Release the Edge - Paul's Security Weekly #571

This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security!

Full Show Notes: https://wiki.securityweekly.com/Episode571

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

EU considers 60-minute deadline for social networks to remove terrorist content

The commission says that not enough progress has been made in stamping out extremist content.

Coinbase files patent for freeze logic cryptocurrency wallet security

The invention aims to add a fresh layer of security to wallets used directly for merchant payments.

Alleged head of BitConnect cryptocurrency scam arrested in Dubai

BitConnect has been accused of operating an exit scam after duping investors out of millions of rupees.

UK hacking prosecutions plummet with only 47 charges recorded last year

A lack of resources is believed to be partly to blame for incredibly low prosecution figures.

Philips reveals code execution vulnerabilities in cardiovascular devices

Only a low level of skill is required to exploit the bugs.

This Magical Thing - Business Security Weekly #96

This week, Paul and Matt Alderman interview Sharon Goldberg, CEO/Co-Founder of Commonwealth Crypto, and makes her return to Security Weekly! In our final segment, we air a pre-recorded segment with Matt Alderman and Paul live from DEF CON, discussing different vendors and CEO’s they had a chance to sit down with explaining their products and marketing in the security industry!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode96

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

McAfee: Calling Bitfi unhackable may have been 'unwise' but it was great marketing

Updated: The "unhackable" wallet saga may have been little more than salesmanship designed to provoke controversy.

Guns are already on UK streets. 3D printing could make things far worse.

Opinion: With 3D gun blueprints now available for download, it's potentially too late to stop the future impact on the streets of London.

Hack Naked News #185 - August 21, 2018

This week, Hacking Blackhat Badges, USB Harpoons (not the ale), PHP attacks, privacy in Las Vegas hotels, or not, who is looking at your DNS requests?, AWS breaches. Jason Wood from Paladin Security joins us for expert commentary on Social networks getting fined for hosting terrorist content so stay tuned to this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode185

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Adobe releases out of schedule remote code execution fix

The patch resolves two critical flaws which can both lead to remote code execution.

Always More to Learn - Application Security Weekly #29

This week, Keith and Paul interview Tom McLaughlin, Founder of ServerlessOps! In the final segment, we air a Pre-Recorded segment with Paul and Matt Alderman, as they sat down at DEF CON to talk all things AppSec, vendors that were there, and companies they had briefings with from our pool cabana!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Hacker holds the data of 20,000 Superdrug customers to ransom

Customers are being asked to change their account passwords immediately.

Mexicans served with Dark Tequila in spyware spree

The campaign has been swiping bank credentials and corporate data for years through offline malware.

Turla backdoors compromise European government foreign offices

The backdoors are told what to do and what to steal by email.

Critical remote code execution flaw in Apache Struts exposes the enterprise to attack

The bug was found in the core infrastructure of Apache Struts 2.

AppleJeus: macOS users targeted in new Lazarus attacks

The campaign includes the distribution of Apple macOS malware for the first time.

Facebook's Onavo VPN app removed from Apple App Store over privacy concerns

Reports suggest the app was removed based on a request from Apple.

Seems So Rare - Enterprise Security Weekly #103

This week, Paul and John Strand interview Mike Jones, VP of Product at DomainTools! In our final segments, we air the last of our Pre-Recorded interviews with Paul and Matt Alderman LIVE from DEF CON and Black Hat, discussing different security vendors they encountered at biggest security conferences in the country!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

→Visit our website: https://www.securityweekly.com

 

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Medical records of high school students leaked in 'appalling' data breach

Medication, healthcare records, and conditions were all posted online for the world to see.

500,000 Cheddar's Scratch Kitchen customers involved in possible credit card data theft

Customers of the restaurant chain need to keep an eye on their bank accounts as their information may be up for sale.

Hackers help themselves to data belonging to 2 million T-Mobile customers

The "international" threat actors managed to capture a set of customer data before being shut down.

Spyware firm SpyFone leaves customer data, recordings exposed online

Thousands of spyware users and those being monitored have had their information leaked to the public domain.

Iranian hackers target 70 universities worldwide to steal research

Researchers say the campaign is focused on stealing credentials and access to library systems.

The Infinite Window - Paul's Security Weekly #572

This week, Paul and the crew sit down with Tod Beardsley, Director of Research at Rapid7 for an interview! Sven Morgenroth, Security Researcher at Netsparker delivers the Technical Segment on PHP Type Juggling Vulnerabilities! In the Security News this week, The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up! All that and more on this episode of Paul’s Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode572

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Blackhat Arsenal Europe 2018 CFT Open

The Black Hat Arsenal team is heading to London with the very same goal: give hackers & security researchers the opportunity to demo their newest and latest code. The Arsenal tool demo area is...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

How hackers managed to steal $13.5 million in Cosmos bank heist

An in-depth look into the incident reveals how the 112-year-old bank may have been swindled out of millions.

Microsoft Windows zero-day vulnerability disclosed through Twitter

Updated: There is no known workaround for the security flaw.

Fortnite Epic Games CEO rails against Google vulnerability disclosure

Circumventing the Google Play Store has not gone completely to plan.

Facebook patches critical server remote code execution vulnerability

The exploit took advantage of instability in the server's system.

WhatsApp warns free Google Drive backups are not end-to-end encrypted

The storage deal might be free for users, but that does not mean communications records are protected in the same way.

