security.didici.cc

Paul's Security Weekly #519 - Whiskey Tango Foxtrot

6 hours ago

Eric Conrad of SANS joins us, Justin Henderson reverse analyzes attacks for detection purposes, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode519 Visit https://www.securityweekl
y.com for all the latest ep ...

Episode 198 - Building a Security Strategy Part 1

14 hours ago

Episode 198 – Building a Security Strategy – Part 1   Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach…   What is a Strategy? What’s the difference between a strategy and a policy? ...

Enterprise Security Weekly #50 - Losing More Hair

1 day ago

Brian Ventura of SANS Institute and Ted Gary of Tenable join us. In the news, five ways to maximize your IT training, pocket-sized printing, 30 years of evasion techniques, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wi ...

ISC StormCast for Friday, June 23rd 2017

1 day ago

Obfuscating Without XOR https://isc.sans.edu/foru
ms/diary/Obfuscating+with
out+XOR/22544/Airbnb OAUTH Token Theft https://www.arneswinnen.n
et/2017/06/authentication
-bypass-on-airbnb-via-oau
th-tokens-theft/Critical Drupal Vulnerablity https://www.drupal.or ...

ISC StormCast for Thursday, June 22nd 2017

2 days ago

New Vulnerabilities Found in OpenVPN https://guidovranken.word
press.com/2017/06/21/the-
openvpn-post-audit-bug-bo
nanza/RAR Unpack Vulnerability Affects BitDefender https://bugs.chromium.org
/p/project-zero/issues/de
tail?id=1278&desc=6Ho
nda Plant Shuts Down ...

SN 617: When Governments React

3 days ago

This week we discuss France, Britain, Japan, Germany & Russia each veering around in their Crypto Crash Cars, Wikileaks' Vault7 reveals widespread CIA WiFi router penetration, why we can no longer travel with laptops, HP printer security insanity, how lon ...

ISC StormCast for Wednesday, June 21st 2017

3 days ago

Cisco Ships Private Key For drmlocal.cisco.com With Video Player https://groups.google.com
/forum/#!topic/mozilla.de
v.security.policy/T6emeoE
-lCUWindows Error Reporting: DFIR Benefits and Privacy Concernshttps://isc.sans.
edu/forums/diary/Windows+
Error+Repo ...

Hack Naked News #130 - June 20, 2017

3 days ago

Hacking military phone systems, IoT malware activity doubles, more WikiLeaks dumps, decade-old Linux bugs, and more. Jason Wood of Paladin Security joins us to discuss the erosion of ISP privacy rules on this episode of Hack Naked News!Full Show Notes: ht ...

ISC StormCast for Tuesday, June 20th 2017

4 days ago

Stack Clash Vulnerability Affects Various Unix Based Operating Systems https://www.qualys.com/20
17/06/19/stack-clash/stac
k-clash.txtSeparation Of Duties / Malicious Administrators https://isc.sans.edu/foru
ms/diary/As+Your+Admin+Wa
lks+Out+the+Door/22530/Pr ...

ISC StormCast for Monday, June 19th 2017

5 days ago

Uptick in Port 83 Traffic https://isc.sans.edu/foru
ms/diary/What+is+going+on
+with+Port+83/22524/WINS DoS Vulnerability will not be fixed by Microsoft https://blog.fortinet.com
/2017/06/14/wins-server-r
emote-memory-corruption-v
ulnerability-in-microsoft
-wind ...

Paul's Security Weekly #518 - Floppy Lemons

1 week ago

Trey Forgety of NENA joins us, Carrie Roberts of Black Hills Information Security shows us how to prevent blacklisting while password spraying with Burp and ProxyCannon, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly ...

Enterprise Security Weekly #49 - 7 Layers

1 week ago

Paul and John discuss malware and endpoint defense. In the news, Carbon Black releases Cb Response 6.1, what to ask yourself before committing to a cybersecurity vendor, Malwarebytes replaces antivirus with endpoint protection, and more on this episode of ...

