security.didici.cc

ISC StormCast for Tuesday, October 17th 2017

1 hour ago

WPA2 "Krack" Attack https://krackattack.com https://securingthehuman.
sans.org/blog/2017/10/16/
28748/Adobe Flash Player Update https://helpx.adobe.com/s
ecurity/products/flash-pl
ayer/apsb17-32.htmlTwo (identical) uTorrent Binaries With Different Hashes http ...

Startup Security Weekly #59 - Spooky Scary Startups

14 hours ago

Don Pezet of ITProTV joins us. In the startup security news, defining traits of leaders, the realities of stealth mode, and updates from Attivo Networks, CloudZero, Akami, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.s ...

ISC StormCast for Monday, October 16th 2017

1 day ago

Peeking Into an Outlook .msg File https://isc.sans.edu/foru
ms/diary/Peeking+into+msg
+files/22926/Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update https://blog.malwarebytes
.com/threat-analysis/2017
/10/equifax-transunion-we
bsites-push-fake-f ...

ISC StormCast for Friday, October 13th 2017

4 days ago

Version Control Tools Are Not Only For Developers https://isc.sans.edu/foru
ms/diary/Version+control+
tools+arent+only+for+Deve
lopers/22922/Coin Hive Javascript Crypto Currency Miner Found on Piratebay https://twitter.com/ester
ling_/status/918240914623
09069 ...

Hack Naked News #144 - October 10, 2017

4 days ago

Doug White and Jason Wood discuss Kaspersky, social security, Duqu 2.0, and the Equifax breach on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweek
ly.com/HNNEpisode144 Visit http://hacknaked.tv for all the latest episodes!   →V ...

After Las Vegas shooting, Nevada officials go after sham websites seeking donations – Fox News, Featuring Alex Hamerstone

4 days ago

The Nevada Attorney General’s office is investigating reports of fake online charities collecting donations on behalf of victims that were killed or wounded at a shooting at a country music festival in Las Vegas Oct. 1. Officials are partnering with GoF ...

ISC StormCast for Thursday, October 12th 2017

5 days ago

Outlook Includes plain text version of e-mail with S/MIME Encryption https://www.sec-consult.c
om/en/blog/2017/10/fake-c
rypto-microsoft-outlook-s
mime-cleartext-disclosure
-cve-2017-11776/index.htm
lRubyGems Remote Code Execution Vulnerability http://blog.rub ...

Startup Security Weekly #58 - Put On Your Business Hat

5 days ago

Elizabeth Lawler of CyberArk joins us for an interview. In the articles for discussion, we discuss leveling the playing field for entrepreneurs, using storytelling to increase sales, online crowdfunding, and more. In the startup security news for the week ...

Episode 201 - Celebration

5 days ago

We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode.   We will be back in 2018 with more episodes.  Until then be well and stay secure!

SN 632: The​ ​DNSSEC​ ​Challenge

5 days ago

This week we take a look at a well-handled breach-response at Disqus, a rather horrifying mistake Apple made in the implementation of their APFS encryption (and the difficulty to the user of fully cleaning up after it), the famous "robots.txt" file gets a ...

ISC StormCast for Wednesday, October 11th 2017

5 days ago

Microsoft Monthly Updates https://isc.sans.edu/foru
ms/diary/October+2017+Sec
urity+Updates/22916/Spoof
ed iOS iCloud Login https://krausefx.com/blog
/ios-privacy-stealpasswor
d-easily-get-the-users-ap
ple-id-password-just-by-a
sking

Risky Business #473 -- Kaspersky is officially toast

5 days ago

On this week’s show we’re taking a deep dive into the latest news about Kaspersky and its alleged ties to Russian security services. The New York Times has just published an absolutely blockbuster piece that claims Israeli intelligence infiltrated Kas ...

