Tag Archives: incident response

Defensive Security Podcast Episode 62

Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650
http://www.esecurityplanet.com/network-security/cyber-insurance-covers-that-7-items-you-might-not-know.html
http://www.tripwire.com/state-of-security/featured/security-meaning-hype/
http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html
http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
http://www.networkworld.com/news/2014/040214-understanding-incident-response-5-tips-280338.html?page=1

Defensive Security Podcast Episode 47

More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy’s nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; Some great incident response documents from Society Generale; More ideas on cleaning up family’s computers when visiting for the holidays.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.businessinsider.com/nicolas-sarkozys-naked-wife-used-as-bait-by-g20-hackers-2013-12

http://www.networkworld.com/news/2013/121113-security-tactics-might-have-helped-276821.html?page=1

http://krebsonsecurity.com/2013/12/hacked-via-rdp-really-dumb-passwords/

http://www.net-security.org/secworld.php?id=16096

http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013

http://www.networkworld.com/news/2013/121013-a-fistful-of-security-fixes-276800.html

https://cert.societegenerale.com/en/publications.html

Defensive Security Podcast Episode 39

Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.csoonline.com/article/741530/security-spending-continues-to-run-a-step-behind-the-threats?page=1
http://www.techrepublic.com/blog/it-security/how-to-respond-to-a-malware-incident/
http://www.infoworld.com/d/security/jump-boxes-improve-security-if-you-set-them-right-228742
http://www.marketplace.org/topics/tech/hacked-small-businesses-often-have-no-place-turn
Presentation at RSA security analytica: https://www.youtube.com/watch?v=EDR6SwQ_i0I | https://community.emc.com/docs/DOC-27380

Defensive Security Podcast Episode 26

Vulnerability market, OWASP top 10 still relevant, HP Storage back door, Default root ssh keys in EAS servers, IPMI Vulnerabilities, Dark Seoul update, Incident response goes horribly wrong, Dropbox and WordPress leveraged by attackers

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Vulnerability market: http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html

OWASP top 10 still relevant: http://www.cyberwarzone.com/dutch-domain-registrar-hacked-sqli

HP Storage back door: http://www.infoworld.com/t/data-security/hp-admits-undocumented-backdoors-in-two-separate-storage-lines-222614

Default root ssh keys in EAS servers: http://www.infosecurity-magazine.com/view/33372/eas-vulnerability-bodies-of-the-dead-could-rise-again/

IPMI Vulnerabilities: http://www.infoworld.com/d/security/serious-flaws-found-in-ipmi-server-management-protocol-222107

Dark Seoul update: http://arstechnica.com/security/2013/07/hard-drive-wiping-malware-that-hit-s-korea-tied-to-military-espionage/
http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf

Incident response goes horribly wrong: http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/

Dropbox and WordPress leveraged by attackers: http://www.pcadvisor.co.uk/news/security/3457260/dropbox-wordpress-used-in-cyberespionage-campaign/