ISC StormCast for Friday, June 16th 2017

1 week ago

WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit https://wikileaks.org/vau
lt7/#Cherry%20BlossomMore DVR Vulnerabilities https://www.pentestpartne
rs.com/security-blog/what
-did-mirai-miss-making-a-
better-bigger-botnet/More Microsoft Wi ...

ISC StormCast for Thursday, June 15th 2017

1 week ago

Systemd Odd Defaults https://isc.sans.edu/foru
ms/diary/Systemd+Could+Fa
llback+to+Google+DNS/2251
6/Voice over LTE Vulnerabilities https://www.sstic.org/med
ia/SSTIC2017/SSTIC-actes/
remote_geolocation_and_tr
acing_of_subscribers_usin
/SSTIC2017-Article-remote
_ ...

SN 616: Things Are Getting Worse

1 week ago

This week we discuss clever malware hiding its social media communications, the NSA documents the Russian election hacking two-factor authentication bypass, meanwhile, other Russian attackers leverage Google's own infrastructure to hide their spoofing, Ta ...

ISC StormCast for Wednesday, June 14th 2017

1 week ago

MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities https://isc.sans.edu/foru
ms/diary/Microsoft+and+Ad
obe+June+2017+Patch+Tuesd
ay+Two+Exploited+Vulnerab
ilities+Patched/22512/ North Korea Building DDoS Botnet https://www.us-cert.gov/n
cas/alerts/TA ...

Hack Naked News #129 - June 13, 2017

1 week ago

How to delete an entire company, GameStop suffers a breach, Macs do get viruses, Docker released LinuxKit, and more. Jason Wood of Paladin Security joins us to discuss the military beefing up their cybersecurity reserve on this episode of Hack Naked News! ...

ISC StormCast for Tuesday, June 13th 2017

1 week ago

Industropyer / CrashOverride Malware Analysis From Power System Attackshttps://www.welive
security.com/2017/06/12/i
ndustroyer-biggest-threat
-industrial-control-syste
ms-since-stuxnet/https://
dragos.com/blog/crashover
ride/CrashOverride-01.pdf
MacSpy Spyware A ...

Startup Security Weekly #43 - Never Stop Believing

1 week ago

The six secrets to starting smart, a startup’s guide to protecting trade secrets, knowing what your customers value, and more articles for discussion. In the news, updates from Netskope, Yubikey, CybelAngel, and more on this episode of Startup Security ...

Startup Security Weekly #44 - Selling Ice to an Eskimo

1 week ago

Tarun Desikan of Banyan joins us alongside guest host Matt Alderman. In the news, negotiation mistakes that are hurting your deals, hiring re-founders, updates from Hexadite, Amazon, Sqrrl, and more on this episode of Startup Security Weekly! Full Show No ...

Ep 094 - The Art of Charm Imitates Life

1 week ago

Join us this month with our long time friend, Jordan Harbinger.  Jordan comes back to the SEPodcast to discuss a few important topics with us: How is marriage treating him? How has The Art of Charm changed over the years? How did he even start The Art o ...

ISC StormCast for Monday, June 12th 2017

1 week ago

SAMBA Vulnerability Exploited To Install Bitcoin Miners https://securelist.com/78
674/sambacry-is-coming/In
tel's AMT Technology Used For Covert Channel https://blogs.technet.mic
rosoft.com/mmpc/2017/06/0
7/platinum-continues-to-e
volve-find-ways-to-mainta
in-i ...

Paul's Security Weekly #517 - Welcome To Reality

2 weeks ago

Graham Cluley joins us, our friends at Javelin Networks explain how to defend against performing one-click domain admin attacks, and we discuss the latest information security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode517 Visit https:/ ...

Enterprise Security Weekly #48 - Making Everybody Mad

2 weeks ago

Paul and John discuss building an internal penetration testing team. In the news, automating all the things, Juniper Networks opens a software-defined security ecosystem, millions of devices are running out-of-date systems, Duo and McAfee join forces, and ...

