All posts by jb

Defensive Security Podcast Episode 87

Derbycon Videos: http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist

http://www.tripwire.com/state-of-security/top-security-stories/att-discovers-second-insider-breach-this-year/
http://www.zdnet.com/yahoo-confirms-servers-infected-but-not-by-shellshock-7000034411/
http://www.futuresouth.us/wordpress/?p=32
http://www.theregister.co.uk/2014/10/05/report_says_russians_behind_jpmorgan_chase_cyber_attack/
http://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions/
http://hackaday.com/2014/10/05/badusb-means-were-all-screwed/
http://www.csoonline.com/article/2689609/network-security/threat-intelligence-firm-mistakes-research-for-nation-state-attack.html#tk.rss_all

 

Lacie the security dog:

lacie

Defensive Security Podcast Episode 85

http://arstechnica.com/tech-policy/2014/09/senior-it-worker-at-top-tech-law-firm-arrested-for-insider-trading/

Defensive Security Podcast Episode 84

http://www.businessweek.com/articles/2014-09-11/home-depot-hack-malware-points-to-different-hackers-than-targets

http://www.csoonline.com/article/2605857/security-awareness/successful-security-awareness-programs-hold-employees-hands-to-the-fire-in.html

http://www.networkworld.com/article/2604411/security0/ernst-and-young-accused-by-canadian-used-computer-dealer-of-data-breach.html

http://www.cyber-security-blog.com/2013/08/Responding-to-a-Domain-Admin-Account-Compromise-Bootstrapping-Trust-A-Billion-Dollar-Cyber-Security-Problem.html

http://digital-forensics.sans.org/blog/2013/06/20/overview-of-microsofts-best-practices-for-securing-active-directory

Defensive Security Podcast Episode 83

[1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/
[2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/
[2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf
[3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/
[4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/
[5] http://hackerhurricane.blogspot.com/2014/09/infosec-industry-partly-responsible-for.html?m=1

Defensive Security Podcast Episode 82

http://www.databreachtoday.com/buying-cyber-insurance-5-tips-a-7250
http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html
http://www.aorato.com/labs/report/untold-story-target-attack-step-step/
http://www.csoonline.com/article/2599257/network-security/security-council-blames-breaches-on-poor-pci-standard-support.html#tk.rss_all

Defensive Security Podcast Episode 81

 

http://www.csoonline.com/article/2466084/data-protection/community-health-systems-blames-china-for-recent-data-breach.html
http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html
http://www.csoonline.com/article/2597389/data-protection/more-problems-emerge-on-the-community-health-systems-network.html
http://www.securityweek.com/secret-service-over-1000-business-infected-backoff-point-sale-malware
http://nakedsecurity.sophos.com/2014/08/22/the-ups-store-breach-what-went-wrong-and-what-ups-got-right

Defensive Security Podcast Episode 80

[1] Recovering from a hacked website

[2] Albertson’s and Supervalu hacked

[3] VNC everywhere!!!!

[4] HTTPS as a solution to network injection appliances

[5] Tennessee company sues its bank to recover stolen money

[6] 7 places to check for signs of a targeted attack in your network

===================

[1] http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html
[2] http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html
[3] http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/
[4] http://www.theregister.co.uk/2014/08/16/time_to_ditch_http_state_network_injection_attacks_documented_in_the_wild/
[5] http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/
[6] http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/

Defensive Security Podcast Episode 79

[1] Cisco’s mid-year report
[2] Poorly trained IT workers pose a risk to organizations
[3] Cyber security should be professionalized
[4] How hackers are using Google to steal data’
[5] PCI creates a check-box mentality
[6] Gamma’s ownage detailed on pastebin
[7] 1.2 Billion passwords, Russians and controversy
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strengthen-the-security-chain/
[2] http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html
[3] http://www.csoonline.com/article/2461669/security-leadership/cybersecurity-should-be-professionalized.html
[4] http://www.csoonline.com/article/2462409/data-protection/how-hackers-used-google-in-stealing-corporate-data.html
[5] http://www.csoonline.com/article/2460607/security/pci-regime-has-bred-complacent-tick-box-security-among-retailers-tripwire-survey-finds.html
[6] http://pastebin.com/cRYvK4jb
[7] http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/

Defensive Security Podcast Episode 78

Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] Researchers to demonstrate attacks by reprogramming firmware of commodity USB devices
[2] Survey find that enterprises are not paying attention to 3rd party risks, despite recent headlines
[3] Ransomware attack failed thanks to security awareness training
[4] Stubhub defrauded out of $1.6M using stolen passwords of its users
[5] Maricopa County fires IT manager in the wake of a data breach that the IT manager apparently warned the school about
[6] Why PCI can’t stop RAM scraping malware
[7] Plans for Israel’s Iron Dome apparently stolen by Chinese hackers

[1] http://nakedsecurity.sophos.com/2014/08/02/badusb-what-if-you-could-never-trust-a-usb-device-again/
[2] http://www.csoonline.com/article/2458048/security-leadership/insecure-connections-enterprises-hacked-after-neglecting-third-party-risks.html#tk.rss_all
[3] http://www.csoonline.com/article/2459961/security-leadership/security-managers-journal-a-ransomware-flop-thanks-to-security-awareness.html#tk.rss_all
[4] http://www.darkreading.com/7-arrested-3-more-indicted-for-roles-in-cyber-fraud-ring-that-stung-stubhub/d/d-id/1297510
[5] http://www.azfamily.com/news/School-fires-IT-manager-who-warned-of-security-breach-268218462.html
[6] http://www.darkreading.com/attacks-breaches/ram-scraper-malware-why-pci-dss-cant-fix-retail/a/d-id/1297501
[7] http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/