Tag Archives: information security

Defensive Security Podcast Episode 131

http://www.bizjournals.com/atlanta/blog/atlantech/2015/09/atlantas-bitpay-got-hacked-for-1-8-million-in.html

http://www.securityweek.com/excellus-data-breach-impacts-10-million

http://www.databreachtoday.com/attacks-on-insurers-lessons-learned-a-8530

http://federalnewsradio.com/cybersecurity/2015/09/us-certs-dos-and-donts-for-after-the-cyber-hack/

http://www.theguardian.com/technology/2015/sep/10/cyber-threat-data-manipulation-us-intelligence-chief

http://www.csoonline.com/article/2984543/vulnerabilities/as-containers-take-off-so-do-security-concerns.html

Defensive Security Podcast Episode 83

[1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/
[2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/
[2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf
[3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/
[4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/
[5] http://hackerhurricane.blogspot.com/2014/09/infosec-industry-partly-responsible-for.html?m=1

Defensive Security Podcast Episode 80

[1] Recovering from a hacked website

[2] Albertson’s and Supervalu hacked

[3] VNC everywhere!!!!

[4] HTTPS as a solution to network injection appliances

[5] Tennessee company sues its bank to recover stolen money

[6] 7 places to check for signs of a targeted attack in your network

===================

[1] http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html
[2] http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html
[3] http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/
[4] http://www.theregister.co.uk/2014/08/16/time_to_ditch_http_state_network_injection_attacks_documented_in_the_wild/
[5] http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/
[6] http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/

Defensive Security Podcast Episode 79

[1] Cisco’s mid-year report
[2] Poorly trained IT workers pose a risk to organizations
[3] Cyber security should be professionalized
[4] How hackers are using Google to steal data’
[5] PCI creates a check-box mentality
[6] Gamma’s ownage detailed on pastebin
[7] 1.2 Billion passwords, Russians and controversy
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strengthen-the-security-chain/
[2] http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html
[3] http://www.csoonline.com/article/2461669/security-leadership/cybersecurity-should-be-professionalized.html
[4] http://www.csoonline.com/article/2462409/data-protection/how-hackers-used-google-in-stealing-corporate-data.html
[5] http://www.csoonline.com/article/2460607/security/pci-regime-has-bred-complacent-tick-box-security-among-retailers-tripwire-survey-finds.html
[6] http://pastebin.com/cRYvK4jb
[7] http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/

Defensive Security Podcast Episode 78

Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] Researchers to demonstrate attacks by reprogramming firmware of commodity USB devices
[2] Survey find that enterprises are not paying attention to 3rd party risks, despite recent headlines
[3] Ransomware attack failed thanks to security awareness training
[4] Stubhub defrauded out of $1.6M using stolen passwords of its users
[5] Maricopa County fires IT manager in the wake of a data breach that the IT manager apparently warned the school about
[6] Why PCI can’t stop RAM scraping malware
[7] Plans for Israel’s Iron Dome apparently stolen by Chinese hackers

[1] http://nakedsecurity.sophos.com/2014/08/02/badusb-what-if-you-could-never-trust-a-usb-device-again/
[2] http://www.csoonline.com/article/2458048/security-leadership/insecure-connections-enterprises-hacked-after-neglecting-third-party-risks.html#tk.rss_all
[3] http://www.csoonline.com/article/2459961/security-leadership/security-managers-journal-a-ransomware-flop-thanks-to-security-awareness.html#tk.rss_all
[4] http://www.darkreading.com/7-arrested-3-more-indicted-for-roles-in-cyber-fraud-ring-that-stung-stubhub/d/d-id/1297510
[5] http://www.azfamily.com/news/School-fires-IT-manager-who-warned-of-security-breach-268218462.html
[6] http://www.darkreading.com/attacks-breaches/ram-scraper-malware-why-pci-dss-cant-fix-retail/a/d-id/1297501
[7] http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/

Defensive Security Podcast Episode 77

Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don’t use security as an excuse to resist the cloud.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.businessweek.com/printer/articles/213544-how-russian-hackers-stole-the-nasdaq
http://www.bankinfosecurity.com/nasdaq-hack-attribution-questioned-a-7080
http://blogs.technet.com/b/neilcar/archive/2009/11/23/incident-response-the-importance-of-anti-virus.aspx
http://searchsecurity.techtarget.com/news/2240224785/Report-finds-poor-security-communication-among-executives
http://www.darknet.org.uk/2014/07/microsoft-says-re-use-passwords-across-sites/
http://www.sentinel-labs.com/wp-content/uploads/2014/07/Sentinel-Labs-Intelligence-Report_0714.pdf
http://images.infoworld.com/d/cloud-computing/sorry-cloud-resisters-control-does-not-equal-security-246386?source=rss_security

Defensive Security Podcast Episode 76

A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It’s the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.esecurityplanet.com/network-security/67-percent-of-critical-infrastructure-providers-were-breached-last-year.html
http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners
http://blogs.technet.com/b/canitpro/archive/2014/06/10/migrating-from-windows-server-2003-to-windows-server-2012-r2.aspx
http://www.databreachtoday.com/details-emerge-boeing-hack-a-7053
http://www.databreachtoday.com/interviews/testing-your-apt-response-plan-i-2382
http://www.csoonline.com/article/2453392/security/revamping-your-insider-threat-program.html?nsdr=true
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

Defensive Security Podcast Episode 71

Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.reuters.com/article/2014/06/10/sec-cybersecurity-aguilar-idUSL2N0OR13U20140610

https://securityledger.com/2014/06/ipmi-insecurity-affects-200k-systems/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

http://www.forbes.com/sites/davelewis/2014/06/03/network-security-build-to-fail/

http://www.infoworld.com/d/security/5-lessons-companies-get-computer-security-right-243407

http://cyberwarzone.com/hackers-behind-oppetrol-will-attack-june-20-2014/

http://www.mondovisione.com/media-and-resources/news/bank-of-england-launches-new-framework-to-test-for-cyber-vulnerabilities/

http://www.dailyfinance.com/2014/06/05/target-data-breach-shoppers-dont-care/

http://www.startribune.com/business/261527581.html

http://www.wired.com/2014/06/bleed/

http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

Fuckyer: https://m.youtube.com/watch?v=2I-nudEqz7o

Defensive Security Podcast Episode 69

Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent  DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/
http://blog.itgovernance.co.uk/weak-passwords-responsible-for-31-of-cyber-attacks/

http://www.techcentral.co.za/surge-in-security-breaches-report/48374/
http://t.esecurityplanet.com/esecurityplanet/#!/entry/lowes-acknowledges-third-party-data-breach,5383580a025312186c0cf074
http://www.myce.com/news/only-51-of-anti-virus-scanners-detect-zero-day-malware-71652/
http://www.itproportal.com/2014/05/26/stop-the-blame-game-report-reveals-the-secrets-to-business-it-security/
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
http://mobile.bloomberg.com/news/2014-05-21/u-s-companies-hacked-by-chinese-didn-t-tell-investors.html