Tag Archives: malware

Defensive Security Podcast Episode 85

http://arstechnica.com/tech-policy/2014/09/senior-it-worker-at-top-tech-law-firm-arrested-for-insider-trading/

Defensive Security Podcast Episode 81

 

http://www.csoonline.com/article/2466084/data-protection/community-health-systems-blames-china-for-recent-data-breach.html
http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html
http://www.csoonline.com/article/2597389/data-protection/more-problems-emerge-on-the-community-health-systems-network.html
http://www.securityweek.com/secret-service-over-1000-business-infected-backoff-point-sale-malware
http://nakedsecurity.sophos.com/2014/08/22/the-ups-store-breach-what-went-wrong-and-what-ups-got-right

Defensive Security Podcast Episode 80

[1] Recovering from a hacked website

[2] Albertson’s and Supervalu hacked

[3] VNC everywhere!!!!

[4] HTTPS as a solution to network injection appliances

[5] Tennessee company sues its bank to recover stolen money

[6] 7 places to check for signs of a targeted attack in your network

===================

[1] http://blog.soundidea.co.za/articles/Your_websites_been_hacked_now_what-378.html
[2] http://money.cnn.com/2014/08/15/technology/security/albertsons-supervalu-hack/index.html
[3] http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/
[4] http://www.theregister.co.uk/2014/08/16/time_to_ditch_http_state_network_injection_attacks_documented_in_the_wild/
[5] http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/
[6] http://blog.trendmicro.com/trendlabs-security-intelligence/7-places-to-check-for-signs-of-a-targeted-attack-in-your-network/

Defensive Security Podcast Episode 79

[1] Cisco’s mid-year report
[2] Poorly trained IT workers pose a risk to organizations
[3] Cyber security should be professionalized
[4] How hackers are using Google to steal data’
[5] PCI creates a check-box mentality
[6] Gamma’s ownage detailed on pastebin
[7] 1.2 Billion passwords, Russians and controversy
Web Site | Subscribe in iTunes | Podcast RSS Feed | Twitter Email

[1] https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposing-weak-links-to-strengthen-the-security-chain/
[2] http://www.telegraph.co.uk/technology/internet-security/11011249/Poorly-trained-IT-workers-are-gateway-for-hackers.html
[3] http://www.csoonline.com/article/2461669/security-leadership/cybersecurity-should-be-professionalized.html
[4] http://www.csoonline.com/article/2462409/data-protection/how-hackers-used-google-in-stealing-corporate-data.html
[5] http://www.csoonline.com/article/2460607/security/pci-regime-has-bred-complacent-tick-box-security-among-retailers-tripwire-survey-finds.html
[6] http://pastebin.com/cRYvK4jb
[7] http://www.youarenotpayingattention.com/2014/08/08/the-lie-behind-1-2-billion-stolen-passwords/

Defensive Security Podcast Episode 77

Russians steal the NASDAQ; Importance of AV in incident response; Report finds poor security communication between staff and executives; Microsoft recommends reusing weak passwords; Government malware found being used by criminals; Don’t use security as an excuse to resist the cloud.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.businessweek.com/printer/articles/213544-how-russian-hackers-stole-the-nasdaq
http://www.bankinfosecurity.com/nasdaq-hack-attribution-questioned-a-7080
http://blogs.technet.com/b/neilcar/archive/2009/11/23/incident-response-the-importance-of-anti-virus.aspx
http://searchsecurity.techtarget.com/news/2240224785/Report-finds-poor-security-communication-among-executives
http://www.darknet.org.uk/2014/07/microsoft-says-re-use-passwords-across-sites/
http://www.sentinel-labs.com/wp-content/uploads/2014/07/Sentinel-Labs-Intelligence-Report_0714.pdf
http://images.infoworld.com/d/cloud-computing/sorry-cloud-resisters-control-does-not-equal-security-246386?source=rss_security

Defensive Security Podcast Episode 76

A question from Bob on Active Directory; 67 percent of critical infrastructure providers were breached last year; Malware coming from shipping scanners; It’s the end of the road for Windows Server 2003; Details emerge on the Boeing hack; Testing your APT response plan; Revamping your insider threat program; Beware of computers in hotel business centers.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.esecurityplanet.com/network-security/67-percent-of-critical-infrastructure-providers-were-breached-last-year.html
http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners
http://blogs.technet.com/b/canitpro/archive/2014/06/10/migrating-from-windows-server-2003-to-windows-server-2012-r2.aspx
http://www.databreachtoday.com/details-emerge-boeing-hack-a-7053
http://www.databreachtoday.com/interviews/testing-your-apt-response-plan-i-2382
http://www.csoonline.com/article/2453392/security/revamping-your-insider-threat-program.html?nsdr=true
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

Defensive Security Podcast Episode 69

Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent  DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://arstechnica.com/security/2014/05/bombshell-truecrypt-advisory-backdoor-hack-hoax-none-of-the-above/
http://blog.itgovernance.co.uk/weak-passwords-responsible-for-31-of-cyber-attacks/

http://www.techcentral.co.za/surge-in-security-breaches-report/48374/
http://t.esecurityplanet.com/esecurityplanet/#!/entry/lowes-acknowledges-third-party-data-breach,5383580a025312186c0cf074
http://www.myce.com/news/only-51-of-anti-virus-scanners-detect-zero-day-malware-71652/
http://www.itproportal.com/2014/05/26/stop-the-blame-game-report-reveals-the-secrets-to-business-it-security/
http://news.techworld.com/security/3520791/public-utility-compromised-after-brute-force-attack-dhs-says/
http://mobile.bloomberg.com/news/2014-05-21/u-s-companies-hacked-by-chinese-didn-t-tell-investors.html

Defensive Security Podcast Episode 67

Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M
http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final
http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198e

Defensive Security Podcast Episode 59

Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://threatpost.com/three-things-to-take-away-from-cansecwest-pwn2own/104835

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1

https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf

http://krypt3ia.wordpress.com/2014/03/09/assessment-corporate-threat-intelligence-versus-actual-intelligence-products/

https://securosis.com/mobile/advanced-endpoint-and-server-protection-quick-wins/full

http://www.networkworld.com/news/2014/030514-cios-battle-worker-apathy-towards-279420.html

http://www.csoonline.com/article/749450/navy-network-hack-has-valuable-lessons-for-companies

http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/

Defensive Security Podcast Episode 58

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/