Shows
ShadoSec Cyber Security PodcastShadoSec Bitsized - Microsoft Office 0Day being exploitedImportant Microsoft patch coming soon so make sure to patch your systems soon2021-09-0816 min
ShadoSec Cyber Security PodcastShadoSec Bitsize - CosmosDB problemsA short form version of the main stories of the week2021-08-2817 minShadoSec Cyber Security PodcastShadoSec Podcast episode 21Jorge and Neema do Kaseya and we talk ICloud Max Max baby!2021-07-1546 minShadoSec Cyber Security PodcastShadosec podcast episode 20Neema and Jorge pretend it's may. Jorge edits audio for the first time.
- Ransomware trends ~ 4:30
- WhatsApp for criminals ~15:00 (because WhatsApp wasn't bad enough..)
- Jorge babbles about privacy, Neema is a total trooper about it. ~ 22:10
- SITA data breach. Neema calls Xi the W word. ~ 37:45
- Android Security and the Google IO presentation ~ 43:20
- BSC! ~ 1:21:00
Topic Links
https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28...2021-06-181h 33ShadoSec Cyber Security PodcastShadoSec podcast Episode 19Jorge is away on holiday and Neema steers the cyber ship!
Stories:
https://www.computerweekly.com/news/252501665/Exagrid-pays-26m-to-Conti-ransomware-attackers
https://www.computerweekly.com/news/252501665/Exagrid-pays-26m-to-Conti-ransomware-attackers
https://www.securityweek.com/kenyan-arrested-qatar-first-targeted-phishing-attack?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+securityweek+%28SecurityWeek+RSS+Feed%29
https://techcrunch.com/2021/06/02/stack-overflow-acquired-by-prosus-for-a-reported-1-8-billion/2021-06-0737 min
IrresponsableTVNeema en entrevista para #IrresponsableTVJorge Baca entrevista a Neema para #IrresponsableTV2021-05-3111 minShadoSec Cyber Security PodcastShadosec podcast Episode 18Jorge and Neema blasting cyber security to ashes
Stories:
https://japantoday.com/category/crime/people-in-japan-can-now-earn-%C2%A510-000-bounties-for-scamming-scammers
https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/
https://www.pcmag.com/news/darkside-ransomware-group-loses-server-access-after-us-moves-to-disrupt
https://www.flurry.com/blog/ios-14-5-opt-in-rate-att-restricted-app-tracking-transparency-worldwide-us-daily-latest-update/
https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/
https://blog.ethereum.org/2021/05/18/country-power-no-more/
https://blog.1password.com/welcoming-linux-to-the-1password-family/2021-05-2339 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 17Jorge and Neema doing their Cyber thang
Stories:
https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/amp/
https://www.securemac.com/news/facebook-finds-new-ios-spyware-phenakite
https://www.eff.org/press/releases/eff-and-aclu-ask-supreme-court-review-case-against-warrantless-searches-international
https://www.unibw.de/patch/papers/usenixsecurity20-wasm.pdf
https://www.cnbc.com/2021/04/30/eu-says-apples-app-store-breaches-competition-rules.html2021-05-111h 06ShadoSec Cyber Security PodcastShadoSec podcast Epsiode 16Jorge and Neema spice things up with some Dual Core luvin!
Stories:
https://www.securityweek.com/us-expels-russian-diplomats-imposes-new-round-sanctions?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://threatpost.com/attackers-target-proxylogon-cryptojacker/165418/1
https://techcrunch.com/2021/04/13/fbi-launches-operation-to-remotely-remove-microsoft-exchange-server-backdoors/
https://www.theregister.com/2021/04/21/signal_cellebrite/
Useful links
https://www.apple.com/privacy/docs/A_Day_in_the_Life_of_Your_Data.pdf
https://github.com/WICG/floc/issues/100
https://techcrunch.com/2021/04/13/fortnite-maker-epic-completes-1b-funding-round2021-04-2650 minShadoSec Cyber Security PodcastShadoSec podcast episode 15Just when you thought we were gone ..... Jorge and Neema return with a BANG!
Defenders perspective on Azure!
Useful links:
https://threatpost.com/cna-hit-novel-ransomware/165044/
https://adsecurity.org/?p=4277
https://dirkjanm.io/
https://www.pentestpartners.com/security-blog/azure-ad-attack-of-the-default-config/2021-04-141h 12ShadoSec Cyber Security PodcastShadoSec Podcast Episode 14Jorge and Neema hitchhike the open plains of cyber security!
