Tag Archives: breach

Defensive Security Podcast Episode 68

Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/
http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516

http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-job

Defensive Security Podcast Episode 67

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 60

Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target’s QSA, gets sued as a result of the breach.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

https://blogs.rsa.com/bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse/

http://www.tripwire.com/state-of-security/vulnerability-management/defend-like-attacker/

https://secunia.com/vulnerability-review/

https://www.slideshare.net/secret/3LQwBdlNZ03kFO

https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/

http://www.bbc.com/news/technology-26358042

http://www.networkworld.com/news/2014/031714-4-lessons-cios-can-learn-279785.html?page=1

http://www.computerworld.com/s/article/9247017/Court_approves_first_of_its_kind_data_breach_settlement

http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865?template=mobile

Defensive Security Podcast Episode 58

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/

Defensive Security Podcast Episode 56

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 48

More advice from Bob; The Target breach; Hacking hard drive controllers; NSA shenanigans; Compromised BBC server for sale; 2014 predictions.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://blog.cryptographyengineering.com/2013/12/can-hackers-decrypt-targets-pin-data.html

http://spritesmods.com/?art=hddhack

http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html

http://www.dailymail.co.uk/news/article-2531062/BBC-takes-three-days-regain-control-computer-server-hacker-breaks-tries-sell-access-cyber-criminals.html

Defensive Security Podcast Episode 44

Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Anonymous government hacks: http://www.reuters.com/article/2013/11/15/us-usa-security-anonymous-fbi-idUSBRE9AE17C20131115

http://krebsonsecurity.com/2013/11/cupid-media-hack-exposed-42m-passwords/

http://blogs.technet.com/b/mmpc/archive/2013/11/20/carberp-based-trojan-attacking-sap.aspx

http://sophos.files.wordpress.com/2013/11/2013-ponemon-institute-midmarket-trends-sophos.pdf

http://www.networkworld.com/news/2013/112013-expert-botnet-takedowns-are-about-276161.html

Block TOR and i2p: http://www.infoworld.com/d/security/cyber-crime-forum-advertises-financial-malware-uses-stealthy-i2p-communications-231410

Brief mention of the stuxnet report: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf