Information Security Podcasts

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast: ISC StormCast for Friday, February 7th 2020

Fri, 07 Feb 2020 03:55:02 +0000

Criticial Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705

Hacker Public Radio: HPR3005: Is ActivityPub Paving The Way to Web 3.0?

Fri, 07 Feb 2020 00:00:00 +0000

The ActivityPub Conference of 2019 was held in Prague. This is about a talk raising a suggestion that ActivityPub might be a way to implement Web 3.0. https://www.zwilnik.com/?page_id=1081

The CyberWire: Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.

Thu, 06 Feb 2020 19:36:55 +0000

Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.’s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The Gamaredon Group is active, against, against Ukrainian targets. Charming Kitten’s been phishing. And there’s a new legal theory out and about: the pain-in-the-ass defense. (We know some colleagues who’d plead to that.) Justin Harvey from Accenture on DNS over HTTPS (DoH). Guest is Peter Smith from Edgewise Networks on defending against Python attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_06.html

Support our show

CYBER: The Truths Behind UFOs, and The App That Blew Up The Iowa Caucus

Thu, 06 Feb 2020 12:00:00 +0000

On this week's CYBER Cipher, we have Breaking News about the app that delayed the Iowa Caucus results, how it was made, and the company that made it.

But first: it’s finally here. And I know it’s slightly off brand, But. I. Do. Not. Care. Because, who needs cybersecurity when aliens could exist? THEY COULD INVADE? Whatever they are or could be, here at Motherboard we have one of the best reporters on the UFO beat on the planet, MJ Banias. And recently he’s done some groundbreaking reporting on, well, aliens. But he’s done it in such a way that has peaked the interest of skeptics and made something that is normally thought to be conspiracy theory fodder, something to take seriously.

For information regarding your data privacy, visit acast.com/privacy

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast: ISC StormCast for Thursday, February 6th 2020

Thu, 06 Feb 2020 03:45:03 +0000

Fake Browser Updates installing NetSupport RAT
https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/

Hacker Public Radio: HPR3004: Fixing simple audio problems with Audacity

Thu, 06 Feb 2020 00:00:00 +0000

Overview

I recorded the audio for the show I did with MrX in late 2019: 2972 “The_foot_of_the_ski_slope”. I was using my Zoom H2n recorder in my car, on a small tripod placed on the dashboard. Something about this setup caused the result to be very boomy and (to me) unpleasant to listen to. This episode is about what I did for a cure, after some research.

I have also been using the ‘Truncate Silence’ effect in Audacity incorrectly in the past, and I used the opportunity to learn how to do a better job with it.

Now, I am well aware that there are some skilled and experienced Audio Engineers out there in HPR-land. I am certainly not one of these, though I quite enjoy fiddling with audio to make it sound better. I’d like to make two requests:

If I didn’t do a good job, please tell me what I did wrong here, and how I should have done it.
Think about doing a show (or shows) on HPR about how to deal with common audio problems. For example: how to remove a mains hum, the use of compression and normalisation.

Long notes

A longer form of these notes may be found here (full_shownotes.html). These go into more detail on the steps I took to try and make the audio for show 2972 more tolerable.

The CyberWire: Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.

Wed, 05 Feb 2020 21:15:28 +0000

Iowa’s Democrats are still counting their caucus results, but on the other hand they weren’t hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a state voter registration site. Trends in DDoS. Some new strains of ransomware are out in the wild. Spoofed emails may be an Iranian espionage effort. And the confessed Ninendo hacker cops a plea. Craig Williams from Cisco Talos with updates on Emotet. Guest is Kurtis Minder from GroupSense on the Pros and Cons of notifying breached companies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_05.html

Support our show

Threatpost: Critical Cisco ‘CDPwn’ Protocol Flaws Explained: Podcast

Wed, 05 Feb 2020 16:00:56 +0000

The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities.

Packet Pushers Podcast Network (OLD): Day Two Cloud 034: Everything As Code – Including Documentation

Wed, 05 Feb 2020 15:44:23 +0000

One key idea for automation and cloud is "everything as code." That includes networking, infrastructure, and documentation. Yes, documentation. On today's Day Two Cloud episode we dive into how to get beyond using Microsoft Office as your infrastructure management strategy. Our guest is William Collins, a cloud architect at a large healthcare company.

The post Day Two Cloud 034: Everything As Code – Including Documentation appeared first on Packet Pushers.

Paul's Security Weekly: Double-Edged Swords - BSW #161

Wed, 05 Feb 2020 10:00:00 +0000

This week, we welcome David Starobinksi, Professor, Department of Electrical and Computer Engineering at Boston University, to discuss the changes in network communications in both the wireless and IoT world! In the Leadership and Communications segment, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, How to Build Trust with Business Partners from Other Cultures, and For zero trust to work, machines and humans require identities, and more!

�

Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Visit https://www.securityweekly.com/bsw for all the latest episodes!

