podcast
details
.com
Print
Share
Look for any podcast host, guest or anyone
Search
Showing episodes and shows of
Threatpost
Shows
The Threatpost Podcast
Inside the Hackers’ Toolkit
There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and trainings to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by Egress, we sit down with Jack Chapman to discuss the steps and tactics that companies can take to stay one step ahead of their adversaries. During our conversation, we discuss: Weaknesses that attackers look to exploit Evolution of toolkits Securing MFA and more
2022-08-09
16 min
0d - Zeroday
0d096 - Was weiß Amazon über mich (Teil 2)
Für die heutige Folge haben sich Stefan und Sven einmal die Daten angesehen, welche Stefan sich von Amazon angefordert hatte. Es ist zum einen interessant zum anderen aber auch erschreckend was sich darin alles findet. Aber hört selbst. Kontakt: Website: 0x0d.de – Email: Feedback@0x0d.de (PGP) – Signal: +4916098720733Twitter: @Zeroday_Podcast – Mastodon: @zeroday@chaos.social Datenverluste 22.05.2022: Over 8 GB Database Exposing Millions of Hotel Guests Dumped (for Free) on Telegram 06.07.2022: Marriott confirms another data breach after hotel got hacked 30.6.2022: OpenSea discloses data breach, warns users of phishing attacks 14.07.2022: Datenschutz...
2022-07-15
2h 41
The Threatpost Podcast
Being prepared for adversarial attacks
There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, , Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s FortiGuard Labs to discuss the threats facing CISOs along with more. During the course of our discussion, we dive into: What an attack on all fronts looks like The current state of the threat landscape New techniques being leve...
2022-06-02
22 min
The Threatpost Podcast
Killing Cloud Risk by Bulletproofing App Security: Podcast
Applications are the most preferred vectors for cybercriminals. Yet no single team or process can assure the rollout of safe cloud applications. From code design to unit testing to deployment, teams and tools have to work together to detect risks early while keeping the pipeline of digital products moving. Alex Rice, CTO at HackerOne and Johnathan Hunt, VP of Security at GitLab, help development teams evolve their processes to build security directly into their workflows for smooth and safe cloud app rollouts. They dropped by the Threatpost podcast recently to share tips on De...
2022-02-17
25 min
The Threatpost Podcast
How to Buy Precious Patching Time as Log4j Exploits Fly
Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.
2021-12-14
19 min
The Threatpost Podcast
Threatpost Podcast: Attackers Will Flock to Crypto Wallets, Linux in 2022
2021-11-23
28 min
CyberAware Podcast
Basics of Cybersecurity
Tune in to hear Nathan and Ham discuss how to #BeCyberAware with the basics of cybersecurity. Learn about the Four P’s – phishing, passwords, patching, and protect your devices – to help you stay safe. Plus, Nathan and Ham both share interesting personal stories about their encounters with cybercrime and they give their top tips on how to avoid falling into the traps of hackers. Get an insight into cybersecurity terminology you may have never even heard of, like a “whaling” and “zero-day vulnerability.”This episode is ended with a segment of current news and events given by Mercy. She cov...
2021-10-06
25 min
The Threatpost Podcast
DDoS Attacks Are a Flourishing Business for Cybercrooks – Podcast
Imperva’s Peter Klimek visited Threatpost podcast to discuss the evolution of DDoS attacks: They started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
2021-09-14
24 min
The Threatpost Podcast
What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast
Bryce Webster-Jacobsen – director of intelligence operations at digital risk protection/ransomware negotiators GroupSense – dropped by the Threatpost podcast to tell us what percentage of Ragnar Locker’s warning that victims shouldn't call the FBI/police/negotiators is a bluff and what, if anything, security teams should take seriously.
2021-09-08
13 min
The Threatpost Podcast
What’s Next for T-Mobile and Its Customers? – Podcast
Interos CEO Jennifer Bisceglie drops by the Threatpost podcast to talk about avoiding the mess a T-Mobile size breach can lead to, with the damage it can do to a business's brand, reputation, customer loyalty and revenue stream.
2021-08-19
16 min
The Threatpost Podcast
We COVID-Clicked on Garbage, Report Finds: Podcast
n the company’s annual Human Factor 2021 report assessing how the threat landscape morphed over the past year, Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious email attachments. Could be that threat actors jumped on our Pavlovian work-from-home security conditioning, as suggested by Proofpoint vice president and general manager of email fraud defense Rob Holmes. Check out the Threatpost podcast for his take on how the pandemic influenced the threat landscape.
2021-08-04
16 min
Meanwhile in Security
All Roads Lead to Cloud
Links:What does it Take to Secure Containers?: https://www.darkreading.com/cloud/what-does-it-take-to-secure-containers-Critical ICS vulnerabilities can be exploited through leading cloud-management platforms: https://threatpost.com/industrial-networks-exposed-cloud-operational-tech/168024/Kaseya Obtains Universal Decryptor for REvil Ransomware: https://threatpost.com/kaseya-universal-decryptor-revil-ransomware/168070/Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows: https://threatpost.com/kubernetes-cyberattacks-argo-workflows/167997/Cloud security is like an ‘all-you-can-eat buffet’: https://statescoop.com/cloud-security-is-like-an-all-you-can-eat-buffet/Cloud security in 2021: A business guide to essential tools and best practices: https://www.zdnet.com/article/cloud-security-in-2021-a-business-guide-to-essential-tools-and-best-practices/GitHub boosts supply chain security for Go modules: https://www.zdnet.com/article/github-boosts-supply-chain-security-for-go-modules/Cloud (in)security: Avoiding comm...
2021-07-29
08 min
The Threatpost Podcast
IoT Piranhas Are Swarming Industrial Controls
Threat actors have been building enormous botnets using IoT devices to try to compromise the computing systems that control crucial infrastructure, such as pipelines (case in point: the DarkSide ransomware attack on Colonial Pipeline) and other utilities, preying on legacy systems that have decades-old vulnerabilities. In this Threatpost podcast, Armis CISO Curtis Simpson delves into how to fight back.
2021-07-23
23 min
The Threatpost Podcast
What's Behind the Cybercriminal Supply Chain
Derek Manky Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs is joined by Threatpost podcast host Cody Hackett about the cybersecurity supply chain. What is it? How is it funded? And who are the victims and criminals within this multi-million dollar dark economy?
2021-04-21
22 min
The Threatpost Podcast
Chinese Hackers Stole NSA-Linked Hacking Tool: Report
Yaniv Balmas, the head of cyber research with Check Point Software, and Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week's Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the SolarWinds supply-chain hack.