ISC StormCast for Friday, June 9th 2017

2 weeks ago

Cisco Prime Data Center Network Manager Vulnerabilities https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20170607-dcnm1 https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20170607-dcnm2Oracle Peopl ...

Episode 197 - After the Penetration Test

2 weeks ago

Episode 197 - After the Penetration Test  We've kind of talked about how to choose your vendors, and we’ll get more into services soon, but we wanted to take some time to talk about penetration tests and especially what to do as they wrap up, how they ...

ISC StormCast for Thursday, June 8th 2017

2 weeks ago

Deceptive Advertisements: What They Do And Where They Come From https://isc.sans.edu/foru
ms/diary/Deceptive+Advert
isements+What+they+do+and
+where+they+come+from/224
94/Instagram as Covert Channel https://www.welivesecurit
y.com/2017/06/06/turlas-w
atering-ho ...

Hack Naked News #128 - June 6, 2017

2 weeks ago

Exploiting Windows 10, mimicking Twitter users, vulnerabilities in new cars, security issues surrounding virtual personal assistants, and more. Jason Wood of Paladin Security joins us to discuss sniffing out spy tools with ridesharing cars on this episode ...

SN 615: Legacy's Long Tail

2 weeks ago

This week we discuss an embarrassing high-profile breach of an online identity company, an over-hyped problem found in Linux's sudo command, the frightening software used by the UK's Trident nuclear missile submarine launch platforms, how emerging nations ...

Risky Business #458 -- Reality Winner, Qatar hax and Internet regulation calls

2 weeks ago

On this week’s show we’re covering off all the big news of the week: the arrest of Reality Winner, the apparent hacks that have ratcheted up the political crisis in Qatar and the renewed calls for Internet companies to be more government-friendly. In ...

ISC StormCast for Wednesday, June 7th 2017

2 weeks ago

Finding XOR Keys Part 2 https://isc.sans.edu/foru
ms/diary/Malware+and+XOR+
Part+2/22490/Instagram Stories Not Using TLS https://vvyper.com/2017/0
5/22/instagram-stories-ss
l/Printer "Dots" May Have Lead to Arrest of NSA Contractor http://blog.erratasec.com
/2 ...

ISC StormCast for Tuesday, June 6th 2017

2 weeks ago

Finding XOR Keys Used To Encode Malware https://isc.sans.edu/foru
ms/diary/Malware+and+XOR+
Part+1/22486/Citywide IMSI Discovery https://seaglass.cs.washi
ngton.eduHijacking Country Level Domains https://thehackerblog.com
/the-journey-to-hijacking
-a-countrys- ...

Startup Security Weekly #42 - A Holistic Startup Approach

2 weeks ago

Matt Alderman joins us. In the news, how startups can stand out, Honeywell launches a $100 million venture fund, why you should think twice about listening to business gurus, and more on this episode of Startup Security Weekly! Full Show Notes: https://wi ...

ISC StormCast for Monday, June 5th 2017

2 weeks ago

Phishing Campaigns for Bitcoin https://isc.sans.edu/foru
ms/diary/Phishing+Campaig
ns+Follow+Trends/22482/Mo
useover May Trigger Powerpoint Macro https://www.dodgethissecu
rity.com/2017/06/02/new-p
owerpoint-mouseover-based
-downloader-analysis-resu
lts/Vault 7 ...

Paul's Security Weekly #516 - What's The Deal With Backups?

3 weeks ago

Don Pezet of ITPro.TV joins us, Moses Hernandez of Cisco/SANS Institute delivers a tech segment on Node.js, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode516 Visit https://www.securityweekl
y.com for all t ...

Enterprise Security Weekly #47 - You Burn, You Learn

3 weeks ago

Corey Bodzin of Tenable joins us. In the news, the power of exploits, Carbon Black’s open letter to Cylance, security measures increase due to ransomware attacks, and more in this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.secur ...

ISC StormCast for Friday, June 2nd 2017

3 weeks ago

Sharing Private Data With Webcast Invitations https://isc.sans.edu/foru
ms/diary/Sharing+Private+
Data+with+Webcast+Invitat
ions/22478/onelogin breach https://www.onelogin.com/
blog/may-31-2017-security
-incidentGoogle AMP Phishing https://citizenlab.org/20
17/ ...

