Pas d'actualité
L'Actu de la veille
Week in Review: Hipponen's malware warning, outwitting hackers, Clop's MoveIt attack
Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 5-9, is hosted by Rich Stroffolino with our guest, Joshua Scott, Head of Security and IT, Postman Thanks to our show sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards...
https://cisoseries.libsyn.com/week-in-review-hipponens-malware-warning-outwitting-hackers-clops-moveit-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for the week ending Friday June 9, 2023
This episode features a discussion on the Nova Scotia health data breach, the compromise of the MOVEit file transfer application and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-the-week-ending-friday-june-9-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #575: Annoying Attackers with ADHD - Part 2
Hey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! The tools covered today include:
PHP-HTTP-TARPIT
A tool to confuse and waste bot/scanner/hacker time. Grab it here
https://7ms.us/7ms-575-annoying-attackers-with-adhd-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Headlines: PowerDrop targets Defense, YKK zipper attacked, Barracuda urges replacement
New PowerDrop malware targets U.S. aerospace defense industry Researchers from the Adlumin Threat Research group warn that the PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and […]
The post Cyber Security Headlines: PowerDrop targets Defense, YKK zipper attacked, Barracuda urges replacement appeared first on CISO Series.
https://cisoseries.com/cyber-security-headlines-powerdrop-targets-defense-ykk-zipper-attacked-barracuda-urges-replacement/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, June 9, 2023 - The annual Data Breach Investigations Report is here
This episode looks at some of the numbers gathered from 16,000 cybersecurity incidents in the annual Verizon report
https://cybersecuritytoday.libsyn.com/cyber-security-today-june-9-2023-the-annual-data-breach-investigations-report-is-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 198
This week we investigate the mystery of failing GPG signatures for the 16.04 ISO
images, plus we look at security updates for CUPS, Avahi, the Linux kernel, FRR,
Go and more.
https://ubuntusecuritypodcast.org/episode-198/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PowerDrop targets Defense, YKK zipper attacked, Barracuda urges replacement
New PowerDrop malware targets U.S. aerospace defense industry Zipper giant YKK confirms cyberattack targeted U.S. networks Barracuda urges customers to replace vulnerable appliances immediately Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today...
https://cisoseries.libsyn.com/june-9-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
Talkin' About Infosec News – 6/9/2023
The post Talkin' About Infosec News – 6/9/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-6-9-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep138: I like to MOVEit, MOVEit
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
https://nakedsecurity.sophos.com/2023/06/08/s3-ep138-i-like-to-moveit-moveit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 22: Chipping Away at Hardware Hacking
Episode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCheckout NahamCon:https://bit.ly/42vnpMSRiverLoop Security Write-up: https://bit.ly/3oSKL1oGood...
https://rss.com/podcasts/ctbbpodcast/985081
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Should We Trust Entry Level Employees?
All experienced security professionals were at one time very green. Entry level status means risk to your organization. That’s if you give them too much access. What can you trust […]
The post How Should We Trust Entry Level Employees? appeared first on CISO Series.
https://cisoseries.com/how-should-we-trust-entry-level-employees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Headlines: Google email authentication, SEC data breaches, Clop asks victims to email
Google improves brand email authentication Brand impersonation with email is a tail as old as time. Last month, Google thought it cracked the nut with its Brand Indicators for Message […]
The post Cyber Security Headlines: Google email authentication, SEC data breaches, Clop asks victims to email appeared first on CISO Series.
https://cisoseries.com/cyber-security-headlines-google-email-authentication-sec-data-breaches-clop-asks-victims-to-email/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google email authentication, SEC data breaches, Clop asks victims to email
Google improves brand email authentication SEC drops cases due to data protection failures Clop asks victims to contact it for a ransom Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to...
https://cisoseries.libsyn.com/june-8-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Pay Per Use, Not Pay Per Seat
“The open source project (of OpenVPN) as good as it is, does not meet the needs of most businesses,” said Rohit Kalbag, vp of product marketing, OpenVPN. They added website […]
The post Pay Per Use, Not Pay Per Seat appeared first on CISO Series.
https://cisoseries.com/pay-per-use-not-pay-per-seat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Headlines: Microsoft M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC sues Coinbase
Microsoft to pay M settlement for illegally collecting children's data Microsoft will pay million to settle charges brought by the Federal Trade Commission for violating the Children's Online Privacy […]
The post Cyber Security Headlines: Microsoft M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC sues Coinbase appeared first on CISO Series.
https://cisoseries.com/cyber-security-headlines-microsoft-20m-coppa-settlement-hactivists-take-credit-for-outlook-com-outages-sec-sues-coinbase/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, June 7, 2023 - Why a CISO should be on your board
This episode looks at the traits a firm should consider if appointing a CISO to the board of directors
https://cybersecuritytoday.libsyn.com/cyber-security-today-june-7-2023-why-a-ciso-should-be-on-your-board
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC accuses Coinbase of breaking US regulations
Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, visit CISOseries.com.
https://cisoseries.libsyn.com/june-7-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 209 - James Wickett, Contextual Security Analysis
Join us for a special episode of Absolute AppSec with James Wickett (@wickett on twitter), the co-founder of DryRun Security (dryrun.security), creator of the Lonestar Application Security Conference, and all around infosec industry veteran.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_209.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Lips Say “No,” But I'm Not Listening
There is a long history of security professionals complaining about the insecurity of new technologies. When new technologies take off, they rarely have lots of great security built in. The […]
The post Your Lips Say “No,” But I'm Not Listening appeared first on CISO Series.
https://cisoseries.com/your-lips-say-no-but-im-not-listening/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Headlines: Satellite hacking, Atomic Wallet breach, SEC sues Binance
Satellite hacking at DEF CON Earlier this week, a SpaceX rocket carried the Moonlighter satellite into space and will soon be in orbit. The Aerospace Corporation built Moonlighter in partnership […]
The post Cyber Security Headlines: Satellite hacking, Atomic Wallet breach, SEC sues Binance appeared first on CISO Series.
https://cisoseries.com/cyber-security-headlines-satellite-hacking-atomic-wallet-breach-sec-sues-binance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Satellite hacking, Atomic Wallet breach, SEC sues Binance
Satellite hacking at DEF CON Atomic Wallet investigating losses SEC sues Binance Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries
https://cisoseries.libsyn.com/june-6-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
134: Deviant
Deviant Ollam is a physical penetration specialist. That means he's paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buidings. In this episode we hear 3 stories of him breaking into buildings for a living.
You can find more about Deviant on the following sites:
https://twitter.com/deviantollam
https://www.instagram.com/deviantollam
https://youtube.com/deviantollam
https://defcon.social/@deviantollam
https://deviating.net/
Sponsors
Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens you're infrastructure from the ground up with a zero trust posture. ThreatLocker's allow-listing give you a more secure approach to...
https://darknetdiaries.com/episode/134/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Classification Is the Key to Your Data Security Efforts
Why is data classification such a critical keystone? “It helps you quantify where your risk is”, said Matt Radolec, sr. director incident response and cloud operations, Varonis. “If you’re trying […]
The post Data Classification Is the Key to Your Data Security Efforts appeared first on CISO Series.
https://cisoseries.com/data-classification-is-the-key-to-your-data-security-efforts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Headlines: Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana
Xplain hack impacts Swiss cantonal police and Fedpol Swiss police have launched an investigation into a cyberattack that hit the Bernese IT service provider Xplain, which provides its services to […]
The post Cyber Security Headlines: Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana appeared first on CISO Series.
https://cisoseries.com/cyber-security-headlines-switzerland-xplain-attack-blacksuit-resembles-royal-microsoft-retires-cortana/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, June 5, 2023 - Data stolen from Swiss authorities, a new skimmer attack on Web sites, and more
This episode reports on the BlackSuit ransomware strain, an expected EU privacy fine against Microsoft, a warning about an attack on web sites and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-june-5-2023-data-stolen-from-swiss-authorities-a-new-skimmer-attack-on-web-sites-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana
Xplain hack impacts Swiss cantonal police and Fedpol BlackSuit shows similarities to Royal Microsoft is retiring Cortana on Windows Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries...
https://cisoseries.libsyn.com/june-5-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 378 – Naming things is harder than security
Josh and Kurt talk about namespaces. They were a topic in the last podcast, and resulted in a much much larger discussion for us. We decided to hash out some of our thinking in an episode. This is a much harder problem than either of us expected. We don’t have any great answers, but weContinue reading "Episode 378 – Naming things is harder than security"
https://opensourcesecurity.io/2023/06/04/episode-378-naming-things-is-harder-than-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[06-19-23] CISO Series Podcast Live in Tel Aviv
We’ll be kicking off the CISO Summit TLV 2023, a six day event, with a live audience recording of CISO Series Podcast. This is a private invite-only event, but if […]
The post [06-19-23] <i>CISO Series Podcast</i> Live in Tel Aviv appeared first on CISO Series.
https://cisoseries.com/06-19-23-ciso-series-podcast-live-in-tel-aviv/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in Review: Amazon Ring privacy violations, Gigabyte firmware problems, AI extinction threat
Link to Blog Post This week's Cyber Security Headlines - Week in Review, May 29-June 2, is hosted by Sean Kelly with our guest, Howard Holton, CTO, GigaOm Thanks to today's episode sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com All links and the video of this episode can be found on CISO Series.com
https://cisoseries.libsyn.com/week-in-review-amazon-ring-privacy-violations-gigabyte-firmware-problems-ai-extinction-threat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #574: Annoying Attackers with ADHD
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Hey friends! Today we're looking at ADHD - Active Defense Harbinger Distribution
https://7ms.us/7ms-574-annoying-attackers-with-adhd/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The DHS Is Reading Travelers' Posts at the Border
Customs and Border Protection is scanning people's social media, the feds have arrested some swatters, and the FTC has ordered Ring to cough up a fine. This week on Cyber, Motherboard's premier cyber crime reporter Joseph Cox is back to walk us through the latest in privacy violations done by Washington and the private sector. We'll also take another look at the criminal world of SIM swappers and auto-swatters.Stories discussed in this episode:Homeland Security Uses AI Tool to Analyze Social Media of U.S. Citizens and Refugees'The Comm': The Group Linked to a Nationwide Swatting RampageFTC Orders Ring to Pay .8 Million in Refunds For Surveilling Customers, Failing to Stop HackersRussian FSB Accuses U.S. of Hacking Thousands of iPhones in RussiaWe're recording CYBER live on Twitch....
https://shows.acast.com/cyber/episodes/the-dhs-is-reading-travelers-posts-at-the-border
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for the week ending Friday, June 2, 2023
This episode features a discussion on a report into the ransomware attack on Newfoundland's IT healthcare system, a penalty paid by a US medical billing supplier over a data breach, an Australian company's estimate of the costs of a ransomware attack and the sentencing in the U.S. of two Nigerian cyber crooks.
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-week-ending-fri-june-2-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 197
The venerable Ubuntu 18.04 LTS release has transitioned into ESM, plus we look
at Till Kamppeter's excellent guide on how to set up your GitHub projects to
receive private vulnerability reports, and we cover the week in security updates
including PostgreSQL, Jhead, the Linux kernel, Linux PTP, snapd and a whole lot
more.
https://ubuntusecuritypodcast.org/episode-197/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, June 2, 2023 - A new way of compromising the PyPI repository found, warning for MOVEit file transfer users, and more
This episode reports on ransomware attacks, a proposed US million fine against Amazon and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-june-2-2023-a-new-way-of-compromising-the-pypi-repository-found-warning-for-moveit-file-transfer-users-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon Ring privacy violations, Kaspersky triangulation APT, CyberCommand Hartman
Amazon Ring, Alexa accused of privacy violations by FTC Kaspersky reports on new mobile APT campaign targeting iOS devices White House to choose Army general Hartman to be Cyber Command No. 2 Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines,...
https://cisoseries.libsyn.com/june-3-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep137: 16th century crypto skullduggery
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
https://nakedsecurity.sophos.com/2023/06/01/s3-ep137-16th-century-crypto-skullduggery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.Follow us on twitter at: @ctbbpodcastGet on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribeWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------...
https://rss.com/podcasts/ctbbpodcast/975628
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Toyota leaks, Gigabyte firmware issues, Twitter Community Notes for images
Toyota finds more cloud leaks Gigabyte firmware update system insecure Twitter expands Community Notes to images Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com
https://cisoseries.libsyn.com/june-2-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 31, 2023 - Almost 9 million victims in a data breach, a database of crooks is published, and more
This episode reports on CAPTCHA evasion, more exploits added to the Murai botnet and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-31-2023-almost-9-million-victims-in-a-data-breach-a-database-of-crooks-is-published-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Experts warn of extinction from AI, Hackers demand million from Scandinavian Airlines, Theranos founder surrenders to 11-year prison term
Leading experts warn of a risk of extinction from AI Hackers demand million from Scandinavian Airlines Theranos founder turns herself in for 11-year prison term Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, visit CISOseries.com.
https://cisoseries.libsyn.com/june-1-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 208 - Zip TLD, PyPI 2FA, AI Poisoning
Beware! It's double ides of May! (Proviso being that you add the integers and not the 1/2s). Sponsored by @redpointsec, an application security firm that specializes in code security by and for coders. If you're looking for Web App or mobile Pentesting, developer training, smart contract or secure-code reviews, check them out: https://redpointsecurity.com. First topic: the new .zip top-level domain and its potential problematic security implications. Followed by a discussion of PyPI and 2FA. Finally, a discussion on poisoning of ChatGPT and how it affects application security.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_208.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GobRAT targets Linux, RPMSG messages exploited, Augusta Georgia cyberattack
New GobRAT remote access trojan targeting Linux routers in Japan Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks Hackers hold city of Augusta hostage in a ransomware attack Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the...
https://cisoseries.libsyn.com/may-30-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 29, 2023 - Two US companies pay 0,000 for data breaches, and more
This episode reports on a new ransomware gang, new industrial control malware and advice for infosec leaders from a CISO whose firm suffered a ransomware attack
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-29-2023-two-us-companies-pay-850000-for-data-breaches-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 377 – The world is changing too fast for humans to understand
Josh and Kurt talk about PyPI suspending new accounts and packages for a day, and a 60 minutes story about deepfakes. The problems are mostly the same, but for very different reasons. The world is changing faster than we can keep up, so what is a human to do? Show Notes
https://opensourcesecurity.io/2023/05/28/episode-377-the-world-is-changing-too-fast-for-humans-to-understand/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bsides Seattle and Austin, SecureBoot patch, and more
BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin Youtube VOD: https://youtube.com/live/UGRaRSYj7kc Questions and potential sub-topics (5 minimum): Bsides Seattle update and Bsides Austin Patching the unpatchable https://en.wikipedia.org/wiki/Parkerian_Hexad Power and influence (is power bad? Is influence?) 5. https://deliverypdf.ssrn.com/delivery.php?ID=357001027119125105074103081006094117005092014048001013007086030071009081068110103025024041103038045036033080107020112080097022024073029064061065125002071028013110008011045013116002084024000066075067001126004101003027004086091007025096080019022003104&EXT=pdf&INDEX=TRUE (A Theory of Creepy:...
http://brakeingsecurity.com/bsides-seattle-and-austin-secureboot-patch-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in Review: Industrial infrastructure threat, BEC attempts on the rise, TikTok's Texas progress
Link to Blog Post Cyber Security Headlines – Week in Review, May 22-26, is hosted by Rich Stroffolino with our guest, Rich Greenberg, ISSA Distinguished Fellow and Honor Roll Thanks to our show sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. All links and the video of this episode can be found on CISO Series.com
https://cisoseries.libsyn.com/week-in-review-industrial-infrastructure-threat-bec-attempts-on-the-rise-tiktoks-texas-progress
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 5/26/2023
The post Talkin' About Infosec News – 5/26/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-5-26-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for Friday, May 26, 2023
This episode features a discussion on employees who contributed to a company hack by sharing a password to an email account the spread of a fake image posted on Twitter of an explosion supposedly near the Pentagon and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-friday-may-26-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Can Read Your Dreams and Collect Your Debts. What's Next?