Crypto-Gram 15 September 2017

6 days ago

In this issue: On the Equifax Data Breach iPhone Changes to Frustrate the Police from the September 15, 2017 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage

ISC StormCast for Tuesday, October 10th 2017

1 week ago

Base64 Encoded Word Documents https://isc.sans.edu/foru
ms/diary/Base64+All+The+T
hings/22912/Skimmer Scanner Helps Find Credit Card Skimmers https://github.com/sparkf
unX/Skimmer_ScannerTLS 1.3 Remains "On Hold" https://www.ietf.org/mail
-archive/web/tls/cur ...

Ep. 098 - Winning the SECTF with Chris & Rachel

1 week ago

Chris Kirsch, the 1st place winner of the SECTF, is a returning competitor that came back to prove to himself how and why he CAN win this competition after his previous attempt was ...um... not so great. Rachel Tobac is our scariest competitor but also on ...

Ep. 098 - Winning the SECTF with Chris & Rachel

1 week ago

Chris Kirsch, the 1st place winner of the SECTF, is a returning competitor that came back to prove to himself how and why he CAN win this competition after his previous attempt was ...um... not so great. Rachel Tobac is our scariest competitor but also on ...

ISC StormCast for Sunday, October 8th 2017

1 week ago

Payment Handler API https://w3c.github.io/pay
ment-handler/ https://blog.lukaszolejni
k.com/privacy-of-web-requ
est-api/OpenSSH Version 7.6 Released http://www.openssh.com/tx
t/release-7.6Microsoft Delaying Some Patches for Earlier Windows Versions https://go ...

Paul's Security Weekly #532 - That's Australian

1 week ago

Don Pezet of ITProTV and Ran Levi of Podcast Israel Media join us, and we discuss the latest information security and hacking news on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweek
ly.com/Episode532 Visit https://www.s ...

Russian Influence in the US – CNN, Featuring David Kennedy

1 week ago

  The post Russian Influence in the US – CNN, Featuring David Kennedy appeared first on TrustedSec.

ISC StormCast for Friday, October 6th 2017

1 week ago

Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands https://isc.sans.edu/foru
ms/diary/pcap2curl+Turnin
g+a+pcap+file+into+a+set+
of+cURL+commands+for+repl
ay/22900/Apple Patches Embarrasing MacOS High Sierra Flaw https://www.appleworld.to
day/bl ...

Enterprise Security Weekly #64 - Saved By Hello Kitty

1 week ago

Mary Chaney of ICMCP joins us. In the news, John McAfee finally reveals his hack-proof system, ShieldX and Webroot join forces, a biometrics company teams up with Honeywell, and what percentage of successful attacks are caused by phishing? Paul and John d ...

ISC StormCast for Thursday, October 5th 2017

1 week ago

Cyber Security Awareness Month: Ouch! Newsletter https://securingthehuman.
sans.org/newsletters/ouch
/issues/OUCH-201710_en.pd
fModified Rowhammer Attack Bypasses Current Defenses https://arxiv.org/pdf/171
0.00551.pdfMetasploit Modules For VMWare Escape https ...

SN 631: Private Contact Discovery

1 week ago

This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail improvements, breaking DKIM without breaking it, concerns over many servers in ...

ISC StormCast for Wednesday, October 4th 2017

1 week ago

Fedex Malspam Pushes Formbook Infostealer Malware https://isc.sans.edu/foru
ms/diary/Malspam+pushing+
Formbook+info+stealer/228
88/Wordpress Plugins Heavily Abused For Site Defacements https://www.wordfence.com
/blog/2017/10/3-zero-day-
plugin-vulnerabilities- ...

Risky Business #472 -- Iran DDoSed banks in 2012, US DoSed DPRK

1 week ago

There is no feature interview in this week’s show – it was a long weekend here in Australia plus a few things came up. But we’ve got a great show for you anyway. We’ll be discussing the week’s news headlines with Adam Boileau who’s back on dec ...

Hack Naked News #143 - October 3, 2017

1 week ago

The internet isn’t ready for DNS sec, Netgear patches away, Whole Foods is the latest victim of a credit card breach, and more. Ferruh Mavituna and Sven Morgenroth of Netsparker join us to discuss Apache Struts vulns and the Equifax breach on this episo ...