2021-02-22
19 min
Turvakäräjät
Episodi 39 - Pakettipäällikkö
Tärkeä: Rick Roll 60FPS 4Khttps://youtu.be/2ocykBzWDiM Applen M1-sirussa adware maltsuahttps://threatpost.com/macos-malware-apple-m1-processor/164075/Dependency Confusion - riippuvuussekaannus NPM, pip ja gem pakettihallintajärjestelmien toiminnassahttps://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610Nordean verkkopankin käyttäjä pääsi toisen asiakkaan mobiilipankkiin - mutta kyseessä ei pettänyt tietoturva!https://yle.fi/uutiset/3-11800470M1 sirussa lisää haavoja! https://threatpost.com/silver-sparrow-malware-30k-macs/164121/
2021-02-22
53 min
You've Already Been Hacked
Solarwinds goes back to 2019, High-performance computers compromised, and a Ransomware gang shutsdown
- thehill.com: Hackers had access to SolarWinds email system for months- apnews.com: Russian hack brings changes, uncertainty to US court system- www.bleepingcomputer.com: Hackers steal StormShield firewall source code in data breach- arstechnica.com: High-performance computers are under siege by a newly discovered backdoor- threatpost.com: Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher- www.bleepingcomputer.com: Fonix ransomware shuts down and releases master decryption key- threatpost.com: Industrial Gear at Risk from Fuji Code-Execution Bugs...
2021-02-07
23 min
You've Already Been Hacked
North Korea goes after Cyber professionals, The good guys get a couple of wins, and ADT's insider threat
Links to the Stories- www.wired.com: North Korea Targets—and Dupes—a Slew of Cybersecurity Pros- www.darkreading.com: Intl. Law Enforcement Operation Disrupts Emotet Botnet- www.govinfosecurity.com: Another Takedown: NetWalker Ransomware Gang Disrupted- threatpost.com: Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball- www.darkreading.com: Ransomware Disrupts Operations at Packaging Giant WestRock- arstechnica.com: Home alarm tech backdoored security cameras to spy on customers having sex- threatpost.com: ADT Security Camera Flaw...
2021-01-31
22 min
The Threatpost Podcast
CISOs Prep For COVID-19 Exposure Notification in the Workplace
In this week’s Threatpost podcast, senior editor Lindsey Welch talks with Steve Moore, chief security strategist with Exabeam, about the data privacy challenges posed by impending exposure notification implementations in the workplace.
2021-01-13
23 min
The Threatpost Podcast
A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets
Threatpost editors Tom Spring, Tara Seals and Lindsey Welch break down the top security stories to look out for in this week's first podcast of 2021 - from the SolarWinds hack to surging ransomware hospital cyberattacks.
2021-01-08
21 min
The Threatpost Podcast
Amnesia:33 TCP/IP Flaws Plague Millions of IoT Devices
Researchers - as well as the U.S. Cybersecurity Infrastructure Security Agency (CISA) - are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of Internet-of-Things (IoT) devices and embedded systems, including smart thermometers, smart plugs and printers, Forescout researcher Daniel dos Santos said during this week's Threatpost podcast.
2020-12-08
26 min
The Threatpost Podcast
Sponsored Podcast: Why DNS Filtering is a Top Battle Front Against Malware, Phishing
Peter Lowe, security researcher with DNSFilter, talks to Cody Hackett on this week's Threatpost Podcast about how DNS filtering tactics are evolving to keep up with new cybercriminal tricks, as well as how companies can protect themselves.
2020-12-02
24 min
Inside The Media Minds
Inside the Media Minds Episode 49 - Tara Seals - Threatpost
Inside the Media Minds Episode 49 - Tara Seals - Threatpost by W2 Communications
2020-12-01
25 min
You've Already Been Hacked
News of the Week for 21 November 2020
Capcom did lose customer data, Russia and North Korea going after COVID-19 research, and 28 million had information stolen in Texas.- www.bleepingcomputer.com: Capcom confirms data breach after gamers' data stolen in cyberattack- arstechnica.com: Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers- threatpost.com: Food-Supply Giant Americold Admits Cyberattack- thehill.com: Software vendor says data breach exposed nearly 28 million Texas driver's license records- www.zdnet.com: Lazarus malware strikes South Korean supply chains- www.zdnet.com: Cyber-attack...
2020-11-22
18 min
You've Already Been Hacked
News of the Week for 14 November 2020
So much Health Care news its astounding- healthitsecurity.com: ‘Security Threat’ Forces Hendrick Health to EHR Downtime Procedures- www.zdnet.com: Australian government warns of possible ransomware attacks on health sector- www.securityweek.com: Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs- threatpost.com: Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak- www.bleepingcomputer.com: Laptop maker Compal hit by ransomware, $17 million demanded- threatpost.com: Cyberattack on UVM Health Network Impedes Chemotherapy Appointments-dar...
2020-11-15
22 min
The Threatpost Podcast
From Triton to Stuxnet: Preparing for OT Incident Response
Threatpost talks to Dragos' Lesley Carhart about the top cybersecurity challenges facing manufacturers during the pandemic.
2020-11-11
24 min
You've Already Been Hacked
News of the Week for 31 October 2020
Medical systems still underweight, COVID-19 Vaccine Manufacture Hacked, Elections hacked with Ransomeware, Louisiana calls in the National Guard for help, and an insider threat, all this week closing out Cybersecurity Awareness Month- threatpost.com: 2 More Hospitals Hit by Growing Wave of Ransomware Attacks, As Feds Issue Warning- www.bleepingcomputer.com: Montreal's STM public transport system hit by ransomware attack- www.scmagazine.com: Finnish psychotherapy center fires CEO for suppressing breach details- krebsonsecurity.com: Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo...
2020-11-01
21 min
The Threatpost Podcast
News Wrap Halloween Edition: Scary Election, Hospital Cyberattack Stories
This Halloween week, Threatpost editors break down the scariest stories haunting the security space, including: A wave of ransomware attacks targeting a number of hospitals, sparking worries about healthcare security and the impact on patents during COVID-19 "Zombie" vulnerabilities - including Zerologon and SMBGhost - that continued to haunt system admins this week Election security scares, from disinformation campaigns to cyberattacks hitting election infrastructure.
2020-10-30
30 min
Cup of Cyber
Egregor Attacks Barnes and Noble
Egregor Attacks Barnes and Noble- Cup of Cyber October 22nd, 2020 Join us for an inside view of today’s Cyber News and why it matters. November 19th is our next TRIVIA NIGHT. Join us at 7:00 PM Eastern Time for free fun and a chance to win prizes! Congratulations to Mike Bravo for another win! ————————— News ————————————- Exploring the prolific threats influencing the cyber landscape (https://www.helpnetsecurity.com/2020/10/22/prolific-threats-cyber-landscape) Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data https://threatpost.com/egregor-responsibility-barnes-noble/160401/ (https://threatpost.com/egregor-responsibility-barnes-noble/160401/) Modern Attacks Include Supply Chain "Hopping" and Reversing Agile Environments https://www.infosecurity-magazine.com/news/attacks-h...