Is there anything artificial intelligence can't do?Debt collectors want AI to push people into coughing up what's owed. An AI created photo of an attack on the Pentagon generated a minor panic. There's an AI that can read your mind and the CEO of OpenAI, the company behind ChatGPT, just testified before Congress.This week on Cyber, Motherboard reporter Chloe Xiang comes on to walk us through the big headlines in the world of AI.Stories discussed in this episode:Debt Collectors Want To Use AI Chatbots To Hustle People For MoneyVerified Twitter Accounts Spread AI-Generated Hoax of Pentagon ExplosionAI Reconstructs 'High-Quality' Video Directly from Brain Readings in StudyWorried About Sending Your Data to a Chatbot? 'PrivateGPT' Is HereOpenAI Tells Congress the U.S. Should Create AI 'Licenses'...
https://shows.acast.com/cyber/episodes/ai-can-read-your-dreams-and-collect-your-debts-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #573: Securing Your Mental Health - Part 4
Today we're talking about reducing anxiety by hacking your mental health with these tips:
Using personal automation to text people important reminders
Using Remind to create a personal communication "class" with your family members
Using Smartsheet (not a sponsor) to create daily email "blasts"
https://7ms.us/7ms-573-securing-your-mental-health-part-4/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 26, 2023 - Hackers are using YouTube to flog pirated software, and more
This episode reports on data breach notifications, an updated hacking tool, surveys of infosec pros and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-26-2023-hackers-are-using-youtube-to-flog-pirated-software-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 196
This week we look at some recent security developments from PyPI, the Linux
Security Summit North America and the pending transition of Ubuntu 18.04 to ESM,
plus we cover security updates for cups-filter, the Linux kernel, Git, runC,
ncurses, cloud-init and more.
https://ubuntusecuritypodcast.org/episode-196/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GDPR turns 5, GitLab patches vulnerability, Russian industrial malware
GDPR is 5 years old, and over 1 million people have asked to be forgotten GitLab security update patches critical vulnerability Mysterious malware designed to cripple industrial systems linked to Russia And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.
https://cisoseries.libsyn.com/may-26-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep136: Navigating a manic malware maelstrom
Latest episode - listen now. Full transcript inside...
https://nakedsecurity.sophos.com/2023/05/25/s3-ep136-navigating-a-manic-malware-maelstrom/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 20: Hacker Brain Hacks - Overcoming Bug Bounty's Mental Tolls
Episode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, the rising popularity of Caido as a potential Burp Suite replacement, and Cloudflared tunnels for hosting POCs. We also tackle the mental aspects of bug bounty hunting, from procrastination to imposter syndrome, and share tips for staying motivated and avoiding burnout. Don't miss this episode packed with valuable insights and advice for both beginners and seasoned bug bounty hunters!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow...
https://rss.com/podcasts/ctbbpodcast/966055
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google launches GUAC, Barracuda zero-day, campaign targets Kenyan debt
Google launches GUAC Barracuda gateways breached by zero-day Cyberattacks focus on Kenya's Chinese debt And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
https://cisoseries.libsyn.com/may-25-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
214 - Exploiting VMware Workstation and the Return of CSG0-Days
This week we've got a handful of low-level vulns, VM-escape, Windows EoP, and a single IPv6 packet leading to a kernel panic/denial of service, and one higher-level issue with a bug chain in CS:GO. This is our final episode until September 25th as we will be heading off on our regular summer break.
https://dayzerosec.com/podcast/214.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 24, 2023 - Generative AI used for child porn, Google to pay Washington state millions for misleading location practices, and more
This episode reports on an IT security analyst convicted of trying to extort his own company, cybersecurity problems with government agencies in Utah and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-24-2023-generative-ai-used-for-child-porn-google-to-pay-washington-state-millions-for-misleading-location-practices-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok sues Montana, US sanctions orgs behind North Korea's 'illicit' IT worker army, Fake Twitter images spook stock market
TikTok sues Montana after state bans app US sanctions orgs behind North Korea's ‘illicit' IT worker army Fake images on Twitter briefly spook the stock market And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, visit CISOseries.com.
https://cisoseries.libsyn.com/may-24-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
213 - Jellyfin Exploits and TOCTOU Spellcasting
Another bug bounty podcast, another set of vulnerabilities. Starting off with a desktop info-disclosure in KeePass2 that discloses master passwords to attackers (with a high-level of access). A couple Jellyfin bugs resulting in an RCE chain, and a pretty classic crypto issue that allowed for renting luxury cars for extremely cheap.
https://dayzerosec.com/podcast/213.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 207 - Watering Hole Attacks, Adversarial AI, Cookie Security
Hello! We're just a podcast, standing in front of you, aching to be the SYN to your ACK. Seth and Ken are back to talk about how the PyPI repo is experiencing an attack from multiple malicious package uploads. Seth brings up the concept of watering hole attacks and how the IDE plugin is a growing attack vector. Solarwinds discussion follows. Learning about attacking AI models, cookie security basics, and lock picking (allegedly) uses.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_207.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta's Record EU fine, China bans Micron, Tornado Cash hacked
Meta receives record fine over EU data transfers China bans Micron over cybersecurity risks Crypto mixer hijacked And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
https://cisoseries.libsyn.com/may-23-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 22, 2023 - G7 nations speak out on cybercrime and artificial intelligence, the latest ransomware news, and more
This episode reports on more financial penalties for a US firm's data breach, the PyPI registry can't keep up with added malware, Dole pays $US10.5 million to repair computers after ransomware attack and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-22-2023-g7-nations-speak-out-on-cybercrime-and-artificial-intelligence-the-latest-ransomware-news-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HP's bricked printers, PyPi repository attack, Samsung security flaw
HP rushes to fix bricked printers after faulty firmware update PyPI repository under attack: User sign-ups and package uploads temporarily halted New security flaw exposed in Samsung devices And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security's new CIEM Buyer's Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.
https://cisoseries.libsyn.com/may-22-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 376 – Open Source Summit, who built your open source, and AI
Josh and Kurt talk about the Open Source Summit in Vancouver. Josh was there and we pick on two observations. Firstly that security keeps trying to use fear as a feature, except it doesn’t work. Secondly we discuss AI and how people are talking about it. It is changing things, how much is yet toContinue reading "Episode 376 – Open Source Summit, who built your open source, and AI"
https://opensourcesecurity.io/2023/05/21/episode-376-open-source-summit-who-built-your-open-source-and-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #572: Protecting Your Domain Controllers with LDAP Firewall
Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against SharpHound enumeration, LAPS password enumeration, and the noPac attack.
https://7ms.us/7ms-572-protecting-your-domain-controllers-with-ldap-firewall/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in Review: Supreme Court's 230 ruling, Tech giants hit, TLD phishing vectors
Link to Blog Post This week's Cyber Security Headlines – Week in Review, May 15-19, is hosted by Rich Stroffolino with our guest, Dave Hannigan, CISO, Nubank Thanks to our show sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity and cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. All links and the video of this episode...
https://cisoseries.libsyn.com/week-in-review-supreme-courts-230-ruling-tech-giants-hit-tld-phishing-vectors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for Friday, May 19, 2023
This episode features discussion about this week's U.S. Senate hearing on regulating artificial intelligence, the release of school schematics by a ransomware gang, a cybersecurity company fooled by a fake onboarded employee and the latest use of facial recognition software
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-friday-may-19-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CYBER: Crime and Crypto with Cory Doctorow
Crypto and crime, crime and crypto. They go together like spreadsheets and tax evasion. When cryptocurrency hit the scene it was, according to its evangelists, going to usher in a world of decentralized currency and free everyone from the shackles of oppressive central banks. Turns out it's also been a pretty great way to launder money.It's also the subject of the new book Red Team Blues, a novel from writer Cory Doctorow. In Red Team Blues a 67 year old forensic accountant finds himself at the center of a crypto-crime mystery that takes him from the heights of silicon valley to the depths of the Tenderloin. This week on Cyber, Doctorow walks us through a brief history of the valley and why he wrote three books about an old accountant during the pandemic.Doctorow is the author of more...
https://shows.acast.com/cyber/episodes/cyber-crime-and-crypto-with-cory-doctorow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 19, 2023 - Beware of .zip websites, Dropbox is abused by crooks, infected Android phones and more
This episode reports on how crooks are leveraging Dropbox and the new .,zip domain, offers tips for vacation travelers and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-19-2023-beware-of-zip-websites-dropbox-is-abused-by-crooks-infected-android-phones-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supreme Court's 230 ruling, Montana bans TikTok, Guerilla smartphone malware
Supreme Court shields Twitter from liability and leaves Section 230 untouched Montana governor bans TikTok Millions of smartphones distributed worldwide with preinstalled ‘Guerrilla' malware Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. For the stories...
https://cisoseries.libsyn.com/may-19-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 195
Alex and Camila discuss security update management strategies after a recent
outage at Datadog was attributed to a security update for systemd on Ubuntu,
plus we look at security vulnerabilities in the Linux kernel, OpenStack,
Synapse, OpenJDK and more.
https://ubuntusecuritypodcast.org/episode-195/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep135: Sysadmin by day, extortionist by night
Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...
https://nakedsecurity.sophos.com/2023/05/18/s3-ep135-sysadmin-by-day-extortionist-by-night/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!
Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once you've got source code and some banger tweets/tools that popped up in our feed this week. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPart 1:https://open.spotify.com/episode/2pdTaWHSzl9CY7PgRQtvTiNoperator's Zip-Snip: https://twitter.com/noperator/status/1658313637189111808https://github.com/noperator/zip-sniphttps://noperator.dev/posts/zip-snip/Insecure's SIP Bugs: https://twitter.com/ifsecure/status/1656591469518495745...
https://rss.com/podcasts/ctbbpodcast/955301
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lancefly in Asia, Meta EU fine, TLD phishing
Lancefly group hits Asia Meta facing record EU privacy fine New TLDs a vector for phishing Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters' SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It's time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.
https://cisoseries.libsyn.com/may-18-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
212 - Attacking VirtualBox and Malicious Chess
This week we we've got a neat little printer corruption, a probably unexploitable stockfish bug, though we speculate about exploitation a bit. Then into a VirtualBox escape bug, and an Andreno "vulnerability".
https://dayzerosec.com/podcast/212.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 5/17/2023
The post Talkin' About Infosec News – 5/17/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-5-17-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 17, 2023 - An email invoice scam that impersonates your boss, a new ransomware gang discovered and more
This episode reports on a new DDoS attack tactic, a U.S. pharmaceuticals company reports a data breach of 5.8 million people, attacks on TP-Link routers and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-17-2023-an-email-invoice-scam-that-impersonates-your-boss-a-new-ransomware-gang-discovered-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside RaaS, cyber education initiatives, attacking TP-Link routers
An inside look at RaaS White House cyber strategy goes big on education Chinese attackers hit TP-Link routers Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of redundant detection engineering and manual event correlation – allowing SOC analysts to focus on higher-value tasks. Visit hunters.security to learn how your SOC can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.
https://cisoseries.libsyn.com/may-17-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
211 - OverlayFS to Root and Parallels Desktop Escapes
More bug bounty style bugs, but you'd be forgiven reading that title thinking we had a low-level focus this episode. We got some awesome bugs this week though from tricking Dependabot and abusing placeholder values, an IIS auth bypass. Ending off with a kernel bug (OverlayFS) and a VM escape (Parallels Desktop)
https://dayzerosec.com/podcast/211.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Philadelphia Inquirer cyber attack, DOT breach exposes federal employee data, 3 million data breach notices sent to SchoolDude users
Cyber attack hits Philadelphia Inquirer Transportation Department cyber breach exposes federal employee data 3 million data breach notices being sent to SchoolDude users Thanks to today's episode sponsor, Hunters Relying on a SIEM in 2023 is like living in a college dorm room, post-graduation - you're operating in an environment you've out-grown. The Hunters SOC Platform is purpose built to help your Security Operations mature to the level you need to be at. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. It's time to Move Beyond SIEM. Visit Hunters.security to learn more and let them know you heard about Hunters...
https://cisoseries.libsyn.com/may-16-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 15, 2023 - Patch this WordPress plugin hole fast, a data breach at a Discord provider and more
This episode reports on man-in-the-middle attacks, a new GitHub security tool, a warning about possibly fake MSI firmware updates and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-15-2023-patch-this-wordpress-plugin-hole-fast-a-data-breach-at-a-discord-provider-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 375 – The market forces of left-pad, Episode 77 remaster part 2
Josh and Kurt finish up the leftpad discussion. We spent a lot of time talking about how the market will respond to these sort of events, and the market did indeed speak; very little has changed. There is an aspect of all these security events where we need to understand the cost vs benefit justContinue reading "Episode 375 – The market forces of left-pad, Episode 77 remaster part 2"
https://opensourcesecurity.io/2023/05/14/episode-375-the-market-forces-of-left-pad-episode-77-remaster-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #571: Simple Ways to Test Your SIEM - Part 2
Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit and built a refreshed a two-part GitHub gist that covers:
Questions you can
https://7ms.us/7ms-571-simple-ways-to-test-your-siem-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for Friday May 12, 2023
This week's review features a discussion between Jim Love and David Shipley on the progress in the fight against ransomware
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-friday-may-12-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today: May 12, 2023 - How Dragos was fooled by an attacker impersonating a new employee, and more
This episode reports on lessons learned in a breach of security controls, a data breach at SchoolDude, a ransomware warning to admins with VMware hypervisors and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-12-2023-how-dragos-was-fooled-by-an-attacker-impersonating-a-new-employee-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CYBER: Inside the Italian Mafia's Encrypted Phone of Choice
We talk a lot about encrypted phones on Cyber. Everyone loves a secure communication channel that no one can peer into. But some companies, well, if there's criminal activity going on they're gonna sell you out. And the cops have gotten very good at setting up honeypots and hacking into existing networks.But there's one encrypted service out there that is, as far as we know, still secure. It's called No. 1 Business Communication and it's a favorite of the Italian Mafia. On this episode of Cyber, Joseph Cox comes on to explain how and why No. 1 Business Communication has survived in a world where authorities have shut down the competition. Stories discussed in this episode:Inside the Italian Mafia's Encrypted Phone of ChoiceWe're recording CYBER live on Twitch and YouTube....
https://shows.acast.com/cyber/episodes/cyber-inside-the-italian-mafias-encrypted-phone-of-choice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep134: It's a PRIVATE key – the hint is in the name!
