Tag Archives: Syrian Electronic Army

Defensive Security Podcast Episode 73

Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/
http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/
http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
http://www.cnbc.com/id/101770396
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761
https://medium.com/@FredericJacobs/the-reuters-compromise-by-the-syrian-electronic-army-6bf570e1a85b
http://www.theregister.co.uk/2014/06/23/aviva_heartbleed_hack/

Defensive Security Podcast Episode 59

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/

Defensive Security Podcast Episode 43

More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
PCI 3: http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208
Study of malware analysts, highlighting that it’s apparently common to not disclose breaches: http://www.threattracksecurity.com/documents/malware-analysts-study.pdf
EastWest produces document outlining need for better incident/breach metrics: https://dl.dropboxusercontent.com/s/84odmpmtoee7rbu/MCP%20Final%2010_22_2013.pdf
VERIS Community already has this: http://www.veriscommunity.net/doku.php?id=public and it’s part of the input for the DBIR
Benefits of a grc application: http://www.computerworld.com/s/article/9243025/The_best_data_security_offense_is_a_good_defense?taxonomyId=17&pageNumber=1

 

 

Defensive Security Podcast Episode 33

Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685

30% of adults willingly open emails they know are malicious: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?page=1

Spear phishing led to successful attacks on the nyt and twitter: http://www.networkworld.com/news/2013/082813-spear-phishing-led-to-dns-273297.html?page=1

DNS attack types: http://images.infoworld.com/d/security/3-types-of-dns-attacks-and-how-deal-them-225826

Defensive Security Podcast Episode 24

Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing attacks, Google reports that compromised legitimate sites are more dangerous than malicious sites, Sophos says 30,000 SMB sites are hacked per day to spread malware, the age old debate about administrator rights, password complexity, and the unintended consequences of leaks: foreign companies defect to more hospitable countries, renewed focus on systems administrators, and we can stop pretending to not know where Stuxnet came from. Continue reading Defensive Security Podcast Episode 24

Defensive Security Podcast Episode 18

Adobe warns customers of a Cold Fusion 0day, Washing courts owned by that 0day, web servers found compromised with the Cdorked/Darkleech, critical vulnerability in Nginx, Anonymous’ opUSA turned out to be a bunch of nothing, too many admins is bad for security, Name.com gets compromised, The Onion’s twitter feed is compromise by the SEA, slippery slope of BYOD and Google’s plans for authentication.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

 

Cold fusion: http://www.networkworld.com/news/2013/050913-adobe-warns-customers-of-unpatched-269596.html