�

Like us on Facebook: https://www.facebook.com/secweekly

Brakeing Down Security Podcast: 2020-004-Marcus Carey, ShmooCon Report, threat simulation

Wed, 05 Feb 2020 06:22:53 +0000

Marcus Carey https://twitter.com/marcusjcarey

Prolific Author, Defender, Enterprise Architect at ReliaQuest

https://twitter.com/egyp7

https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950

“GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”

Security model - everyone’s is diff

How do you work with your threat model?

A proper threat model

Attack Simulation -

How is this different from doing a typical Incident Response tabletop? Threat modeling systems?

How is this different than a pentest?

Is this automated red teaming? How effective can automated testing be?

Is this like some kind of constant scanning system?

How does this work with threat intel feeds?

Can it simulate ransomware, or any attacks?

Hedgehog principles

A lot of things crappily, and nothing good

Mr. Boettcher: “Why suck at everything…”

Atomic Red Team - https://github.com/redcanaryco/atomic-red-team

ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/

Tribe of Hackers

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book

The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more

Learn what it takes to secure a Red Team job and to stand out from other candidates
Discover how to hone your hacking skills while staying on the right side of the law
Get tips for collaborating on documentation and reporting
Explore ways to garner support from leadership on your security proposals
Identify the most important control to prevent compromising your network
Uncover the latest tools for Red Team offensive security

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street.

Get the scoop on the biggest cybersecurity myths and misconceptions about security
Learn what qualities and credentials you need to advance in the cybersecurity field
Uncover which life hacks are worth your while
Understand how social media and the Internet of Things has changed cybersecurity
Discover what it takes to make the move from the corporate world to your own cybersecurity venture
Find your favorite hackers online and continue the conversation

https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book

(Next out!)

Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including:

What’s the most important decision you’ve made or action you’ve taken to enable a business risk?
How do you lead your team to execute and get results?
Do you have a workforce philosophy or unique approach to talent acquisition?
Have you created a cohesive strategy for your information security program or business unit?

https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book

(OUT SOON!)

Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises.

Discover what it takes to get started building blue team skills
Learn how you can defend against physical and technical penetration testing
Understand the techniques that advanced red teamers use against high-value targets
Identify the most important tools to master as a blue teamer
Explore ways to harden systems against red team attacks
Stand out from the competition as you work to advance your cybersecurity career

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Security Now (MP3): SN 752: The Little Red Wagon

Wed, 05 Feb 2020 02:31:12 +0000

This Week's Stories:

- L1D Eviction Sampling becomes "CacheOut"
- Only one final version of Windows?
- Windows 7 and the Free Software Foundation
- Windows 7's final patch broke wallpaper stretching
- RCE Exploit for Windows RDP Gateway Demoed by Researcher
- Google more than doubles its own bug bounty record
- The return of Roskomnadzor!
- Facebook DID get fined, but not by Russia
- who exactly owns our biometric data?
- Avast Jumpshot missed the hoop
- An Update on the WireGuard VPN in the Linux kernel
- In this week's Best Hack of the New Decade... a little red wagon

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Risky Business: #571 -- Is Joshua Schulte The Shadow Brokers?

Wed, 05 Feb 2020 00:00:00 +0000

On this week’s show Patrick and Adam discuss the week’s security news, including:

Iowa app falls over, social and mainstream media chaos ensues
Twitter acknowledges state-backed API abuse
CDA 230 under review. Uh oh.
Toll Group ransomware
ICS-compatible ransomware spotted in wild
UN got owned pretty hard
Is Joshua Schulte The Shadow Brokers? A theory
Much, much more.

This week’s show is brought to you by Okta.

Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The Iowa Caucus Tech Meltdown Is a Warning | WIRED
Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ
Twitter says an attacker used its API to match usernames to phone numbers | ZDNet
Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger
Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice
The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society
Encryption laws not used to fight terrorism - InnovationAus
Toll Group confirms "targeted" ransomware attack - Security - iTnews
Toll IT Systems Update | Toll Group
(24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter
(24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter
Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
Mysterious New Ransomware Targets Industrial Control Systems | WIRED
The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps
UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register
Iranian hackers target US government workers in new campaign | ZDNet
As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower
Trial of Accused 'Vault 7' Leaker Opens in New York
Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice
Three suspects arrested in Maltese bank cyber-heist | ZDNet
Raytheon engineer arrested for taking US missile defense data to China | ZDNet
DOD contractor suffers ransomware infection | ZDNet
Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet
Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security
FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE
Anti-virus firm Avast shuts down its data-selling subsidiary
Department of Interior grounding drone fleet over cybersecurity concerns
Google open-sources the firmware needed to build hardware security keys | ZDNet
Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet
Why direct-memory attacks on laptops just won't go away
Facebook settles facial recognition lawsuit for $550 million
Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System
London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica
(15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter
(15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter
Spotlight shone on Microsoft Azure vulnerability | The Daily Swig
Magento fixes trio of critical security flaws | The Daily Swig
Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica
An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED
Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet
Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet

Paul's Security Weekly: Squished & Vaporized - SCW #16

Tue, 04 Feb 2020 22:00:00 +0000

This week, we welcome Chris Roberts, CSS of Attivo Networks! You are hedging your bets, hoping that someone else gets breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached!