Latest episode - listen now! (Full transcript inside.)
https://nakedsecurity.sophos.com/2023/05/11/s3-ep134-its-a-private-key-the-hint-is-in-the-name/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 5/11/2023
The post Talkin' About Infosec News – 5/11/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-5-11-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 194
The team are back from Prague and bring with them a new segment, drilling into
recent academic research in the cybersecurity space - for this inaugural segment
new team member Andrei looks at modelling of attacks against network intrusion
detections systems, plus we cover the week in security updates looking at
vulnerabilities in Django, Ruby, Linux kernel, Erlang, OpenStack and more.
https://ubuntusecuritypodcast.org/episode-194/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 18: Audit Code, Earn Bounties
Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCrossing the KASM:https://www.youtube.com/watch?v=NwMY1umhpggPWNAssistant by Elttam:https://www.elttam.com/blog/pwnassistant/#contentAndre's...
https://rss.com/podcasts/ctbbpodcast/946530
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
210 - TPMs and Baseband Bugs
This week we go a bit deeper than normal and look at some low level TPM attacks to steal keys. We've got a cool attack that lets us leak a per-chip secret out of the TPM one byte at a time, and a post about reading Bitlocker's secret off the SPI bus. Then we talk about several Shannon baseband bugs disclosed by Google's Project Zero.
https://dayzerosec.com/podcast/210.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today: May 10, 2023 - A new ransomware strain called Cactus is found, and more
This episode reports on a survey of CISOs and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-10-2023-a-new-ransomware-strain-called-cactus-is-found-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
209 - Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?
We open up this weeks bug bounty podcast with a discussion about Google's recent support for passkeys, tackling some misunderstanding about what they are and how open the platform is. Also some talk towards the end about potential vulnerabilities to look out for. Then we dive into the vulnerabilities for the week, involving bypassing phone validation in OpenAI, a bad origin check enabling abuse of a permissive CORS policy, and an order of operations issue breaking the purpose of sanitization in Oracle's Opera.
https://dayzerosec.com/podcast/209.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 8, 2023 - Sheriff's office pays a million ransom, American health records provider hacked, and more
This episode reports on a new ransomware gang, an update on a ransomware attack on an American private university and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-8-2023-sheriffs-office-pays-a-1-million-ransom-american-health-records-provider-hacked-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 374 – The event we called left-pad, Episode 77 remaster part 1
Josh and Kurt revisit Episode 77, which was named “npm and the supply chain” but was a discussion about the incident we all know now as “leftpad”. We didn’t understand what was happening at the time, but this would become an event we talk about for years to come. It’s shocking how many of theContinue reading "Episode 374 – The event we called left-pad, Episode 77 remaster part 1"
https://opensourcesecurity.io/2023/05/07/episode-374-the-event-we-called-left-pad-episode-77-remaster-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 5/5/2023
The post Talkin' About Infosec News – 5/5/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-5-5-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, Week in Review for Friday May 5th, 2023
This episode features a discussion on the latest news about ChatGPT, data thefts of from test and decommissioned servers and whether the FBI needs more money to fight cybercrime
https://cybersecuritytoday.libsyn.com/cyber-security-today-week-in-review-for-friday-may-5th-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #570: How to Build a Vulnerable Pentest Lab - Part 4
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
In today's episode we staged an NTLM relay attack using a vulnerable
https://7ms.us/7ms-570-how-to-build-a-vulnerable-pentest-lab-part-4/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security Today, May 5, 2023 - Data breach at the Metropolitan Opera, and more GoAnywhere MFT victims
This episode reports on PayPal being used to send fake invoices and more
https://cybersecuritytoday.libsyn.com/cyber-security-today-may-5-2023-data-breach-at-the-metropolitan-opera-and-more-goanywhere-mft-victims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep133: Apple takes “tight-lipped” to a whole new level
Entertaining, educational, and all in plain English 🎧📖
https://nakedsecurity.sophos.com/2023/05/04/s3-ep133-apple-takes-tight-lipped-to-a-whole-new-level/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple II and How the Computer Became Personal
If you're watching or listening to this show you're probably doing it on a device that owes its very existence to the Apple II. But these days we remember the iPhone, 90s era Windows, and even the Macintosh as these big benchmark moments in widespread adoption of tech.But all those devices wouldn't be here if it weren't for the little Apple II board that could and the people who turned a hobbyist curiosity into a fundamental part of every household in the world.That story is the subject of the new book The Apple II Age: How the Computer Became Personal. This week on Cyber, author Laine Nooney comes on to talk about The Apple II Age and how the little machine ushered in a new world of personal computing. Nooney is also an assistant professor of Media and Information Studies at New York...
https://shows.acast.com/cyber/episodes/apple-ii-and-how-the-computer-became-personal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 206 - RSA, Artificial Intelligence, Spidering Tools
Seth Law and Ken Johnson are back this week. In this show, Seth and Ken discuss what the RSA conference did (and did not) reveal about the current state of #applicationsecurity, #appsec, #crocsandsocks. Also a discussion of the ChatGPT breach as well as AI's role in generating ever more content (in this case with news sites).
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_206.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 17: LA Live Chat with Five Legendary Hackers
Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZOZL” “The King” Curry @samwcyoFrans “The Legend” Rosen @fransrosenJonathan “Doc” Bouman @JonathanBoumanNagli…NagliNagli @naglinagliShoutout to Jonathan Bouman's Mom!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFOLLOW OUR LINKEDIN ACCOUNT FOR NAGLI:https://www.linkedin.com/company/ctbbpodcastSam...
https://rss.com/podcasts/ctbbpodcast/936303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
208 - Timing Attack for Exploitation and VR in the wake of Rust
Not a lot of interesting binary exploitation topics for this week, we've got a DHCPv6 service vuln, and a fun idea to use a timing side-channel to improve exploit stability. Then we end with a discussion about Rust coming the Windows operating system, what Rust means for the future of exploit development and vulnerability research and the value of memory corruption in Windows.
https://dayzerosec.com/podcast/208.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wondery Presents - Flipping The Bird: Elon vs Twitter
When Elon Musk posted a video of himself arriving at Twitter HQ carrying a white sink along with the message “let that sink in!” it marked the end of a dramatic takeover. Musk had gone from Twitter critic to “Chief Twit” in the space of just a few months but his arrival didn't put an end to questions about his motives. Musk had earned a reputation as a business maverick. From PayPal to Tesla to SpaceX, his name was synonymous with big, earth-shattering ideas. So, what did he want with a social media platform? And was this all really in the name of free speech...or was this all in the name of Elon Musk?From Wondery, the makers of WeCrashed and In God We Lust, comes the wild story of how the richest man alive took charge of the world's “digital public square.”Listen to Flipping...
http%3A%2F%2Fwondery.fm%2FFTB_Cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
207 - Git Config Injection and a Sophos Pre-Auth RCE
On this weeks bug bounty podcast we take a look at a few interesting issues. While they are all patched, there is reason to believe they'd all creep up in other applications too. First up is an RCE due to nested use of an escaped string. Second a fgets loop that doesn't account for long lines. A XML signature verification tool with a deceptive interface, and last a look at how Bash's privileged mode can backfire.
https://dayzerosec.com/podcast/207.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
133: I'm the Real Connor
One day Connor Tumbleson got an email saying his identity has been stolen. And this was one of the strangest days he's ever had.
Sponsors
Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you're looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Qurotum Cyber at quorumcyber.com.
Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what you've created. Try it out at https://skiff.com.
Support for this show comes from AttackIQ. AttackIQ's security...
https://darknetdiaries.com/episode/133
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 373 – HHGG security, Episode 42 remaster part 2
This is the second part of remastering Episode 42 which is all about the security in the Hitchhiker's Guide to the Galaxy movie. It’s a fun show and it’s shocking how many of these security themes are still relevant today. Show Notes
https://opensourcesecurity.io/2023/04/30/episode-373-hhgg-security-episode-42-remaster-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR's role in insider threat, how prevalent investigations are in the post-pandemic work from home environment. Questions and potential sub-topics (5 minimum): What is the difference between insider threat and insider risk? Motivators of insider threat (not much different than espionage,IMO -bryan) (MICE: Money, Ideology, Compromise, and Ego.) https://thestack.technology/pentagon-leaks-insider-threat-sysadmin/ 75% of all insider threats are being kicked off by HR departments. In short, it's proactive. “How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users...
http://brakeingsecurity.com/lynsey-wolf-conducting-insider-threat-investigations-casb-and-ueba-utlization-to-good-use
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #569: Interview with Jim Simpson of Blumira
Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like Duo. Blumira and 7 Minute Security have a
https://7ms.us/7ms-569-interview-with-jim-simpson-of-blumira/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep132: Proof-of-concept lets anyone hack at will
When Doug says, "Happy Remote Code Execution Day, Duck"... it's irony. For the avoidance of all doubt :-)
https://nakedsecurity.sophos.com/2023/04/27/s3-ep132-proof-of-concept-lets-anyone-hack-at-will/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
206 - A Ghostscript RCE and a Windows Registry Bug
This week's binary exploitation episode has some pretty solid bugs.A string escaping routine that goes out of bounds, a web-based information disclosure. And a couple kernel issues, one in the Windows registry, a logical bug leading to memory corruption, and an AppleSPU out of bounds access.
https://dayzerosec.com/podcast/206.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
205 - SecurePoint UTM, Chfn, and Docker Named Pipe Vulns
For this week's bug bounty podcast We start off with a bit of a unique auth bypass in a firewall admin panel. We've also got a couple desktop-based software bugs, with a Docker Desktop privilege escalation on windows, and a chfn bug. We've also got a couple escalation techniques, one for Azure environments, and another trick for exploiting semi-controlled file-writes.
https://dayzerosec.com/podcast/205.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 372 – HHGG security, Episode 42 remaster part 1
The podcast is on a hiatus for a little while due to some personal matters, but that creates an opportunity to remaster some fun old episodes. These shows are REALLY hard to listen to at the current quality (tools and talent has come a long way in the last few years). This is a remasterContinue reading "Episode 372 – HHGG security, Episode 42 remaster part 1"
https://opensourcesecurity.io/2023/04/23/episode-372-hhgg-security-episode-42-remaster-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #568: Lets Play With the 2023 Local Administrator Password Solution!
Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesome, it's a necessary blue team control for any size company,
https://7ms.us/7ms-568-lets-play-with-the-2023-local-administrator-password-solution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thieves are Stealing Cars Using Old Nokia Phones
It looks like a bluetooth speaker or an old Nokia cellphone. But that's a disguise. Inside these small devices is everything car thieves need to break into your vehicle. There are telegram channels now where, for a few thousand dollars, you can buy a device that will break into a car in seconds.Motherboard reporter Joseph Cox is here on Cyber this week to walk us through it.Stories discussed in this episode:The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth SpeakersWe're recording CYBER live on Twitch and YouTube. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just end up on the show. Subscribe to CYBER on Apple Podcasts or wherever you listen to your podcasts. Hosted on Acast....
https://shows.acast.com/cyber/episodes/thieves-are-stealing-cars-using-old-nokia-phones
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep131: Can you really have fun with FORTRAN?
Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.
https://nakedsecurity.sophos.com/2023/04/20/s3-ep131-can-you-really-have-fun-with-fortran/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 16: The Hacker's Toolkit
Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker's toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOur Boi @rez0__ Dropping Some AI Hackz:https://twitter.com/rez0__/status/1648685943539245056?s=20LiveOverflow Prompt Injection:https://www.youtube.com/watch?v=Sv5OLj2nVAQJoel's Private Network...
https://rss.com/podcasts/ctbbpodcast/915601
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 4/18/2023
The post Talkin' About Infosec News – 4/18/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-4-18-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 205 - Decline of AppSec, Death of Code Review
Finally returning to the podcast after a couple weeks of travel, training, and speaking, Seth and Ken are back for more, including their own takes opinions on the decline of application security and the reported death of manual code reviews.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_205.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 371 – pip install is the tool we deserve but not the tool we need
Josh and Kurt talk about a blog post about pip and virtual environments. This eventually turns into a larger conversation around packaging tools and how we see incremental changes over time. The package ecosystems were what we needed a few years ago, but our needs have changed. Show Notes
https://opensourcesecurity.io/2023/04/16/episode-371-pip-install-is-the-tool-we-deserve-but-not-the-tool-we-need/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #567: How to Build an Intentionally Vulnerable SQL Server
Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:
Download SQL Server here
Install SQL via config .ini file
Or, install SQL via pure command line
Deploy SQL with a service account while
https://7ms.us/7ms-567-how-to-build-an-intentionally-vulnerable-sql-server/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CONTINUOUS KUBERNETES SECURITY IN 2023
What We Discuss with Andrew Martin: THANKS, Andrew Martin If you enjoyed this session with Andrew Martin, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Andrew Martin Click here to let Ashish know about your number one takeaway from this… Continue reading CONTINUOUS KUBERNETES SECURITY IN 2023
The post CONTINUOUS KUBERNETES SECURITY IN 2023 appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/continuous-kubernetes-security-in-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Someone Is Selling Computer Generated Swatting Services
Automation is making everyone's lives easier, including people who call in fake bomb threats on crowded public locations. We live in a world where pranksters and criminals can summon a massive police presence with the click of a few buttons. On this episode of Cyber, Motherboard staff writer Joseph Cox is here to tell us all about it.Stories discussed in this episode:A Computer Generated Swatting Service Is Causing Havoc Across AmericaSmart Garage Company Fixes Vulnerability by Breaking Customers' DevicesHackers Can Remotely Open Smart Garage Doors Across the WorldIRS Wants to Buy Internet Mass Monitoring ToolWe're recording CYBER live on Twitch and YouTube. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just...
https://shows.acast.com/cyber/episodes/someone-is-selling-computer-generated-swatting-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2023 What Kubernetes Security Looks Like Today Series- DevSecOps
What We Discuss with Kirsten Newcomer: THANKS, Kirsten Newcomer If you enjoyed this session with Kirsten Newcomer, let her know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Kirsten Newcomer Click here to let Ashish know about your number one takeaway from this… Continue reading 2023 What Kubernetes Security Looks Like Today Series- DevSecOps
The post 2023 What Kubernetes Security Looks Like Today Series- DevSecOps appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/2023-what-kubernetes-security-looks-like-today-series-devsecops/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
https://nakedsecurity.sophos.com/2023/04/13/s3-ep130-open-the-garage-bay-doors-hal-audio-text/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 193
The release of Ubuntu 23.04 Lunar Lobster is nigh so we take a look at some of
the things the security team has been doing along the way, plus it's our 6000th
USN so we look back at the last 19 years of USNs whilst covering security
updates for the Linux kernel, Emacs, Irssi, Sudo, Firefox and more.
https://ubuntusecuritypodcast.org/episode-193/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 15: The Israeli Million-Dollar Hacker
Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from ,000 in bounties to ,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow Nagli and his new startup Shockwave:https://twitter.com/naglinaglihttps://twitter.com/shockwave_secHackMD Collaborative Notes:https://hackmd.io/Ian...