Hack Naked News #186 - August 28, 2018

This week, AT commands will pwn your phone, Adobe gets creative with an update, protecting your pin, why companies should use the Google Play store, 0-day Windows vulnerabilities disclosed on Twitter, and side-channel attacks that can be mitigated with tin foil. Jason Wood from Paladin Security joins us for expert commentary on an Enterprise version of Burp on the way, so stay tuned for this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode186

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

An Interesting Journey - Business Security Weekly #97

This week, Paul is joined by Dr. Doug White to interview Todd Weller, Chief Security Officer at Bandura Systems! In the Tracking Security Innovation segment, Paul and Doug talk about updates from  AlienVault, Cloudera, Splunk, CA, and more on this episode of Business Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

A Mixture of Spices - Application Security Weekly #30

This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Meet the malware which hijacks your browser and redirects you to fake pages

The malware is currently being distributed through the RIG exploit kit.

Defense Distributed now sells 3D gun blueprints online, 'pay what you want'

Founder Cody Wilson insists that a recent court injunction is still being obeyed, despite the launch.

Air Canada reveals mobile data breach, passport numbers potentially exposed

Passport details belonging to thousands of customers may have been exposed in the incident.

Sprinkler System Twinkies - Enterprise Security Weekly #104

This week, Paul and John Strand interview Rick Holland, CISO at Digital Shadows! In our Technical Segment, John Strand talks about Office 365 User Behavior Analytics! In the Enterprise News this week, we have updates from VMware, Caveonix, Qualys, Minerva Labs, Bitdefender, CrowdStrike, and more on this episode of Enterprise Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Android 'API breaking' vulnerability leaks device data, allows user tracking

A vulnerability in the Android operating system can be used to track users without their knowledge.

Misfortune Cookie vulnerability returns to impact medical devices

The four-year-old security flaw has reared its head once again but this time medical equipment, and not routers, are at risk.

Bitfi finally gives up claim cryptocurrency wallet is unhackable

Color me surprised.

Former Qualys exec charged with insider trading after protecting brothers from financial loss

The former Chief Commercial Officer tipped off his family in advance of poor financial results.

Why is Google selling potentially compromised Chinese security keys?

Opinion: To sign up for Google's Advanced protection program, you must buy security keys from a Chinese vendor. Security questions have since been raised considering current intelligence laws in China.

The Word You're Looking for Is Sodomized - Paul's Security Weekly #573

This week, Paul and the crew sit down with Jayson Street, VP of Infosec at SphereNY for an interview! John Moran, Senior Project Manager of DFLabs delivers the Technical Segment on a new No-Script Automation Tool! In the Security News this week, 0-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million! All that and more, on this episode of Paul’s Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode573

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

Meet ransomware which wears the face of former president Barack Obama

The peculiar malware asks victims for a "tip" in return for a decryption key.

SonarSnoop attack can steal smartphone unlock patterns

SonarSnoop technique transforms smartphones into mini sonar systems to track a user's finger across the screen and steal phone unlock patterns.

Wireshark fixes serious security flaws that can crash systems through DoS

Proof-of-concept code detailing related exploits has been released to the public.

Windows utility used by malware in new information theft campaigns

WMIC-based payloads highlight how attackers are turning to innocuous system processes to compromise Windows machines.

New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers

Security researchers have spotted a new strain of IoT malware that has been growing in sophistication and silently infecting more and more devices online.

Premera Blue Cross accused of destroying evidence in data breach lawsuit

Class-action lawsuit plaintiffs claim US health insurer Premera Blue Cross intentionally destroyed evidence despite ongoing litigation.

Bitcoin Gold delisted from major cryptocurrency exchange after refusing to pay hack damages

Cryptocurrency exchange Bittrex removes Bitcoin Gold trading options after BTG team refuses to pay $256,000 as reparations for May 2018 cyber-attacks

Department of Labour denies server compromise in recent cyberattack

The government department says the attack did not expose any sensitive or confidential information.

Google open-sources internal tool for finding font-related security bugs

Google Project Zero releases BrokenType, a tool that found nearly 40 security bugs in Windows font rasterization components

Google's campus door security blasted wide open by its own engineer

Malicious code sent across Google's network had some interesting results.

This malware disguises itself as bank security to raid your account

CamuBot takes advantage of your trust in your bank to hide in plain sight.

Facebook's 'war room' hunts and destroys election meddling, fake news

The physical room will be tasked with protecting the network against insidious attempts to tamper with the US midterm elections.

Thousands of 3D printers may be leaking private product designs online

Nearly 3,800 3D printers with an OctaPrint interface were left exposed online with no password authentication, inadvertently leaking 3D models and webcam feeds.

Hack Naked News #187 - September 4, 2018

This week, Android OS API-Breaking Flaw, Thousands of MikroTik Routers Hacked, John McAfee's "unhackable" Bitcoin wallet is hackable, misconfigured 3D printers, researchers used sonar signal to steal unlock passwords, and the Linux Foundation sets to improve Open-Source code security. Ron Gula of Gula Tech Adeventures joins us for expert commentary, so stay tuned for this episode of Hack Naked News!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode187

 

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

 

→Visit our website: https://www.securityweekly.com

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys

Tainted extension caught stealing passwords for Google, Microsoft, GitHub and Amazon accounts, but also Monero and Ethereum private keys.

Chrome 69 released with new UI and random password generator

Google revamps Chrome main user interface with new white rounded tabs, replacing classic gray angled tabs after a decade.