�

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Visit https://www.securityweekly.com/scw for all the latest episodes!

�

Like us on Facebook: https://www.facebook.com/secweekly

The Privacy Advisor Podcast: : Why the ICO's new children's code could be a 'game changer'

Tue, 04 Feb 2020 16:10:13 +0000

In January, the U.K. Information Commissioner's Office released its proposed "Age Appropriate Design Code" aimed at protecting children's privacy online. The code, which will require parliamentary approval, outlines 15 standards online services should follow. It also provides guidance on data protection safeguards aimed at ensuring online services are appropriate for children's use. In this episode of The Privacy Advisor Podcast, Playwell's Linnette Attai talks to host, Angelique Carson, CIPP/US, about what the code means for companies who cater to children, and even more importantly, those who traditionally haven't but may be covered under the new rules.�

Down the Security Rabbithole Podcast: DtSR Episode 381 - 5G Security Implications

Tue, 04 Feb 2020 13:35:25 +0000

Welcome friends and fans!

This week we go down the rabbithole with Russell Mohr of MobileIron as we talk about the security implications for 5G. The new standard unleashed upon the American consumer (but more importantly on the commercial market) is changing mobile communication and connectedness.

About the guest...

Russell Mohr is an expert in 5G and mobile technology, with a wide breadth of expertise in other areas as well. Apparently during the early part of the interview, he was attacked by a dog that tried to eat him (I may be guessing, but that's what it sounded like).

LinkedIn: https://www.linkedin.com/in/russmohr/

Big thanks to Becca Chambers for setting this up, and lining up another future guest too!

Unsupervised Learning: : No. 214

Tue, 04 Feb 2020 06:34:53 +0000

London Facial Recognition, Coalfire Freedom, NYT Reporter Spyware, Avast Sells Customer Data, Google's Bounty Program, Kali 2020, Harvard Chemist Espionage, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Packet Pushers Podcast Network (OLD): Tech Bytes: Forward Networks Lets You Query Your Network Like A Database (Sponsored)

Mon, 03 Feb 2020 19:30:56 +0000

On today's Tech Bytes episode, sponsor Forward Networks talks about how it creates a real-time data model of your network that you can query to verify intent, speed troubleshooting, and check configuration changes. We discuss Forward's Network Query Engine (NQE) and its latest feature, In-App NQE. Andi Voellmy, a member of the technical staff at Forward.

The post Tech Bytes: Forward Networks Lets You Query Your Network Like A Database (Sponsored) appeared first on Packet Pushers.

Shared Security Podcast: Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach

Mon, 03 Feb 2020 05:00:03 +0000

In episode 106 for February 3rd 2020: What you need to know about Facebook’s new off-Facebook activity tool, details about the Ring Android app sending user data to third party trackers, and new developments in the Wawa credit card breach. ** Show notes and links mentioned on the show ** Off-Facebook Activity is a Welcome Read more about Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach[…]

The post Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach appeared first on Shared Security Podcast.

Open Source Security Podcast: Episode 181 - The security of SIM swapping

Mon, 03 Feb 2020 00:00:00 +0000

Josh�and Kurt�talk about SIM swapping. What is it, how does it work. Why should you care? There's not a ton you can do to protect yourself, but we go over some of the basic concepts and what to watch out for. It's unfortunate this is still a problem.

Show Notes

Data Security and Privacy with the Privacy Professor: How Biased and Malicious AI Can Do Harm

Sat, 01 Feb 2020 08:00:00 +0000

The Privacy Advisor Podcast: : Podcast: He reached a $550 million settlement with Facebook

Fri, 31 Jan 2020 16:21:16 +0000

It would've been hard to miss the big news this week, news privacy advocates are heralding as a major win: Facebook has agreed to settle for $550 million in a class-action lawsuit alleging the company violated Illinois' biometric privacy law when it used facial recognition software to suggest users "tag" faces in photos they'd uploaded to the site. In this episode of the podcast, Jay Edelson, one of the plaintiff's attorneys who argued the case, talks about why he's "enormously proud" of what is " easily the largest cash privacy settlement in our nation's history" and why this is a good settlement for members of the class.�

The Privacy, Security, & OSINT Show: 155-Loyalty Programs, The Census, & Another Breach Search

Fri, 31 Jan 2020 15:36:32 +0000

EPISODE 155-Loyalty Programs, The Census, & Another Breach Search This week, I talk about privacy considerations with the upcoming census, more concerns about grocery loyalty cards, and a new breach search service which allows query by domain. Support for this show comes directly from my new books Extreme Privacy and Open Source Intelligence Techniques (7th Edition). More details can be found at https://inteltechniques.com/books.html. Listen to ALL episodes at https://inteltechniques.com/podcast.html SHOW NOTES: INTRO: https://www.latimes.com/business/story/2020-01-21/ralphs-privacy-disclosure UPDATES: Listener Questions about podcasting https://www.blackhat.com/us-20/training/schedule/index.html#open-source-intelligence-techniques-18896 THE CENSUS: https://2020census.gov/en/about-questions.html OSINT: https://files.mine.terorie.dev/yt/ https://services.normshield.com/data-breach/cnn.com Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf Affiliate Links: VPN Considerations: https://inteltechniques.com/vpn.html ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519 ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519 PIA: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo Amazon: https://amzn.to/339avqo Silent Pocket: https://silent-pocket.com/discount/IntelTechniques Privacy.com: http://privacy.com/inteltechniques Fastmail: https://ref.fm/u14547153