https://rss.com/podcasts/ctbbpodcast/906152
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 4/11/2023
The post Talkin' About Infosec News – 4/11/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-4-11-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What We Know about the Pentagon Leaks
Top Secret classified Pentagon documents leaked on a Minecraft Discord server. The pages of documents contain sensitive information about troop placements in Ukraine, rumors about allies, and—weirdly—a character sheet for a tabletop roleplaying game. On this episode of Cyber, host Matthew Gault takes a back seat and lets Motherboard editor-in-chief Jason Koebler interrogate him about what's in these classified Pentagon documents.Pentagon's Ukraine War Plans Leaked on Minecraft Discord Before Telegram and TwitterLeaked Pentagon Docs Share Wild Rumor: Kremlin Plans to ‘Throw' Putin's War While He's Getting ChemoLeaked Classified Documents Also Include Roleplaying Game Character StatsWe're recording CYBER live on Twitch and YouTube. Watch live during the week. Follow us...
https://shows.acast.com/cyber/episodes/what-we-know-about-the-pentagon-leaks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 370 – Open Source is bigger than you can imagine
Josh and Kurt talk about some data on the size of NPM. Josh wrote a blog post and a report about the amount of SEO spam in NPM was released. Open source is enormous, and it’s mostly one person. It’s hard to imagine how this all works sometimes and this lack of understanding can createContinue reading "Episode 370 – Open Source is bigger than you can imagine"
https://opensourcesecurity.io/2023/04/09/episode-370-open-source-is-bigger-than-you-can-imagine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
Show Topic Summary (less than 300 words) 3CX supply chain attack, Mark Russinovich and Sysinternals, ransomware notifications from CISA, and emotional intelligence Youtube VOD: https://www.youtube.com/watch?v=afZHiBUr-2g Questions and potential topics (5 minimum): https://www.straitstimes.com/tech/downloading-a-cracked-version-of-fifa-23-or-hogwarts-legacy-for-free-it-s-probably-malware https://leadershipfreak.blog/2023/03/27/the-7-powers-of-questions/ https://securityintelligence.com/articles/is-it-time-to-hide-your-work-emails/ https://www.lollydaskal.com/leadership/what-remote-leaders-do-differently-to-be-successful/ https://www.lollydaskal.com/leadership/the-role-of-emotional-intelligence-in-leadership-why-it-matters/ ...
http://brakeingsecurity.com/3cx-supply-chain-attack-mark-russinovich-and-sysinternals-cisa-ransomware-notifications-and-emotional-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Uber's April Fools Glitch
A terrible April Fool's day glitch screws over Uber drivers, tenants in California are striking back against landlords, and private banks: do we need them?Today's episode of Cyber is a cypher, that infrequent version of the show where we decipher some recent tech news. It's a potpourri for the panopticon age. A grab bag of tech horrors, a not so gentle reminder that our work is not yet done.Motherboard reporter Roshan Abraham is here to talk about it all.'Screwed': Uber Claws Back Double Pay from Drivers After April Fools GlitchTenants of America's Biggest Landlord Form Union to Fight Evictions, Rent HikesWant to Curb City Crime? Evict Fewer Tenants, Study SaysPrivate Banks Are In Crisis. What If They Were Public Banks?We're recording CYBER live on Twitch and YouTube. Watch live during...
https://shows.acast.com/cyber/episodes/cyber-ubers-april-fools-glitch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep129: When spyware arrives from someone you trust
Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days... listen now!
https://nakedsecurity.sophos.com/2023/04/06/s3-ep129-when-spyware-arrives-from-someone-you-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Russia Uses Facial Recognition to Stop Protestors
Facial recognition systems are here. They've been deployed extensively along America's southern border and in its cities. Authoritarian regimes in Iran and Russia are using the technology to crack down on dissidents and what's going on in Moscow right now paints a horrifying picture of how dangerous the tech has become.On this episode of Cyber, Lena Masri is here to talk about it. She's the author of a new report at Reuters about how Putin uses facial recognition to curb dissent.Stories discussed in this episode:Facial recognition is helping Putin curb dissent with the aid of U.S. techU.S. Hardware Is Fueling Russia's Facial Recognition Crackdown on Anti-War DissidentsAI Use by Cops, Child Services In NYC Is a Mess: ReportWe're recording CYBER live on Twitch and YouTube. Watch live...
https://shows.acast.com/cyber/episodes/how-russia-uses-facial-recognition-to-stop-protestors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel's Alternative to UberTooth One:https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATMD3monDev's Burp VPS Plug-in:https://github.com/d3mondev/burp-vps-proxyFireProx:https://github.com/ustayready/fireproxJoel's Universal SSL De-pinning...
https://rss.com/podcasts/ctbbpodcast/897241
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 4/5/2023
The post Talkin' About Infosec News – 4/5/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-4-5-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
132: Sam the Vendor
Sam Bent, a.k.a. DoingFedTime, brings us a story of what it was like being a darknet market vendor.
Learn more about Sam at https://www.doingfedtime.com/.
Sponsors
Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools.
Learn more about your ad choices. Visit podcastchoices.com/adchoices
https://darknetdiaries.com/episode/132
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 4/3/2023
The post Talkin' About Infosec News – 4/3/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-4-3-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 369 – OpenAI broke ChatGPT then tried to blame open source
Josh and Kurt talk about OpenAI having a bug in ChatGPT, then they tried to blame open source. It didn’t go very well. In this episode Josh and Kurt argue a lot, maybe someday we’ll know who was the least wrong. Show Notes
https://opensourcesecurity.io/2023/04/02/episode-369-openai-broke-chatgpt-then-tried-to-blame-open-source/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's Driving the AI Hype?
Love it or hate it, you can't escape artificial intelligence. People are using Midjourney to make viral photos of Donald Trump's arrest and the Pop's puffy coat. Redditors are creating entire fake historical events and backing it up with AI-generated photos. Silicon Valley seems to think this tech is the next big thing, with Google and Microsoft betting big on it and some people begging everyone to pause development for six months.Is AI changing the world? With us here today to try to answer that question is Motherboard reporter Chloe Xiang.Stories discussed in this episode:People Are Creating Records of Fake Historical Events Using AIChatGPT Can Replace the Underpaid Workers Who Train AI, Researchers SayThe Open Letter to Stop 'Dangerous' AI Race Is a Huge Mess'He Would Still Be Here':...
https://shows.acast.com/cyber/episodes/whats-driving-the-ai-hype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 192
Ubuntu gets pwned at Pwn2Own 2023, plus we cover security updates for vulns in
GitPython, object-path, amanda, url-parse and the Linux kernel - and we mention
the recording of Alex's Everything Open 2023 presentation as well.
https://ubuntusecuritypodcast.org/episode-192/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #566: Tales of Pentest Pwnage - Part 47
Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to a new trick that one of our favorite old tools
https://7ms.us/7ms-566-tales-of-pentest-pwnage-part-47/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 13: How to Find a Good BBP + Acropalypse + ZDI
Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJHaddix AWSScrape Tool:https://twitter.com/Jhaddix/status/1637140192728612865?s=20Acropalypse Links:https://twitter.com/ItsSimonTime/status/1636857478263750656https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.htmlhttps://twitter.com/David3141593/status/1638222624084951040https://twitter.com/David3141593/status/1638293029059477505SSRF...
https://rss.com/podcasts/ctbbpodcast/886550
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The DEA Is Skipping Warrants and Buying Data from Rogue Employees
In America, no one can protect you from a transportation employee being paid off by the feds. The Drug Enforcement Agency has a single remit: to prosecute America's long-failed war on drugs. Joseph Cox is on today's episode of Cyber to talk about one its shadier practices and the senators who want answers from the Department of Justice. It turns out that the DEA has been paying Amtrak and commercial package companies to act as informants and supply data on customers without having to get a warrant.Stories discussed in this episode:The DEA Bought Customer Data from Rogue Employees Instead of Getting a WarrantThe 'Insanely Broad' RESTRICT Act Could Ban Much More Than Just TikTokHere is the FBI's Contract to Buy Mass Internet DataCops Sue Afroman for 'Emotional Distress' After He Made...
https://shows.acast.com/cyber/episodes/the-dea-is-skipping-warrants-and-buying-data-from-rogue-empl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 204 - Logging, Edge Cases, Client API Exposure
The dynamite duopoly that is Ken and Seth are back to take the AppSec news by storm. Starting with Seth's favorite topic of Auditing or Logging, Ken brings up the recent Okta vulnerability report related to plaintext logging of usernames and passwords. This is followed by a review of Troy Hunt's recent post on edge cases when interacting with 3rd-party services, which the duo extrapolates to security edge cases and things they have seen recently. Finally, a discussion on manipulation of client single page applications to expose administrative endpoints from a recent twitter thread on reported and identified bug bounty issues of the same flavor.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_204.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IS THERE DEVSECOPS IN CLOUD?
What We Discuss with Guy Podjarny: THANKS, Guy Podjarny! If you enjoyed this session with Guy Podjarny, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Guy Podjarny! Click here to let Ashish know about your number one takeaway from this… Continue reading IS THERE DEVSECOPS IN CLOUD?
The post IS THERE DEVSECOPS IN CLOUD? appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/is-there-devsecops-in-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Does Congress Want to Ban TikTok?
America is thinking about banning the most popular social media app in the world. TikTok has exploded in the past few years and whether you love it or hate it, you can't deny its huge influence.Legislators in America are concerned about that influence, especially because of TikTok's connections to China. On Thursday, TikTok's CEO testified before the House's Committee on Energy and Commerce and fielded questions about the app, its connection to China, and what it might be doing to America's children.It was a shitshow.Motherboard's Social Media Manager, Emily Lipstein, is on this episode of Cyber talking about.Stories discussed in this episode:Congress Shocked to Discover 10 Year Olds Check the ‘I'm Over 18' Box OnlineBanning TikTok Is Unconstitutional, Ludicrous, and a National...
https://shows.acast.com/cyber/episodes/why-does-congress-want-to-ban-tiktok
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #565: How to Simulate Ransomware with a Monkey
Hey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way to show your team and execs just how quick and deadly an infection can be to your business. You can feed the monkey a list of usernames
https://7ms.us/7ms-565-how-to-simulate-ransomware-with-a-monkey/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 191
This week saw the unexpected release of Ubuntu 20.04.6 so we go into the detail
behind that, plus we talk Everything Open and we cover security updates
including Emacs, LibreCAD, Python, vim and more.
https://ubuntusecuritypodcast.org/episode-191/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like a Deere (away from OSS requests, anyway), and “Are we past DAST?” Questions and potential sub-topics (5 minimum): https://techcrunch.com/2023/03/15/dish-customers-kept-in-the-dark-as-ransomware-fallout-continues/ https://medium.com/@cmanojshrestha/hack-any-social-media-account-using-cookie-stealing-attack-a6cdc4caafc1 https://boringappsec.substack.com/p/edition-18-the-diminishing-returns https://www.theregister.com/2023/03/17/john_deere_sfc_gpl/ https://www.bleepingcomputer.com/news/security/alleged-breachforums-owner-pompompurin-arrested-on-cybercrime-charges/...
http://brakeingsecurity.com/dish-network-is-still-busted-john-deere-avoiding-oss-requests-is-dast-dead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scalpers Are Selling Whole Ticketmaster Accounts Now
It's almost impossible to get retail priced tickets to The Cure's newest live tour. Fans are, once again, turning to the secondary market despite the band's insistence that Ticketmaster shut it down. This week on Cyber, Joseph Cox and Motherboard Motherboard editor-in-chief Jason Koebler take us into the world of the ticket scalper, where whole Ticketmaster accounts are being sold in bulk and a “verified fan” is just someone the algorithm approves of.Stories discussed in this episode:The Cure Tried to Stop Scalpers. Brokers Are Selling Entire Ticketmaster Accounts InsteadTicketmaster Cancels Public Sale for Taylor Swift Tickets Because It Already Sold Them AllBlink-182 Tickets Are So Expensive Because Ticketmaster Is a Disastrous Monopoly and Now Everyone Pays Ticket Broker...
https://shows.acast.com/cyber/episodes/scalpers-are-selling-whole-ticketmaster-accounts-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports
Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This episode is chock full of awesome tips so give it a good listen!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow JHaddix on Twitter:https://twitter.com/jhaddixBuddoBot:https://buddobot.com/BC Hunt:https://github.com/bugcrowd/HUNT/blob/master/README.mdOne List For All:https://github.com/six2dez/OneListForAllAssetNote...
https://rss.com/podcasts/ctbbpodcast/869308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 203 w/ Shlomi Shaki - Security Tools
Joining Seth and Ken is Shlomi Shaki, a tech exec with GitHub who directs sales resources related Application Security and Product Security in APJ region. Discussion revolves around adoption of security tools and the struggles of securing software from both a tooling and process perspective.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_203.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #564: First Impressions of OVHcloud Hosted vCenter
Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR:
It runs on vCenter, my first and only virtualization love!
Unlimited VM "powered on" time and unlimited bandwidth
Intergration with PowerShell so
https://7ms.us/7ms-564-first-impressions-of-ovhcloud-hosted-vcenter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Is Why America's Trains Keep Crashing
In America the trains never seem to run on time. On February 3, a train crashed in East Palestine, Ohio releasing toxic chemicals into the air. Almost a month later, another train owned by the same company also derailed in Ohio. That's not all. Trains in Charlotte are running slower than they should. NYC can't fit trains into its new station. The list goes on and on.What the hell is going on with mass transit in America?If you're a long time Cyber listener, you might already know some of the answers to this question. That's thanks to returning champion, Motherboard senior writer Aaron Gordon.Stories discussed in this episode:East Palestine Derailment ‘Foreseeable and Preventable,' Ohio Attorney General Lawsuit Alleges24 Hours of News Shows America's Transportation HellscapeThe...
https://shows.acast.com/cyber/episodes/this-is-why-americas-trains-keep-crashing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 3/16/2023
00:00 – PreShow Banter™ — Tossing Money at Problems00:58 – BHIS – Talkin' Bout [infosec] News 2023-03-1301:41 – Story # 1: Silicon Valley Bank collapse: Treasury, Fed, and FDIC announce […]
The post Talkin' About Infosec News – 3/16/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-3-16-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 11: CV$$, Web Cache Deception, and SSTI
Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterMDSec Outlook Vuln:https://twitter.com/MDSecLabs/status/1635791863478091778Jub0bs User-Existance Oracle Tweet:https://twitter.com/jub0bs/status/1633786349529513986James Kettle's Tweet About BB ID Header Standardization:https://twitter.com/albinowax/status/163595150679175577615K...
https://rss.com/podcasts/ctbbpodcast/867972
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WTF Is Up With the Silicon Valley Bank Bailout?