2020-10-22
42 min
The Threatpost Podcast
News Wrap: Zoom's End-to-End Encryption Rollout and DDoS Extortion Threats
The Threatpost editors break down the top security stories of the week ended Oct. 16, including: Patch Tuesday insanity, with Microsoft and Adobe releasing fixes for severe vulnerabilities - including a critical, potentially wormable remote code execution Microsoft vulnerability Barnes and Noble being hacked - and why some readers are unhappy with how the book purveyor announced the cyberattack DDoS extortion email threats hitting various companies across the globe - including Travelex Zoom finally rolling out end-to-end encryption on the video conferencing platform - and why this is different than the video conferencing application's earlier "full encryption" claims
2020-10-15
21 min
Cup of Cyber
TrickBot Survives Takedown!
TrickBot Survives Takedown! - October 14th, 2020 Join us for an inside view of today’s Cyber News and why it matters. Thursday (the 15th) is our next TRIVIA NIGHT. Join us at 7:00 PM Eastern Time for free fun and a chance to win prizes! ————————— News ————————————- Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities https://www.zdnet.com/article/microsoft-october-2020-patch-tuesday-fixes-87-vulnerabilities/ (https://www.zdnet.com/article/microsoft-october-2020-patch-tuesday-fixes-87-vulnerabilities/) Software AG Data Released After Clop Ransomware Strike – Report https://threatpost.com/software-ag-data-clop-ransomware/160042 (https://threatpost.com/software-ag-data-clop-ransomware/160042) TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent https://www.zdnet.com/article/trickbot-botnet-survives-tak...
2020-10-14
50 min
ShadowTalk: Powered by ReliaQuest
Weekly: Sanctions from the DOT, Fancy Bear Targets the US Government, and Foreign Spies in Disguise!
ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency- Foreign spies use fronts to hide cyber espionage operations- Iranian nation-state threat actors leverage Zerologon flaw to carry out attacksGet this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast***Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/Foreign spies: https://www.cyberscoop.com...
2020-10-09
21 min
Cup of Cyber
Lax Credit Card Security
Lax Credit Card Security- Cup of Cyber - October 6th, 2020 Join us for an inside view of today’s Cyber News and why it matters. Today we look inside the Cyber-Recon, RMF & CAP Course https://www.cyber-recon.com/courses/rmf-cap/ ————————— News ————————————- Black-T Malware Emerges From Cryptojacker Group TeamTNT https://threatpost.com/blackt-cryptojacker-teamtnt/159853/ (https://threatpost.com/blackt-cryptojacker-teamtnt/159853/) DoD, DHS Warn of Attacks Involving SLOTHFULMEDIA Malware https://www.securityweek.com/dod-dhs-warn-attacks-involving-slothfulmedia-malware (https://www.securityweek.com/dod-dhs-warn-attacks-involving-slothfulmedia-malware) Payment card security remains lax, says Verizon Business report https://www.zdnet.com/article/payment-card-security-remains-lax-says-verizon-business-report/ (https://www.zdnet.com/article/payment-card-security-remains-lax-says-verizon-business-report/) —————————-Todays Offbeat Holiday————- Today is: Come and Take It Day https://www.chro...
2020-10-06
49 min
InfoSec X News
InfoSecXNews : Episode 26
Today we talked about!!! Amazon insider threat Joker malware google play store Shopify breach https://threatpost.com/joker-trojans-android/159595/ https://www.infosecurity-magazine.com/news/amazon-employee-14m-insider/ https://www.oodaloop.com/briefs/2020/09/30/former-amazon-employee-charged-with-1-4m-insider-trading-scheme/ https://vulners.com/threatpost/THREATPOST:73ED8EE5F93807BBD927F9D85FDD7D3B?utm_source=rss&utm_medium=rss&utm_campaign=rss https://techcrunch.com/2020/09/23/shopify-data-merchant-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAALIk-ei06l8...
2020-10-01
12 min
Cup of Cyber
Instagram Bug Could've Given Hackers Your Phone
Cup of Cyber - September 25th, 2020 - Instagram Bug Could've Given Hackers Your Phone Join us for an inside view of today’s Cyber News and why it matters. ————————— News ————————————- Cisco Patch-Palooza Tackles 29 High-Severity Bugs https://threatpost.com/cisco-patches-bugs/159537/ (https://threatpost.com/cisco-patches-bugs/159537/) Wireshark 3.2.7 Released With Fix for Security Vulnerabilities & New Features https://gbhackers.com/wireshark-3-2-7/ (https://gbhackers.com/wireshark-3-2-7/) Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone https://thehackernews.com/2020/09/instagram-android-hack.html (https://thehackernews.com/2020/09/instagram-android-hack.html) Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic https://www.darkreading.com/endpoint/bluetooth-security-weaknesses-p...
2020-09-25
00 min
Cup of Cyber
Russian Hackers Tied to German Death
Cup of Cyber - September 23rd, 2020 - Russian Hackers Tied To German Death Join us for an inside view of today’s Cyber News and why it matters. ————————— News ————————————- Judge sentences UK National for role in ‘Dark Overlord’ Hacking Group https://www.justice.gov/usao-edmo/pr/judge-sentences-uk-national-role-dark-overlord-hacking-group (https://www.justice.gov/usao-edmo/pr/judge-sentences-uk-national-role-dark-overlord-hacking-group) Google Chrome Bugs Open Browsers to Attack https://threatpost.com/google-chrome-attack/159466/ (https://threatpost.com/google-chrome-attack/159466/) Call Of Duty Accounts Hacked? Activision Denies Any Compromise https://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/#41f29c267bbe German Experts See Russian Link in Deadly Hospital Hacking https://www.securityweek.com/german-experts-see...
2020-09-23
00 min
Cup of Cyber
Prepare for Iranian Hackers Retaliation
Cup of Cyber - September 22nd, 2020 - Prepare for Iranian Retaliation Join us for an inside view of today’s Cyber News and why it matters. ————————— News ————————————- Phishing awareness training wears off after a few months https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/ (https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/) Fileless Malware Tops Critical Endpoint Threats for 1H 2020 https://threatpost.com/fileless-malware-critical-ioc-threats-2020/159422/ (https://threatpost.com/fileless-malware-critical-ioc-threats-2020/159422/) Amid Iranian hacker crackdown, CISOs should prep for retaliation https://www.scmagazine.com/home/security-news/malware/as-us-cracks-down-on-iranian-hackers-security-leaders-should-prep-for-retaliation/ —————————-Todays Offbeat Holiday————- Today is: Hobbit Day https://www.webstaurantstore.com/blog/1786/hobbit-meals-to-celebrate-hobbit-day.html (https://www.usatoday.com/story/money/food/2020/09/18/cheeseburger-day-2020-freebie...
2020-09-22
00 min
InfoSec X News
InfoSecXNews : Episode 25
Today we talked about!! Cryptobugs Found in Numerous Google Play Store Apps DDoS Attacks on Virtual Education Zero Trust SASE https://github.com/lucapiccolboni/crylogger --- Here it is the link you want for CRYLOGGER! https://vulners.com/threatpost/THREATPOST:D808C8ADEAD21D0EDAFC91027AFA8641?utm_source=rss&utm_medium=rss&utm_campaign=rss https://www.infosecurity-magazine.com/news/ddos-attacks-on-virtual-education/ https://www.sd-wan-experts.com/sase/#2 as always thank you for listening! InfoSecXNews team!!