ISC StormCast for Thursday, June 1st 2017

3 weeks ago

Analysis of Competing Hypotheses, WCry and Lazarus https://isc.sans.edu/foru
ms/diary/Analysis+of+Comp
eting+Hypotheses+WCry+and
+Lazarus+ACH+part+2/22470
/Windows XP Not Stable Enough for WannaCry https://blog.kryptoslogic
.com/malware/2017/05/29/t
wo-weeks- ...

ISC StormCast for Wednesday, May 31st 2017

3 weeks ago

FreeRADIUS Vulnerability https://isc.sans.edu/foru
ms/diary/FreeRadius+Authe
ntication+Bypass/22466/Mi
crosoft Malware Protection Engine Update http://seclists.org/micro
soft/2017/q2/8Chrome UI Bug May Allow Unnoticed Recording https:[email protected]
k/the- ...

SN 614: Vulnerabilities Galore!

3 weeks ago

This week we discuss a new non-eMail medium for spear phishing, Chipotle can't catch a break, social engineering WannaCry exploits on Android, video subtitling now able to take over our machines, a serious Android UI design flaw that Google appears to be ...

Risky Business #457 -- Shadow Brokers turn to ZCash, plus special guest John Safran

3 weeks ago

On this week’s show we’re taking a detour: This week’s feature interview has absolutely nothing to do with infosec. But it is related to the Internet. Sort of. If you squint a little. This week’s feature guest is John Safran. He’s been gracing ...

Hack Naked News #127 - May 30, 2017

3 weeks ago

Bugs found in pacemaker code, NTP is more secure, the most polite hackers ever, Microsoft is patching away, and more. Jason Wood of Paladin Security joins us to discuss government regulation on this episode of Hack Naked News! Full Show Notes: https://wik ...

ISC StormCast for Tuesday, May 30th 2017

3 weeks ago

Analysis of Competing Hypotheses https://isc.sans.edu/foru
ms/diary/Analysis+of+Comp
eting+Hypotheses+ACH+part
+1/22460/Microsoft Master File Table BSOD Exploit http://www.theregister.co
.uk/2017/05/29/microsoft_
master_file_table_bug_exp
loited_to_bsod_windows ...

Startup Security Weekly #41 - From a Startup Perspective

3 weeks ago

Don Pezet and Tim Broom of ITPro.TV join us. In the news, starting up on the right foot, the key to growth, marketing automation, financial modeling, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweek
ly.com/SSW ...

Paul’s Security Weekly #515 - Crankin’ Out the Dubs

4 weeks ago

Dr. Branden R. Williams joins us, Almog Ohayon of Javelin Networks delivers part two of Javelin’s active directory series, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode515 Visit https://www.securitywee ...

Enterprise Security Weekly #46 - Sexy Cryptography

4 weeks ago

Atif Ghauri of Herjavec Group joins us. In the news, stopping insider threats with machine learning, uncovering encrypted threats, end-user experience matters everywhere, and are too many SEIM alerts overwhelming your staff? All that and more in this epis ...

ISC StormCast for Friday, May 26th 2017

4 weeks ago

Samba Remote Code Execution Vulnerability https://isc.sans.edu/foru
ms/diary/Critical+Vulnera
bility+in+Samba+from+350+
onwards/22452/Pacemaker Vulnerabilities http://blog.whitescope.io
/2017/05/understanding-pa
cemaker-systems.htmlPatch
ing May have Affected A ...

Episode 196 - WannaCry: Woulda, Coulda, Shoulda

1 month ago

SFS Podcast - Episode 196   Wannacry: Woulda, Coulda, Shoulda  First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/ The Lead-Up Threat Intelligence is A ...

ISC StormCast for Thursday, May 25th 2017

1 month ago

Jaff Ransomware Gets a Makeover https://isc.sans.edu/foru
ms/diary/Jaff+ransomware+
gets+a+makeover/22446/Ope
nVPN Access Server Vulnerability http://seclists.org/oss-s
ec/2017/q2/332Large Credential Dumps Used in Password Brute Forcing Attacks http://info.di ...