Collapse. It's the word on everybody's lips. Silicon Valley Bank and Signature are no more. The banks, folks, they've collapsed. But don't worry, these aren't your typical banks. SVB and Signature were not the kinds of places working class folks were holding checking accounts. These were massive institutions that propped up America's ailing tech sector. If you've been hustled by an NFT startup in the past year, there's a good chance it had deposits at SVB.But now they're gone and, after some panic, it looks like America's blessed institutions are working as intended. The Federal Deposit Insurance Corporation is gonna clean all this up. But should they?On this episode of Cyber, Motherboard Managing Editor Jordan Pearson sits down to answer the question.Stories discussed...
https://shows.acast.com/cyber/episodes/wtf-is-up-with-the-silicon-valley-bank-bailout
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 202 w/ Haseeb Awan - Mobile Security
Ken Johnson (@cktricky on twitter) and Seth Law (@sethlaw) interview Haseeb Awan (@haseeb) founder and CEO of Efani, a mobile service provider focused on security.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_202.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Build a Modern Cyber Security Program in 2023
What We Discuss with Larry Whiteside Jr: THANKS, Larry Whiteside Jr! If you enjoyed this session with Larry Whiteside Jr, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Larry Whiteside Jr! Click here to let Ashish know about your number… Continue reading How to Build a Modern Cyber Security Program in 2023
The post How to Build a Modern Cyber Security Program in 2023 appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-build-a-modern-cyber-security-program-in-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #563: Cracking and Mapping and Execing with CrackMapExec - Part 2
Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover:
# Enumerate where your user has local admin rights:
cme smb x.x.x.x/24 -u user -p password
# Set wdigest flag:
cme smb x.x.
https://7ms.us/7ms-563-cracking-and-mapping-and-execing-with-crackmapexec-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 190
The Ubuntu Security Podcast is on a two week break to focus on [Everything Open
2023](https://2023.everythingopen.au/) in Melbourne next week - come hear Alex talk about [Securing a distribution
and securing your own open source project](https://2023.everythingopen.au/schedule/presentation/64/) in person if you can.
https://ubuntusecuritypodcast.org/episode-190/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LastPass Isn't Safe and Your Hiking App May be Tracking You
It's Cipher time, baby. It's that infrequent style of Cyber we do where we decipher Motherboard's tech coverage in a potpourri for the panopticon age. On today's episode we've got a little bit of everything. A popular hiking app reveals that, once again, we just can't trust private companies with our data. But what about our passwords? Surely a company that bills itself as a secure way to remember all those logins is secure right? Nope! Also, Twitter ditches Tor and, just for fun, another wonderful story about cheating in online video games.Motherboard's own Joseph Cox is here to walk us through all of it.Stories discussed in this episode:AllTrails Data Exposes Precise Movements of Former Top Biden OfficialTwitter's Most Important Anti-Censorship Tool Is Currently Dead‘Escape...
https://shows.acast.com/cyber/episodes/lastpass-isnt-safe-and-your-hiking-app-may-be-tracking-you
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees
Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from Justin's two mentees: Kodai and Soma. Follow us on twitter at: https://twitter.com/ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterHackVertor https://portswigger.net/bappstore/65033cbd2c344fbabe57ac060b5dd100 Not_An_Aardvark (Teddy Katz) Blog: https://blog.teddykatz.com/ Tweets from PortSwigger Research:https://twitter.com/PortSwiggerRes/status/1632742844535324677https://twitter.com/PortSwiggerRes/status/1630221223874445314https://twitter.com/PortSwiggerRes/status/1629131380473970688HackerOne...
https://rss.com/podcasts/ctbbpodcast/857869
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 3/8/2023 (v2)
THIS IS A TEST
The post Talkin' About Infosec News – 3/8/2023 (v2) appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-3-8-2023-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 3/8/2023
00:00 – PreShow Banter™ — Lil NAS06:52 – BHIS – Talkin' Bout [infosec] News 2023-03-0608:13 – Story # 1: LastPass says employee's home computer was hacked and corporate vault takenhttps://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/28:32 […]
The post Talkin' About Infosec News – 3/8/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-3-8-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Balloon Panic Has Been Weird But Good for Balloon Hobbyists
On February 4, 2023, an F-22 fighter jet committed the first air to air kill in the weapons history. It was an alleged Chinese spy balloon near Myrtle Beach. In the days that followed the F-22 would score another kill, this time against a mysterious floating object above the Yukon.But this second object hadn't come from China. Hobbyists, in fact, think it might be one of their balloons. Across the world there is a small but dedicated group of people who love launching tiny balloons into the sky.It's been a weird month for the community. What with the fighter jets patrolling the sky and constant reports of UFOs. On this week's Cyber, Motherboard reporter Becky Ferreria stops by to talk about the amateur balloonists who lived through the great balloon panic of 2023.Stories discussed in...
https://shows.acast.com/cyber/episodes/the-great-balloon-panic-has-been-weird-but-good-for-balloon-
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 201 - Breaches, Package Managers, Audit Logs
A lot has happened since the 200th (!!!) episode of the podcast, so we are bring another episode with a discussion of recent events, sites, and interesting finds. First up is a discussion of recent breaches, including some stories related to consumer rewards programs and weaknesses in that space. This is followed by a discussion on responsibility of package managers (e.g. npm, pip) for disclosure or removal of known vulnerable packages. Finally, Seth's favorite topic of audit logs gets a public shaming site for services that don't follow industry best-practices.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_201.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HOW TO BUILD A CLOUD SECURITY PROGRAM – MEDIA INDUSTRY
What We Discuss with Bianca Lankford: THANKS, Bianca Lankford! If you enjoyed this session with Bianca Lankford, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Biance Lankford! Click here to let Ashish know about your number one takeaway from this… Continue reading HOW TO BUILD A CLOUD SECURITY PROGRAM – MEDIA INDUSTRY
The post HOW TO BUILD A CLOUD SECURITY PROGRAM – MEDIA INDUSTRY appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-build-a-cloud-security-program-media-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
Guest info Name and Title: Nickolas Means, VP of Engineering at SYM Email/Social Media Contact: @nmeans on Twitter, @nmeans@ruby.social on Mastodon Time Zone (if other than Pacific): Central (Austin, TX) Show Topic Summary / Intro We welcome Nickolas Means to the stream. Nick is the VP of Engineering at Sym, the adaptive access tool built for developers. He's been an engineering leader for more than a decade, focused on helping teams build velocity through trust and autonomy. He's also a regular speaker at conferences around the world, teaching more effective software development practices through stories of real-world engineering triumphs and failures. He's also the co-host of “Managing Up” a podcast with Management tips,...
http://brakeingsecurity.com/nickolas-means-talks-about-security-devops-velocity-blameless-orgs-and-conferences-infosec-should-attend
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 3/3/2023
Story # 1: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Lifehttps://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a Story # 1b: Apple's iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes […]
The post Talkin' About Infosec News – 3/3/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-3-3-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #562: Cracking and Mapping and Execing with CrackMapExec
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec
https://7ms.us/7ms-562-cracking-and-mapping-and-execing-with-crackmapexec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 189
This week we dive into the BlackLotus UEFI bootkit teardown and find out how
this malware has some roots in the FOSS ecosystem, plus we look at security
updates for the Linux kernel, DCMTK, ZoneMinder, Python, tar and more.
https://ubuntusecuritypodcast.org/episode-189/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Tubgirl Became a TikTok Sensation
YouTube, Instagram, and TikTok are awash in people reacting to horrifying videos. 2 girls 1 cup, Tubgirl, Goatse, and websites like Ogrish.com shaped the modern internet. Appropriating and sharing these horrifying images and videos was a big part of what people did during the early days of the web.But why? And how do these shocking viral sensations translate onto the modern and sanitized web? This week on Cyber, Blake Hester stops by to walk us through it all.Stories discussed in this episode:How Shock Sites Shaped the InternetWe're recording CYBER live on Twitch and YouTube. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just end up on the show.Subscribe to CYBER on Apple Podcasts or wherever you listen to your...
https://shows.acast.com/cyber/episodes/how-tubgirl-became-a-tiktok-sensation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug
Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Truffle Security End-To-End Encryption Video:https://www.youtube.com/watch?v=BBcZcoIZ1JcHackerOne World Cup:https://www.hackerone.com/hackers/brand-ambassador-programHackerOne World Cup Sign Up Form for USA:https://docs.google.com/forms/d/e/1FAIpQLSeRQpH2y0J-opxlsz8dPkvnIu8BqC_DA3CJe_eFhTFroPwdcg/viewformChatGPT...
https://rss.com/podcasts/ctbbpodcast/847924
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 200 w/ Jerry Gamblin - Startups, CVEs
Jerry Gamblin joins Seth and Ken for the 200th episode of the podcast. The discussions starts with a lengthy analysis of startup culture, security startups, and gotchas to be aware of when employed at or considering a job with a startup. This is followed by in-depth analysis of CVEs and how the process of publicly reporting issues in software has changed over time. A small snippet on interesting tokens/words/comments to search for in git logs and comments that point at security problems.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_200.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Accelerate your AWS Security Maturity in 2023
What We Discuss with Chad Lorenc: THANKS, Chad Lorenc! If you enjoyed this session with Chad Lorenc, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Chad Lorenc on Linkedin! Click here to let Ashish know about your number one takeaway… Continue reading How to Accelerate your AWS Security Maturity in 2023
The post How to Accelerate your AWS Security Maturity in 2023 appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-accelerate-your-aws-security-maturity-in-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7MS #561: Interview with Chris Furner of Blumira
Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today at blumira.com/7ms!
Today I sat
https://7ms.us/7ms-561-interview-with-chris-furner-of-blumira/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 188
This week the common theme is vulnerabilities in setuid-root binaries and their
use of environment variables, so we take a look at a great blog post from the
Trail of Bits team about one such example in the venerable `chfn` plus we look at
some security vulnerabilities in, and updates for the Linux kernel, Go Text, the
X Server and more, and finally we cover the recent announcement of Ubuntu
22.04.2 LTS.
https://ubuntusecuritypodcast.org/episode-188/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We Broke Into a Bank Account With an AI-Generated Voice
Banks in the U.S. and Europe tout voice ID as a secure way to log into your account. We proved it's possible to trick such systems with free or cheap AI-generated voices. Hosted on Acast. See acast.com/privacy for more information.
https://shows.acast.com/cyber/episodes/we-broke-into-a-bank-account-with-an-ai-generated-voice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 2/22/2023
00:00 – PreShow Banter™ — Pop Tart Pizza04:15 – BHIS – Talkin' Bout [infosec] News 2023-02-2005:39 – Story # 1: Employee data from a major cybersecurity firm posted for sale […]
The post Talkin' About Infosec News – 2/22/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-2-22-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCSS Escape Blog Post:https://mathiasbynens.be/notes/css-escapesRez0's blog on ChatGPT:https://rez0.blog/hacking/2023/02/21/hacking-with-chatgpt.htmlAll the ways to get a reference to a frame (shoutout to @wcbowling for...
https://rss.com/podcasts/ctbbpodcast/836051
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Build AWS Multi-Account Infrastructure with Security and Speed
What We Discuss with Patrick Sanders & Jospeh Kjar: THANKS, Patrick Sanders & Joseph Kjar! If you enjoyed this session with Patrick Sanders & Joseph Kjar, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Patrick Sanders! Click here to thank… Continue reading How to Build AWS Multi-Account Infrastructure with Security and Speed
The post How to Build AWS Multi-Account Infrastructure with Security and Speed appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-build-aws-multi-account-infrastructure-with-security-and-speed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 2/17/2023
00:00 – PreShow Banter™ — Scalping Valentine's Day Reservations04:13 – BHIS – Talkin' Bout [infosec] News 2023-06-2305:52 – Story # 1: 5 Chinese companies and a research institute blacklisted by […]
The post Talkin' About Infosec News – 2/17/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-2-17-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 187
After the announcement of Ubuntu Pro GA last week, we take the time to dispel
some myths around all things Ubuntu Pro, esm-apps and apt etc, plus Camila sits
down with Mark and David to discuss the backstory of Editorconfig [CVE-2023-0341](https://ubuntu.com/security/CVE-2023-0341)
and we also have a brief summary of the security updates from the past week.
https://ubuntusecuritypodcast.org/episode-187/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little rough around the edges this time, should be better than ever next time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPortSwigger's Top 10 Web Hacking Techniques of 2022:https://portswigger.net/research/top-10-web-hacking-techniques-of-2022Ian...
https://rss.com/podcasts/ctbbpodcast/827457
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HOW TO GET FEDRAMP CERTIFIED IN AWS
What We Discuss with Alexis Robinson: THANKS, Alexis Robinson! If you enjoyed this session with Alexis Robinson, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Alexis Robinson! Click here to let Ashish know about your number one takeaway from this… Continue reading HOW TO GET FEDRAMP CERTIFIED IN AWS
The post HOW TO GET FEDRAMP CERTIFIED IN AWS appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-get-fedramp-certified-in-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 199 - OWASP, Phishing, Eurostar
After a number of guest appearances, Ken and Seth are flying "duo" to talk through recent news across the industry. Starting with analysis of the recent OWASP Change petition that has surfaced to address needs of OWASP projects and chapters for funding and definition of how the organization supports multiple efforts. Followed by commiseration with Eurostar on their recent self-inflicted lockout of user accounts due to authentication upgrades. Finally, discussion of the recent reddit phishing scam and how the public display of their incident response shows security maturity.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_199.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Presenting: Spycast "Black Ops: The Life of a Legendary CIA Shadow Warrior"
Jack is currently on a break. Here is a an episode from the Spycast podcast called "Black Ops: The Life of a Legendary CIA Shadow Warrior".