2020-09-09
16 min
The Threatpost Podcast
News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
Threatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney's office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services (AWS) cloud and collecting credentials. Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by m...
2020-08-21
13 min
The Threatpost Podcast
Active 'Duri' Campaign Utilizes HTML Smuggling to Cloak Malware
Researchers are warning of an active campaign that utilized HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Because HTML smuggling is not necessarily a novel technique - it's been used by attackers for awhile - this campaign shows that bad actors continue to rely on older attack methods that are working. Learn more about this latest attack and how attackers are raising the bar during this week's Threatpost podcast.
2020-08-18
18 min
InfoSec X News
InfoSecXNews : Episode 24
Today we talked about!!! Tesla and 2FA Verizon & ASDA grocery store Instagram Zoom once again!!! https://vulners.com/threatpost/THREATPOST:2118C48803E60F39B5E491F75F0481A3?utm_source=rss&utm_medium=rss&utm_campaign=rss https://www.infosecurity-magazine.com/news/phishing-verizon-credentials/ https://www.infosecurity-magazine.com/news/phishing-scam-targets-asda-shoppers/ https://threatpost.com/instagram-retained-deleted-user-data-despite-gdpr-rules/158366/ https://techcrunch.com/2020/08/13/instagram-delete-photos-messages-servers/ https://www.forbes.com/sites/daveywinder/2020/08/15/elon-musk-confirms-overdue-move-to-make-tesla-cars-harder-to-hack/#48dcd0cc224a
2020-08-18
14 min
You've Already Been Hacked
News of the Week for 15 August 2020
threatpost.com Mac Users Targeted by Spyware Spreading via Xcode Projects threatpost.com Instagram Retained Deleted User Data Despite GDPR Rules scmagazine.com SANS Institute breach proves anyone can fall victim to a ‘consent phishing’ scam Scmagazine.com California under counted COVID-19 cases after certificate expired www.zdnet.com: A mysterious group has hijacked Tor exit nodes threatpost.com: TikTok Collected MAC addresses from Android Users www.wired.com: Alexa Bug has potential bad news for user Voice Logs www.theregister.com: Chrome Web Store extensions downloaded 80 million times with malware inside www.cyberscoop.com: The first state to release vuln...
2020-08-16
17 min
InfoSec X News
InfoSecXNews : Episode 23
Today we talked about - Twitter hack TikTok again!!! Drizly - The Amazon of liquor CWT - Travel Agency https://www.infosecurity-magazine.com/opinions/tiktok-cybersecurity-threat/ https://vulners.com/krebs/KREBS:95FCC912010D9B41FE2F3B9C4AA701A4?utm_source=rss&utm_medium=rss&utm_campaign=rss https://www.infosecurity-magazine.com/news/drizly-breach-hits-25-million/ https://www.reuters.com/article/us-cyber-cwt-ransom-idUSKCN24W25W?&web_view=true https://vulners.com/threatpost/THREATPOST:952B0B0...
2020-08-03
13 min
The Threatpost Podcast
Black Hat 2020 Preview: Election Security, COVID Disinformation and More
Despite the coronavirus pandemic pushing the Black Hat USA 2020 conference onto a virtual platform for the first time ever, you can expect the same hot security research and threat intel, high-profile speakers, and vulnerability research being disclosed. Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell-Welch break down the top sessions, keynotes, speakers and themes to look out for in this week's podcast.
2020-07-30
16 min
The Threatpost Podcast
News Wrap: Twitter Hack, Apple Vulnerability Disclosure Restrictions Under Fire
In this week's Threatpost news wrap podcast, editors Tara Seals and Lindsey O'Donnell-Welch break down the top security news stories, including: Hackers accessed direct messages (DMs) for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures. Apple's Security Research Device program is now open to select researchers – but some are irked by the program's vulnerability disclosure restrictions.
2020-07-24
17 min
InfoSec X News
InfoSecXNews : Episode 22
Today we talked about! https://www.atpcyberhealthtech.com/ Twitter hack with Crypto currency Canadians victims of cybercrime Amazon spoofing - very tricky FBI issues warning for flyers https://www.infosecurity-magazine.com/news/over-half-of-canadians-victimized/ https://www.atpcyberhealthtech.com/ https://vulners.com/threatpost/THREATPOST:2A69E9E0E997248F168D5B628658C396?utm_source=rss&utm_medium=rss&utm_campaign=rss https://www.infosecurity-magazine.com/news/fbi-issues-cybersecurity-warning/ https://podcasts.apple.com/us/podcast/bears-birds-and-brews/id1444806424 https://fraudwatchinternational...
2020-07-19
13 min
The Threatpost Podcast
Sponsored Podcast: Security Dangers in Rail Systems
Jesus Molina, with Waterfall Security, talks to Threatpost host Cody Hackett about the risks that rail operators are facing - from the security issues in railways to the trains themselves - and how railways can stay up-to-date on the best cybersecurity measures by adopting unidirectional gateways and separating enterprise and operational networks.
2020-07-07
23 min
InfoSec X News
InfoSecXNews : Episode 21
Hey welcome back listeners!!! Today we talked about Androids, LinkedIn/iPhones, and the future cost of data breaches. https://vulners.com/threatpost/THREATPOST:04C1838B046754A60BA2657C6D0EB8E6?utm_source=rss&utm_medium=rss&utm_campaign=rss https://gizmodo.com/linkedin-and-reddit-are-the-latest-apps-found-to-be-sno-1844268155 https://www.infosecurity-magazine.com/news/volume-size-data-breaches-rise/ https://www.infosecurity-magazine.com/news/mobile-users-undeletable-malicious/ Thanks, InfoSecXNews!
2020-07-07
12 min
The Threatpost Podcast
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
After months of public concerns surrounding facial recognition's implications for data privacy, surveillance and racial bias, tech companies and governments alike are putting stoppers down on the technology until adequate regulation is proposed. Threatpost talks to Paul Bischoff, consumer privacy expert with Comparitech, about recent research showcasing flaws in the accuracy of Amazon's facial recognition platform - and why concerns around racial bias and data privacy aren't going away anytime soon.
2020-06-29
18 min
incident podcast
75 incident podcast pre 26.týždeň
BLESKOVKY: 1. Projekt Incident v podcaste č.74 vyhlásil súťaž, ktorá stále trvá. Podmienky súťaže sú zverejnené na našom webe www.incident.sk. Cenu poskytol portál Bezpečnosť v praxi, s ktorým Incident spolupracuje a je ňou 6 mesačný prístup na portál Bezpečnosť v praxi. Poponáhľajte sa, súťaž končí 30.06.2020. 2. 7. ročník QuBit konferencie bude, (veríme, že bude) v Prahe. 23 – 24. september, registrujte sa. 3. 5.-6.10. organizuje Poradca Podnikateľa konferenciu „Kybernetická bezpečnosť 2020“ v Demänovskej doline ...zaujímaví spíkri, témy a okrem kritickej infraštruktúry štátu a vecí sú...
