The Mistake People Make - Business Security Weekly #111

This week, Matt and Paul interview Bob Ackerman, a legend in venture capital investing, and is referred to as one of "Cyber's Money Men". Bob is also the Founder and Managing Director of venture capital firm AllegisCyber! In the Leadership Articles, Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you’re underperforming, selling your product as you build it, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!

 

Visit our website: https://www.securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Nuggets of Learning - Paul's Security Weekly #586

This week, how Taylor Swift used Facial Recognition to thwart stalkers, unlocking Android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, to Hell with it, just patch your stuff already! In our first interview, we welcome back Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018! Ed joins us on the show to talk about this years challenge and what's in store! In our final interview, we welcome back Don Murdoch, the Assistant Director at Regent University Cyber Range! Don joins us this week to discuss his book, "Blue Team Handbook: Incident Response Edition", and more!

 

Full Show Notes: https://wiki.securityweekly.com/Episode586

Visit https://www.securityweekly.com/psw for all the latest episodes!

Join KringleCon 2018: www.kringlecon.com

 

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

New machine learning algorithm breaks text CAPTCHAs easier than ever

Algorithm tested against the text CAPTCHA systems used on 33 popular websites.

Google announces crackdown on Play Store ratings and reviews

Company said it removes millions of Play Store reviews and ratings on a weekly basis.

WSJ website defaced by PewDiePie fan in ongoing YouTube subscribers battle

Hacker posts apology on WSJ site and then urges users to follow the YouTube star.

Twitter discloses suspected state-sponsored attack

Twitter says data leak occurred after an attack targeting a vulnerability in its support form system.

Insider awarded $10,000 bounty for reporting enterprise software piracy

It is no longer just the average consumer that might wind up in court for using pirated software.

PewDiePie printer hacker strikes again: subscribe and sort out your security

The attacker told users to sort out their printer security -- and subscribe to the vlogger "overlord," too.

US ballistic missile systems have very poor cyber-security

DOD report finds no antivirus, no data encryption, no multifactor authentication.

Thousands of Jenkins servers will let anonymous users become admins

Two vulnerabilities discovered and patched over the summer expose Jenkins servers to mass exploitation.

'Bomb threat' scammers are now threatening to throw acid on victims

Bomb threat extortion campaign yielded less than $1 for the spammers.

SQLite bug impacts thousands of apps, including all Chromium-based browsers

New 'Magellan' vulnerability will haunt the app ecosystem for years to come.

Bing recommends piracy tutorial when searching for Office 2019

Oh, Bing! Not again!

Facebook bug exposed private photos of 6.8 million users

Up to 1,500 apps built by 876 developers could have had accessed the private photos of 6.8 million users.

Signal: We can't include a backdoor in our app for the Australian government

The Signal app's design and open source code policy makes this impossible.

Fancy Bear exploits Brexit to target government groups with Zebrocy Trojan

A number of former USSR nation states are also on the target list.

Cigarettes & Malleable Toothbrushes - Enterprise Security Weekly #119

This week, Paul and John Strand interview John Bradshaw, Senior Director and Solutions Engineer at Acalvio Technologies, to talk about 5 Tenets of Enterprise Deception! In the Enterprise News this week, NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform Achieves VMware Ready Status, SecurityScorecard Announces Partnership with Cybernance to Drive Holistic View of Cyber Risk Across the Enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Trump, Google, United Nations are among 2018's worst password offenders

Some of the biggest names in politics and tech are responsible for this year's worst security gaffes.

Save the Children Foundation duped by hackers into paying out $1 million

The fraudsters broke into an email account to launch an elaborate scheme designed to scam the charity.

Logitech app security flaw allowed keystroke injection attacks

Google security researchers shame Logitech into releasing security update for insecure app.

Extortion emails carrying bomb threats cause panic across the US

Police in New York, Chicago, Detroit, San Francisco, and Washington tell Americans to stay calm.

Twitter says it receives half a million of spam reports per month

Twitter's latest Transparency Report also shows a rise in government requests for user data.

Shamoon malware destroys data at Italian oil and gas company

About a tenth of Saipem's IT infrastructure infected with infamous data-wiping Shamoon malware.

AriseBank execs forced to pay $2.7 million to settle SEC charges of cryptocurrency fraud

The organization claimed to operate a unique, decentralized bank via the blockchain.

WordPress plugs bug that led to Google indexing some user passwords

WordPress 5.0.1 also fixes seven security vulnerabilities.

Bug allowed full takeover of Samsung user accounts

Samsung awards researcher a $13,300 reward for finding three CSRF issues on its user portal.

Rhode Island sues Google after latest Google+ API leak

Google sued within a day after announcing latest Google+ API leak.

Many of 2018's most dangerous Android and iOS security flaws still threaten your mobile security

Bypassing passcodes, malware-laden apps, and inherent design flaws exposing almost all known mobile devices made up part of the security problems found in iOS and Android.

Ships infected with ransomware, USB malware, worms

Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.

Former Mt. Gox CEO could face 10 years behind bars in embezzlement case

Prosecutors are gunning for a lengthy prison sentence. Mark Karpeles has denied stealing investor funds.

Top Secret - Application Security Weekly #43

This week, Keith and Paul interview Chris Elgee, the Technical Engineer at Counter Hack Challenges! Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it’s been working on the challenge vs. playing it, and more! In the Application Security News, Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43

Visit https://www.securityweekly.com/asw for all the latest episodes!

Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!

 

Visit our website: https://www.securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

China blamed for Marriott data breach

500 million customers were impacted. Investigators believe that state-sponsored Chinese hackers are to blame.

Firefox 64 released with a Windows-like task manager

Firefox 64 also comes with support for multi-tab selections and final distrust of all Symantec SSL certificates.

US border agents aren't deleting travelers' data after device searches

In addition, CBP agents also didn't carry out any software-assisted searches for more than seven months because a manager forgot to renew a license agreement.

Hack Naked News #200 - December 11, 2018

This week, Google+ flaw leads Chocolate Factory to shut down early, 40,000 credentials for government portals found online, one tweak that can save you from NotPetya, ESET discovers 21 new Linux malware variants, and how this Phishing Scam group built a list of 50,000 execs to target! Jason Wood from Paladin Security joins us for expert commentary on how Microsoft is calling for facial recognition tech regulation!

 

Full Show Notes: https://wiki.securityweekly.com/HNNEpisode200

Visit https://www.securityweekly.com/hnn for all the latest episodes!

Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

For the fourth month in a row, Microsoft patches Windows zero-day used in the wild

Microsoft also fixes 38 other security bugs, 9 of which are rated "Critical."

Android malware steals money from PayPal accounts while users watch helpless

Android trojan waits for users to enter PayPal credentials and two-factor security code before triggering money transfers.

Super Micro says external security audit found no evidence of backdoor chips

Super Micro sends a letter to customers with the results of a third-party security audit.

Over 40,000 credentials for government portals found online

Malware operators have collected login credentials for government portals in Italy, Saudi Arabia, Portugal, Bulgaria, Romania, more.

Coming Together - Business Security Weekly #110

This week, Matt and Paul interview Brian Carey, Senior Security Consultant at Rapid7! Brian talks about emerging trends that he is seeing with his clients, and how they impact their clients’ security programs, including maturity, roadmap, and recommendations! In the Leadership Articles, Matt and Paul discuss how to collaborate with people you don’t like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

To learn more about Rapid7, go to: www.rapid7.com/securityweekly

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Visit https://www.activecountermeasures/bsw to sign up for a demo or buy our AI Hunter!

 

Visit our website: https://www.securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

Attackers scan for Ethereum wallets and mining rigs that have carelessly exposed port 8545 on the Internet.

Google+ hit by second API bug impacting 52.5 million users

Google moves Google+ sunset date forward, from August 2019 to April 2019.

Half of the Tor Project's funding now comes from the private sector

Tor Project reports $4.2 million income in 2017, of which only 51 percent came from government funds.

Android adware tricks ad networks into thinking it's an iPhone to make more money

New Android adware discovered in 22 apps downloaded over two million times.

Cybercrime and malware, 2019 predictions

Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

The Bleeding Edge - Paul's Security Weekly #585

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! In our first Technical Segment, we welcome Marcello Salvati, Security Consultant at BHIS, to talk about SILENTTRINITY, a post-exploitation agent powered by Python, IronPython, C#/.NET! In our second Technical Segment, we air a pre-recorded interview of Lenny Zeltser, VP of Products at Minerva! Lenny will be discussing Evasion Tactics in Malware from the Inside Out!

 

Full Show Notes: https://wiki.securityweekly.com/Episode585

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

To look more into SILENTTRINITY, go to: https://github.com/byt3bl33d3r/SILENTTRINITY

 

Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Those annoying sextortion scams are redirecting users to ransomware now

Sextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.

Senator blasts FTC for failing to crack down on Google's ad fraud problems

US Senator says Google is profiting off advertising fraud and has no interest in addressing it.

DHS looking into tracking Monero and Zcash transactions

DHS has had great success with tracking and analyzing Bitcoin transactions already. They are now looking for similar solutions for tracking "privacy coins."

OpSec mistake brings down network of Dark Web money counterfeiter

European law enforcement conducts 300 house searches and makes 235 arrests.

Marriott to reimburse some guests for new passports after massive data breach

Hotel chain responds to US senator. Says it will foot the bill for some users' passport replacement costs.

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks

Cybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.

Industrial espionage fears arise over Chrome extension caught stealing browsing history

Company test runs own traffic analysis service and finds malicious Chrome extension in its own backyard. Ooops!

ESET discovers 21 new Linux malware families

All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.

Light Years - Enterprise Security Weekly #118

This week, Paul and John Strand interview Mike Nichols, the VP of Product for Endgame! Mike joins us to talk about the MITRE evaluation of Endgame, Open-Source Query Language EQL, and more! In the Enterprise Security News, Ixia extends collaboration with ProtectWise, Ping Identity brings in New Customer Identity as a service solution, Fortinet introduces new security automation capabilities on AWS, Yubico announces YubiHSM 2 integration with AWS IoT Greengrass, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode118

Visit https://www.securityweekly.com/esw for all the latest episodes!

 

To learn more about Endgame, go to: www.endgame.com

Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Twelve US states join for the first time to file multistate data breach lawsuit

Lawsuit details a long list of security fails on MIE's part.

A botnet of over 20,000 WordPress sites is attacking other WordPress sites

Botnet is still up and running but law enforcement has been notified.

BeatStars discloses security breach in Twitter live stream

BeatStars website mass-defaced after hacker intrusion. Website back up and running again.

Adobe releases out-of-band security update for newly discovered Flash zero-day

Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.