To learn more about Spycast visit: https://www.spymuseum.org/podcast/
Learn more about your ad choices. Visit podcastchoices.com/adchoices
https://www.spymuseum.org/podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 2/13/2023
00:00 – PreShow Banter™ — We've got nothing to say03:07 – BHIS – Talkin' Bout [infosec] News 2023-06-2305:56 – Story # 1: Cybercrime job ads on the dark web pay […]
The post Talkin' About Infosec News – 2/13/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-2-13-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SPECIAL INTERVIEW: John Aron and Jerod Brennen
BrakeSec Show Outline (all links valid as of 27 Jan 2023, subject to change) Is it scheduled? Yes || No|| Completed Date: 2023/01/26 Guest info Name and Title: John Aron, Founder/CEO of Aronetics Email: john@aronetics.com Time Zone (if other than Pacific): Eastern Standard Guest info Name and Title: Jerod Brennen Email: jerod@brennenconsulting.com Time Zone (if other than Pacific): EST Show Topic Summary (less than 300 words) Clear the fog of marketing truths and viable solutions that actually deter and defend adversarial action. Questions and potential sub-topics (5 minimum): Edge devices everywhere A paradigm culture...
http://brakeingsecurity.com/special-interview-john-aron-and-jerod-brennen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 186
The Ubuntu Security Podcast is back for 2023! We ease into the year with
coverage of the recently announced launch of Ubuntu Pro as GA, plus we look at
some recent vulns in git, sudo, OpenSSL and more.
https://ubuntusecuritypodcast.org/episode-186/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Voice Generating-AI Is Now the Plaything of 4Chan
AI has made the voice of Emma Watson say some very strange things, and 4Chan is to blame. But trolls playing with new machine-learning tools aren't the only villain in this story. Actors are being asked to sign away the rights to their own voice for the purposes of AI reconstruction.Also on today's episode: Dutch police have been reading encrypted messages; some politicians in the UK want to ban encrypted phones; Apple is looking to roll out a new form of end-to-end encryption; and a police contractor that promised to track homeless people has been hacked.Cypher. We're bringing it back. For those that don't know, Cypher is a special edition of Cyber where we decipher the week's news. It's a potpourri for the panopticon. A grab bag of tech horror stories. And who better to join...
https://shows.acast.com/cyber/episodes/voice-generating-ai-is-now-the-plaything-of-4chan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)
Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel's HackerOne Android Hacking Introduction: https://t.ly/f87DAndroid Pixel Lock Screen Bypasshttps://t.ly/Q_qqExploiting Deeplink URLs:https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.htmlJoel's get_schemas tool:https://github.com/teknogeek/get_schemasExample...
https://rss.com/podcasts/ctbbpodcast/817191
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 198 with Laura Bell Main - Training
Laura Bell Main, founder and CEO of safestack.io (@lady_nerd on twitter and check out her website https://laurabellmain.com to acquaint yourself with her work and recent publications), joins Seth and Ken as a special guest. The discussion revolves around security training for developers and how it has changed over the years.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_198.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 270
https://defensivesecurity.org/defensive-security-podcast-episode-270/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HOW TO BUILD A CLOUD SECURITY PROGRAM WITH CONTAINERS
What We Discuss with Mrunal Shah: THANKS, Mrunal Shah! If you enjoyed this session with Mrunal Shah, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Mrunal Shah! Click here to let Ashish know about your number one takeaway from this… Continue reading HOW TO BUILD A CLOUD SECURITY PROGRAM WITH CONTAINERS
The post HOW TO BUILD A CLOUD SECURITY PROGRAM WITH CONTAINERS appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-build-a-cloud-security-program-with-containers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 2/3/2023
00:00 – PreShow Banter™ — Woke Up Like This03:20 – BHIS – Talkin' Bout [infosec] News 2023-01-3005:04 – Story # 1: GoTo says hackers stole customers' backups and encryption keyhttps://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/09:48 […]
The post Talkin' About Infosec News – 2/3/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-2-3-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more
Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSave All Resources Chrome Extension: https://chrome.google.com/webstore/detail/save-all-resources/abpdnfjocnmdomablahdcfnoggeeiedb?hl=enCorben's AMA: https://twitter.com/hacker_/status/1620514351521366016Collisions repo: https://github.com/corkami/collisions
https://rss.com/podcasts/ctbbpodcast/806583
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon
Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spaceraccoonsec) talking about techniques and takeaways from the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSpaceraccoon's blog:https://spaceraccoon.dev/Spaceraccoon's twitter:https://twitter.com/spaceraccoonsec Responder (NTLM Hash harvesting tool):https://github.com/lgandx/ResponderThe malware reversing...
https://rss.com/podcasts/ctbbpodcast/806568
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 197 with Sal Olivares - Exposed API Tokens
Sal Olivares, Senior Software Engineer from segment.io, joins Seth and Ken to discuss his experience with and recent blog post related to security token scanning and revocation. Sal was involved with the recently-implemented exposed scanning token service at Segment and talks through his experience, gotchas, and other security topics.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_197.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Cloud Penetration Testing Explained with Example
What We Discuss with Seth Art: THANKS, Seth Art! If you enjoyed this session with Seth Art, let him know by clicking on the link below and sending him a quick shout out at his website: Click here to thank Seth Art on Linkedin! Click here to let Ashish know about your number one takeaway… Continue reading AWS Cloud Penetration Testing Explained with Example
The post AWS Cloud Penetration Testing Explained with Example appeared first on Cloud Security Podcast .
https://cloudsecuritypodcast.tv/listen-to-the-episodes/aws-cloud-penetration-testing-explained-with-example/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 3: H1-407 Event Madness & Takeaways Part 1
Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things we've learned from participating in HackerOne's H1-407 Live Hacking event. We cover decompiling binaries in various different languages, Windows URI Handlers, Caido, and SameSite Lax + POST.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFrans Rosen S3 Bucket Authorization Blog Post: https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/Getting code from executables:ILSpyDotPeekJadx-GUIPyinstxtractorUncompyle6Jub0b's...
https://rss.com/podcasts/ctbbpodcast/795186
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 1/25/2023
00:00 – PreShow Banter™ — Wade's Googly Eyes00:41 – BHIS – Talkin' Bout [infosec] News 2023-01-2301:26 – Story # 1: BIG TECH LAYOFFS. LAYOFFS! DOOM! RECESSION!
The post Talkin' About Infosec News – 1/25/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-1-25-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Layoff discussions, another TMO breach, OneNote Malware, and more!
Lots of Layoffs (meta, Microsoft, Amazon, Sophos, Alphabet, Google) talk about the future effects of that, did it affect security? Attack surface management is risk management, Breaches and the TSA no-fly list leaked, and more! Full youtube video: https://www.youtube.com/watch?v=1Dgq8FpnWPw Questions and/or potential sub-topics (5 minimum): Layoffs (fear, uncertainty, doubt), what it means for people, https://www.lollydaskal.com/leadership/5-warning-signs-you-are-being-led-by-a-weak-leader/ “No fly list leaked” https://www.vice.com/en/article/93a4p5/us-no-fly-list-leaks-after-being-left-in-an-unsecured-airline-server Attack Surface Management: https://flashpoint.io/blog/what-is-attack-surface-management/ https://www.bleepingcomputer.com/news/security/beware-hackers-now-use-onenote-attachments-to-spread-malware/...
http://brakeingsecurity.com/layoff-discussions-another-tmo-breach-onenote-malware-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 196 - API Reviews, Web App Security Features
Seth and Ken dig into a topic that was raised by a member of our Slack community. The initial half of the show reviews both the risks and dynamic or static review items associated with microservices. This is followed by a discussion that starts by asking the question "what are the must-have security features for a web application?"
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_196.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?
Episode 2: In this episode of Critical Thinking - Bug Bounty Podcast we talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of "Do you have to know how to program to hack?", a walk-through of some very impactful bug bounty reports, and some tips and tricks for exploit writing.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOf-CORS by TruffleSecurityhttps://trufflesecurity.com/blog/of-cors/https://github.com/trufflesecurity/of-corsCyberChefhttps://gchq.github.io/CyberChef/Curl...
https://rss.com/podcasts/ctbbpodcast/785653
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 1/17/2023
00:00 – PreShow Banter™ — Ralph's Guide to Satellite Bands 04:33 – BHIS – Talkin' Bout [infosec] News 2023-01-16 05:25 – Story # 1: Microsoft's new AI can simulate anyone's […]
The post Talkin' About Infosec News – 1/17/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-1-17-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 195 - 2022 CVEs, CORS, GraphQL
Ken (@cktricky) and Seth (@sethlaw) take a step away from the news to review technical articles and research released in the last couple of weeks. This includes analysis done by Jerry Gamblin on total CVEs released during 2022, a new tool for exploiting weak CORS configurations, an excellent writeup on usage along with an intentionally-vulnerable GraphQL application, and finally some thoughts on prototype pollution style vulnerabilities in other interpreted languages (specifically python).
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_195.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#37: Persistence in Information Security with Shad0wbits
The OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and gives advice for those looking to start their own business. He then describes his definition of red teaming, his favorite environment to access, and the worst thing he's done in a test. Lastly, Kai explains why it's important for people in the infosec community to share their knowledge with others as well as community projects he's been working on. Enjoy the episode!
https://podcasters.spotify.com/pod/show/offsec/episodes/37-Persistence-in-Information-Security-with-Shad0wbits-e1tf232
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 1/12/2023
00:00 – PreShow Banter™ — Twitch Airways International00:59 – BHIS – Talkin' Bout [infosec] News 2023-01-1003:56 – Story # 1: How ChatGPT could become a hacker's friendhttps://betanews.com/2023/01/05/how-chatgpt-could-become-a-hackers-friend/14:05 – Story # […]
The post Talkin' About Infosec News – 1/12/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-1-12-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 194 - Frank Wang (dbtlabs) - Organization Security, AI/ML
Frank Wang from dbtlabs (@ffwang2 on twitter) joins Seth and Ken for a discussion on current security landscape, artificial intelligence, and machine learning. Follow Frank on twitter or through his blog at https://franklyspeaking.substack.com/. Discussion starts with current breaches and how organizations approach security through their first security hire. This is followed by a discussion on AI related to ChatGPT and how it will affect security in the future.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_194.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
topics What were the biggest stories of 2022? Any notable trends that you saw https://acut3.github.io/bug-bounty/2023/01/03/fetch-diversion.html (fetch Diversion) I got 5 million steps in 2022! Looking to jog/run 350 miles https://medium.com/@jdowde2/the-security-threat-of-and-in-file-path-strings-d75ee695eb3a (danger of , and .. in file paths Google's threat Horizon's report Additional information / pertinent Links (would you like to know more?): https://services.google.com/fh/files/blogs/gcat_threathorizons_full_jan2023.pdf (google's Threat Horizons report) https://securityboulevard.com/2023/01/google-cybersecurity-action-team-threat-horizons-report-5-is-out/ https://medium.com/malware-buddy/6-useful-infographics-for-threat-intelligence-240d6aca333e ...
http://brakeingsecurity.com/gps-car-hacks-google-threat-report-notable-topics-of-2020-satellite-threat-modelling-twitter-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 1: Introductions, Bug Bounty Reports, and BB Tips
Episode 1: In this episode of Critical Thinking - Bug Bounty Podcast, Joel Margolis (aka 0xteknogeek) and Justin Gardner (aka Rhynorater) cover introductions, a couple of cool bug bounty reports, and some really helpful BB Tips.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterThe report Joel was talking about: https://hackerone.com/reports/1672388
https://rss.com/podcasts/ctbbpodcast/773093
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 1/3/2023
00:00 – PreShow Banter™ — Seven People00:51 – BHIS – Talkin' Bout [infosec] News 2023-01-0201:37 – Story # 1: LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolenhttps://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal32:22 – […]
The post Talkin' About Infosec News – 1/3/2023 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-1-3-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
131: Welcome to Video
Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website.
This story is part of Andy's new book “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency”. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7.
Sponsors
Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone...
https://darknetdiaries.com/episode/131
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talkin' About Infosec News – 12/21/2022
00:00 – PreShow Banter™ — Talkin' Bout [Elon] News00:51 – BHIS – Talkin' Bout [infosec] News 2022-12-1902:46 – Story # 1: Antivirus and EDR solutions tricked into acting as data […]
The post Talkin' About Infosec News – 12/21/2022 appeared first on Black Hills Information Security.
https://www.blackhillsinfosec.com/talkin-about-infosec-news-12-21-2022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
Full stream video on Youtube: https://youtu.be/i1xpAfNFCvY John's Youtube channel, to find more training/contact information: https://www.youtube.com/channel/UC3ctyx980M8jLa_cEiQveLQ https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
http://brakeingsecurity.com/josh-whalen-risk-management-data_visualization-tools-value-creating-activities-p2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 193 - Security Metrics, End-User Security
@cktricky and @sethlaw host another episode starting with a lengthy discussion on security metrics spurred by a recent post by Leif Drezler (@leifdreizler). Security metrics are highly specific and custom to the organization and target audience, as evidenced by the lively discussion between the hosts. This is followed by a discussion of improvements in end-user security based on recent Apple iOS releases that change encryption and protection mechanisms for various services.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_193.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 185
For our final episode of 2022, Camila is back with a special holiday themed
discussion of the security of open source code, plus we hint at what is in store
for the podcast for 2023 and we cover some recent security updates including
Python, PostgreSQL, Squid and more.
https://ubuntusecuritypodcast.org/episode-185/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 192 - Blogs, GoLang Security, ChatGPT
What do _you_ want for an AppSec Christmas! Another episode featuring Ken and Seth, for sure. The duo starts the conversation talking about useful AppSec and Security Blogs while featuring a recent GoLang Security post from Cole Cornford. Followed by an in-depth discussion on ChatGPT to welcome our new AI overlords. Finally, Seth and Ken both talk about what they wish to see this next year for AppSec-mas.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_192.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
130: Jason's Pen Test
Join us as we sit down with Jason Haddix (https://twitter.com/Jhaddix), a renowned penetration tester who has made a name for himself by uncovering vulnerabilities in some of the world's biggest companies. In this episode, Jason shares his funny and enlightening stories about breaking into buildings and computers, and talks about the time he discovered a major security flaw in a popular mobile banking app.
Sponsors
Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing...
https://darknetdiaries.com/episode/130
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
John Whalen, data visualization tools, risk management, handling org risk-p1
Full stream video on Youtube: https://youtu.be/i1xpAfNFCvY John's Youtube channel, to find more training/contact information: https://www.youtube.com/channel/UC3ctyx980M8jLa_cEiQveLQ https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
http://brakeingsecurity.com/john-whalen-data-visualization-tools-risk-management-handling-org-risk-p1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 184
This week we cover Mark Esler's keynote address from UbuCon Asia 2022 on
Improving FOSS Security, plus we look at security vulnerabilities and updates
for snapd, the Linux kernel, ca-certificates and more.
https://ubuntusecuritypodcast.org/episode-184/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 183
This week we look at a recent report from Elastic Security Labs on the global
Linux threat landscape, plus we look at a few of the security vulnerabilities
patched by the team in the past 7 days.
https://ubuntusecuritypodcast.org/episode-183/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 191 - DNS Attacks, Organizational Risk, Mastadon
Going into the final month of 2022, the dynamic duo graces us with their presence. It begins with discussion of DNS Attacks based on Kaminsky-style attacks spurred by research presented at DeepSec by Timo Longen of Sec Consult. Followed by a conversation straight out of Slack about considerations involving organization and technical risks, specifically how to incorporate technical risk into organizational risk ratings. Finally, everyone is moving to Mastadon, but maybe they shouldn't be. Code is open source and there have been more than one flaw already identified in the service, although AppMap also shows how to use their tool to review Mastadon's source to sink interactions.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_191.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 182
After a longer-than-expected break, the Ubuntu Security Podcast is back,
covering some highlights of the various security items planned during the 23.04
development cycle, our entrance into the fediverse of Mastodon, some open
positions on the team and some of the details of the various security updates
from the past week.
https://ubuntusecuritypodcast.org/episode-182/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Infrared - one of the Seattle Community Network organizers
https://youtu.be/iW39Mugj4OM -Full stream video (interview starts at 28m22s) Broadcasted live on Twitch -- Watch live at https://www.twitch.tv/brakesec Seattle Community Network - https://seattlecommunitynetwork.org/ https://medium.com/seattle-community-network/ Check Bryan out on Mastodon! Mastodon
http://brakeingsecurity.com/interview-with-infrared-one-of-the-seattle-community-network-organizers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
128: Gollumfun (Part 1)
Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed.
Sponsors
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support...
https://darknetdiaries.com/episode/128
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 190 - Immutable Laws of Security
Ken and Seth break down the recently-released Immutable Laws of Security from Microsoft's Security Best Practices recommendations. Points of special interest being "Cybersecurity is a team sport", "Not keeping up is falling behind", and "Ruthless Prioritization is a survival skill".
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_190.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JAMBOREE - an Android App testing platform from @operat0r -part2
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA
http://brakeingsecurity.com/jamboree-an-android-app-testing-platform-from-operat0r-part2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 189 - Security Bypasses, AppMap, Dastardly
Seth and Ken kickoff another unique discussion by looking at a recent scholarly paper on security bypasses and workarounds by health care workers. Followed by a demo of AppMap, a development tool that shows code traces based on dynamic use. Finally, a discussion of Portswigger's new Dastardly CI/CD tool and where it fits in the security SDLC.
