Category Archives: Podcast

Defensive Security Podcast Episode 16

Podcast, Security,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode, another Java 0day, Symantec’s Q1 2013 0day roundup, the Akamai State of the Internet report, the Verizon 2013 DBIR, AP’s twitter feed hack, and cyber terrorists.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.scmagazine.com/livingsocial-updates-encryption-practices-after-password-breach-affects-50m/article/291042/

Q1 0day vulnerabilities: http://www.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities

http://www.akamai.com/stateoftheinternet/

http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf

http://akamai.infoworld.com/d/security/5-hot-security-defenses-dont-deliver-217045

http://www.pcworld.com/article/2036261/ap-twitter-hack-prompts-fresh-look-at-cybersecurity-needs.html

http://www.hotforsecurity.com/blog/associated-press-twitter-account-hack-hits-us-stock-prices-6015.html

http://www.theinquirer.net/inquirer/news/2263460/cyber-terrorists-are-only-a-matter-of-time-warns-eugene-kaspersky

Defensive Security Podcast Episode 15

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

This week: Twitter account hacks highlight opportunity for exploitation by attackers, Microsoft and Malwarebytes both release bad patches, Oracle releases a Java patch which fixes 42 security bugs, Oracle announces that Java 8 is delayed due to the focus on Java 7, a new botnet is being created by compromising WordPress installations for some unknown purpose, Linode was compromised in an attack targeted at some Linode customers, Microsoft finds a trojan that cleans up after itself in the next wave of anti-forensics, the Boston marathon bombing and West, Texas explosions see many phishing scams leading to malware installations, spam is down, targeted attacks via email are up, Microsoft released it’s second half 2012 Security Intelligence Report with some odd mixes of data, Microsoft releases EMET 4.0 beta, and a former employee has been charged with planting back doors on 2723 Hostgator servers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

60 minutes, 48 hours, NPR, BBC twitter accounts recently hacked.

MS and Malwarebytes released bad updates

http://krebsonsecurity.com/2013/04/java-update-plugs-42-security-holes/

http://mreinhold.org/blog/secure-the-train

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

http://www.theregister.co.uk/2013/04/16/linode_breach/

http://m.darkreading.com/133696/show/b7639d290f6c32534f633e85cfe6ac04/

Boston bombing used to spread malware in multiple ways
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Z6nE3UFETb0/

http://news.cnet.com/8301-1009_3-57579847-83/targeted-cyberattacks-jump-42-percent-in-2012-symantec-says/

SIR: http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_Key_Findings_Summary_English.pdf

http://blogs.technet.com/b/srd/archive/2013/04/18/introducing-emet-v4-beta.aspx

http://arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

 

 

Defensive Security Podcast Episode 14

Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

I’ll be picking someone to give an e-copy of @Taosecurity’s new book “The Practice of Network Security” who sends me an email with feedback on the show.
Encrypt your drives, eve. If you don’t think the computer will leave the office: http://feedly.com/k/ZM172z

Spate of MS and Adobe patches fix numerous remote code execution and priv escalation bugs

SEC filings seem to disagree with the growing furor over cyber attacks: http://feedly.com/k/ZM1IRB

51 weeks of windows XP left

FireEye threat report: http://feedly.com/k/11mWyAn

2 ideas for better security: http://feedly.com/k/14VTn5V

A review of APT1 http://www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf

http://packetstormsecurity.com/news/view/22398/Author-Of-The-SSH-Protocol-Wants-A-New-One.html

http://www.networkworld.com/news/2013/041013-shylock-bank-trojan-upgraded-with-268583.html?source=nww_rss

http://packetstormsecurity.com/news/view/22399/Porn-Sites-Pose-Growing-Malware-Risk.html

http://www.bankinfosecurity.com/global-closes-breach-investigation-a-5684?rf=2013-04-15-eb&elq=593a933acd7a48d4b7e39bcc55f49e62&elqCampaignId=6440

Defensive Security Podcast Episode 13

Podcast, Security, ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

The Internet destroying ddos attack that wasn’t

http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/

http://hothardware.com/News/Huge-Spike-In-Mobile-Data-Traffic-Drives-IEEE-400-Gigabit-Ethernet-Standard/

http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/

http://nakedsecurity.sophos.com/2013/04/05/ransomware-child-buse/

http://blog.trendmicro.com/trendlabs-security-intelligence/three-lessons-from-the-south-korea-mbr-wiper-attacks/

Defensive Security Podcast Episode 12

Malware, Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://www.informationweek.com/security/vulnerabilities/cisco-password-fumble-hardware-security/240151244

Etsy’s solution for running java: http://codeascraft.etsy.com/2013/03/18/java-not-even-once/

http://www.infosecurity-magazine.com/view/31372/seoul-cautious-in-blaming-north-korea-for-massive-cyberattack-

http://blogs.mcafee.com/mcafee-labs/south-korean-banks-media-companies-targeted-by-destructive-malware

http://arstechnica.com/security/2013/03/your-hard-drive-will-self-destruct-at-2pm-inside-the-south-korean-cyber-attack/

https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+-+Part+2/15406
https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
https://isc.sans.edu/diary/Wipe+the+drive%21++Stealthy+Malware+Persistence+-+Part+4/15460

The Usefulness of Security Education

Defensive Security Podcast Episode 11

Podcast, Security, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Krebs Swatted: http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/

China: http://www.slate.com/articles/technology/future_tense/2013/03/the_u_s_response_to_chinese_cyberespionage_will_backfire.html

http://www.crn.com/news/security/240150929/new-exploit-evades-all-antivirus-products-for-almost-a-day.htm

http://www.net-security.org/malware_news.php?id=2441

http://m.threatpost.com/en_us/blogs/ramnit-malware-back-and-better-avoiding-detection-031513

http://www.honeynet.org/node/1031

http://arstechnica.com/security/2013/03/national-vulnerability-database-taken-down-by-vulnerability-exploiting-hack/

Mandiant report: http://www.mandiant.com/library/M-Trends_2013.pdf

Solutionary report: http://www.solutionary.com/dms/solutionary/Files/SERT/2013GTIR.pdf

Defensive Security Podcast Episode 10

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Feedback/comments – info@defensivesecurity.org
@defensivesec

Interesting Writeup by ESET on sink holing the zortob.b botnet http://www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/
– common phishing emails emanating from it at the rate of 80m per hour Continue reading Defensive Security Podcast Episode 10

Defensive Security Podcast Episode 9

Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 9 – From Las Vegas
Comments/questions/hate mail to info@defensivesecurity.org
Follow podcast on twitter @defensivesec

DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised – serving malware, had rudimentary defense against automated analysis

Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
– kudos to bit9 for transparency and disclosure – hopefully works in their favor

Continue reading Defensive Security Podcast Episode 9

Defensive Security Podcast Episode 8

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

News:

Burger King & Jeep twitter accounts hacked

Microsoft and Apple hacked with same exploit that hit Facebook

NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Continue reading Defensive Security Podcast Episode 8