Shared Security Podcast: Voting by Smartphone, Jeff Bezos Hacked, Microsoft Security Breach

Fri, 31 Jan 2020 05:00:08 +0000

In episode 96 of our monthly we discuss the controversy of voting by smartphone in our elections, the Jeff Bezos hacking incident, and the recent Microsoft support security breach. ** Show notes and links mentioned on the show ** Seattle-Area Voters To Vote By Smartphone In 1st For U.S. Elections https://www.npr.org/2020/01/22/798126153/exclusive-seattle-area-voters-to-vote-by-smartphone-in-1st-for-u-s-elections Saudi Prince Allegedly Hacked Read more about Voting by Smartphone, Jeff Bezos Hacked, Microsoft Security Breach[…]

The post Voting by Smartphone, Jeff Bezos Hacked, Microsoft Security Breach appeared first on Shared Security Podcast.

CYBER: Drugs, Cannibals, and Identity Theft: The Truth Behind The Dark Web

Thu, 30 Jan 2020 12:00:00 +0000

The Dark Web has been around for as long as the internet has existed, but most people still don't know what it actually is. From easily obtained illicit drugs to rumors of cannibalism and human trafficking, it's been difficult for the average person to separate fact from fiction. On this week's Cyber, we've invited VP of Research at Terbium Labs and Dark Web expert Emily Wilson to talk us through what the Dark Web actually is, a few of its most infamous websites, and how it's a part of more people's everyday lives.

For information regarding your data privacy, visit acast.com/privacy

Brakeing Down Security Podcast: 2020-003- Liz Fong Jones, tracking Pentesters, setting up MFA for SSH, and Developer Advocates

Thu, 30 Jan 2020 06:50:36 +0000

What is Honeycomb.io?

From the site:

“Honeycomb is a tool for introspecting and interrogating your production systems. We can gather data from any source—from your clients (mobile, IoT, browsers), vendored software, or your own code. Single-node debugging tools miss crucial details in a world where infrastructure is dynamic and ephemeral. Honeycomb is a new type of tool, designed and evolved to meet the real needs of platforms, microservices, serverless apps, and complex systems.”

SSH 2FA gist https://gist.github.com/lizthegrey/9c21673f33186a9cc775464afbdce820

Honeycomb.io for digging into access logs & retracing what pentesters do.

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Risky Business: Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws

Thu, 30 Jan 2020 00:00:00 +0000

In this edition of the Soap Box podcast we’re joined by Zane Lackey, a co-founder of Signal Sciences.

Signal Sciences makes, in essence, a “next generation” Web Application Firewall, or WAF. Signal Sciences is a pretty well-established startup these days with a zillion customers, so he has some real insight into what’s happening out there in webapp land.

In this conversation he has some really interesting things to say: First, there’s a rush to Azure happening right now. It has become the platform of choice for all sorts of organisations.

He also has some really interesting things to say about how to protect web applications from logic flaws. Some simple ideas that should really help lock things down.

Enjoy!

Security Now (MP3): SN 751: SHAmbles

Wed, 29 Jan 2020 01:37:02 +0000

This Week's Stories:

Is Apple actually encrypting our iCloud storage backups?
250 Million Microsoft Customer Support Records Exposed Online
New York state is aiming to ban the use of public funds for Ransomware
New Muhstik Botnet Attacks Target Tomato Routers
Chrome under attack from browser extensions
Firefox under attack from browser extensions
NIST publishes a new Privacy Framework
Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
A Welcome "Micro Patch" for the Windows IE jscript.dll 0-day vulnerability
SHA-1 is a Shambles.

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsor:

privacy.com/securitynow

Down the Security Rabbithole Podcast: DtSR Episode 380 - Gadi Tells It Like It Is

Tue, 28 Jan 2020 05:00:00 +0000

Welcome to episode 380 of the DtSR Podcast.

We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back in his start discussion of our industry. We virtually guarantee this will quickly be your favorite episode...or at least your top 5.

Highlights from this week's episode include...

Gadi unloads on the 'attackers in the spotlight' nature of security conferences
Gadi & Raf chat about 25 years of incidents and what it's leading up to
Gadi is clearly not a fan of "Just do the basics"
Raf & Gadi decide we're clearly going to have to do this again...

Guest

Gadi Evron ( @gadievron ) - https://www.linkedin.com/in/gadievron/

Unsupervised Learning: : No. 213

Mon, 27 Jan 2020 16:58:14 +0000

Saudi Bezos Hack, MIT Davos AI, Moar Energy Attacks, NIST Privacy, Ohio CISO, Microsoft Data Breach, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Support the show.

