billion plain-text leaked passwords found online! Jason Wood of Paladin Security joins us for the expert commentary, and more on this episode of Ha ...
Has Google just given the crooks an early Christmas present?
It's a horrible email scam that's supposed to scare the life out of you
A viral post that turned the internet into a torch-bearing mob.
It’s OK to be excited about Bitcoin and other digital currencies, according to Brian Armstrong, CEO of digital currency exchange Coinbase... just maybe not that excited.
The young professionals portrayed in the LinkedIn listings are hot, enticing, and fictitious.
Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/foru
lware/23119/Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthi
HP didnt beat around the bush - when a researcher found a left-over keylogger, the company fessed up and fixed it fast. Result!
Mailsploit bugs allow attackers to bypass anti-spam protections and, in some cases, run hostile code
The Instagram account of a kitty who suffers from extreme feline dwarfism and terminal cuteness has been hacked by somebody who says they're 11.
Thought FISA Section 702 was due to bite the dust on New Year's Eve? Think again, say Trump's lawyers: you're stuck with it until the spring
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Lucky Yates is an actor and writer, known for Archer (2009), The American Shame (2001) and American Dirtbags (2015). Lucky is a hilarious guest that entertained us and we got to discuss some really interesting topics: What is a war ape and a sky robot? Ho ...
Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/foru
dud/23115/HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us
/HP-keylogger/Android App Signatu ...
Today’s Soap Box is brought to you by Bromium.
Bromium makes a security suite that wraps key applications in microvisors. It’s a way to get app-specific, hardware-based virtualisation.
ally Bromium has wrapped things like browsers and the of ...
Todd O'Boyle of StrongArm joins us for an interview! In our article discussion, we discuss behaviors that can drive cultural change, the power of office back-channeling, and the five traits of successful teams at Google! In the news, we have updates from ...
Lisa O'Connor of Accenture Labs joins us for an interview to discuss threat intelligence, advanced cyber hunting, active defense, and security of the Industrial Internet of things! Eyal Neemany of Javelin Networks joins us for the tech segment to discuss ...
HTTPS is one of security’s great love affairs, but it's not all roses.
Move aside, ugly, giant bags of mostly water, the computers are teaching themselves now
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/
Tracking Users Without GPS http:// ...
Can a hacker's extortion demand ever be paid off as though it were a bug bounty? Or is that a step too far?
KRACK is a Wi-Fi encryption bug - Apple patched it quickly, but only for iPhone 7 and later. Now everyone else gets a patch, too...
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Ben Tenjamin, Geoff Walton, Scott White, Costa Petros, and Rob ...
...without ever serving food from it.
We're looking at the security concepts in this week's Mr Robot
Reports say that the Bitcoin was worth $58m at the time. As of Thursday morning, the value had soared to $80m.
The encryption battle between the FBI and apple is all octopus ink, if you go by what the government says
It takes mere seconds to recognize a cat, thereby avoiding confused pets. Microsoft, who built it, didn't address pre-confused pets or hacker squirrels.
Apple Updates Everything https://isc.sans.edu/foru
erything+Again/23107/Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/foru
Eric Schneiderman called for the postponement, declaring that the public comment process in advance of the vote.
On 2 December LeakBase started redirecting to Troy Hunt’s campaigning breach site Have I Been Pwned? (HIBP), but why?
He used a mix of phishing, typosquatting and social engineering to weasel his way into the county network.
That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.
AI.Type Data Exposed in MongoDB Database https://mackeepersecurity
lsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.co
mStorageCrypt Ransomware Encrypt ...
This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of Apple allowing 3D facial data access to apps, Facebook's new and controversial u ...
On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excus ...
Paul reports on a flaw found in Dirty COW patch, Apache Software security updates, more hacks in 2018, and a MailSploit e-mail spoofing flaw! Jason Wood joins us to give expert commentary on a Federal Data Breach Legislation, and more on this episode of H ...
Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, Rever ...
'Staff use my login every day!', 'I have to ask staff members my own password when I forget it!", and other stories...
You’d think students smart enough to hack into their school’s IT system and change their grades wouldn’t need to hack into their school’s IT system and change their grades.
Do kids that young "need" a parent-sanctioned chat app? Facebook thinks so.
No worries, PayPal says: Tio Networks' systems are completely separate from PayPal's. Phew!
Incidence Response Using TheHive https://isc.sans.edu/foru
e+Project/23099/SSL/TLS For Scapy https://github.com/tintin
web/scapy-ssl_tlstvOS 11.2 Released (but no details about security content yet) https://support.apple.com
Webcams can be tucked into anything from smoke alarms to air fresheners, in Airbnbs AND hotel rooms. Here's how to spot them, and what to do if you find one.
A SERIES OF leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to c ...
Funny thing, Tom - the company's GPS tracker says you didn't show up at the work sites. Plus your PDA's kind of greasy.
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Ben Tenjamin, Geoff Walton, Scott White, Ryan Leese, Scot Berner, and Rob Si ...
The Senate's looking at YOU, Uber!
Here's the latest episode of the Chet Chat podcast...enjoy!