SN 613: WannaCry Aftermath

1 month ago

This week we examine a bunch of WannaCry follow-ups, including some new background, reports of abilities to decrypt drives, attacks on the Killswitch, and more. We also look at what the large StackOverflow site had to do to do HTTPS, the Wi-Fi security of ...

ISC StormCast for Wednesday, May 24th 2017

1 month ago

Multiple Video Players are Vulnerable to Code Execution via Subtitle Files http://blog.checkpoint.co
m/2017/05/23/hacked-in-tr
anslation/Samsung Galaxy S8 Iris Scanner Bypass https://www.ccc.de/en/upd
ates/2017/iridenVerizon XSS Flaw in Web Messaging Applica ...

Risky Business #456 -- Your MSP *will* get you owned

1 month ago

On this week’s show Adam pops in to discuss the week’s news. (Links below) After the news segment Adam and Patrick both chat about topics near and dear to their hearts: Shoddy infosec marketing and shoddy MSP security. This week’s show is brought t ...

Hack Naked News #126 - May 23, 2017

1 month ago

Booby-trapped subtitles, Netgear is recording your IP and MAC addresses, net neutrality is on the chopping block, and more. Jason Wood of Paladin Security joins us to explain why companies should hack back on this episode of Hack Naked News!Full Show Note ...

ISC StormCast for Tuesday, May 23rd 2017

1 month ago

Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate https://isc.sans.edu/foru
ms/diary/Investigating+Si
tes+After+They+are+Gone+A
nd+a+Case+of+Uber+Phishin
g+With+SSL/22440/Let'
;s Encrypt Outage http://letsencrypt.status
.io/pages/history/55957a9 ...

Startup Security Weekly #40 - I’m On a Roll

1 month ago

How to come up with worthy startup ideas, why your explainer video matters, and what does “Minimum Viable Product” actually mean, anyway? Paul and Michael give updates on their startup journeys and report on Karamba, Crowdstrike, Wandera, and more on ...

ISC StormCast for Monday, May 22nd 2017

1 month ago

Typosquatting: A recent example and what to do with look alike domains https://isc.sans.edu/foru
ms/diary/Typosquatting+Aw
areness+and+Hunting/22436
/Netgear Collecting Analytics Data in Recent Update https://kb.netgear.com/00
0038663/What-router-analy
tics-da ...

Paul’s Security Weekly #514 - Sausage Asadoorian

1 month ago

Joel Scambray of NCC Group joins us, we show you how to disable SMBv1, and we discuss the latest security news! Full Show Notes: https://wiki.securityweek
ly.com/Episode514Visit http://www.securityweekly
.com for all the latest episodes!

Enterprise Security Weekly #45 - The Memes Were Great

1 month ago

April Wright of Verizon Enterprise and Matt Ploessel of Markley Group join us to discuss vendor response to WannaCry. In the news, Identropy and Exabeam team up, five pitfalls to avoid during a CASB evaluation, FirstWave partners with Fortinet, and more i ...

ISC StormCast for Friday, May 19th 2017

1 month ago

Discovering Relevant CVEs with CVE Bot https://isc.sans.edu/foru
ms/diary/My+Little+CVE+Bo
t/22432/Probablility of Vulnerability Re-Discovery https://papers.ssrn.com/s
ol3/papers.cfm?abstract_i
d=2928758Wannakey May Recover WannaCry Keys https://github.com/ag ...

ISC StormCast for Thursday, May 18th 2017

1 month ago

Handbreak Proton Malware Used to Steal Sourcecode https://panic.com/blog/st
olen-source-code/NIST Password Guidance Update https://isc.sans.edu/foru
ms/diary/Wait+What+We+don
t+have+to+change+password
s+every+90+days/22428/Exp
loiting XXE Vulnerabilities in Pe ...

