Category Archives: Podcast

Defensive Security Podcast Episode 56

Podcast, , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 54

Podcast, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://www.infoworld.com/d/security/target-attack-shows-danger-of-remotely-accessible-hvac-systems-235919

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html
http://www.businessinsider.com/nbc-richard-engel-hacking-report-cyber-attack-sochi-olympics-2014-2

http://www.techrepublic.com/blog/it-security/how-mid-to-large-companies-can-optimize-security-budgets/

Defensive Security Podcast Episode 53

Podcast, , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you

http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

http://www.networkworld.com/news/2014/013114-target-credential-theft-highlights-third-party-278305.html

http://www.networkworld.com/news/2014/013014-positioning-your-institution39s-response-in-278292.html

http://www.networkworld.com/news/2014/013014-tor-enabled-malware-stole-credit-card-278289.html?source=nww_rss

Defensive Security Podcast Episode 52

Podcast, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Coke loses 55 laptops and 56000 records over 7 years; Private cyber espionage network in India; Review of the Shell_Crew hack using Adobe Cold Fusion exploit; Should we punish employees who fall for phishing emails?; Assuming your network has been hacked; more details on the Target breach are emerging.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 51

Podcast

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Bob’s wisdom for the week;  Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council’s response?  AWS & GoDaddy hosting malware.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Why we don’t rely on AV: https://securosis.com/blog/a-very-telling-antivirus-metric

Target:
1. http://arstechnica.com/security/2014/01/point-of-sale-malware-infecting-target-found-hiding-in-plain-sight/
2. http://www.f-secure.com/weblog/archives/00002660.html

Risk Science Podcast Episode 10: http://riskscience.net/2013/12/26/episode-10-speculation-and-conjecture/

AWS & godaddy: http://m.slashdot.org/story/196881.

Defensive Security Podcast Episode 50

Podcast,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.informationweek.com/security/attacks-and-breaches/beware-powerlocker-ransomware/d/d-id/1113344

http://www.csoonline.com/article/745703/senior-managers-fumble-security-much-more-often-than-rank-and-file

http://www.csoonline.com/article/745806/rising-impact-of-target-breach-indicates-deeper-hack-into-systems?page=1

http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112

https://www.maliciouslink.com/a-different-perspective-on-the-ptv-website-vulnerability-debacle/

Defensive Security Podcast Episode 49

Podcast, , , , , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More wisdom from Bob; Yahoo’s ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your organization from data breaches and why this security stuff is hard; A political rant on the state of security.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Yahoo ad network delivering malware:  http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
OpenSSL/hypervisor http://feedly.com/k/1bIBvK1
Importance of monitoring activity: http://www.healthcareitnews.com/news/four-year-long-hipaa-data-breach-discovered
Lawsuit accused Target of not complying with PCI: http://feedly.com/k/1lJp6v0
Probably completely coincidental to the Target breach: http://www.us-cert.gov/ncas/alerts/TA14-002A
7 tips for protecting your business from a data breach: http://feedly.com/k/1alpWsA

http://www.freerepublic.com/focus/f-news/558347/posts

 

Defensive Security Podcast Episode 48

Podcast,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; The Target breach; Hacking hard drive controllers; NSA shenanigans; Compromised BBC server for sale; 2014 predictions.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://blog.cryptographyengineering.com/2013/12/can-hackers-decrypt-targets-pin-data.html

http://spritesmods.com/?art=hddhack

http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html

http://www.dailymail.co.uk/news/article-2531062/BBC-takes-three-days-regain-control-computer-server-hacker-breaks-tries-sell-access-cyber-criminals.html

Defensive Security Podcast Episode 47

Podcast, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

More advice from Bob; Chinese spear phish diplomats with Mrs Bruni-Sarkozy’s nude pictures; Network segmentation could have mitigated phishing attacks on governments; Krebs find organizations having systems with open RDP connections rented out; Generation Y employees have a dubious view on security; 61% of web traffic is automated; 5 recommendations on improving the security situation; Some great incident response documents from Society Generale; More ideas on cleaning up family’s computers when visiting for the holidays.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.businessinsider.com/nicolas-sarkozys-naked-wife-used-as-bait-by-g20-hackers-2013-12

http://www.networkworld.com/news/2013/121113-security-tactics-might-have-helped-276821.html?page=1

http://krebsonsecurity.com/2013/12/hacked-via-rdp-really-dumb-passwords/

http://www.net-security.org/secworld.php?id=16096

http://www.incapsula.com/the-incapsula-blog/item/820-bot-traffic-report-2013

http://www.networkworld.com/news/2013/121013-a-fistful-of-security-fixes-276800.html

https://cert.societegenerale.com/en/publications.html