Tag Archives: security

Defensive Security Podcast Episode 71

Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.reuters.com/article/2014/06/10/sec-cybersecurity-aguilar-idUSL2N0OR13U20140610

https://securityledger.com/2014/06/ipmi-insecurity-affects-200k-systems/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

http://www.forbes.com/sites/davelewis/2014/06/03/network-security-build-to-fail/

http://www.infoworld.com/d/security/5-lessons-companies-get-computer-security-right-243407

http://cyberwarzone.com/hackers-behind-oppetrol-will-attack-june-20-2014/

http://www.mondovisione.com/media-and-resources/news/bank-of-england-launches-new-framework-to-test-for-cyber-vulnerabilities/

http://www.dailyfinance.com/2014/06/05/target-data-breach-shoppers-dont-care/

http://www.startribune.com/business/261527581.html

http://www.wired.com/2014/06/bleed/

http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

Fuckyer: https://m.youtube.com/watch?v=2I-nudEqz7o

Defensive Security Podcast Episode 67

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 57

Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://meetupblog.meetup.com/post/78413031007/no-doubt-this-has-been-a-tough-weekend-for
http://www.networkworld.com/research/2014/022414-how-to-test-the-security-279049.html
http://www.networkworld.com/news/2014/022014-why-companies-need-to-check-278927.html
http://www.networkworld.com/news/2014/022414-6-lessons-learned-about-the-279082.html
http://www.networkworld.com/news/2014/022414-how-it-can-establish-better-279048.html
http://www.counciloncybersecurity.org/attachments/article/12/CSC-MASTER-VER50-2-27-2014.pdf

 

Defensive Security Podcast Episode 56

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 38

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 4

Happy New Year!

In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post.

First, a bit of news.  Unless you’re still recovering from an egg-nog hangover, you’ve probably heard about the Internet Explorer zero day exploit. Note that it doesn’t impact the latest versions of IE, only 6, 7 and 8. Continue reading Defensive Security Podcast Episode 4

Fortune Cookies

2013 Security Predictions

It’s late fall, and time for vendors around the world to start guessing at what threats the coming year will bring.

First up, Symantec’s 5 Security Predictions for 2013:

  • Cyber conflict becomes the norm
  • Ransomware is the new scareware
  • Madware adds to the insanity
  • Monetization of social networks introduces new dangers
  • As users shift to mobile and cloud, so will attackers

Continue reading 2013 Security Predictions