Anyone who uses Social Security Numbers for security is crazy… – Yahoo Finance, Featuring Alex Hamerstone

1 week ago

The Equifax hack that compromised 143 million Social Security numbers didn’t just destroy the country’s trust in credit bureaus; it also most certainly killed the use of SSNs for security and identity authentication. The nine-digit SSN has been used f ...

ISC StormCast for Tuesday, October 3rd 2017

1 week ago

Passive DNS Investigating Security Incidents with Passive DNSBypassing Domain Authentication https://medium.freecodeca
mp.org/how-i-hacked-hundr
eds-of-companies-through-
their-helpdesk-b7680ddc2d
4cDNSMasq Vulnerabilities https://security.googlebl
og.com/2017 ...

Startup Security Weekly #57 - The Sand Hobo Himself

2 weeks ago

Barrett Lyon of Neustar joins us. In the news, funding your business with no experience, buying and selling strategy and tactics, taking a sabbatical, and updates from Google, Vimeo, CA Technologies, and more on this episode of Startup Security Weekly!Ful ...

ISC StormCast for Monday, October 2nd 2017

2 weeks ago

Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites https://isc.sans.edu/foru
ms/diary/Whos+Borrowing+y
our+Resources/22882/OS X Silently Patches Javascript Quarantine Bypass https://www.wearesegment.
com/research/Mac-OS-X-Loc
al-Javascrip ...

Paul's Security Weekly #531 - Trevor Forget

2 weeks ago

Jim Nitterauer of AppRiver and Ed Skoudis of Counter Hack & SANS Institute join us, and we discuss the latest information security and hacking news! Full Show Notes: https://wiki.securityweek
ly.com/Episode531 Visit https://www.securityweekl
y.com for all t ...

A Different Take on Exam Prep: CISSP

2 weeks ago

I just passed the CISSP examination. I saw what many did to prepare for their exam, and I did something else. I needed something faster to arrive at passing results. First off, the CISSP is “Certified Information Systems Security Professional”. It is ...

Full Disclosure: JitBit Helpdesk Authentication Bypass 0-Day

2 weeks ago

Summary An authentication bypass issue was discovered in JitBit Help Desk Software v8.9.11 in October of 2016. This issue was reported to the vendor, and after several communications and numerous updated releases, the software is still vulnerable. JitBit ...

ISC StormCast for Friday, September 29th 2017

2 weeks ago

Dealing With Massive Packet Captures https://isc.sans.edu/foru
ms/diary/The+easy+way+to+
analyze+huge+amounts+of+P
CAP+data/22876/Illusion Gap Anti-Virus Bypass https://www.cyberark.com/
threat-research-blog/illu
sion-gap-antivirus-bypass
-part-1/DNSSEC KSK Upd ...

Risky Biz Soap Box: Exploit kids are dead, at-scale social engineering the new black

2 weeks ago

This isn’t the weekly show, this is a deep dive vendor podcast we do 10 times a year. All the vendors who appear in the Soap Box podcasts paid to be here, but you know what? Even though this is sponsored content, it’s really interesting. And this Soa ...

Enterprise Security Weekly #63 - Temporal Tempura

2 weeks ago

Paul and John discuss network security architecture. In the news, Google Cloud acquires Bitium, Ixia extends cloud visibility, Lacework now supports Microsoft Windows Server, and more on this episode of Enterprise Security Weekly!Full Show Notes: https:// ...

ISC StormCast for Thursday, September 28th 2017

2 weeks ago

Everything You Ever Wanted To Know About JPEGs (and more) https://isc.sans.edu/foru
ms/diary/It+is+a+resume+P
art+3/22808/Linux 4.14 Memory Encryption https://lwn.net/Articles/
686808/CLKSCREW: Exposing Secure Enclaves via Energy Management https://www.useni ...

Hack Naked News #142 - September 26, 2017

2 weeks ago

Tracking cars, iOS 11 patches eight vulnerabilities, Equifax dumps their CEO, High Sierra gets slammed with a 0-day, and more. Jason Wood of Paladin Security discusses an email DDos threat on this episode of Hack Naked News!Full Show Notes: https://wiki.s ...