Hack Naked News #125 - May 16, 2017

1 month ago

Netflix blocks rooted devices, HP laptops are logging your keystrokes, Google Chrome is vulnerable, and more. Jason Wood of Paladin Security joins us to discuss a global tech support scheme on this episode of Hack Naked News! Full Show Notes: http://wiki ...

ISC StormCast for Wednesday, May 17th 2017

1 month ago

Docusign Breach Leads to Increase in Phishing Email https://trust.docusign.co
m/en-us/personal-safeguar
ds/HP Updates Audio Drivers (twice) to Remove Keylogger https://support.hp.com/us
-en/document/c05519670Chr
ome File Download Behaviour Can Lead to SMB Cre ...

SN 612: Makes You WannaCry

1 month ago

This week Steve and Leo discuss an update on the FCC's Net Neutrality comments, the discovery of an active keystroke logger on dozens of HP computer models, the continuing loss of web browser platform heterogeneity, the OSTIF's just-completed OpenVPN secu ...

Risky Business #455 -- What a mess

1 month ago

On this week’s show, of course, we are taking a deep dive on WannaCry. Most of the coverage of this debacle has actually been pretty bad, and there’s been nothing that I’ve seen that even approaches being comprehensive, so we’re going to try to fi ...

Hack Naked News #124 - The Ransomware Special

1 month ago

Amanda Rousseau of Endgame joins us to discuss ransomware and malware protection on this episode of Hack Naked News! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/HNNE
pisode124 Visit http://www.securityweekly
.com for all the latest episo ...

ISC StormCast for Tuesday, May 16th 2017

1 month ago

Apple Updates Everything https://support.apple.com
/en-us/HT201222OpenVPN Audit Results https://www.privateintern
etaccess.com/blog/2017/05
/openvpn-2-4-evaluation-s
ummary-report/Italian Car Insurance Leaks User Driving Data https://www.andreascarpin
o.it/pos ...

Startup Security Weekly #39 - Listen With Intent

1 month ago

Bonnie Halper of StartupOneStop joins us. In the news, why companies aren’t startups, how to be insanely well-connected, CyberArk acquires Conjur, and more! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/SSWE
pisode39 Visit http://securit ...

Crypto-Gram 15 May 2017

1 month ago

In this issue: Who is Publishing NSA and CIA Secrets, and Why? The Quick vs. the Strong: Commentary on Cory Doctorow's "Walkaway" Securing Elections Surveillance and our Insecure Infrastructure from the May 15, 2017 Crypto-Gram Newsletter by Bruce Schneie ...

ISC StormCast for Monday, May 15th 2017

1 month ago

WannaCry Malware Links Latest updates see https://isc.sans.edu Webcast: https://www.sans.org/webc
asts/special-webcast-wann
acry-ransomeware-threat-1
05160 PowerPoint: https://isc.sans.edu/pres
entations/WannaCry.ppt

Paul’s Security Weekly #513 - Two iPhones & A Pocket Full of Dongles

1 month ago

Steve Lipner of SAFECode joins us, Roi Abutbul and Guy Franco of Javelin Networks show us the importance of protecting AD, and we discuss the latest security news! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/Epis
ode513 Visit http://www. ...

Enterprise Security Weekly #44 - What Are We Bethesing Today

1 month ago

Ryan Hays of TBG Security joins us. In the news, VMware falls out with Tanium, machine learning at Invincea, the war on legacy IT, Cisco Cloudlock releases an apps firewall, and more in this episode of Enterprise Security Weekly!Full Show Notes: http://w ...

Less than 10 Minutes Series - ModSecurity Core Rule Set Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the ModSecurity Core Rule Set Project with project co-lead Christian Folini. The OWASP ModSecurity CRS Project's goal is to provide an e ...

ISC StormCast for Friday, May 12th 2017

1 month ago

Conexant Audio Drivers Log Keystrokes; https://www.modzero.ch/mo
dlog/archives/2017/05/11/
en_keylogger_in_hewlett-p
ackard_audio_driver/index
.htmlRig Exploit Kit Used to Send Ramnit Trojan https://isc.sans.edu/foru
ms/diary/Seamless+Campaig
n+using+Rig+Exploi ...