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/foru
radar/23091/Phishing Abuse of JotForm https://isc.sans.edu/foru
We’ll be hearing from three vendors in this edition of Oilers. Dino Dai Zovi will be along first up to talk about his startup, Capsule8, which looks very promising indeed. After we’ve heard from Dino we’ll be chatting with Chris McNab. He used to r ...
Allison Miller joins us for an interview, Mick Douglas of the SANS Institute shows us how to feed common and default logs into ELK stacks, and we report on the latest security news on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.s ...
A federal district court in California has ordered Coinbase to turn over three years worth of identifying records on more than 14,000 of its customers to the Internal Revenue Service (IRS).
He pleaded guilty to one count of computer intrusion and one count of accessing a computer in order to view child abuse imagery.
Relay attacks intercept a fob's signals, trick the car into unlocking, and can even be used to drive it away, without a key or a scratch.
It’s one of the oldest debates in software: is it a bug or a feature?
More Malspam Pushing Emotet Malware https://isc.sans.edu/foru
/Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org
We took to Facebook Live to discuss what happened in Apple's "password nightmware" week...
Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hope to accomplish in his tenure on the board, the first initiatives he would like to implement and on various ideas for wo ...
Did you use an iPhone in the UK between 1 June 2011 and 15 February 2012? If so, you’re one of an estimated 5.4 million who may be in line for compensation.
Snapchat is curating items based on what YOU like, not your echo chamber, fake-news spreading friends.
Bug, fix, bug, fix - but we're still saying "Well done" to Apple for a superquick response to the "blank root password" vulnerability.
We examine the latest security happenings in this week's episode of Mr. Robot...
I would run away if I were you, Epic Games: she's scary, and she's got good points.
James Wilkinson joins us to discuss his transition from the military to the enterprise security space. In the news, updates from Docker, GuardiCore, Trend Micro, Barracuda Networks, and more on this episode of Enterprise Security Weekly!Full Show Notes: h ...
Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com
/en-us/HT208315Insecure Android Crypto Currency Wallets https://www.htbridge.com/
ive Miner Now As Pop-Under htt ...
That Apple root hole we wrote about just yesterday? Apple has pushed out a patch already - get it while it's hot!
This could go beyond Radio Shack and location data; it may apply to email/text messages, internet searches, and bank and credit card records.
Paul and Michael report on an Exim-ergency, why Uber’s in hot water, Firefox’s new pwnage warnings, 1.7 million breached Imgur accounts, bidding farewell to SMS authentication, voting and security, and more on this episode of Hack Naked News!Full Show ...
The three men are accused of hacking into at least three multinational corporations over the past seven years.
Researchers' system halts a text conversation, shows a face peering over your shoulder, and involves alarmingly pretty sparkles and rainbows!
Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierrahttps://twitter.com
2Defeating Facial Recognition https://arxiv.org/abs/171
1.09001Bitcoin Gold ...
On this week’s show we’re speaking with Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution and managing editor of Lawfare. We’re talking to her about cross-border law enforcement in the Internet age. W ...
You can't login as "root" on a Mac because it never asks you to set the password, so you don't know what it is. Except that it's [blank].
This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this ye ...
In some cases, that includes not being contacted by the FBI even after their emails had been stolen and published online.
"Data collection creates an inherent risk of data loss through hack, breach, or other forms of intrusion."
The company plans to trial an add-on that will warn users if they appear in Troy Hunt's Have I Been Pwned? database.
Will it mean a newly vibrant and competitive internet or an internet for the rich?
Pouya Darabi found how to embed other people's images in a Facebook poll so that deleting *his* poll also deleted *their* files.
Former NSA hacker David Kennedy speaks about the implications of the Uber hack and whether the company should have reported the data breach. Click Here: Uber Hack and Cover-Up, Featuring David Kennedy-MSNBC The post Uber Hack and Cover-up, Featuring David ...
Facebook says that Russia-backed posts reached 126 million Americans during the 2016 US election.
Photo-sharing site Imgur just found out it was breached back in 2014 - and back then it wasn't storing your passwords securely.
From the all-seeing eye watching you online and the Uber data breach to Androids secretly reporting your location, and more!
Some websites are recording everything you do, what could go wrong?
Is publicly pursuing a man beyond reach a cry in the dark?
Ismael Valenzuela of the SANS Institute joins us. In the news, Rapid7 and Tenable announce new headquarters, Meg Whitman steps down, announcements for CA World ‘17, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.sec ...
Darren Mar-Elia of Semperis joins us. In the news, deciding with speed and conviction, learning from unicorns, starting your social enterprise, and updates from ThreatQuotient, Symantec, Optiv, and more on this episode of Startup Security Weekly!Full Show ...
This week we discuss Windows having a birthday, Net Neutrality about to succumb to big business despite a valiant battle, Intel's response to the horrifying JTAG over USB discovery, another surprising AWS public bucket discovery, Android phones caught sen ...
Don Pezet of ITProTV joins Paul to discuss Amazon S3 buckets, Google collecting Android data, secret spyware in smartwatches, and patches for Microsoft, Intel, HP, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweek
Great panel with Chris Prewitt of TrustedSec, Federal Bureau of Investigation (FBI), Ulmer & Berne LLP, Wells Fargo Insurance Services, and RT Specialty discussing “Cyber Game Plan: A Tabletop Exercise in Defending a Ransomware Attack.” Video Li ...