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_189.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
127: Maddie
Maddie Stone is a security researcher for Google's Project Zero. In this episode we hear what it's like battling zero day vulnerabilities.
Sponsors
Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com.
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access...
https://darknetdiaries.com/episode/127
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JAMBOREE - an Android App testing platform from @operat0r
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part 2 will be available soon! Part 1: https://youtu.be/U5SFav9h1L4
http://brakeingsecurity.com/jamboree-an-android-app-testing-platform-from-operat0r
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#36: Continuous Security Testing with Rob Ragan, Principal Researcher at Bishop Fox
Host FalconSpy returns this week joined by Rob Ragan, Principal Researcher at Bishop Fox! They begin by diving into tips for organizations beginning to build out their continuous security testing and why it's so important. Regan also shares bugs he's discovered deploying your tools to assist with continuous security testing. Next, he gives advice based on his own experience in the InfoSec field to those aspiring to break into the industry. Lastly, he discloses whether degrees or certifications are necessary for a career in InfoSec and how to become more specialized in continuous security testing and automation. Enjoy the episode!
Make sure to check out Bishop Fox:
https://bishopfox.com/blog/introducing-cloudfox
https://github.com/BishopFox/smogcloud
https://podcasters.spotify.com/pod/show/offsec/episodes/36-Continuous-Security-Testing-with-Rob-Ragan--Principal-Researcher-at-Bishop-Fox-e1pmug6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 181
It's the release of Ubuntu 22.10 Kinetic Kudu, and we give you all the details
on what's new and improved, with a particular focus on the security features,
plus we cover a high priority vulnerability in libksba as well.
https://ubuntusecuritypodcast.org/episode-181/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 188 - Security Training, Zero Trust, Rating of IoT Security
What's that you say? There is no such thing as "done" with application security? Are our Sisyphean hosts (@cktricky and @sethlaw) therefore doomed to ever push this rock up the mountain, just to discuss ways to push it up again?
https://absolute-appsec-eps.s3.us-west-1.amazonaws.com/episodes/Absolute_AppSec_Ep_188.mp3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
126: REvil
REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world.
A special thanks to our guest Will, a CTI researcher with Equinix.
Sponsors
Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com.
Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader...
https://darknetdiaries.com/episode/126
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 180
Ubuntu Pro beta is announced and we cover all the details with Lech Sandecki and
Eduardo Barretto, plus we cover security updates for DHCP, kitty, Thunderbird,
LibreOffice, the Linux kernel, .NET 6 and more.
https://ubuntusecuritypodcast.org/episode-180/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
07-oct-news-twitch streaming
https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://medium.com/@johnblatt23/uber-hack-reveals-weakness-in-the-human-firewall-8b44a87d43b4 https://securityintelligence.com/articles/what-to-know-honda-key-fob-vulnerability/ https://www.theregister.com/2022/10/07/binance_hack_566m/ https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://www.bbc.com/news/business-58193396 https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting https://www.coindesk.com/business/2022/10/06/celsius-top-execs-cashed-out-17m-in-crypto-before-bankruptcy/ https://jpgormally.medium.com/cybersecurity-is-a-successfully-failure-9bcf92a1bc88 https://www.bitsight.com/blog/zero-50k-infections-pseudomanuscrypt-sinkholing-part-1
http://brakeingsecurity.com/07-oct-news-twitch-streaming
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#35: Cybersecurity Awareness with Christopher Forte
In this week's episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field. He then comments on why he believes information security is an important topic to care about in our technology-driven lives. Next, the most important security awareness topic, according to Forte, is discussed and he shares some recommendations for improving your information security–whether personally or professionally. Lastly, Chris shares what interests him about mentoring in the community and why it's crucial for others in the infosec community...
https://podcasters.spotify.com/pod/show/offsec/episodes/35-Cybersecurity-Awareness-with-Christopher-Forte-e1oocm7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
125: Jeremiah
Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasn't as secure as the company thought.
You can catch more of Jeremiah on the We're In podcast.
Sponsors
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to...
https://darknetdiaries.com/episode/125
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 179
Finer grained control for unprivileged user namespaces is on the horizon for
Ubuntu 22.10, plus we cover security updates for PCRE, etcd, OAuthLib, SoS,
Squid and more.
https://ubuntusecuritypodcast.org/episode-179/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 178
You can't test your way out of security vulnerabilities (at least when writing
your code in C), plus we cover security updates for Intel Microcode, vim,
Wayland, the Linux kernel, SQLite and more.
https://ubuntusecuritypodcast.org/episode-178/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
124: Synthetic Remittance
What do you get when you combine social engineering, email, crime, finance, and the money stream flowing through big tech? Evaldas Rimašauskas comes to mind. He combined all these to make his big move. A whale of a move.
Sponsors
Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents,...
https://darknetdiaries.com/episode/124
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Uber Breach, MFA fatigue, who can help communicate biz risk?
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/ https://twitter.com/RachelTobac/status/1571542949606957057 Twitter: @boettcherpwned @infosystir @brakeSec @bryanbrake www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec
http://brakeingsecurity.com/uber-breach-mfa-fatigue-who-can-help-communicate-biz-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Episode 177
Alex talks with special guests Nishit Majithia and Matthew Ruffell about a
recent systemd regression on Ubuntu 18.04 LTS plus we cover security updates for
Dnsmasq, the Linux kernel, poppler, .NET 6, rust-regex and more.
https://ubuntusecuritypodcast.org/episode-177/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#34: How to Succeed in InfoSec with Jim O'Gorman and Dave Kennedy
Host TJ Null returns this week with an episode featuring two special guests: Jim O'Gorman and Dave Kennedy! Jim O'Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the first time. Then, they disclose which resources they used to learn more about pentesting. Dave shares how attending events like DefCon and BlackHat gave him indispensable knowledge when he was laying the foundation...
https://podcasters.spotify.com/pod/show/offsec/episodes/34-How-to-Succeed-in-InfoSec-with-Jim-OGorman-and-Dave-Kennedy-e1ng3fv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
123: Newswires
Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that.
Sponsors
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools.
Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Juniper's Zero Trust Data Center...
https://darknetdiaries.com/episode/123
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Manual Code reviews/analysis, post-infosec Campout discussion
checkout our website: https://www.brakeingsecurity.com Follow and subscribe with your Amazon Prime account to our Twitch stream: https://twitch.tv/brakesec Twitter: @infosystir @boettcherpwned @bryanbrake @brakesec Find us on all your favorite podcast platforms! Please leave us a 5 star review to help us grow!
http://brakeingsecurity.com/manual-code-reviewsanalysis-post-infosec-campout-discussion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
122: Lisa
In this episode we hear some insider threat stories from Lisa Forte.
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free...
https://darknetdiaries.com/episode/122
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amanda's Sysmon Talk -p2
Part 2 of our discussion this week with Amanda, Brian, and Bryan on sysmon, We discuss use cases from her talk, and best ways to get sysmon integrated into your environment. BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake https://www.brakeingsecurity.com Our #twitch stream can be found at: Https://twitch.tv/brakesec (subscription is req'd to see full videos)
http://brakeingsecurity.com/amandas-sysmon-talk-p2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amanda's Sysmon Talk -p1
This week Amanda, Brian, and Bryan discuss sysmon, how it works to detect IOCs in your org, and how it extends beyond regular Windows event monitoring. oh... and it's available for Linux too! BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake https://www.brakeingsecurity.com Our #twitch stream can be found at: Https://twitch.tv/brakesec (subscription is req'd to see full videos)
http://brakeingsecurity.com/amandas-sysmon-talk-p1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 269
https://www.bleepingcomputer.com/news/security/cosmicstrand-uefi-malware-found-in-gigabyte-asus-motherboards/ https://www.bleepingcomputer.com/news/security/hackers-scan-for-vulnerabilities-within-15-minutes-of-disclosure/ https://www.techcircle.in/2022/07/31/paytm-mall-refutes-cyber-breach-report-says-users-data-safe
https://defensivesecurity.org/defensive-security-podcast-episode-269/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk
Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. https://wehackpurple.com...
http://brakeingsecurity.com/tanya-janca-securing-apis-finding-security-champions-and-accepting-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
121: Ed
In this episode we hear some penetration test stories from Ed Skoudis (twitter.com/edskoudis). We also catch up with Beau Woods (twitter.com/beauwoods) from I am The Cavalry (iamthecavalry.org).
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support...
https://darknetdiaries.com/episode/121
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tanya Janca on secure coding practices, Swagger docs, and why documentation matters
Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. https://shehackspurple.ca/...
http://brakeingsecurity.com/tanya-janca-on-secure-coding-practices-swagger-docs-and-why-documentation-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 268
Stories: https://www.scmagazine.com/feature/incident-response/why-solarwinds-just-may-be-one-of-the-most-secure-software-companies-in-the-tech-universe https://www.computerweekly.com/news/252522789/Log4Shell-on-its-way-to-becoming-endemic https://www.bleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attacks/ https://www.cybersecuritydive.com/news/microsoft-rollback-macro-blocking-office/627004/ jerry: [00:00:00] All right, here we go today. Sunday, July 17th. 2022. And this is episode 268. Of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kellett. Andy: Hello, Jerry. How are you, sir? jerry: great. How are you … Continue reading Defensive Security Podcast Episode 268 →
https://defensivesecurity.org/defensive-security-podcast-episode-268/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PYPI enables 2FA, some devs have a problem with this
Full #twitch VOD here (prime sub or paid sub required): https://www.twitch.tv/videos/1528342722 https://github.com/untitaker/python-atomicwrites https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html Twitch streams (175+ hours of content!): Https://twitch.tv/brakesec www.brakeingsecurity.com Twitter: @infosystir @boettcherpwned @brakesec @bryanbrake
http://brakeingsecurity.com/pypi-enables-2fa-some-devs-have-a-problem-with-this
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#33: FalconSpy Dives into His Day Job, Internal Penetration Testing
In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!
https://podcasters.spotify.com/pod/show/offsec/episodes/33-FalconSpy-Dives-into-His-Day-Job--Internal-Penetration-Testing-e1l71bj
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Presenting: Click Here "Lapsus$"
We're going to play two stories for you today. First is a story that comes from the podcast Click Here, hosted by Dina Temple Raston. It's about Lapsus$. Then after that Jack Rhysider tells a story about a sewage plant in Australia that had a big problem.
You can find more episode of Click Here on your favorite podcast player or by visiting https://ClickHereShow.com.
Sponsors
Support for this show comes Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs — finding and fixing vulnerabilities in real time. Create your free account at https://snyk.co/darknet.
Support for this show comes from Linode. Linode supplies you with virtual servers. Visit [linode.com/darknet](https://linode.com/darknet)...
https://clickhereshow.com/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 267
Defensive Security Podcast Episode 267 Links: https://www.justice.gov/opa/pr/aerojet-rocketdyne-agrees-pay-9-million-resolve-false-claims-act-allegations-cybersecurity https://us-cert.cisa.gov/ncas/alerts/aa22-187a https://www.zdnet.com/article/these-are-the-cybersecurity-threats-of-tomorrow-that-you-should-be-thinking-about-today/ jerry: [00:00:00] Alright, here we go. Today is Sunday, July 10th, 2022. And this is episode 267 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always. Is Mr. Andrew Kellett. Andy: Good evening, Jerry, how are you? Good, … Continue reading Defensive Security Podcast Episode 267 →
https://defensivesecurity.org/defensive-security-podcast-episode-267/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training
JW Goerlich - “Wolfgang is a cyber security strategist and an active part of the Michigan security community. He co-founded the OWASP Detroit chapter and organizes the annual Converge and BSides Detroit conferences. Wolfgang has held roles such as the Vice President of Consulting, Security Officer, and Vice President of Technology Services. He regularly advises clients on topics ranging from risk management, incident response, business continuity, secure development life cycles, and more.” https://jwgoerlich.com/ RSA talks and discussion Phishing tests - https://www.securityweek.com/research-simulated-phishing-tests-make-organizations-less-secure https://hbr.org/2021/04/phishing-tests-are-necessary-but-they-dont-need-to-be-evil What are the goal of these tests? ...
http://brakeingsecurity.com/jw-goerlich-on-training-phishing-exercises-security-metricsgetting-the-most-from-user-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
120: Voulnet
This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it.
Sponsors
Support for this podcast comes from Cybereason. Cybereason reverses the attacker's advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet.
Support for this show comes from Varonis. Do you wonder what your company's ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before...
https://darknetdiaries.com/episode/120
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#32: Election Integrity & Critical Infrastructure with Lester Godsey
In this week's special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrastructure security. The integrity of the 2020 US Presidential Election is discussed along with Godsey's take on the threats he saw in Maricopa County and lessons learned. Moreover, he highlights the spread of misinformation on social media as well as advice he has for CISOs looking to hire cybersecurity professionals and how to best attract them to roles. Enjoy!
https://podcasters.spotify.com/pod/show/offsec/episodes/32-Election-Integrity--Critical-Infrastructure-with-Lester-Godsey-e1k8bkm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
119: Hot Wallets
In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what he's found.
Much of what we talk about in this episode has been published in Geoff's new book The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War (https://amzn.to/3mKf1qB).
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security...
https://darknetdiaries.com/episode/119
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 266
https://www.csoonline.com/article/3660560/uber-cisos-trial-underscores-the-importance-of-truth-transparency-and-trust.html https://thehackernews.com/2022/06/conti-leaks-reveal-ransomware-gangs.html?m=1 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
https://defensivesecurity.org/defensive-security-podcast-episode-266/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#31: How the OSCP Certification Supports Career Growth
In this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security field. Then, Dark highlights why he decided to obtain his OSCP and how the knowledge he gained from the course benefits him in his career trajectory. He also shares some exciting projects he works on relevant to pentesting. Lastly, Dark shares advice he has for anyone working to become a pentester and hobbies he enjoys outside of infosec. Enjoy the episode!
https://podcasters.spotify.com/pod/show/offsec/episodes/31-How-the-OSCP-Certification-Supports-Career-Growth-e1jm8mh
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
118: Hot Swaps
This is the story of Joseph Harris (https://twitter.com/akad0c). When he was a young teen he got involved with stealing video game accounts and selling them for money. This set him on a course where he flew higher and higher until he got burned.
Joseph sometimes demonstrates vulnerabilities he finds on his YouTube channel https://www.youtube.com/channel/UCdcuF5Zx6BiYmwnS-CiRAng.
Listen to episode 112 “Dirty Coms” to hear more about what goes on in the communities Joseph was involed with.
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps,...
https://darknetdiaries.com/episode/118
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#30: How to Hire the Best Cybersecurity Talent with FalconSpy
In this week's episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he's learned in his career so far. Sharing his experience throughout his OSCP journey, he shares tips for anyone looking to pass the exam who are trying to balance other responsibilities. Then, he offers advice for cybersecurity managers on how to locate the best talent. FalconSpy explains how to make these positions more attractive to cybersecurity professionals. Lastly, he shares a current project he's working on that he's excited about as well as what he envisions as the ‘next big thing' in cybersecurity. Enjoy!...
https://podcasters.spotify.com/pod/show/offsec/episodes/30-How-to-Hire-the-Best-Cybersecurity-Talent-with-FalconSpy-e1j28k1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
117: Daniel the Paladin
Daniel Kelley (https://twitter.com/danielmakelley) was equal parts mischievousness and clever when it came to computers. Until the day his mischief overtook his cleverness.