News stories
https://gizmodo.com/this-mom-allegedly-created-deepfakes-to-bully-her-daugh-1846471615
https://thehackernews.com/2021/03/google-to-reveals-what-personal-data.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
https://www.zdnet.com/article/apple-developers-targeted-by-new-malware-eggshell-backdoor/
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
https://www.zdnet.com/article/google-cloud-here-are-the-six-best-vulnerabilities-security-researchers-found-last-year/
https://www.nytimes.com/interactive/2021/03/18/magazine/facial-recognition-clearview-ai.html
Bitsized chuncks
https://slack.engineering/migrating-millions-of-concurrent-websockets-to-envoy/
2021-03-2644 minShadoSec Cyber Security PodcastShadoSec podcast Episode 13Neema ans Jorge blow up the complex world of Cyber Security!
Stories:
https://www.zdnet.com/article/this-malware-was-written-in-an-unusual-programming-language-to-stop-it-from-being-detected/
https://www.wired.com/story/privacy-first-browser-brave-launching-search-engine/
https://www.infosecurity-magazine.com/news/ransomware-paralyzes-spanish/
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware2021-03-1735 minShadoSec Cyber Security PodcastShadoSec podcast Episode 12Jorge and Neema ride the wavelength of Cyber. Spoiler: It was too big to handle!
Stories
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html
https://www.macrumors.com/2021/03/04/eu-prepares-to-charge-apple-in-spotify-dispute/
https://www.gov.uk/government/news/cma-investigates-apple-over-suspected-anti-competitive-behaviour
https://www.reuters.com/article/us-eu-apple-epic-games-antitrust/epic-games-takes-apple-fight-to-eu-antitrust-regulators-idUSKBN2AH0MO
https://www.coindesk.com/amazon-digital-currency-mexico
MS exchange bug
Hunting recommendations
https://www.microsoft.com/security/blog/2021/03/02...2021-03-1156 minShadoSec Cyber Security PodcastShadoSec Podcast episode 11Jorge and Neema take a stroll through the lush medows of Cyber security!
Show links:
https://developer.amazon.com/en-US/docs/alexa/custom-skills/security-testing-for-an-alexa-skill.html#
https://www.forbes.com/sites/tonyewing/2020/12/06/stop-using-alexa-and-google-assistant-while-working-until-you-change-these-settings/
https://www.forbes.com/sites/thomasbrewster/2021/02/25/exclusive-hackers-break-into-biochemical-systems-at-oxford-uni-lab-studying-covid-19/?sh=246ebaa42a39
https://taler.net/en/features.html
https://www.sec.gov/Archives/edgar/data/1582961/000119312521055798/d898181ds1.htm
https://frame.work/blog/introducing-the-framework-laptop
2021-03-0539 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 10Stories:
https://www.securityweek.com/many-solarwinds-customers-failed-secure-systems-following-hack?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://www.zdnet.com/article/malvertiser-abused-webkit-zero-day-to-redirect-ios-macos-users-to-shady-sites/#ftag=RSSbaffb68
https://www.bloomberg.com/features/2021-supermicro/
https://www.zdnet.com/article/fastest-vpn-how-we-rated-the-top-services/
https://www.zdnet.com/article/more-bosses-are-using-software-to-monitor-remote-workers-not-everyone-is-happy-about-it/
Useful links:
Confiant blog
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
2021-02-2444 minShadoSec Cyber Security PodcastShadoSec podcast Episode 9Neema and Jorge sky dive into the cyber stories of the week!
Stories:
https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/
https://thehackernews.com/2021/02/researchers-reveal-how-iran-spies-on.html
https://www.securityweek.com/hack-exposes-vulnerability-cash-strapped-us-water-plants?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/
https://mashable.com/article/smartphone-health-app-data-police/?europe=true&utm_source=social&utm_medium=instagram&utm_campaign=mash-com-inst-link&utm_content=later-14423192
...2021-02-1646 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 8Jorge rides the cyber train and Neema wings it on his hand glider!
Stories:
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://www.theverge.com/tldr/2021/2/5/22268646/german-police-bitcoin-digital-wallet-missing-password
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
https://techxplore.com/news/2021-02-google-diet-cookies-track-users.html
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
Useful link:
https://tldrlegal.com - Breaks down EULAs in an easy to digest manner 2021-02-1154 minShadoSec Cyber Security PodcastShadoSec podcast episode 7Neema and Jorge ride the cyber train!