Open Source Security Podcast: Episode 180 - A Tale of Two Vulnerabilities

Mon, 27 Jan 2020 01:01:06 +0000

Josh�and Kurt�talk about two recent vulnerabilities that have had very different outcomes. One was the Citrix remote code execution flaw. While the flaw is bad, the handling of the flaw was possibly worse than the flaw itself. The other was the Microsoft ECC encryption flaw. It was well handled even though it was hard to understand and it is a pretty big deal. As all these things go, fixing and disclosing vulnerabilities is hard.

Show Notes

The Privacy, Security, & OSINT Show: 154-This Week in Privacy, Security, & OSINT

Fri, 24 Jan 2020 15:27:44 +0000

EPISODE 154-This Week in Privacy, Security, & OSINT This week I discuss router feedback from the last show, the latest privacy news, and a new OSINT tip. Support for this show comes directly from my new books Extreme Privacy and Open Source Intelligence Techniques (7th Edition). More details can be found at https://inteltechniques.com/books.html. Listen to ALL episodes at https://inteltechniques.com/podcast.html SHOW NOTES: PRIVACY NEWS: Router Feedback https://protonvpn.com/blog/open-source https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT https://www.nytimes.com/2020/01/22/technology/jeff-bezos-hack-iphone.html https://simplelogin.io/ OSINT: https://leakpeek.com Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf Affiliate Links: VPN Considerations: https://inteltechniques.com/vpn.html ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519 ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519 PIA: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo Amazon: https://amzn.to/339avqo Silent Pocket: https://silent-pocket.com/discount/IntelTechniques Privacy.com: http://privacy.com/inteltechniques Fastmail: https://ref.fm/u14547153

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec: Defensive Security Podcast Episode 244

Tue, 21 Jan 2020 01:08:25 +0000

https://www.securityweek.com/attacker-installs-backdoor-blocks-others-exploiting-citrix-adc-vulnerability https://www.securityweek.com/court-approves-equifax-data-breach-settlement https://www.infosecurity-magazine.com/news/equifax-breach-settlement-could/ https://www.natlawreview.com/article/ico-issues-fine-against-national-retailer-security-failings

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec: Defensive Security Podcast Episode 243

Mon, 13 Jan 2020 21:46:51 +0000

https://www.irishtimes.com/news/crime-and-law/courts/high-court/firm-being-blackmailed-by-hackers-for-6m-obtains-irish-court-injunction-1.4128069 https://inews.co.uk/inews-lifestyle/travel/travelex-hack-cyber-attack-ransomware-sodinokibi-travel-money-uk-firm-data-breach-explained-1358454 https://securityaffairs.co/wordpress/96046/hacking/microsoft-rdp-brute-force-study.html https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/

The Social-Engineer Podcast: Ep. 125 - Using Deception Detection Techniques Daily with William Ortiz

Mon, 13 Jan 2020 08:00:00 +0000

In Episode 125, host Chris Hadnagy speaks with William Ortiz, a federal polygraph examiner who worked in the FBI for decades. In this discussion, you’ll learn how the polygraph works, how people try to fool the polygraph, and what agents and attorneys are really after when they receive the results of a polygraph examination. You’ll also hear some tips and tricks about deception that can inform your everyday interactions.

3 Key Points:

Polygraph is a tool alongside non-verbals and behavior analysis questions to determine whether someone is telling the truth.
Being nervous is part of taking the polygraph test. Being nervous will not affect the test, but helps to establish your baseline.

3. When you ask someone a question, pay attention to whether they answer it. Then ask more questions to see where they lead.

Security Through Education: Ep. 125 – Using Deception Detection Techniques Daily with William Ortiz

Mon, 13 Jan 2020 05:02:54 +0000

The post Ep. 125 – Using Deception Detection Techniques Daily with William Ortiz appeared first on Security Through Education.

Speaking in Tech: #340 - Bricked

Wed, 08 Jan 2020 17:15:38 +0000

This week, Melissa (@solutiongeek) and Peter (@PeterSmallbone) are joined by Tara Kelly (@TKtechnow), CEO and Founder of Splice Software (@SPLICESoftware). The trio talk about Google's tax woes, Amazon's initiatives to help homeless people in Seattle - as well as the startup scene in that city, Sonos's controversial new trade-in process, using AI for breast cancer diagnosis, LibreOffice's first decade, how Splice Software can help customers and more!

00:00 Christmas, waxworks and Star Wars
02:24 Introducing Tara... and a bit more Star Wars
03:39 Google's Double Irish and Dutch Sandwich are off the menu
08:15 Gimme shelter, Amazon
12:47 Seattle's stupendous startups
16:45 Sonos says 'brick me'
27:11 AI is best for breast
33:40 LibreOffice chalks up ten years
36:23 Tara talks Splice Software
48:24 Next week's plans

Data Security and Privacy with the Privacy Professor: Diving into the Dark Net

Sat, 04 Jan 2020 08:00:00 +0000

Speaking in Tech: #339 - Must have more Disruption

Tue, 24 Dec 2019 08:00:00 +0000

In the second of a very special two-part episode, Peter Smallbone (@petersmallbone) reports on the world of tech startups at TechCrunch Disrupt Berlin 2019. Please note this is a live event recoring and audio quality will be affected by that.