Risky Business #471 -- Good Microsoft, bad Microsoft

2 weeks ago

On this week’s show we’re taking a look at a mediocre response from Microsoft’s security response centre in the face of a fairly run-of-the-mill bug report. Our guest today found some Microsoft software was failing to validate SSL certificates. He r ...

SN 630: The Great DOM Fuzz-Off

2 weeks ago

This week, Father Robert and Steve follow more Equifax breach fallout, look at encryption standards blowback from the Edward Snowden revelations, examine more worrisome news of the CCleaner breach, see that ISPs may be deliberately infecting their own cus ...

ISC StormCast for Tuesday, September 26th 2017

2 weeks ago

macOS High Sierra Security Updates https://support.apple.com
/en-us/HT201222Possible macOS Keychain Leak https://twitter.com/patri
ckwardle/status/912254053
849079808Monero Cryptocoin Miner Found on Showtime Website https://badpackets.net/co
inhive-miner-foun ...

Startup Security Weekly #56 - A Huge Week

3 weeks ago

Don Pezet and Tim Broom of ITProTV join us. In the news, building successful products, the most important startup question, and updates from McAfee, Slack, ThreatStack, and more on this episode of Startup Security Weekly!Full Show Notes: https://wiki.secu ...

ISC StormCast for Monday, September 25th 2017

3 weeks ago

Forensic Use of "mount --bind" https://isc.sans.edu/foru
ms/diary/Forensic+use+of+
mount+bind/22854/Adobe Publishes Secret PGP Key By Mistake https://twitter.com/jupen
ur/status/911286403434246
144AVAST Publishes CCleaner Update https://blog.avast.com/av
ast-t ...

ISC StormCast for Friday, September 22nd 2017

3 weeks ago

More (Likely Fake) DDoS Extortion Attempts https://isc.sans.edu/foru
ms/diary/Emails+threateni
ng+DDoS+allegedly+from+Ph
antom+Squad/22856/CVE-201
7-8759 Used in Cyber Crime Attacks https://isc.sans.edu/foru
ms/diary/Email+attachment
+using+CVE20178759+exploi
t+ ...

Enterprise Security Weekly #62 - Heat Death of the Universe

3 weeks ago

Paul and John discuss insights into the Equifax data breach. In the news, CyberGRX and BitSight join forces, YARA rules explained, Riverbed teases an application networking offering, and more on this episode of Enterprise Security Weekly!Full Show Notes: ...

ISC StormCast for Thursday, September 21st 2017

3 weeks ago

Newest Locky Update: RAR Attachments and "Invoice" E-Mails https://isc.sans.edu/foru
ms/diary/Ongoing+Ykcol+Lo
cky+campaign/22848/Viacom S3 Bucket Leak https://www.upguard.com/b
reaches/cloud-leak-viacom
iOS 11 Outlook.com Bug https://support.apple.com
/en-us/ ...

ISC StormCast for Wednesday, September 20th 2017

3 weeks ago

Mac-Robber Python Rewrite https://isc.sans.edu/foru
ms/diary/New+tool+macrobb
erpy/22844/Apache Tomcat Patch https://www.us-cert.gov/n
cas/current-activity/2017
/09/19/Apache-Releases-Se
curity-Updates-Apache-Tom
catApple Updates For iOS, Xcode, tvOS, watchOS a ...

Risky Business #470 -- Project Zero's Natalie Silvanovich on reducing attack surface

3 weeks ago

Ryan Duff fills in for Adam in this week’s news segment. Ryan used to work at US Cyber Command as a cyber operations tactician but these days he’s in the private sector. He shares his thoughts on the week’s happenings. This week’s feature guest i ...

SN 629: Apple Bakes Cookies

3 weeks ago

This week Padre and Steve discuss what was up with Security Now's recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser encrypted media extensions (EME), an emerging browser-based payment standard, when ...

Hack Naked News #141 - September 18, 2017

3 weeks ago

CCleaner is distributing malware, rogue WordPress plugins, Equifax replaces key staff members, and more. Jason Wood of Paladin Security discusses malicious WordPress plugins on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweek
ly.c ...