Episode 2.7 Tavis breaks the Internet, Executive Orders, Diskless Persistence Methods, and more!

1 month ago

Download Episode 2.7 here. Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Scott White, Geoff Walton, Costa Pe ...

Less than 10 Minutes Series: OWASP Summit 2017

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the OWASP Summit 2017 with conference organizer Sebastien (Seba) Deleersnyder. OWASP Summit 2017 is a 5-day participant driven event, dedi ...

Less than 10 Minutes Series: WebGoat Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the WebGoat Project with project co-leads Jason White and Nanne Baars. WebGoat is a deliberately insecure web application maintained by OW ...

Less than 10 Minutes Series: Vicnum Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Vicnum Project with project lead Nicole Becher. The Vicnum Project is a collection of intentionally vulnerable web applications. Vicnu ...

ISC StormCast for Thursday, May 11th 2017

1 month ago

How to Review OAUTH Application Permissions for Popular Sites https://isc.sans.edu/foru
ms/diary/OAuth+and+Its+Hi
gh+Time+for+Some+Personal
+SecurityScaping+Today/22
400/Apple Working on Firmware Integrity Check http://apple.stackexchang
e.com/questions/282028 ...

Episode 195 - Annual Policy Review - Making it Worthwhile

1 month ago

Episode 195 - Annual Policy Review - Making It Worthwhile   Define policy vs. standards vs. procedures What is a Policy? It is a guiding principle to set the direction of an organization. High level, governing, statements. Do not include technical detai ...

Less than 10 Minutes Series: Defect Dojo Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Defect Dojo Project with project lead Greg Anderson. The Defect Dojo is an open source vulnerability management tool that streamlines ...

Less than 10 Minutes Series: Virtual Village Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Virtual Village Project with project lead Evin Hernandez. The Virtual Village provides users with access to numerous operating system' ...

Less than 10 Minutes Series: The Juice Shop Project

1 month ago

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Juice Shop Project with project lead Bjoern Kimminich. The Juice Shop is an intentionally insecure webapp for security training, writt ...

SN 611: Go FCC Yourself

1 month ago

This week Steve and Leo discuss much more about the Intel ATM nightmare, Tavis and Natalie discover a serious problem in Microsoft's built-in malware scanning technology, Patch Tuesday, Google's Android patches, SMS 2-factor authentication breached, Googl ...

Risky Business #454 -- Intel AMT latest, TavisO's horror-show Windows bug, Macron leaks and more!

1 month ago

We’ve got a real bread-and-butter show for you this week. Adam is along in this week’s news segment to talk about the latest on the Intel AMT bugs, Tavis Ormandy’s horror-show Windows Defender bug, the Macron email dump and more. In this week’s f ...

ISC StormCast for Wednesday, May 10th 2017

1 month ago

Microsoft Path Tuesday Summary https://isc.sans.edu/foru
ms/diary/Microsoft+Patch+
Tuesday+and+Adobe/22396/S
nake For Mac OS X Included in Handbrake https://blog.fox-it.com/2
017/05/03/snake-coming-so
on-in-mac-os-x-flavour/Ci
sco Patches CMP-Telnet Vulnerabil ...

Hack Naked News #123 - May 9, 2017

1 month ago

Phishing in Google’s waters, HandBrake has been compromised, Dell releases patches galore, and more. Jason Wood of Paladin Security delivers expert commentary on how ultrasonic beacons can track your phone on this episode of Hack Naked News! Full Show N ...

ISC StormCast for Tuesday, May 9th 2017

1 month ago

Exploring a P2P Transient Botnet - From Discovery to Enumeration https://isc.sans.edu/foru
ms/diary/Exploring+a+P2P+
Transient+Botnet+From+Dis
covery+to+Enumeration/223
92/Video Conversion Application Handbrake Compromised https://forum.handbrake.f
r/viewtopic ...

Startup Security Weekly #38 - We Need To Pivot!

