Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks; Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.
More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics; Optimizing the use of security budgets in larger organizations.
New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about #badbios.
BadBIOS intro: http://blog.erratasec.com/2013/10/badbios-features-explained.html
BadBIOS rebuttal: http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
Federal employees circumventing onerous security controls resulting in breaches; Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware.
Hackers hide drugs coming through Belgium port by repeatedly hacking port computer systems; Aligning security with business priorities and other sage advice; how [not] to respond to a malware incident; on the security of jump boxes; reminder about security risks to small businesses; defining metrics for an incident response organization.
Presentation at RSA security analytica: https://www.youtube.com/watch?v=EDR6SwQ_i0I | https://community.emc.com/docs/DOC-27380
The depressingly small impact from the arrest of the black hole exploit kit author; detecting malware embedded in hardware; altering CPUs during manufacturing to weaken random number generation; investigation into major identity theft operation results in discovery that data brokers were infected and that Adobe’s source code and 2.9M user IDs were stolen; recapping Derbycon 3.
- defensive security episode 7Please rate the podcast on iTunes!
- Follow me on twitter @defensivesec
- Send comments to email@example.com