ISC StormCast for Tuesday, September 19th 2017

3 weeks ago

CCleaner Compromise http://blog.talosintellig
ence.com/2017/09/avast-di
stributes-malware.html http://www.piriform.com/n
ews/release-announcements
/2017/9/18/security-notif
ication-for-ccleaner-v533
6162-and-ccleaner-cloud-v
1073191-for-32-bit-window
s-usersWord ...

Startup Security Weekly #55 - Bald, Beautiful Men

4 weeks ago

Jason Brvenik of NSS Labs joins us. In the news, attributes of a scalable business, founder struggles, how to grow your startup, and updates from AppGuard, Securonix, CashShield, and more on this episode of Startup Security Weekly!Full Show Notes: https:/ ...

ISC StormCast for Monday, September 18th 2017

4 weeks ago

Bashware: Bypassing Windows Security via Linux (WSL)https://research.che
ckpoint.com/beware-bashwa
re-new-method-malware-byp
ass-security-solutions/Ja
vascript Rogue Crypto Currency Miner https://www.welivesecurit
y.com/2017/09/14/cryptocu
rrency-web-mining-uni ...

Paul’s Security Weekly #530 - That’s a Grand Slam

1 month ago

Ted Demopoulos and Mike Assante of the SANS Institute join us, and we discuss the latest information security and hacking news! Full Show Notes: https://wiki.securityweek
ly.com/Episode530 Visit https://www.securityweekl
y.com for all the latest episodes!

Security Processes at the Apache Software Foundation w/ Mark Thomas and Brian Fox

1 month ago

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is f ...

ISC StormCast for Friday, September 15th 2017

1 month ago

Another Webshell; Another Backdoor https://isc.sans.edu/foru
ms/diary/Another+webshell
+another+backdoor/22826/D
-Link Vulnerability https://pierrekim.github.
io/blog/2017-09-08-dlink-
850l-mydlink-cloud-0days-
vulnerabilities.htmlChrom
e To Label FTP As Insecur ...

Risky Biz Soap Box: Consolidation to hit infosec software industry

1 month ago

Cylance, as many of you would know, is a so-called next generation AV company. They were early movers on machine learning tech, and they’ve been tremendously successful. They’re a tech unicorn – clocking up a valuation of over a billion dollars in a ...

Struts2 Vulnerabilities: Who Is Responsible?

1 month ago

A conversation on the ramifications of recent Struts2 announcements, the exploit at Equifax and the responsibility of companies using open source software. David Blevins, CEO, TomiTribe Brian Fox, CTO, Sonatype

DHS vs. Kaspersky Lab: Why the US government is ditching the Russian software giant. – Fox News, Featuring Alex Hamerstone

1 month ago

The Department of Homeland Security’s decision to ban federal agencies and departments from using products from Moscow-based cybersecurity firm Kaspersky Lab comes as no surprise, say security experts.  Officials say that the prominent company poses a ...

Enterprise Security Weekly #61 - Crying Uncle

1 month ago

Tom Parker of Accenture joins us. In the news, Bay Dynamics and VMware join forces, confessions of an insecure coder, Flexera acquires BDNA, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweek
ly.com/ES_Episode ...

ISC StormCast for Thursday, September 14th 2017

1 month ago

No IPv6? Challenge Accepted https://isc.sans.edu/foru
ms/diary/No+IPv6+Challeng
e+Accepted+Part+1/22820/E
xploiting CVE-2017-8759 https://www.mdsec.co.uk/2
017/09/exploiting-cve-201
7-8759-soap-wsdl-parser-c
ode-injection/Wordpress Plugin Found With Backdoor ht ...

Ruby/ERB Template Injection

1 month ago

Written by Scott White & Geoff Walton Templates are commonly used both client and server-side for many of today’s web applications.  Many template engines are available in several different programming languages.  Some examples are Smarty, Mako, Jinja ...

ISC StormCast for Wednesday, September 13th 2017

1 month ago

Microsoft Patch Tuesday https://www.fireeye.com/b
log/threat-research/2017/
09/zero-day-used-to-distr
ibute-finspy.html https://technet.microsoft
.com/security/advisoriesB
lueBorne Bluetooth Vulnerability http://go.armis.com/hubfs
/BlueBorne%20Technical%20
White ...

SN 628: Equifax Fiasco

1 month ago

This week we discuss last Friday's passing of our dear friend and colleague Jerry Pournelle, when AI is turned to evil purpose, whether and when Google's Chrome browser will warn of man in the middle attacks, why Google is apparently attempting to patent ...

Episode 200 - Building a Security Strategy - Part III

1 month ago

Episode 200 - Building A Security Strategy - Part III Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “ ...

Risky Business #469 -- More like EquiHAX. AMIRITE??

1 month ago

On this week’s show, of course, we’ll be using the news segment to take a look at the dumpster fire that is the Equifax breach. We’ve got suspicious short trades, executive share sales and an absolutely shambolic response. This one’s got the lot; ...

Hack Naked News #140 - September 12, 2017

1 month ago

Bypassing Windows 10 security software, Android is vulnerable (go figure), hacking syringe infusion pumps to deliver fatal doses, and more. Jason Wood of Paladin Security discusses iOS 11 on this episode of Hack Naked News!Full Show Notes: https://wiki.se ...

Wired Article “How to Stop the Next Unstoppable Mega-Breach—or Slow it Down” Featuring Alex Hamerstone

1 month ago

The recent, massive Equifax data breach, which put 143 million US consumers’ personal data at risk—including names, Social Security numbers, birth dates, addresses, and some drivers license and credit card numbers—drove home the dangers facing any ...

ISC StormCast for Tuesday, September 12th 2017

1 month ago

Cisco Struts Updateshttps://tools.cisc
o.com/security/center/con
tent/CiscoSecurityAdvisor
y/cisco-sa-20170909-strut
s2-rceGoogle Chrome Warning Users of Anti-Malware SSL Interception https://twitter.com/sasha
perigo/status/90626309162
4591360Machinelearning To ...

Startup Security Weekly #54 - Here We Go with Witness Protection

1 month ago

Gary Golomb of Awake Security joins us. In the news, changing a prospect's mind, the MVP paradox, commodifying SaaS, and updates from ForgeRock and Michael and Paul's startup journeys!Full Show Notes: https://wiki.securityweek
ly.com/SSWEpisode54Visit http ...

Ep. 097 – Getting Psyched with Dan McGinn

1 month ago

Dan McGinn is a senior editor at Harvard Business Review and the author of "Psyched Up: How the Science of Mental Preparation Can Help You Succeed." He discusses: How Does Psyching yourself help help? Tips and Tricks for mental motivation How to use these ...

ISC StormCast for Monday, September 11th 2017

1 month ago

Analyzing JPEG Files https://isc.sans.edu/foru
ms/diary/Analyzing+JPEG+f
iles/22806/Auditing Windows With WINspect https://isc.sans.edu/foru
ms/diary/Windows+Auditing
+with+WINspect/22810/Wind
ows PSSetLoadImageNotifyRouti
ne Vulnerability https://breakingmalwa ...

Paul's Security Weekly #529 - Security is a Religion

1 month ago

Michele Jordan of Under the Oak Consulting joins us, Chris Crowley of SANS Institute discusses mobile application security, and we discuss the latest information security and hacking news! Full Show Notes: https://wiki.securityweek
ly.com/Episode529 Visit ...

ISC StormCast for Friday, September 8th 2017

1 month ago

Yet Another Struts RCE Vulnerability https://struts.apache.org
/docs/s2-053.htmlEquifax Compromise https://www.bloomberg.com
/news/articles/2017-09-07
/three-equifax-executives
-sold-stock-before-reveal
ing-cyber-hackHash Extension Flaws https://isc.sans.edu/f ...

What you should know about the latest struts 2 vulnerability announcement

1 month ago

What you should know about the latest struts 2 vulnerability announcement w/ Brian Fox, CTO Sonatype, and Matthew Konda , Chair, OWASP Board of Directors. If you're a developer and concerned about security, a struts 2 vulnerability announcement came out ...