1 month ago

Steven Grossman of Bay Dynamics joins us. In the news, why your startup doesn’t necessarily need early stage funding, Cisco acquires Viptela, the risks of startup debt, and why do chefs and soldiers make the best product managers? Full Show Notes: http ...

Ep. 093 - How Diet Pepsi Almost Landed Jayson Street In a Lebanese Prison

1 month ago

Jayson E. Street is an author of “Dissecting the Hack: The F0rb1dd3n Network” from Syngress and creator of dissectingthehack.com. He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Securi ...

Risky Biz Soap Box: A microvirtualisation primer with Bromium co-founder Ian Pratt

1 month ago

This Soap Box edition is all about desktop microvirtualisation! Bromium has been around for about six years now, and they make an endpoint security package that is really, really different to other solutions in the market. The whole thing hinges on what t ...

ISC StormCast for Monday, May 8th 2017

1 month ago

Tenable Discovers Details Regarding Intel AMT Vulnerability http://www.tenable.com/bl
og/rediscovering-the-inte
l-amt-vulnerabilityAndroi
d Apps Use Ultrasound Beacons To Track Users http://christian.wressneg
ger.info/content/projects
/sidechannels/2017-euros ...

Paul’s Security Weekly #512 - It’s All About Length

1 month ago

Javvad Malik of AlienVault joins us, Ferruh Mavituna of Netsparker delivers a demo on second order attacks, and we discuss the security news for the week! Full Show Notes: http://wiki.securityweekl
y.com/wiki/index.php/Epis
ode512Visit http://www.securityw ...

Episode 2.6 – Special Guest Jayson E. Street, Shadow Brokers, Google OAuth, and more!

1 month ago

Download Episode 2.6 here. Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Scott White, Justin Bollinger, Cost ...

Enterprise Security Weekly #43 - There’s Always Time For Lube

1 month ago

Don Pezet of ITPro.TV talks about deception technologies and honeypots. In the news, Duo launches its MSP program, Fortscale beefs up its partner programs, integrating threat intelligence into your operations, and more in this episode of Enterprise Securi ...

ISC StormCast for Friday, May 5th 2017

1 month ago

Google OAUTH Spam Wrapup https://threatpost.com/1-
million-gmail-users-impac
ted-by-google-docs-phishi
ng-attack/125436/Artifici
al Master Fingerprint Set https://wp.nyu.edu/memon/
the-master-print/rpcbind denial of service https://guidovranken.word
press.com/2 ...

Risky Business #453 -- The Intel bugs: How freaked out should you be?

1 month ago

On this week’s show we’re looking at an issue that kicked up last week when creepware scumbags Flexispy announced they were moving their bug bounty program to HackerOne. VICE journalist Josoph Cox asked HackerOne CEO Marten Mickos if he’d be happy t ...

ISC StormCast for Thursday, May 4th 2017

1 month ago

Google Docs OAUTH Phishing E-Mails https://isc.sans.edu/foru
ms/diary/OAUTH+phishing+a
gainst+Google+Docs+beware
/22372/ Review Google App Permissions https://myaccount.google.
com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks http://www.s ...

Hack Naked News #122 - May 2, 2017

1 month ago

Microsoft VB macro barriers have been penetrated, the website that doesn’t let you change your password, IBM flash drives have malware, and more. Jason Wood of Paladin Security joins us to deliver expert commentary on NATO’s cyberwar games on this epi ...

SN 610: Intel's Mismanagement Engine

1 month ago

This week Steve and Leo discuss the long-expected remote vulnerability in Intel's super-secret motherboard Management Engine technology, exploitable open ports in Android apps, another IoT blows a suspect's timeline, newly discovered problems in the Ghost ...

ISC StormCast for Wednesday, May 3rd 2017

1 month ago

Scans Sighted for Ports Used by Intel Remote Management Interface https://isc.sans.edu/port
.html?port=16992 https://isc.sans.edu/port
.html?port=16993Outlook Forms Can Run Macros https://sensepost.com/blo
g/2017/outlook-forms-and-
shells/Jenkins Vulnerabilit ...