Login
Danny Akacki discusses how do we, as a NDR product company with an emphasis on user outreach and education, continue not only to keep our product effective for distributed workforce's but also continue to beat the drum on education and knowledge share? It's not easy but we've come up with a few ways both to stay connected to our clients and help them keep an eye on their wires. This segment is sponsored by GigaMon.
Β
Show Notes: https://securityweekly.com/swn75
Visit https://www.securityweekly.com/swn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Taylor McCaslin, Security Product Manager at GitLab, to discuss current trends in the application security testing industry! In the Application Security News, Patch Your Windows - βPing of Deathβ bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and 'BleedingTooth' Bluetooth flaw!
Β
Show Notes: https://wiki.securityweekly.com/asw126
Visit https://securityweekly.com/GitLab to learn more about them!
Β
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Shani Dodge and Roi Cohen from Vicarius, to present their segment on Vulnerabilities entitled Prioritize This, Prioritize That, Prioritize with Context! In our second segment, we welcome Patrick Garrity, VP of Operations at Blumira, to talk about Democratizing and Saasifying Security Operations! In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, Windows TCP/IP Remote Code Execution vulnerability, and a Prison video visitation system exposed calls between inmates and lawyers!
Β
Show Notes: https://wiki.securityweekly.com/psw670
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr.Doug talks about naughty camera captures being sold on Discord, Zoom End to End, Patching, Trickbot attacks, Bleeding Tooth, Gamer Scams, and hiding your cash while wearing a toga!
Β
Show Notes: https://securityweekly.com/swn74
Visit https://www.securityweekly.com/swn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen data. Also, read about how VirusTotal now supports Trend Micro ELF Hash (aka telfhash).
Β
Read on:
Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles
Cybercriminals have put their own spin on passing time during the COVID-19 lockdown with online rap battles, poker tournaments, poem contests, and in-person sport tournaments. The twist is that the prize for winning these competitions is sometimes stolen data and tools to make cybercrime easier, according to new research from Trend Micro.
Becoming an Advocate for Gender Diversity: Five Steps that Could Shape Your Journey
Sanjay Mehta, senior vice president at Trend Micro, was recently named a new board member at Girls In Techβa noted non-profit and Trend Micro partner working tirelessly to enhance the engagement, education, and empowerment of women in technology. In this blog, Sanjay shares five steps that you can use to become an ally for diversity in the workplace.
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
In this monthβs Patch Tuesday update, Microsoft pushed out fixes for 87 security vulnerabilities β 11 of them critical β and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up β and in fact at least one public exploit is already circulating for this group.
VirusTotal Now Supports Trend Micro ELF Hash
To help IoT and Linux malware researchers investigate attacks containing Executable and Linkable Format (ELF) files, Trend Micro created telfhash, an open-source clustering algorithm that helps cluster Linux IoT malware samples. VirusTotal has always been a valuable tool for threat research and now, with telfhash, users of the VirusTotal Intelligence platform can pivot from one ELF file to others.
New Emotet Attacks Use Fake Windows Update Lures
File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button. According to the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world.
Metasploit Shellcodes Attack Exposed Docker APIs
Trend Micro recently observed an interesting payload deployment using the Metasploit Framework (MSF) against exposed Docker APIs. The attack involves the deployment of Metasploitβs shellcode as a payload, and researchers said this is the first attack theyβve seen using MSF against Docker. It also uses a small, vulnerability-free base image in order for the attack to proceed in a fast and stealthy manner.
Barnes & Noble Warns Customers It Has Been Hacked, Customer Data May Have Been Accessed
American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday, October 10th.
ContentProvider Path Traversal Flaw on ESC App Reveals Info
Trend Micro researchers found ContentProvider path traversal vulnerabilities in three apps on the Google Play store, one of which had more than 5 million installs. The three applications include a keyboard customization app, a shopping app from a popular department store, and the app for the European Society of Cardiology (ESC). Fortunately, the keyboard and department store apps have both been patched by developers. However, as of writing this blog, the ESC app is still active.
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew of three cruise line brands and the casino operations of Carnival Corp. in a ransomware attack the company suffered on Aug. 15, officials have confirmed. Carnival Cruise Line, Holland America Line and Seabourn were the brands affected by the attack, which Carnival said theyβre still investigating in an update on the situation this week.
Docker Content Trust: What It Is and How It Secures Container Images
Docker Content Trust allows users to deploy images to a cluster or swarm confidently and verify that they are the images you expect them to be. In this blog from Trend Micro, learn how Docker Content Trust works, how to enable it, steps that can be taken to automate trust validation in the continuous integration and continuous deployment (CI/CD) pipeline and limitations of the system.
Twitter Hackers Posed as IT Workers to Trick Employees, NY Probe Finds
A simple phone scam was the key first step in the Twitter hack that took over dozens of high-profile accounts this summer, New York regulators say. The hackers responsible for the July 15 attack called Twitter employees posing as company IT workers and tricked them into giving up their login credentials for the social networkβs internal tools, the stateβs Department of Financial Services said.
A distributed denial-of-service (DDoS) attack sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all. DDoS attacks are one of the crudest forms of cyberattacks, but theyβre also one of the most powerful and can be difficult to stop.
Cyberattack on London Council Still Having βSignificant Impactβ
Hackney Council in London has said that a cyberattack earlier this week is continuing to have a βsignificant impactβ on its services. Earlier this week, the north London council said it had been the target of a serious cyberattack, which was affecting many of its services and IT systems.
Β
Surprised by the new Emotet attack?Β Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash appeared first on .
This week, first we talk Enterprise News, discussing the Bad Neighbor Vulnerability, FireEye Announced βMandiant Advantage: Threat Intelligenceβ SaaS-based Offering, Aquaβs Trivy Now Available as a GitHub Action, Datadog adds Deployment Tracking to its APM to prevent outages related to bad code deploys, and Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors! In our second segment, we welcome Whitney Maxwell, Security Consultant at Rapid7, for and interview on Vishing/Phishing! In our final segment, we wrap up the show with two pre-recorded micro interviews from Security Weekly's Virtual Hacker Summer Camp, with Liam Downward, CEO of CYRISMA, and Matthew Gardiner, Principal Security Strategist at Mimecast!
Β
Show Notes: https://securityweekly.com/esw202
Visit https://securityweekly.com/rapid7 to learn more about them!
Visit https://securityweekly.com/cyrisma to learn more about them!
Visit https://securityweekly.com/mimecastbh to learn more about them!
Β
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michael Brooks, vCISO at Abacode, to discuss Turning Cybersecurity Challenges Into a Competitive Advantage! In the second segment, the SCW crew along with Michael Brooks delve into an update on the goings on of Cybersecurity Maturity Model Certification (CMMC)!
Β
Show Notes: https://wiki.securityweekly.com/scw47
Visit https://www.securityweekly.com/scw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug talks Facebook Bug Bounty club, Zuck reverses, Trickbot, the FAA gets airline warning, IoT, Zerologon, and Fitbit! Jason Wood returns for Expert Commentary on Office 365: A Favorite for Cyberattack Persistence!
Β
Show Notes: https://securityweekly.com/swn73
Visit https://www.securityweekly.com/swn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
FreshRSS 