00:00:00 Intro
00:00:10 Innovative apps for NASA and others with Charlie Regis (@CharlieRegis), Co-Founder, Styliff Tech (@stylifftech / https://styliff.com)
00:06:19 Wearable technology to prevent industrial injuries with Matthew Hart, Founder, Soter Analytics (@SoterAnalytics / https://www.soteranalytics.com)
00:15:57 Software development for cloud computing, mobile apps, IoT and BLE with Grzegorz Kapusta (@gkapusta), CEO and Piotr Herstowski, Business Development Lead, Polidea (@polidea / https://www.polidea.com)
00:22:33 Data labelling for AI with Lars Wulfken (@wulfskin), VP Product, Canotic (@canoticai / https://canotic.com)
00:33:01 Hyperlocal video streaming with Christian Walther, Director Product, Joyn (@JoynDeutschland / https://www.joyn.de)
00:36:51 Automated cloud security with Manuela Ticudean, Co-Founder, Cyscale (@cyscale / https://www.cyscale.com)
00:42:14 Financial wellbeing with Alexander Brouwer (@alexanderbrwr), Founder and CEO and Veronica Fresneau (@verofresneau), Head of Marketing and Communications, Vive (@Vive_App / https://www.viveapp.com)
00:49:18 Winners of Startup Battlefield announced!

�

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.: Episode 47 - Cookies and California, Businesses Beware

Mon, 23 Dec 2019 00:00:00 +0000

Cookies in the internet sense are packets of data that a persons’ computer receives when visiting a website. Without a cookie sent by an online retailer, every time one moves to a different page on a site, the visitor would need once again to supply account data and other information – a terrible burden! But cookies also represent a potential threat, as disguised cookies can install viruses or malware on our computers, and supercookies and zombie cookies pose other threats to personal privacy. Because a cookie can represent a third party that is accessing personal information of someone visiting a website, website owners and operators must consider whether the data streams arising from this use and the sharing with cookie senders amount to activity governed by the CCPA (or other states with similar or evolving data protection laws). William Morriss, an attorney with Frost Brown Todd, LLC who advises numerous tech and other companies about software and internet matters and himself a former computer programmer, explains in this podcast the link between cookies and California and discusses what a business can do to determine its cookie status and comply with the CCPA if required to do so. Make it a New Years Resolution for 2020 to get ahead of the cookie compliance curve so that cookies don’t become commercial indigestion!

Chips with Everything: End of an era: Chips with Everything – podcast

Mon, 16 Dec 2019 06:00:13 +0000

In the final episode of Chips with Everything, Jordan Erica Webber and Alex Hern reminisce about their favourite episodes from the last couple of years. Plus, as the decade draws to a close, the duo discuss their favourite tech stories of the past 10 years. Help support our independent journalism at theguardian.com/chipspod

Crypto-Gram Security Podcast: Crypto-Gram December 15, 2019

Sun, 15 Dec 2019 08:13:00 +0000

In this issue:

Reforming CDA 230
Scaring People into Supporting Backdoors

from the December 15, 2019 Crypto-Gram Newsletter
by Bruce Schneier
read by Dan Henage

Security Through Education: Ep. 124 – Cognitive Energy and Critical Thinking with Dr. Christopher Dwyer

Mon, 09 Dec 2019 13:00:04 +0000

Welcome to another episode of The Social-Engineer Podcast! In Episode 124, host, Chris Hadnagy, interviews Dr. Christopher Dwyer, a psychologist who has been researching critical thinking and cognitive energy throughout his career.

The post Ep. 124 – Cognitive Energy and Critical Thinking with Dr. Christopher Dwyer appeared first on Security Through Education.

The Social-Engineer Podcast: Ep. 124 - Cognitive Energy and Critical Thinking with Dr. Christopher Dwyer

Mon, 09 Dec 2019 08:00:00 +0000

Welcome to another episode of The Social-Engineer Podcast! Host, Christopher Hadnagy, interviews Christopher Dwyer, on this 124th episode. Dr. Dwyer is a psychologist who has been researching critical thinking and cognitive energy throughout his career, including what it means to be a critical thinker. He started his PhD by researching argument mapping, focusing on the structure of arguments and the effect of it on memory performance.

Chris asks Dr. Dwyer how he would define critical thinking. For Dr. Dwyer, the term refers to purposeful, self-regulatory reflective judgment reliant on a number of skills in order to produce a valid conclusion to an argument or a solution to a problem. Dr. Dwyer explains how the term has come to have different meanings across the industry - but the main idea has been that core skills and core dispositions make up critical thinking. Dr. Dwyer is interested in how to enhance people’s critical thinking skills; however, he has found that it is very dependent on context and circumstances. He shares an example of this, comparing findings about critical thinking of traditional students and adult-learning course students. The mature students had worse critical thinking at the beginning of a class yet they improved more than traditional students over time.