Sponsors
Support for this show comes from Keeper Security. Keeper Security's is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet.
Support for this podcast comes from Cybereason. Cybereason reverses the attacker's advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet.
Learn...
https://darknetdiaries.com/episode/117
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
116: Mad Dog
Jim Lawler, aka “Mad Dog”, was a CIA case officer for 25 years. In this episode we hear some of the stories he has and things he did while working in the CIA.
Jim has two books out. Affiliate links below.
Living Lies: A Novel of the Iranian Nuclear Weapons Program https://amzn.to/3s0Ppca
In the Twinkling of an Eye: A Novel of Biological Terror and Espionage https://amzn.to/3y7B4OL
Sponsors
Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer.
Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Juniper's Zero Trust Data Center provides uncompromising...
https://darknetdiaries.com/episode/116
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#29: How Hackers Think with Dr. Timothy Summers
In this week's special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. To begin, he explains how he first got into cybersecurity when he got hacked himself. From this experience, he generated a curiosity about why and how it happened. He then shares his hobbies outside of cybersec and dives into his work on hacking cognitive psychology and the hacker mindset. Our guest highlights how organizations can learn from how hackers think to increase innovation within their own company and teach them how to protect themselves...
https://podcasters.spotify.com/pod/show/offsec/episodes/29-How-Hackers-Think-with-Dr--Timothy-Summers-e1hd80a
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
115: Player Cheater Developer Spy
Some video game players buy cheats to win. Let's take a look at this game cheating industry to see who the players are.
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support for this podcast comes from Cybereason. Cybereason reverses the...
https://darknetdiaries.com/episode/115
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#28: ShadowKhan, Lead Pentester and OffSec Community Moderator
In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There's one book in particular, that he highly recommends. ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two of his biggest mistakes when on an assessment. Finally, they wrap by talking about current community projects and blog posts ShadowKhan is working on, as well as what he's doing outside of infosec....
https://podcasters.spotify.com/pod/show/offsec/episodes/28-ShadowKhan--Lead-Pentester-and-OffSec-Community-Moderator-e1h57hq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#27: YinYang in Infosec with Jeremy (harbinger) Miller
In this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode's show notes:
“The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature.
Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as the ones and zeros.
Jeremy (harbinger) Miller is an InfoSec professional primarily interested in how security skills are taught, learned, and applied by individuals and organizations....
https://podcasters.spotify.com/pod/show/offsec/episodes/27-YinYang-in-Infosec-with-Jeremy-harbinger-Miller-e1gqsul
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
114: HD
HD Moore (https://twitter.com/hdmoore) invented a hacking tool called Metasploit. He crammed it with tons of exploits and payloads that can be used to hack into computers. What could possibly go wrong? Learn more about what HD does today by visiting rumble.run/.
Sponsors
Support for this show comes from Quorum Cyber. They exist to defend organisations against cyber security breaches and attacks. That's it. No noise. No hard sell. If you're looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and specially if you are interested in Microsoft Security - reach out to www.quorumcyber.com.
Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically...
https://darknetdiaries.com/episode/114
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 265
Google Exposes Initial Access Broker Ties With Ransomware Actors (bankinfosecurity.com) Okta says hundreds of companies impacted by security breach | TechCrunch Okta: “We made a mistake” delaying the Lapsus$ hack disclosure (bleepingcomputer.com) Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code | TechCrunch DEV-0537 criminal actor targeting organizations for data exfiltration and destruction … Continue reading Defensive Security Podcast Episode 265 →
https://defensivesecurity.org/defensive-security-podcast-episode-265/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#26: Cybersecurity hiring with CISO, Mike Manrod
For this week's episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat about the best way to train an individual into a top cybersecurity professional, even if they don't have the technical skills. Finally, Mike shares his thoughts on the state of cybersecurity...
https://podcasters.spotify.com/pod/show/offsec/episodes/26-Cybersecurity-hiring-with-CISO--Mike-Manrod-e1g34ok
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#25: Mentoring and OSCP Tips with Mike Waxman (Security Engineer, LinkedIn)
This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry. Mike is currently working through his PEN-200 journey toward the OSCP and provides some key tips for those also pursuing the OSCP. He also shares a specific idea on how to best prepare for the exam. Finally, he shares some words of encouragement to those early in their career looking to make their...
https://podcasters.spotify.com/pod/show/offsec/episodes/25-Mentoring-and-OSCP-Tips-with-Mike-Waxman-Security-Engineer--LinkedIn-e1fqm26
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 264
Adafruit discloses data leak from ex-employee's GitHub repo (bleepingcomputer.com) Malware now using NVIDIA's stolen code signing certificates (bleepingcomputer.com) NSA report: This is how you should be securing your network | ZDNet
https://defensivesecurity.org/defensive-security-podcast-episode-264/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#24: Kerberoasting & Security Consulting with Tim Medin (@timmedin)
On this week's episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it's like to run his own consulting company, Red Siege, and shares tips for those looking to start their own. Tim also reveals the one thing he would like to see change in the infosec community. Lastly, he discusses his love for the...
https://podcasters.spotify.com/pod/show/offsec/episodes/24-Kerberoasting--Security-Consulting-with-Tim-Medin-timmedin-e1f4q8k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#23: Sharing Knowledge in Infosec with Phillip Wylie
This week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what they mean for Phillip. Our guest regularly shares knowledge, gives talks, blogs, and teaches, and, in this episode, dives into what drives him to pass on knowledge. He also gives some tips for those starting out in infosec on how to share their experience and possibly even get a job in the process. Besides this, Phillip shares one thing he'd like to see changed in the infosec community and how. Enjoy!
https://podcasters.spotify.com/pod/show/offsec/episodes/23-Sharing-Knowledge-in-Infosec-with-Phillip-Wylie-e1eq4om
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 263
https://www.govinfosecurity.com/data-breach-exposes-booking-details-19-million-customers-a-18505 https://www.helpnetsecurity.com/2022/02/11/cloud-security-training/ https://www.bankinfosecurity.com/massive-breach-hits-500-e-commerce-sites-a-18492 https://www.darkreading.com/cloud/linux-malware-on-the-rise-including-illicit-use-of-cobalt-strike https://www.darkreading.com/attacks-breaches/google-cuts-account-compromises-in-half-with-simple-change
https://defensivesecurity.org/defensive-security-podcast-episode-263/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#22: Cybersecurity in Higher Ed with Ken Pyle
Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec. He reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors. Additionally, Ken sheds light on how universities can meet employers' demand for cybersecurity talent and how employers can attract cybersecurity professionals. Lastly, he shares his favorite...
https://podcasters.spotify.com/pod/show/offsec/episodes/22-Cybersecurity-in-Higher-Ed-with-Ken-Pyle-e1efv9b
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#21: PEN-200 (PWK) Topic Exercises with Matteo Malvica (uf0)
Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo's background and what it's like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a defensive course, coming from the offensive side. Matteo also reveals more details about SOC-200, including its structure and forthcoming content. Then they move to PEN-200 (PWK)'s new Topic Exercises: what they are and why they help the student. They finish up with a few rapid-fire questions. Enjoy the episode!
https://podcasters.spotify.com/pod/show/offsec/episodes/21-PEN-200-PWK-Topic-Exercises-with-Matteo-Malvica-uf0-e1e661j
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 262
https://www.darkreading.com/edge-threat-monitor/most-common-cause-of-data-breach-in-2021-phishing-smishing-bec https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/ https://www.csoonline.com/article/3648991/dhs-announces-the-creation-of-the-cyber-safety-review-board.html https://www.darkreading.com/application-security/disclosure-panic-patch-can-we-do-better-
https://defensivesecurity.org/defensive-security-podcast-episode-262/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#20: The importance of a growth mindset in infosec with J3rryBl4nks
Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey. Additionally, J3rryBl4nks outlines what he looks for in a new hire regardless of their experience in the field. He then highlights his passion for password cracking and good rules to use with hashcat to optimize these results. Lastly, he shares...
https://podcasters.spotify.com/pod/show/offsec/episodes/20-The-importance-of-a-growth-mindset-in-infosec-with-J3rryBl4nks-e1dr9de
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 261
https://www.bleepingcomputer.com/news/security/hackers-are-taking-over-ceo-accounts-with-rogue-oauth-apps/ https://blog.f-secure.com/insight-from-a-large-scale-phishing-study/ https://www.darkreading.com/attacks-breaches/log4j-proved-public-disclosure-still-helps-attackers https://www.csoonline.com/article/3647756/how-to-prioritize-and-remediate-vulnerabilities-in-the-wake-of-log4j-and-microsofts-patch-tuesday-b.html
https://defensivesecurity.org/defensive-security-podcast-episode-261/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#19: Getting comfortable with the uncomfortable in infosec with Heather Monthie
Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses. Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to do the work and why Try Harder allows students to get comfortable with the uncomfortable.
https://podcasters.spotify.com/pod/show/offsec/episodes/19-Getting-comfortable-with-the-uncomfortable-in-infosec-with-Heather-Monthie-e1dgl7f
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 260
https://www.csoonline.com/article/3647209/why-you-should-secure-your-embedded-server-management-interfaces.html https://www.csoonline.com/article/3646613/cybercrime-group-elephant-beetle-lurks-inside-networks-for-months.html https://www.zdnet.com/article/when-open-source-developers-go-bad/ https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
https://defensivesecurity.org/defensive-security-podcast-episode-260/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 259
https://defensivesecurity.org/defensive-security-podcast-episode-259/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#18. From Defensive to Offensive with Billy Trobbiani (c0ntra)
Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into the blue team side of cybersec. Lastly, they chat about c0ntra's interest in cooking and escape rooms. Enjoy the episode!
https://podcasters.spotify.com/pod/show/offsec/episodes/18--From-Defensive-to-Offensive-with-Billy-Trobbiani-c0ntra-e1bncc8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#17. Web Developer turned InfoSec Pro with Omeganeth
Hosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges he faced on his PEN-200 journey and how that changed through the Learn One subscription. Omeganeth gives a description of his experience on Discord when interacting with the community and offers advice to fellow students in regards to it. Finally, Omeganeth ends with a description of Math modeling, one of his interests apart from the world of InfoSec.
https://podcasters.spotify.com/pod/show/offsec/episodes/17--Web-Developer-turned-InfoSec-Pro-with-Omeganeth-e1bb928
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#16. Nation-State Level Defense with Max Kelly, Founder and CEO of [redacted]
Hosts Harbinger (Jeremy Miller) and TJNull catch up with Max Kelly, Founder and CEO of [redacted], a threat intelligence and response platform. Max starts by describing his interesting professional story with nation-state level defense from the highest levels of the private and public sectors at organizations including Facebook and U.S. CyberCom. With the level of sophistication used in cyber-attacks increasing, they discuss how this has changed how organizations need to defend themselves. Specifically, they dig into whether purely defensive playbooks apply anymore. They also get into how this changes the skill set that infosec professionals need to be successful. Finally, they chat about Max's recent feature in the Wall Street Journal on how it's possible for companies to work within...
https://podcasters.spotify.com/pod/show/offsec/episodes/16--Nation-State-Level-Defense-with-Max-Kelly--Founder-and-CEO-of-redacted-e19r1ch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 258
https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/ https://arstechnica.com/gadgets/2021/07/feds-list-the-top-30-most-exploited-vulnerabilities-many-are-years-old/ https://www.securityweek.com/hospital-network-reveals-cause-2020-cyberattack https://www.csoonline.com/article/3628331/recent-shadow-it-related-incidents-present-lessons-to-cisos.html https://www.natlawreview.com/article/another-court-orders-production-cybersecurity-firm-s-forensic-report-data-breach https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds
https://defensivesecurity.org/defensive-security-podcast-episode-258/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 257
https://therecord.media/using-vms-to-hide-ransomware-attacks-is-becoming-more-popular/ https://blog.erratasec.com/2021/07/ransomware-quis-custodiet-ipsos-custodes.html?m=1 https://www.databreachtoday.com/how-mespinoza-ransomware-group-hits-targets-a-17086 https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/ https://arstechnica.com/gadgets/2021/07/kaseya-gets-master-decryptor-to-help-customers-still-suffering-from-revil-attack/
https://defensivesecurity.org/defensive-security-podcast-episode-257/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 256
https://www.csoonline.com/article/3623760/printnightmare-vulnerability-explained-exploits-patches-and-workarounds.html#tk.rss_all https://www.securityweek.com/continuous-updates-everything-you-need-know-about-kaseya-ransomware-attack https://www.databreachtoday.com/kaseya-raced-to-patch-before-ransomware-disaster-a-17006
https://defensivesecurity.org/defensive-security-podcast-episode-256/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 255
https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/ https://www.databreachtoday.com/cisa-firewall-rules-could-have-blunted-solarwinds-malware-a-16919 https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/ https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/
https://defensivesecurity.org/defensive-security-podcast-episode-255/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 254
We're baaaack
https://defensivesecurity.org/defensive-security-podcast-episode-254/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 253
https://www.securityinformed.com/news/intruder-research-mongodb-databases-breached-connected-internet-co-1594211095-ga-co-1594211806-ga.1594215158.html https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/ https://www.csoonline.com/article/3564726/privilege-escalation-explained-why-these-flaws-are-so-valuable-to-hackers.html#tk.rss_all https://arstechnica.com/information-technology/2020/06/theft-of-top-secret-cia-hacking-tools-was-result-of-woefully-lax-security/
https://defensivesecurity.org/defensive-security-podcast-episode-253/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 252
https://www.bankinfosecurity.com/capital-one-must-turn-over-mandiant-forensics-report-a-14352 https://www.databreachtoday.com/insider-threat-lessons-from-3-incidents-a-14312 https://www.zdnet.com/article/ransomware-deploys-virtual-machines-to-hide-itself-from-antivirus-software/
https://defensivesecurity.org/defensive-security-podcast-episode-252/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 251
https://www.securityweek.com/recent-salt-vulnerabilities-exploited-hack-lineageos-ghost-digicert-servers https://www.zdnet.com/article/ransomware-mentioned-in-1000-sec-filings-over-the-past-year/
https://defensivesecurity.org/defensive-security-podcast-episode-251/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 250
https://www.zdnet.com/article/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpns/ https://www.bankinfosecurity.com/attackers-increasingly-using-web-shells-to-create-backdoors-a-14179 https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/
https://defensivesecurity.org/defensive-security-podcast-episode-250/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defensive Security Podcast Episode 249
https://www.tomsguide.com/news/zoom-security-privacy-woes https://www.bankinfosecurity.com/blogs/learn-from-how-others-get-breached-equifax-edition-p-2870 https://www.zdnet.com/article/microsoft-how-one-emotet-infection-took-out-this-organizations-entire-network/ https://www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf
https://defensivesecurity.org/defensive-security-podcast-episode-249/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)