Stories:
https://www.bbc.com/news/technology-55826258
https://threatpost.com/rocke-groups-malware-now-has-worm-capabilities/163463/
https://www.infosecurity-magazine.com/news/us-launches-global-action-against/
https://webtransparency.cs.princeton.edu/dark-patterns/
https://www.rfc-editor.org/rfc/rfc8959.txt
https://www.theatlantic.com/ideas/archive/2021/01/why-everybody-obsessed-gamestop/617857/
https://webtransparency.cs.princeton.edu/dark-patterns/
https://www.washingtonpost.com/technology/2021/01/29/apple-privacy-nutrition-label/2021-02-0440 minShadoSec Cyber Security PodcastShadoSec podcast Episode 6Neema and Jorge dive in!
Stories:
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://www.zdnet.com/article/rogue-cctv-technician-spied-on-hundreds-of-customers-during-intimate-moments/
https://arstechnica.com/tech-policy/2021/01/this-site-posted-every-face-from-parlers-capitol-hill-insurrection-videos/
https://www.securityweek.com/sonicwall-says-internal-systems-targeted-hackers-exploiting-zero-day-flaws?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
2021-01-2834 minShadoSec Cyber Security PodcastShadoSec podcast Episode 5Neema and Jorge do what they love!
Stories:
https://securityaffairs.co/wordpress/113446/security/cisco-rv-routers-eol.html?utm_source=rss&utm_medium=rss&utm_campaign=cisco-rv-routers-eol
https://securityaffairs.co/wordpress/113332/deep-web/dark-web-darkmarket-seized.html
Defenders perspective: BEC (Business Email compromise)
https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
Defense Milestones
Containment
Determining the type of compromise and targets
Acquiring exports of affected local inboxes
Establishing the messaging timeline and techniques
Compromised local accounts?
Reset email...2021-01-1942 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 4Neema and Jorge jump into the cyber stories of the week
Stories:
https://threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/
https://arstechnica.com/tech-policy/2021/01/whatsapp-users-must-share-their-data-with-facebook-or-stop-using-the-app/
https://wccftech.com/facebook-publishes-newspaper-ads-to-criticize-apples-ios-14-privacy-updates/
Additional Notes:
BT issue fixed as implemented in open AOSP based projects:
https://github.com/search?p=2&q=5d37d17af57c70d7faa459b92e5b1a758a5a8adb&type=Commits
Specifics on the BT...2021-01-1346 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 3Jorge and Neema take another journey into the world of Cyber Security!
Stories:
https://www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/
https://www.zdnet.com/article/vietnam-targeted-in-complex-supply-chain-attack/#ftag=RSSbaffb68
https://thehackernews.com/2020/12/autohotkey-based-password-stealer.html
https://www.techrepublic.com/article/change-your-macos-power-settings-to-prevent-disconnecting-from-vpnwi-fi-when-the-computer-is-locked/#ftag=RSS56d97e7
Follow us on Twitter @ShadoSec2021-01-0534 minShadoSec Cyber Security PodcastShadoSec Podcast Episode 2Neema and Jorge jump into the Cyber stories of the week
Stories:
https://www.securemac.com/blog/zero-click-imessage-exploit-used-to-hack-journalists
https://threatpost.com/lazarus-covid-19-vaccine-maker-espionage/162591/
https://www.darkreading.com/edge/theedge/5-email-threat-predictions-for-2021-/b/d-id/1339786?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
https://www.nytimes.com/2020/12/21/technology/ripple-cryptocurrency-sec-lawsuit.html
https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html
https://www.scmagazine.com/home/editorial/the-solarwinds-hack-and-the-danger-of-arrogance/
MERRY CHRISTMAS and HAPPY NEW YEAR!2020-12-2846 min
ShadoSec Cyber Security PodcastShadoSec Podcast Episode 1Thank you for downloading and listening. We really appreciate your support.
ShadoSec is geared towards Cyber Security and having a good time with each other and listeners.
Please feel free to share your feedback and ideas with us on Twitter: @ShadoSec
Show Notes:
Stories:
Solarwinds
https://www.wired.com/story/russia-solarwinds-hack-roundup/
Hackers hide card skimming code in CSS:
https://www.zdnet.com/article...2020-12-2132 min