Using WinRM Through Meterpreter

1 month ago

Windows Remote Management (WinRM) is Microsoft’s implementation of the WS-Management (WSMan) protocol, which is used for exchanging management data between machines that support it. WSMan, in the case of Windows, supplies this data from WMI and transmit ...

Enterprise Security Weekly #60 - Live From Gainesville

1 month ago

Don Pezet of ITProTV and Doug White join us to discuss network security architecture. In the news, SealPath and Boldon James join forces, following the money, AI in the cloud, and more on this episode of Enterprise Security Weekly!Full Show Notes: https:/ ...

ISC StormCast for Thursday, September 7th 2017

1 month ago

Struts2 Metasploit Module https://github.com/rapid7
/metasploit-framework/pul
l/8924/commits/5ea83fee5e
e8c23ad95608b7e2022db5b48
340efGoogle Docs Table With Hacked MongoDB Databases https://docs.google.com/s
preadsheets/d/1QonE9oeMOQ
HVh8heFIyeqrjfKEViL0poLnY
8 ...

SN 627: Sharknado

1 month ago

(Although there are an unbelievable FIVE Sharknado movies, this will be the first and last time we use that title for a podcast!) This week we have another update on Marcus Hutchins, we discuss the validity of Wikileaks documents, the feasibility of rigor ...

ISC StormCast for Wednesday, September 6th 2017

1 month ago

A Look Back At Nira and What's Next https://isc.sans.edu/foru
ms/diary/The+Mirai+Botnet
+A+Look+Back+and+Ahead+At
+Whats+Next/22786/New Struts Vulnerability and Patch https://isc.sans.edu/foru
ms/diary/Struts+vulnerabi
lity+patch+released+by+ap
ache+patch+now/2 ...

Risky Business #468 -- Marcus Hutchins gets "Krebbed," the ICO bubble and more

1 month ago

On this week’s show we’re going to take a look at the ICO bubble. We’ll hear some excerpts from a chat I had with Coinjar CEO Asher Tan and then Adam and I are going to talk about what the hell is happening with all this crypto madness. We also take ...

Hack Naked News #139 - September 5, 2017

1 month ago

AT&T customers at risk, WikiLeaks gets vandalized, catching hackers in the act, going to jail over VPNs, and more. Jason Wood of Paladin Security discusses wheeling and dealing malware on this episode of Hack Naked News!Full Show Notes: https://wiki.secur ...

ISC StormCast for Tuesday, September 5th 2017

1 month ago

Locky Ransom Ware is Back and This Time Pretents to Be a Font https://isc.sans.edu/foru
ms/diary/Malspam+pushing+
Locky+ransomware+tries+Ho
eflerText+notifications+f
or+Chrome+and+FireFox/227
76/When is a PDF Just a PDF? https://isc.sans.edu/foru
ms/diary/It+is ...

Startup Security Weekly #53 - Pulling Your G-String

1 month ago

Matt Alderman of Automox joins us. In the news, changing your audience’s perceptions, improving sales efforts, letting your kids fail, and updates from Facebook, Juniper, Qadium, and more on this episode of Startup Security Weekly! Full Show Notes: http ...

Snake Oilers #2: Part 2: Authentication tech from Yubico and Remediant

1 month ago

This podcast deals with authentication tech – in particular, if you manage a Windows network, you’ll want to listen to this to get an idea of some different approaches to solving some of your authentication challenges. This isn’t our weekly show, t ...

Paul's Security Weekly #528 - DDos Campaign for Memes

1 month ago

Larry Pesce and Dave Kennedy hold down the fort in Paul’s absence! Kyle Wilhoit of DomainTools delivers a tech segment on pivoting off domain information, Dave talks about the upcoming DerbyCon, and we discuss the latest information security news! Full ...