2020-06-25
50 min
The Threatpost Podcast
News Wrap: Malicious Chrome Extensions Removed, CIA 'Woefully Lax' Security Policies Bashed
For the week ended June 19, Threatpost editors Lindsey O'Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week's top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. An internal investigation into the 2016 CIA breach condemning the agency's security measures, saying it "focused more on building up cyber tools than keeping them secure." How the insider threat landscape is changing due to work from home - a topic that Threatpost will continue to discuss...
2020-06-19
20 min
The Threatpost Podcast
News Wrap: Malicious Chrome Extensions Removed, CIA 'Woefully Lax' Security Policies Bashed
For the week ended June 19, Threatpost editors Lindsey O'Donnell Welch, Tom Spring and Tara Seals break down the top cybersecurity stories. This week's top news stories include: Google removing 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being used to siphon sensitive user data. An internal investigation into the 2016 CIA breach condemning the agency's security measures, saying it "focused more on building up cyber tools than keeping them secure." How the insider threat landscape is changing due to work from home - a topic that Threatpost will continue to discuss...
2020-06-19
20 min
The Threatpost Podcast
Would You Use A Contact-Tracing Coronavirus App?
As a world afflicted by the coronavirus pandemic begins to re-open restaurants, retail stores and more, public health officials remain concerned about the spread of the virus. Technology for contact-tracing apps, intended to help citizens track whether they were exposed to someone who has tested positive for the virus, have been created by countries, U.S. states (like Utah) and by tech giants like Apple and Google. But behind the public health benefits of contact tracing are privacy worries, technology issues like interoperability, and other challenges. Threatpost discusses the benefits - and the challenges - of contact tr...
2020-06-11
20 min
The Threatpost Podcast
News Wrap: Fake Minneapolis Police Breach, Zoom End-To-End Encryption Debate
Threatpost editors Lindsey O'Donnell-Welch and Tara Seals discuss the top security news stories of the week, including: Reports emerged earlier this week that the Minneapolis police department had been breached by hacktivist group Anonymous. Security expert Troy Hunt debunked the reports, however. Zoom sparked debate after announcing that it would offer end-to-end encryption to paying users only - explaining that it couldn't offer it to everyone as it needs to work with law enforcement to crack down on platform abuse.
2020-06-05
16 min
The Threatpost Podcast
Sponsored Podcast: Why Identity Access Management is the New Perimeter
With the proliferation of cloud in enterprise environments, identity today is very different than how it used to be. Threatpost host Cody Hackett talks to Brian Johnson, CEO and co-founder of DivvyCloud, about how identity access management (IAM) is rapidly changing - and how businesses can keep up.
2020-06-02
18 min
The Threatpost Podcast
News Wrap: New Ransomware Extortion Tactics, Contact-Tracing App Security Worries
Threatpost editors discuss the top news stories of the week ended May 15, including: Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna. "Double extortion" methods being increasingly used by ransomware actors - and new research that found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run. The state of Utah announcing it has settled on a contact-tracing mobile app th...
2020-05-15
19 min
The Threatpost Podcast
Sponsored Podcast: Shifting Left With Infrastructure-as-Code
Companies are increasingly dealing with a slew of security and compliance issues across cloud services and containers – from AWS to Azure to GCP. Infrastructure as Code (IaC) security capabilities can help companies "shift left" to improve developer productivity, avoid misconfigurations and prevent policy violations. Threatpost host Cody Hackett talks to Chris Hertz, vice president of cloud security sales at DivvyCloud by Rapid7, about the top trends he's seeing around cloud security and how IaC is helping companies handle security and compliancy.
2020-05-08
19 min
The Threatpost Podcast
News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks
Threatpost editors Tom Spring, Tara Seals and Lindsey O'Donnell-Welch talk about the biggest news stories of the week ended May 1, including: A "PhantomLance" espionage campaign discovered targeting specific Android victims, mainly in Southeast Asia — which could be the work of the OceanLotus APT. A highly targeted phishing campaign, uncovered this week, with a Microsoft file platform twist, that successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. A Microsoft vulnerability found in Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems an...
2020-05-01
20 min
The Threatpost Podcast
Troves of Zoom Credentials Shared on Hacker Forums
Thousands of recycled Zoom credentials have been unearthed on underground forums as cybercriminals tap into remote workers. In this week's podcast, Threatpost does a deep dive into how these credentials are being collected, shared and used.
2020-04-28
19 min
The Threatpost Podcast
News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security
For the week ended April 24, Threatpost editors discuss a bevy of recent cybersecurity news stories, including: Apple zero days were disclosed in the iPhone iOS; researchers say they have been exploited for years, but Apple has pushed back and said there's no evidence to support such activity Nintendo confirming that over 160,000 accounts have been hacked, due to attackers abusing a legacy login system With the NFL's virtual draft kicking off this week, security researchers and teams have been sounding off on security issues leading to data theft or denial of service attacks
2020-04-24
22 min
The Threatpost Podcast
Work From Home Networks Plagued By Malware, Exposed Services
In this week's Threatpost Podcast, Threatpost talks to Dan Dahlberg, director of security research at BitSight, about new research that found that work from home remote office networks are 3.5 times more likely than corporate networks to have a malware infection present.
2020-04-14
27 min
The Threatpost Podcast
Work From Home Networks Plagued By Malware, Exposed Services
In this week's Threatpost Podcast, Threatpost talks to Dan Dahlberg, director of security research at BitSight, about new research that found that work from home remote office networks are 3.5 times more likely than corporate networks to have a malware infection present.
2020-04-14
27 min
The Threatpost Podcast
Bypassing Fingerprint Scanners With 3D Printing
Researchers with Cisco Talos created threat models outlining how fingerprint scanners could be bypassed utilizing 3D printing technology, and tested them on various mobile devices (including the iPhone 8 and Samsung S10), laptops (including the Samsung Note 9, Lenovo Yoga and HP Pavilion X360) and smart devices (a smart padlock and two USB encrypted pen drives). Craig Williams, director of Cisco Talos Outreach, walks through the results on the Threatpost podcast.
2020-04-08
08 min
The Threatpost Podcast
News Wrap: Coronavirus Scams, Work From Home Security Woes, Pwn2Own
For the week ended March 20, Threatpost editors break down the top security stories, including: The various cybercriminal activity - from malware, phishing and other scams - tapping into the coronavirus pandemic The security risks of businesses working from home due to the virus' spread Privacy concerns as more governments use facial recognition and mobile apps for tracking the virus The results of Pwn2Own, which took place this week
2020-03-20
12 min
InfoSec X News
InfoSec X News : Episode 18 - Open discussion on Cybersecurity/Coronavirus
Today we kept it pretty open with everything happening in the world in regards to Coronavirus. https://vulners.com/krebs/KREBS:3E0061FC7B371768EA67B7BBD8009838?utm_source=rss&utm_medium=rss&utm_campaign=rss https://vulners.com/threatpost/THREATPOST:0E3D1930EBBC77714A9C3CE21AD64F6F?utm_source=rss&utm_medium=rss&utm_campaign=rss Thanks, InfoSecXNews - you know the vibes!
