Podcast: Play in new window | Download | Embed
Subscribe: RSS
How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading Defensive Security Podcast Episode 36
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Continue reading Defensive Security Podcast Episode 35
Podcast: Play in new window | Download | Embed
Subscribe: RSS
On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite
http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264
http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685
30% of adults willingly open emails they know are malicious: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?page=1
Spear phishing led to successful attacks on the nyt and twitter: http://www.networkworld.com/news/2013/082813-spear-phishing-led-to-dns-273297.html?page=1
DNS attack types: http://images.infoworld.com/d/security/3-types-of-dns-attacks-and-how-deal-them-225826
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other management in the security process.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Mcafee sorry for its $1T estimate: http://www.afr.com/p/technology/mcafee_regrets_flawed_trillion_dollar_msQ2WFkVLEZKx7Yv7ZCMQI
Snowden effect: http://www.networkworld.com/news/2013/082113-how-the-snowden-effect-is-273051.html
http://www.scmagazine.com.au/News/354155,millions-stolen-from-us-banks-after-wire-payment-switch-targeted.aspx
Gartner’s recommendations for engaging the board on infosec: http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/
Here is the link to the Down The Rabbit Hole podcast I mentioned: http://podcast.wh1t3rabbit.net/dt-r-episode-54-evolution-of-info-sec-with-the-godfather-of-ips
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Windows XP vulnerabilities may be stored up: http://www.infoworld.com/d/microsoft-windows/xps-retirement-will-be-hacker-heaven-224796?page=0,1
Department of Energy hacked for second time this year; they are out front on the effort to protect critical infrastructure: http://www.theverge.com/2013/8/16/4628284/department-of-energy-hackers-steal-personal-data-from-14000-employees
Prioritizing vulnerabilities http://blog.risk.io/2013/08/stop-fixing-all-the-things-bsideslv/
Lavabit:
Note:
Here is the link to the Society for Information Risk Analysts I mentioned: https://www.societyinforisk.org/ – the mailing list is here: http://lists.societyinforisk.org/mailman/listinfo/sira
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/
Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1
Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/
Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term “black swan”.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Cyber security: http://www.digitalcrazytown.com/2013/08/is-it-cybersecurity-cyber-security-or.html
USB security concerns: http://www.zdnet.com/usb-flash-drives-masquerading-as-keyboards-mean-more-byod-security-headaches-7000018737/
OVH hack highlights exposure of administrators: http://www.itpro.co.uk/cloud/20266/ovh-hack-prompts-calls-tigher-system-admin-security-controls
GCHQ & MI5 pushing for security review of UK companies: http://www.computerweekly.com/news/2240201775/MI5-and-GCHQ-call-for-FTSE-350-cyber-health-check
Black swans: http://exploringpossibilityspace.blogspot.com/2013/07/think-you-understand-black-swans-think.html
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Perception of risk as an art vs science, Estimating the economic impact of cybercrime and espionage, The futility of analyzing malware and the need to get better at detecting its activity, An attempt to link bad metrics to data loss trends, Insurance is getting cyber security savvy, Application whitelisting, Don’t forget about risks from security devices, Verizon releases the VERIS community database.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Perception of risk as an art vs science: http://www.tripwire.com/ponemon/2013/#riskmetrics
Estimating the economic impact of cyber crime and espionage: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf
The futility of analyzing malware and the need to get better at detecting its activity: https://blog.damballa.com/archives/2052
An attempt to link bad metrics to data loss trends: http://www.techrepublic.com/blog/it-security/why-security-metrics-arent-helping-prevent-data-loss/
Insurance is getting cyber security savvy: http://www.tripwire.com/state-of-security/it-security-data-protection/security-controls/enterprise-insurance-policies-and-the-20-critical-security-controls/
Application white listing: http://www.infoworld.com/d/security/the-one-security-technology-actually-works-222763
Don’t forget about risks from security devices: http://krebsonsecurity.com/2013/07/security-vendors-do-no-harm-heal-thyself/
Verizon releases the VERIS community database: http://www.verizonenterprise.com/security/blog/index.xml?postid=4642
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Ten year old Java bug, old and vulnerable versions of Java dominate on corporate desktops, a guide on critical infrastructure security, what is wrong with applying standard security approaches to industrial control environments, Lloyds survey finds cyber security is the number 3 concern of business leaders, watering hole attacks are replacing spear phishing as the attack method of choice, the crazy high value of health information dossiers and a cyber exercise performed by some large US banks.
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
http://podcasts.infoworld.com/d/security/most-enterprise-networks-riddled-vulnerable-java-installations-report-says-222983
http://images.infoworld.com/d/security/new-vulnerability-found-in-java-7-opens-door-10-year-old-attack-researchers-say-223029
http://www.osce.org/atu/103500?download=true
http://www.computerweekly.com/blogs/david_lacey/2013/07/scada_security_requires_a_bett.html
http://www.infosecurity-us.com/view/33436/lloyds-cybersecurity-is-the-no-3-global-business-threat/
http://www.infosecurity-us.com/view/33493/water-hole-replacing-spearphishing-as-statesponsored-weapon-of-choice/
http://www.secureworks.com/resources/blog/general-hackers-sell-health-insurance-credentials-bank-accounts-ssns-and-counterfeit-documents/
http://www.americanbanker.com/issues/178_138/mock-cyberattack-on-banks-a-success-sifma-says-1060721-1.html