ISC StormCast for Friday, September 1st 2017

1 month ago

Is Remote Work Feasible in a SOC?https://isc.sans.edu/
forums/diary/Remote+SOC+W
orkers+Concerns/22772/Lin
ux Random Number Generator Reviewedhttps://www.bsi.b
und.de/SharedDocs/Downloa
ds/DE/BSI/Publikationen/S
tudien/LinuxRNG/LinuxRNG_
EN.pdf?__blob=publicatio ...

Enterprise Security Weekly #59 - Protect the Data

1 month ago

Michael and Matt join Paul to discuss security operations, endpoint protection, enterprise networking monitoring, and the latest enterprise security news on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.securityweek
ly.com/ES_Epi ...

Risky Business #467 -- HPKP as an attack vector

1 month ago

In this week’s show we recap all the week’s major security news items. St Jude Medical products will be patched in half a million patients, we get the latest with the DreamHost warrant, find out how Hansa marketplace members were de-cloaked by the Dut ...

ISC StormCast for Thursday, August 31st 2017

1 month ago

IoT Gear Affected by ConnMan Vulnerablity http://connmando.nri-secu
re.co.jp/index.htmlTrickb
ot Going After Coinbase https://blogs.forcepoint.
com/security-labs/trickbo
t-goes-after-cryptocurren
cyPacemakers Need Patch https://www.fda.gov/Medic
alDevices/Safet ...

ISC StormCast for Wednesday, August 30th 2017

1 month ago

Another Chrome Extension Banking Malware https://isc.sans.edu/foru
ms/diary/Second+Google+Ch
rome+Extension+Banker+Mal
ware+in+Two+Weeks/22766/V
ulnerable Docker VM https://www.notsosecure.c
om/vulnerable-docker-vm/L
arge Spam E-Mail and Password List Discovere ...

SN 626: Shattering Trust

1 month ago

This week we cover a bit of the ongoing drama surrounding Marcus Hutchins, examine a reported instance of interagency hacking, follow the evolving market for 0-day exploits, examine trouble arising from the continued use of a deprecated Apple security API ...

OWASP Hacker Kids in Bangalore

1 month ago

Most of us want to help kids become proficient in programming and cybersecurity, but don't know how to get started or have time to manage such a project. Prashant Kv figured he'd put a team together with Vandana Verma and Rupali Dash and give it a shot. ...

Hack Naked News #138 - August 29, 2017

1 month ago

Sparring government agencies, Microsoft patches a patch of a patch, Intel chips and backdoors, SMS authentication begone, and more. Jason Wood of Paladin Security discusses scaling back data demand on this episode of Hack Naked News!Full Show Notes: https ...

ISC StormCast for Tuesday, August 29th 2017

1 month ago

Survey of Recent DVR Attacks https://isc.sans.edu/foru
ms/diary/An+Update+On+DVR
+Malware+A+DVR+Torture+Ch
amber/22762/Disabling Intel MEhttp://blog.ptsecurity.
com/2017/08/disabling-int
el-me.htmlWire-X Takedownhttps://blogs.aka
mai.com/2017/08/the-wirex
-botne ...

Startup Security Weekly #52 - Security Startups Taste So Good

1 month ago

Michael and Paul discuss de-risking risk. In the news, ten tools to streamline your processes, why cash conversion matters, creating psychological safety, and updates from Cisco, Nationwide, and more on this episode of Startup Security Weekly! Full Show N ...

ISC StormCast for Monday, August 28th 2017

1 month ago

Analyzing 7zip Malwarehttps://isc.sans.e
du/forums/diary/Malware+a
nalysis+searching+for+dot
s/22758/Worldwide DNS Manipulation Surveyhttps://people.eecs
.berkeley.edu/~pearce/pap
ers/dns_usenix_2017.pdfSo
phos Withdraws UTM Updatehttps://community.s
ophos.com/p ...

Snake Oilers #2: Part 1: Crowdstrike, AttackIQ and Replicated explain their tech

1 month ago

This is part one of our latest Snake Oilers podcast, the sponsored podcast that doesn’t suck! I have to say, when I launched this podcast series I had no idea it would actually wind up being genuinely engaging and interesting. All three interviews in th ...