Towards the end of the episode, Chris and Dr. Dwyer discuss how humans hate to be wrong, but love to be right. Dr. Dwyer says that this is due to risk aversion - we do not enjoy the things that are detrimental to us and we fear being found wanting. However, it is important to not let our fear stop us from critically thinking well.

Chips with Everything: Grieving in the digital era: Chips with Everything podcast

Mon, 09 Dec 2019 06:00:01 +0000

Jordan Erica Webber looks at how Twitter’s plans to deactivate unused accounts raised a broader conversation around the intersection of technology and death. Help support our independent journalism at theguardian.com/chipspod

Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.: Episode 46 - Finland Leads The Way In The Secondary Use Of Health And Social Care Data

Mon, 18 Nov 2019 00:00:00 +0000

Medical data are considered particularly sensitive personal information. Laws and regulations in most countries, including the USA and throughout Europe, generally aim to restrict sharing such information with the target of building privacy walls around each person’s data. But making such health data available more broadly is key to improved medical care, research and the advance of health science. Finland is the first country known to have adopted an approach to allow third parties to access health data for the purposes of scientific research, drug and health technology development and knowledge-based management in social and health care. Researchers, service developers and other legitimate data users will be able to collect, combine and process data from Finnish registries smoothly and securely. While most data will be anonymized, for particular applications individual identities can be shared. Those seeking access to such information will apply to a central authority that will screen applications to approve legitimate uses of Finland’s substantial database. It will accept applications for access starting in early 2020. Helsinki attorney Markus Myhrberg, member of Lexia explains how this will work in this podcast with the Data Privacy Detective. Markus heads Lexia’s IPR, data protection and marketing practices. The Finnish Act on the Secondary Use of Health and Social Data was adopted on March 13, 2019 and became effective on May 1, 2019. The text of the Act is available in Finnish, in Swedish and in English).

DevelopSec: Developing Security Awareness: Ep. 116: Chrome Retires XSS Auditor

Fri, 15 Nov 2019 16:59:26 +0000

It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer?��

https://www.chromium.org/developers/design-documents/xss-auditor

For more info go to�https://www.developsec.com�or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

�DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

Crypto-Gram Security Podcast: Crypto-Gram November 15, 2019

Fri, 15 Nov 2019 07:12:00 +0000

In this issue:

Calculating the Benefits of the Advanced Encryption Standard
Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors
Technology and Policymakers

from the November 15, 2019 Crypto-Gram Newsletter
by Bruce Schneier
read by Dan Henage

DevSecOps Podcast Series: How to Engage 4000 Developers in One Day

Thu, 14 Nov 2019 18:17:36 +0000

When Derek Weeks and I started All Day DevOps in 2016, we were unsure as to whether anyone would be interested.It's now four years later. Last week we had close to 37,000 people register for the event. We're still trying to wrap our head around the scale of something that generates a world wide audience in the tens of thousands for a 24 hour conference. One of the things that has grown organically from All Day DevOps is a concept called "Viewing Parties". It's an idea the community has created, not something planned by us. Over 170 organizations, meetups or user groups around the world setup a large screen and invited colleagues and friends over to share in the DevOps journeys that were being told throughout the day. Last year, we heard through the grapevine that State Farm had over 600 people show up to participate at their viewing party in Dallas. That's 600 people internally at State Farm. When I heard about it, I knew I had to speak with Kevin ODell, Technology Director and DevOps Advocate at State Farm, the person who coordinated the event. Our initial conversation was a fascinating view into how he pulled off such a large event, internally. We kept in touch throughout the year, leading up to 2019 All Day DevOps. Keeping track of the registrations for Kevin, he soon came to realize what he had created was now a viral event at State Farm. For 2019, State Farm had 4000 of their 6000 developers confirmed to attend All Day DevOps. To me, that's just remarkable. While at the DevOps Enterprise Summit last month, Kevin and I sat down to talk about how he created such an incredible event, the process for getting business buy-in, and how he measures the value of letting 4000 developers collectively watch videos for the day. Even if I wasn't one of the co-founders of All Day DevOps, I'd find this a fascinating story. Stay with us and I think you'll be impressed, too.

DevelopSec: Developing Security Awareness: Ep. 115: Is CSRF Really Dead?

Wed, 06 Nov 2019 12:27:21 +0000

In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead?

For more info go to�https://www.developsec.com�or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

�DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

DevSecOps Podcast Series: Code Rush, DevOps and Google: Software in the Fast Lane

Thu, 17 Oct 2019 20:14:15 +0100

Shortly after watching the documentary, Code Rush, I met with Tara Hernandez, the hockey stick carrying lead of the Netscape project that was being documented. We sat down at the Jenkins World Conference in San Francisco to talk about the effect that project had on her career, what she has been doing since with her position at google, and what she hopes to be working on in the coming years. We started our conversation by exploring the relationship between the Netscape project in 1998 and the current state of DevOps. Would DevOps have made a difference... the answer might surprise you.