2020-03-16
10 min
The Threatpost Podcast
IoT Device Security: The Good, The Bad and The Ugly
A recent 2020 IoT report found that more than half of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Threatpost talks to Ryan Olson, vice president of Threat Intelligence for Unit 42 at Palo Alto Networks, and May Wang, senior distinguished engineer at Palo Alto Networks and former Zingbox CTO, about the top IoT threats.
2020-03-11
25 min
InfoSec X News
InfoSec X News : Episode 16 Smart Baby Monitor, Billions of Wifi Devices, and Ransomware/CISA!
Today we talked about: Smart Baby Monitor Billions of Wifi Devices CISA and how ransomware is becoming more and more common. https://vulners.com/threatpost/THREATPOST:37BF5ED79AFA91D628C8CA75FA1CBA7C?utm_source=rss&utm_medium=rss&utm_campaign=rss https://threatpost.com/rsac-2020-another-smart-baby-monitor-vulnerable-to-remote-hackers/153272/ https://threatpost.com/ransomware-national-crisis-cisa-ics/153322/ https://threatpost.com/rsac-2020-another-smart-baby-monitor-vulnerable-to-remote-hackers/153272/ https://threatpost.com/billions-of-devices-wifi-encryption-hack/153267/ https://www.zdnet.com/article/new-kr00k-vulnerability-lets-attackers-decrypt-wifi-packets/ https://en.wikipedia.org/wiki/Internet...
2020-03-02
14 min
The Threatpost Podcast
RSA Conference 2020 Preview
The RSA 2020 conference kicks off next week in San Francisco, this year with a theme looking at the "human element" of cybersecurity. As they prepare to cover the show, Threatpost editors Lindsey O'Donnell-Welch, Tom Spring and Tara Seals break down the biggest news, stories and trends that they expect to hear about at RSA 2020 this year - from trends in the industrial cybersecurity landscape, to connected medical device security issues that will be flagged.
2020-02-21
19 min
InfoSec X News
InfoSec X News : Episode 15 Citrix, Emotet(SMS), and MGM breach.
Today we talked about Citrix aka Shitrix Emotet via SMS MGM and their breach!!! https://threatpost.com/sms-attack-spreads-emotet-bank-credentials/153015/ https://vulners.com/krebs/KREBS:62E2D32C0ABD1C4B8EA91C60B425255B?utm_source=rss&utm_medium=rss&utm_campaign=rss https://vulners.com/threatpost/THREATPOST:CDD479681D16E5E813A006B44143393D?utm_source=rss&utm_medium=rss&utm_campaign=rss https://vulners.com/threatpost/THREATPOST:2604EC3476A010150B9EB1228C9C6968...
2020-02-21
13 min
The Threatpost Podcast
News Wrap: Valentine's Day Scams and Emotet's Wi-Fi Hack
Threatpost editors Tara Seals and Lindsey O'Donnell-Welch break down the top stories for this week, ended Feb. 14, including: Recent phishing scams - including ones with a romance hook - continue to trick victims, showing that phishing tactics still work in stealing millions from individuals, corporations, and even government agencies. Emotet has a newly discovered feature that hacks nearby Wi-Fi networks, allowing the prolific malware to spread rapidly, like a worm. The operators behind the Robbinhood ransomware are using a new tactic called "bring your own bug," which researchers think will continue in future campaigns. Patch Tuesday craziness this...
2020-02-14
22 min
InfoSec X News
InfoSec X News : Episode 13 Estée Lauder, Windows Patches, and Soundcloud!!
Today we talked about Estée Lauder Windows Patches Soundcloud https://threatpost.com/estee-lauder-440m-records-email-network-info/152789/ https://www.terabitweb.com/2020/02/12/estee-lauder-data-leak-html/ https://threatpost.com/microsoft-active-attacks-air-gap-99-patches/152807/ https://govanguard.com/threat-center/cat/info-sec-feeds/info-sec-news/?utm_source=Menu-ThreatCenter https://govanguard.com/threat-center/2020/02/12/soundcloud-tackles-dos-account-takeover-issues/ https://threatpost.com/soundcloud-dos-account-takeover/152838/
2020-02-13
12 min
The Threatpost Podcast
Katie Moussouris: The Bug Bounty Conflict of Interest
Bug bounty programs continue to increase in popularity – but that popularity has its downsides. Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. However, as more programs are created, some companies are forgetting the real reason behind bug bounties. That is, instead of making their systems more secure, companies want to merely hunt bugs. Threatpost talked to Katie Moussouris, founder and CEO of Luta Security, to hear more about her thoughts about the challenges in developing – and launching – bug bounty programs.
2020-02-12
25 min
The Threatpost Podcast
Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation
Researchers on Wednesday disclosed five critical vulnerabilities in Cisco Discovery Protocol (CDP), the Cisco Proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. Threatpost talked to Ben Seri, VP of Research at Armis, who discovered the flaws, about the CDPwn flaws, their impact, and why Layer 2 protocols are an under-researched area. Researchers say that the vulnerabilities, which they collectively dub CDPwn, can allow attackers to remotely take over millions of devices. The flaws specifically exist in the parsing of CDP packets, in the protocol implementation for various Cisco products, from its...
2020-02-05
24 min
The Threatpost Podcast
WhatsApp Hacks Point to Sophisticated Mobile Cyberattacks
Oded Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities – the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance. However, Vanunu told Threatpost at CPX 360, Check Point's annual security conference that takes place this week, WhatsApp is a prime example of how mobile devices are increasingly becoming targeted by nation state actors, in stark contrast to previous, less serious threats mobile devices have faced like adware.
2020-01-30
13 min
The Threatpost Podcast
Vivin Nets Thousands of Dollars Using Cryptomining Malware
Threatpost talks to Nick Biasini, a threat researcher at Cisco Talos, about a recently-uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign.
2020-01-22
14 min
The Threatpost Podcast
News Wrap: PoC Exploit Controversy, Cable Haunt & Joker Malware
This week's news wrap podcast breaks down the biggest Threatpost security stories of the week, including: Various proof-of-concept exploits being released for serious vulnerabilities this week - including for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. Multiple cable modems used by ISPs to provide broadband into homes have a critical vulnerability in their underlying reference architecture, dubbed "Cable Haunt," that would allow an attacker full remote control of the device. Google's continual battle against attackers who are infiltrating Google Play with Android apps (more than 17,000 apps to date) distributing the Joker ma...
2020-01-17
25 min
The Threatpost Podcast
NSA Detects Major Microsoft Windows Flaw: What It Means
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency (NSA). Microsoft's January Patch Tuesday security bulletin disclosed the "important"-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source. Threatpost talked to Pratik Savla, senior security engineer at Venafi, about the vulnerability, whether the hype around the flaw was warranted, and what the disclosure means for...
