Tag Archives: Java

Defensive Security Podcast Episode 79

[1] Cisco’s mid-year report
[2] Poorly trained IT workers pose a risk to organizations
[3] Cyber security should be professionalized
[4] How hackers are using Google to steal data’
[5] PCI creates a check-box mentality
[6] Gamma’s ownage detailed on pastebin
[7] 1.2 Billion passwords, Russians and controversy
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strengthen-the-security-chain/
[2] http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html
[3] http://www.csoonline.com/article/2461669/security-leadership/cybersecurity-should-be-professionalized.html
[4] http://www.csoonline.com/article/2462409/data-protection/how-hackers-used-google-in-stealing-corporate-data.html
[5] http://www.csoonline.com/article/2460607/security/pci-regime-has-bred-complacent-tick-box-security-among-retailers-tripwire-survey-finds.html
[6] http://pastebin.com/cRYvK4jb
[7] http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/

Defensive Security Podcast Episode 27

Ten year old Java bug, old and vulnerable versions of Java dominate on corporate desktops, a guide on critical infrastructure security, what is wrong with applying standard security approaches to industrial control environments, Lloyds survey finds cyber security is the number 3 concern of business leaders, watering hole attacks are replacing spear phishing as the attack method of choice, the crazy high value of health information dossiers and a cyber exercise performed by some large US banks.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://podcasts.infoworld.com/d/security/most-enterprise-networks-riddled-vulnerable-java-installations-report-says-222983

http://images.infoworld.com/d/security/new-vulnerability-found-in-java-7-opens-door-10-year-old-attack-researchers-say-223029

http://www.osce.org/atu/103500?download=true

http://www.computerweekly.com/blogs/david_lacey/2013/07/scada_security_requires_a_bett.html

http://www.infosecurity-us.com/view/33436/lloyds-cybersecurity-is-the-no-3-global-business-threat/

http://www.infosecurity-us.com/view/33493/water-hole-replacing-spearphishing-as-statesponsored-weapon-of-choice/

http://www.secureworks.com/resources/blog/general-hackers-sell-health-insurance-credentials-bank-accounts-ssns-and-counterfeit-documents/

http://www.americanbanker.com/issues/178_138/mock-cyberattack-on-banks-a-success-sifma-says-1060721-1.html

Defensive Security Podcast Episode 22

Risk Science Podcast, Forensic 4Cast podcast, Gartner security myths, 2013 OWASP top ten, FDA finds security risk in medical devices, Oracle fixes 40 more java bugs, B-sides Rhode Island videos, Can the Germans break PGP?

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

Risk Science Podcast: http://riskscience.net/

Forensic4Cast :http://forensic4cast.com/

Gartner security myths: http://www.networkworld.com/news/2013/061113-gartner-reveals-top-10-it-270738.html

2013 OWASP top ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

FDA finds security risk in medical devices: http://www.networkworld.com/news/2013/061413-federal-regulators-address-rising-security-270844.html

Oracle fixes 40 more java bugs: https://www.infoworld.com/d/security/oracle-ship-40-security-fixes-java-se-220758

B-sides Rhode Island videos: http://www.irongeek.com/i.php?page=videos%2Fbsidesri2013%2Fmainlist

Can the Germans break PGP? http://malwarejake.blogspot.com/2013/06/are-germans-really-breaking-pgp-and-ssh.html

Defensive Security Podcast Episode 21

Verizon, PRISM and Edward Snowden, Java users are bad at patching, cost of breaches is up, Microsoft operation takes down 1462 Citadel botnets, malware increasingly using peer to peer communications for command and control, and malware trends.

 

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 21

Defensive Security Podcast Episode 19

Adobe and Microsoft patches, signed Mac malware, EC Council website hacked, 7 steps to secure Java,  Microsoft on invulnerable software, more on OpUSA, Ohio city’s taxpayer database stolen and the importance of malware being invisible.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email Continue reading Defensive Security Podcast Episode 19

Defensive Security Podcast Episode 15

This week: Twitter account hacks highlight opportunity for exploitation by attackers, Microsoft and Malwarebytes both release bad patches, Oracle releases a Java patch which fixes 42 security bugs, Oracle announces that Java 8 is delayed due to the focus on Java 7, a new botnet is being created by compromising WordPress installations for some unknown purpose, Linode was compromised in an attack targeted at some Linode customers, Microsoft finds a trojan that cleans up after itself in the next wave of anti-forensics, the Boston marathon bombing and West, Texas explosions see many phishing scams leading to malware installations, spam is down, targeted attacks via email are up, Microsoft released it’s second half 2012 Security Intelligence Report with some odd mixes of data, Microsoft releases EMET 4.0 beta, and a former employee has been charged with planting back doors on 2723 Hostgator servers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

60 minutes, 48 hours, NPR, BBC twitter accounts recently hacked.

MS and Malwarebytes released bad updates

http://krebsonsecurity.com/2013/04/java-update-plugs-42-security-holes/

http://mreinhold.org/blog/secure-the-train

http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/

http://www.theregister.co.uk/2013/04/16/linode_breach/

http://m.darkreading.com/133696/show/b7639d290f6c32534f633e85cfe6ac04/

Boston bombing used to spread malware in multiple ways
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Z6nE3UFETb0/

http://news.cnet.com/8301-1009_3-57579847-83/targeted-cyberattacks-jump-42-percent-in-2012-symantec-says/

SIR: http://download.microsoft.com/download/E/0/F/E0F59BE7-E553-4888-9220-1C79CBD14B4F/Microsoft_Security_Intelligence_Report_Volume_14_Key_Findings_Summary_English.pdf

http://blogs.technet.com/b/srd/archive/2013/04/18/introducing-emet-v4-beta.aspx

http://arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/

 

 

Defensive Security Podcast Episode 12

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

http://www.informationweek.com/security/vulnerabilities/cisco-password-fumble-hardware-security/240151244

Etsy’s solution for running java: http://codeascraft.etsy.com/2013/03/18/java-not-even-once/

http://www.infosecurity-magazine.com/view/31372/seoul-cautious-in-blaming-north-korea-for-massive-cyberattack-

http://blogs.mcafee.com/mcafee-labs/south-korean-banks-media-companies-targeted-by-destructive-malware

http://arstechnica.com/security/2013/03/your-hard-drive-will-self-destruct-at-2pm-inside-the-south-korean-cyber-attack/

https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394
https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+-+Part+2/15406
https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448
https://isc.sans.edu/diary/Wipe+the+drive%21++Stealthy+Malware+Persistence+-+Part+4/15460

The Usefulness of Security Education

Defensive Security Podcast Episode 6

Suggestions to podcast@defensivesecurity.org

News:

  • ISD Podcast shuts down
  • Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites
  • Yet another Java update.  Oracle seems to have gotten the message.
  • Combofix, a free tool for removing certain kinds of malware, was infected with Sality
    • Do not download repackaged software from other file hosting sites.  Bad!
  • Cisco released it’s 2013 security report.
    • Legitimate sites much more likely to be malicious than traditional pornography
    • Ad networks and content delivery networks worst offenders
  • Anonymous stole information on 4600 bank executives from a Federal Reserve emergency communication application.

Defensive Security Podcast Episode 5

Download the MP3 here

Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org

A lot has happened since the last Podcast: