Defensive Security Podcast Episode 10

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Feedback/comments – info@defensivesecurity.org
@defensivesec

Interesting Writeup by ESET on sink holing the zortob.b botnet http://www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/
– common phishing emails emanating from it at the rate of 80m per hour Continue reading “Defensive Security Podcast Episode 10”

Defensive Security Podcast Episode 9

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 9 – From Las Vegas
Comments/questions/hate mail to info@defensivesecurity.org
Follow podcast on twitter @defensivesec

DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised – serving malware, had rudimentary defense against automated analysis

Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
– kudos to bit9 for transparency and disclosure – hopefully works in their favor

Continue reading “Defensive Security Podcast Episode 9”

Defensive Security Podcast Episode 8

Podcast: Play in new window | Download | Embed

Subscribe: RSS

News:

Burger King & Jeep twitter accounts hacked

Microsoft and Apple hacked with same exploit that hit Facebook

NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Continue reading “Defensive Security Podcast Episode 8”

Defensive Security Podcast Episode 7

Podcast: Play in new window | Download | Embed

Subscribe: RSS

defensive security episode 7Please rate the podcast on iTunes!
Follow me on twitter @defensivesec
Send comments to info@defensivesecurity.org

News:

Continue reading “Defensive Security Podcast Episode 7”

Defensive Security Podcast Episode 6

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Suggestions to podcast@defensivesecurity.org

News:

ISD Podcast shuts down
Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites
Yet another Java update. Oracle seems to have gotten the message.
Combofix, a free tool for removing certain kinds of malware, was infected with Sality
- Do not download repackaged software from other file hosting sites. Bad!
Cisco released it’s 2013 security report.
- Legitimate sites much more likely to be malicious than traditional pornography
- Ad networks and content delivery networks worst offenders
Anonymous stole information on 4600 bank executives from a Federal Reserve emergency communication application.
- Fed seems to be downplaying the significance. Continue reading “Defensive Security Podcast Episode 6”

Defensive Security Podcast Episode 5

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Download the MP3 here

Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org

A lot has happened since the last Podcast:

HIPAA mega rule released – all 563 pages
Zero day in Java
Freak-outs ensued
Oracle released a Java patch
Freak-outs continued
Word of new vulnerabilities have emerged Continue reading “Defensive Security Podcast Episode 5”

Defensive Security Podcast Episode 4

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Happy New Year!

In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post.

First, a bit of news. Unless you’re still recovering from an egg-nog hangover, you’ve probably heard about the Internet Explorer zero day exploit. Note that it doesn’t impact the latest versions of IE, only 6, 7 and 8. Continue reading “Defensive Security Podcast Episode 4”