Defensive Security Podcast Episode 38

Study on personality traits and susceptibility to phishing; Android is apparently more secure than iOS; Don’t forget to factor malicious BHO’s into your plans; Don’t forget to factor malicious BHO’s into your plans; More registrar attacks; Insider threats are number 1; Defending against watering hole attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Defensive Security Podcast Episode 37

The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to  weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading “Defensive Security Podcast Episode 37”

Defensive Security Podcast Episode 36

How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security

 

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading “Defensive Security Podcast Episode 36”

Defensive Security Podcast Episode 35

Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading “Defensive Security Podcast Episode 35”

Defensive Security Podcast Episode 34

On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite

http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264

http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471

Defensive Security Podcast Episode 33

Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Cause of recent DOE breach revealed to be outdated Coldfusion: http://www.informationweek.com/security/attacks/energy-dept-hack-details-emerge/240160685

30% of adults willingly open emails they know are malicious: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?page=1

Spear phishing led to successful attacks on the nyt and twitter: http://www.networkworld.com/news/2013/082813-spear-phishing-led-to-dns-273297.html?page=1

DNS attack types: http://images.infoworld.com/d/security/3-types-of-dns-attacks-and-how-deal-them-225826

Defensive Security Podcast Episode 32

Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other management in the security process.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Mcafee sorry for its $1T estimate: http://www.afr.com/p/technology/mcafee_regrets_flawed_trillion_dollar_msQ2WFkVLEZKx7Yv7ZCMQI

Snowden effect: http://www.networkworld.com/news/2013/082113-how-the-snowden-effect-is-273051.html

http://www.scmagazine.com.au/News/354155,millions-stolen-from-us-banks-after-wire-payment-switch-targeted.aspx

Gartner’s recommendations for engaging the board on infosec: http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/

Here is the link to the Down The Rabbit Hole podcast I mentioned: http://podcast.wh1t3rabbit.net/dt-r-episode-54-evolution-of-info-sec-with-the-godfather-of-ips

Defensive Security Podcast Episode 31

Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

 Department of Energy hacked for second time this year; they are out front on the effort to protect critical infrastructure: http://www.theverge.com/2013/8/16/4628284/department-of-energy-hackers-steal-personal-data-from-14000-employees

Lavabit: 

 Note: 

Here is the link to the Society for Information Risk Analysts I mentioned: https://www.societyinforisk.org/ – the mailing list is here: http://lists.societyinforisk.org/mailman/listinfo/sira

Defensive Security Podcast Episode 30

Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/

Incentives for complying with cyber framework: http://www.csoonline.com/article/737795/white-house-considers-incentives-for-cybersecurity?page=1

Benefits of expanding the cyber insurance market: http://nakedsecurity.sophos.com/2013/08/09/will-insurance-firms-be-the-big-winners-in-the-struggle-for-cyber-security/

Thousands of .nl domains redirected to black hole exploit kit: http://www.zdnet.com/dutch-dns-server-hack-thousands-of-sites-serve-up-malware-7000019196/

 

Defensive Security Podcast Episode 29

Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term “black swan”.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Cyber security: http://www.digitalcrazytown.com/2013/08/is-it-cybersecurity-cyber-security-or.html

USB security concerns: http://www.zdnet.com/usb-flash-drives-masquerading-as-keyboards-mean-more-byod-security-headaches-7000018737/

OVH hack highlights exposure of administrators: http://www.itpro.co.uk/cloud/20266/ovh-hack-prompts-calls-tigher-system-admin-security-controls

GCHQ & MI5 pushing for security review of UK companies: http://www.computerweekly.com/news/2240201775/MI5-and-GCHQ-call-for-FTSE-350-cyber-health-check

Black swans: http://exploringpossibilityspace.blogspot.com/2013/07/think-you-understand-black-swans-think.html