2020-01-15
15 min
The Threatpost Podcast
CCPA's Biggest Challenge: Where's The Data?
The California Consumer Privacy Act is being touted as one of the strongest privacy regulations in the U.S. enacted so far. However, though the CCPA was adopted on January 1, 2020, the act still has several loose ends and privacy loopholes that need to be fleshed out. At a high level ,the CCPA mandates strict requirements for companies to notify users about how their user data will be used and monetized along with giving them straightforward tools for opting out. However, one of the bigger challenges with the CCPA is the question of tracking the location of that use...
2020-01-09
19 min
The Threatpost Podcast
The Roadblocks and Opportunities For Women in Cybersecurity
In 2019, diversity in the cybersecurity was thrust to the forefront with recognition from both vendors and experts. The tech industry is facing challenges around diversity in general, but women are particularly underrepresented. And with an estimated 3.5 million jobs are expected to remain unfilledby 2021, infosec is certainly a lucrative space for women. Threatpost sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she's faced in the cybersecurity industry and the opportunities in the space that she sees for improvement.
2019-12-27
12 min
The Device Casting Couch (Tech Podcast)
Huge SIM Jacking Hack, India CCTV, Scammer Justice - Device Casting Couch - S01E04
Season 1 Episode 4 of the Device Casting Couch Podcast. In this session we discuss the looming SIM vulnerability, India implementing country wide CCTV, and a sprinkle of good news to end the week. Enjoy! Bumper music made by Isaac Woodall. Check out his other stuff here! https://www.youtube.com/channel/UCZKlv7rWb7EoYyYMO-wshig Sources: SIM Jacking: https://arstechnica.com/information-technology/2019/09/hackers-are-exploiting-a-platform-agnostic-flaw-to-track-mobile-phone-locations/ https://www.cyberscoop.com/simjacker-mobile-phone-vulnerability/ ...
2019-10-19
56 min
Segurança Legal
Episódio #210 – Resumo de Notícias
Nesta edição: Operação Spoofing e o caso do ministro Moro, destaques da Black Hat/Defcon, Bluekeep e as falhas graves no Windows, mais falhas em apps de mobile banking brasileiros, reconhecimento facial e os protestos em Hong Kong, ataques comprometem cartões de crédito com NFC e seguros contra ataques cibernéticos, entre outras notícias. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! ShowNotes Operação Spoofing: prisão de criminosos e mudanças adotadas pelo Telegram https://www.martinvigo.com/voicemailcrac...
2019-08-19
53 min
Segurança Legal
Episódio #166 – Resumo de Notícias
Nesta edição: nasce a lei de proteção de dados pessoais no Brasil, destaques da BlackHat e Defcon, Banco Inter assume incidente de vazamento de dados, CGI, Facebook e WhatsApp na luta contra as fakenews, sistemas de reconhecimento de voz são burlados, Ataque explora vulnerabilidades de roteadores DLink, entre outras notícias. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! Responda à nossa pesquisa do podcast: bit.ly/segurancalegal Temer sanciona a lei de proteção de dados pessoais (via G1 e Tecfront) Ba...
2018-08-17
40 min
Segurança Legal
Episódio #158 – Resumo de Notícias
Nesta edição: A Copa do Mundo e os ataques no WhatsApp, roubo milionário contra banco chileno, mais roubos milionários contra corretoras de criptomoedas, venda de dados pessoais pelo governo de SP, mais detalhes sobre o VPNFilter, um navegador quer minerar criptomoedas em seu computador, entre outras noticias. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! ShowNotes Ataques no WhatsApp usam como isca a Copa do Mundo (via Veja, G1, ThreatPost, EFE) Roubo milionário causa prejuízo de 10 milhões de dólares...
2018-06-22
37 min
TechSNAP
Episode 369: Another Pass at Bypass
We’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound. Plus this week’s security news has a bit of a theme, and we share some great war stories sent into the show.Sponsored By:Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapoceaniXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.comLinks:Security Flaw Impa...
2018-05-23
44 min
Security TL;DR Podcast
Security TL;DR Podcast – Episode 13
Episode 13 of the Security TL;DR podcast (3/29/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec). They discuss the latest developments regarding the vulnerabilities in AMD processor products, a bug with Microsoft's Meltdown and Spectre patches, and the ongoing privacy concerns surrounding Facebook. Articles Referenced: https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research https://threatpost.com/bad-microsoft-meltdown-patch-made-some-windows-systems-less-secure/130844/ https://threatpost.com/facebook-woes-continue-as-ftc-opens-data-privacy-probe/130788/
2018-03-30
00 min
Segurança Legal
Episódio #138 – 10 considerações sobre firewalls
Neste episódio abordamos 10 considerações técnicas sobre o uso de firewalls. Resumo de notícias em 20:40. Assunto principal em 43:15. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! Shownotes Resumo de Notícias com Fábio Assolini Biometria do iPhone 10 é burlada (via Jorilallo, Jhanov e Wired) 1 milhão de downloads depois, WhatsApp falso é removido da Play Store (via MotherBoard) Empresa brasileira lança serviço de notificação de vazamento de senhas (via IDGNow) Bug afeta moeda virtual Ethereum, congelando ativos (via ThreatPo...
2017-11-17
1h 37
Segurança Legal
Episódio #136 – Release the Krack
Neste episódio falamos sobre a recente vulnerabilidade no WPA2 que permite a interceptação de dados de clientes wireless. Resumo de notícias em 17:10. Assunto principal em 33:13. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! Shownotes: Resumo de Notícias com Fábio Assolini Deloitte sofre ataque, dados de clientes são expostos (via The Guardian) Sistema de bugs da Microsoft foi comprometido num ataque em 2013 (via Reuters) Google adiciona proteção antivírus nativa no navegador Chrome (via G1) Firefox encer...
2017-10-20
1h 33
Segurança Legal
Episódio #132 – Superscammers
Neste episódio falamos sobre golpes praticados via Internet, os Scams. E citamos o exemplo de uma empresa dedicada à realizar esse tipo de atividade. Resumo de notícias em 17:42. Assunto principal em 34:18. Ajude o Segurança Legal a continuar existindo. Visite nossa campanha de financiamento coletivo e nos apoie! Shownotes Resumo de Notícias com Fábio Assolini A prisão de Marcus Hutchins, o herói do Wannacry (via TecnoBlog) Shadowpad: descoberto backdoor em software comercial (via Securelist) Sete extensões do Google Chrome são comprometidas por criminosos (via ThreatP...
2017-08-25
1h 28
Segurança Legal
Episódio #120 – Segurança não é brinquedo
Neste episódio analisamos o recente incidente envolvendo o acesso não autorizado de dados sensíveis de um brinquedo inteligente. Resumo de Notícias em 19:45. Tema principal em 36:23. O Segurança Legal está apoiando a Cryptorave 2017. O evento e gratuito e funciona via financiamento coletivo. Faça a sua colaboração! Shownotes Resumo de Notícias com Fábio Assolini Apagão afeta serviços da Amazon (via Amazon) Cloudbleed: falha de segurança no serviço Cloudflare expõe milhares de dados na internet (via ZdNet) Ataque de colisão quebra h...
