Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?
Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.
More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.
Cause of recent DOE breach revealed to be outdated Coldfusion; 30% of adults willingly open emails they know are malicious; Spear phishing led to successful attacks on the nyt and twitter; DNS attack types
Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing attacks, Google reports that compromised legitimate sites are more dangerous than malicious sites, Sophos says 30,000 SMB sites are hacked per day to spread malware, the age old debate about administrator rights, password complexity, and the unintended consequences of leaks: foreign companies defect to more hospitable countries, renewed focus on systems administrators, and we can stop pretending to not know where Stuxnet came from. Continue reading Defensive Security Podcast Episode 24→
Adobe warns customers of a Cold Fusion 0day, Washing courts owned by that 0day, web servers found compromised with the Cdorked/Darkleech, critical vulnerability in Nginx, Anonymous’ opUSA turned out to be a bunch of nothing, too many admins is bad for security, Name.com gets compromised, The Onion’s twitter feed is compromise by the SEA, slippery slope of BYOD and Google’s plans for authentication.