2017-03-10
1h 22
Segurança Legal
Episódio #118 – Exposição de Crianças na Internet
Neste episódio vamos falar sobre sharenting e oversharing, práticas realizadas pelos pais que podem trazer prejuízos as crianças. Resumo de Notícias em 15:33. Tema principal em 33:54. ShowNotes Resumo de Notícias com Fábio Assolini Ransomware ataca câmeras de segurança nos Estados Unidos (via TheRegister) Ransomware ataca hotel na Austria (via MotherBoard) Ferramentas de Hacking da Cellebrite são vazadas (via MotherBoard) Ataques contra bancos usam malware oculto, carregado em memória (via ThreatPost) Policia Espanhola prende hacker Fineas Fishers (via TheRegister) Hackers russos exploram falhas criptografi...
2017-02-10
1h 22
Segurança Legal
Episódio #116 – Bloqueio da Pornografia no Brasil
Partindo de um projeto de lei que visa o bloqueio da pornografia no Brasil, fazemos uma análise sobre os aspectos do problema. Resumo de notícias em 18:08. Tema principal em 33:20. Participação Especial – Carlos Cabral (@kbralx) ShowNotes Resumo de Notícias Governo americano processa D-Link pela má segurança dos seus dispositivos (via FTC e ThreatPost) Planalto publica sem querer senhas de suas contas em redes sociais (via G1) Site do Google, UOL e Folha direcionados em ataques de sequestro de dominios (via G1 e O Globo) Problemas de segurança...
2017-01-13
1h 32
Segurança Legal
Episódio #114 – Mr. Robot
Neste episódio falaremos sobre a série Mr. Robot nos seus aspectos gerais, de tecnologia e também de segurança da informação. ATENÇÃO – ESTE EPISÓDIO POSSUI SPOILERS Resumo de notícias em 9:16. Tema principal em 22:50. ShowNotes Resumo de Notícias Encontrado backdoor no firmware de 26 modelos de smartphones Android (via DrWeb) Vazamento de 1 bilhão de contas de usuários do Yahoo (via ThreatPost) Vazamento de dados do DailyMotion (via G1) Falha envolvendo a Samsung (via G1) Vírus para Android ‘Gooligan’ rouba um milhão de contas do Google...
2016-12-16
1h 46
Segurança Legal
Episódio # 113 – Vamos de Uber?
Neste episódio falamos sobre alguns aspectos de tecnologia e regulação do aplicativo Uber e da economia compartilhada. Resumo de notícias em 9:46. Tema principal em 26:46. ERRATA – Acerca da diminuição artificial do preço do serviço que foi comentada no episódio, foi repassada uma informação errada. Tal prática trata-se não de concorrência desleal, mas de uma infração contra a ordem econômica, de acordo com a lei 12.529/2011, art. 36, §3º, inc. XV. ShowNotes Resumo de Notícias Firefox corre para corrigir vulnerabilidade que atinge usuários da rede...
2016-12-02
1h 22
Segurança Legal
Episódio #112 – Trump
Neste episódio falaremos sobre algumas previsões que envolvem a eleição de Donald Trump e os possíveis efeitos para a segurança da informação e o direito da tecnologia. Contamos, também, com a ajuda de Diego Canabarro para nos explicar a questão da transição da IANA. Resumo de notícias em 18:05. Tema principal em 33:55. ShowNotes Resumo de Notícias Tesco Bank says £2.5m was stolen from 9,000 customers in cyberattack (via Zdnet) New Carbanak Attack Methodology: now targeting Hospitals (via Trustwave) Invasão ao Adult Friend Finder vazou dad...
2016-11-18
1h 38
Segurança Legal
Episódio #107 – O Homem de Internet
Neste episódio vamos discutir a influência da tecnologia no comportamento das pessoas no cotidiano digital. Resumo de notícias em 27:10. Tema principal em 41:45. ShowNotes Resumo de Notícias Em ataque no Irã, 15 milhões de usuários do Telegram tem seu numero revelado (via VentureBeat) Dupla autenticação via SMS é desaconselhada por órgão do governo americano (via ThreatPost) Ataques de phishing via SMS afeta usuários de mobile banking no Brasil (via SecureList) Briga entre criminosos desenvolvedores de ransomware: Petya versus Chimera (via ThreatPost) Possível vazamento de 200 milhões de contas de usuár...
2016-08-05
1h 44
SecuraBit
SecuraBit Episode 105: Flaming Bluetooth Penetration!
Hosts Chris Gerling – @secbitchris Chris Mills - @chrisam Andrew Borel – @andrew_secbit Mike Bailey – @mpbailey1911 Guests Jason Andress - @jason_andress Ronin - @r0wnin Topics APT and Penetration Testing Bluetooth Hacking and Reconnaissance News ItemsGoogle Warning Users About State-Sponsored Attacks | threatposthttp://m.threatpost.com/en_us/blogs/google-warning-users-about-state-sponsored-attacks-060512Apple Releases Guide To iOS Security - TechCrunchhttp://m.techcrunch.com/2012/06/04/apple-releases-guide-to-ios-security/FlameA Massive Web of Fake Identities and Websites Controlled Flame Malwarehttp://www.wired.com/th...
2012-06-06
00 min
SecuraBit
SecuraBit Episode 80: Our 8080 Episode
SecuraBit Episode 80: Our 8080 Episode April 20, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell Guests: int80 - @dualcoremusic DualcoreMusic General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y NEWS: Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11 Oracle Critical Patch Update Advisory - April 2011...
2011-04-27
1h 23
SecuraBit
SecuraBit Episode 80: Our 8080 Episode
SecuraBit Episode 80: Our 8080 Episode April 20, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel – @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell Guests: int80 - @dualcoremusic DualcoreMusic General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y NEWS: Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11 Oracle Critical Patch Update Advisory - April 2011...
2011-04-27
00 min
SecuraBit
SecuraBit Episode 79: Back to the basics with Marcus Carey!
SecuraBit Episode 79: Back to the basics with Marcus Carey!April 6, 2011 Hosts:Christopher Mills – @thechrisamJason Mueller – @securabit_jayTony Huffman – @myne_us Guests:Marcus J Carey- @iFailhttp://hackersforcharity.org/ General topics: NEWS:Epsilon:http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.htmlhttp://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411http://www.epsilon.com/News%20&%20Events/Press_R...
2011-04-09
1h 14
SecuraBit
SecuraBit Episode 79: Back to the basics with Marcus Carey!
SecuraBit Episode 79: Back to the basics with Marcus Carey!April 6, 2011 Hosts:Christopher Mills – @thechrisamJason Mueller – @securabit_jayTony Huffman – @myne_us Guests:Marcus J Carey- @iFailhttp://hackersforcharity.org/ General topics: NEWS:Epsilon:http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.htmlhttp://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411http://www.epsilon.com/News%20&%20Events/Press_R...
2011-04-09
00 min