Cisco TAC Security Podcast Series: TAC Security Podcast #55 - Firepower 6.4 and Other Ramblings

Mon, 13 May 2019 14:00:00 +0100

The podcast team welcomes two fellow NGFW Technical Leader newcomers to the program in Foster Lipkey and Justin Roberts. From the Cisco office in Maryand, we discuss new feature and changes in the Firepower 6.4 release as well as some upcoming news about Cisco Live 2019 in San Diego.

Exploring Information Security - Timothy De Block: The Final Episode

Thu, 07 Mar 2019 01:10:16 +0000

This isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it took this long to record a final episode tells me that it was time. I wrote about my reasoning in a blog post on the main page. This may or may not be the end. That largely depends on if someone would like to pick up the podcast and produce it themselves. I’d love to guide and mentor someone on the journey. The podcast has been beneficial to me and the many people who have reached out providing appreciative feedback. I’d love to see it continue. I’m also content that this is the end of the podcast. I will be at BSides Nashville shooting pictures and very likely be at DEFCON manning the Social Engineering door. Come see high or reach out to me on social media (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com).

Packet Pushers - Priority Queue: PQ 162: Edge Compute Use Cases And Juniper’s Contrail Edge Cloud (Sponsored)

Thu, 21 Feb 2019 19:39:19 +0000

On today Priority Queue podcast, sponsor Juniper walks us through use case for its Contrail Edge Cloud software. We also cover the deployment and operation of this software solution. Our guest is Nick Davey, Product Line Manager at Juniper.

The post PQ 162: Edge Compute Use Cases And Juniper’s Contrail Edge Cloud (Sponsored) appeared first on Packet Pushers.

Exploring Information Security - Timothy De Block: What is Emotet?

Mon, 14 Jan 2019 01:00:00 +0000

Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are the two guys I go to for clicking on suspicious links. Recently, I’ve been seeing more Emotet. So, I wanted to have the guys on to talk about the malware that is making a comeback. The CFP is open for Converge Conference. The conference is May 16 and 17. They’ll have one day for blue team topics and one day for red team topics. Make sure to submit your malware related talk topics. Also make sure to check out MiSec if you’re in Michigan.

The Southern Fried Security Podcast: Episode 100: Episode 208 - All Good Things...

Fri, 11 Jan 2019 21:22:33 +0000

It's been 9 years and over 210 different content items since we started this thing in January of 2010.� As much as we hate it we feel it's time to end this project and start thinking about What Comes Next.

Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content.� We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that.

All of us would like to thank all of you for your support over the last 9 years.� This started as just something Andy, Steve, and Martin did because they 'had things to say and didn't even care if anybody listened' and it's grown into more than any of us could have imagined.� Joseph and Yvette joined them for the ride and added so much color and sparkle in every episode.

Thank you and we hope to be talking to you again.

: January 7, 2019, Episode 406, Show Notes

Mon, 07 Jan 2019 04:54:40 +0000

Episode 406 of The CyberJungle is about 29 minutes long. The DarkWeb seglent with XYPRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec starts at 12:00. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear […]

The CyberJungle : Episode406: * Around The Corner: Life After Google, by George Gilder * DarkWeb: XYRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec * Hacking attacks on your router: Why the worst is yet to come * It’s time for Apple to stop playing it safe * Meet the new Diet iPhone: Could a fresh formula boost Apple's bottom line?

Mon, 07 Jan 2019 03:30:00 +0000

Packet Pushers - Priority Queue: PQ 161: Inside Juniper’s Programmable Silicon (Sponsored)

Thu, 13 Dec 2018 19:39:39 +0000

Today's Priority Queue dives into Juniper's programmable Penta ASIC in this sponsored episode. Guest Chang-Hong Wu shares details on how the Penta ASIC works and discusses the future of silicon design for networking.

The post PQ 161: Inside Juniper’s Programmable Silicon (Sponsored) appeared first on Packet Pushers.

: October 31, 2018, Episode405, Show Notes

Thu, 01 Nov 2018 01:32:42 +0000

Episode 405 of The CyberJungle is about 30 minutes long. The interview with Tim Medin, Founder of Red Siege on keep it simple secure starts at about 12:00. The interview with Joe McManus, the CISO of cloud patching start-up Automox begins at about 22:20. You may download the file directly – great for listening on […]

The CyberJungle : Episode405: * SANS Netword Security: EXCLUSIVE-Tim Medin, Founder of Red Siege * PFIC2018: EXCLUSIVE-Joe McManus, CISO Automox * 0day: Embedded vids in MSFTOffice docs can hide malware * Deloitte: CEO and Board Risk Management Survey * DarkWeb: Laptop-Carrying Fed Infects Gov Network

Wed, 31 Oct 2018 23:30:00 +0000

The Southern Fried Security Podcast: Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon

Fri, 31 Aug 2018 20:06:07 +0100

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released.� "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: �https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

Cisco TAC Security Podcast Series: TAC Security Podcast #54 - A Discussion on Cisco Encrypted Traffic Analytics (ETA) with the Experts

Wed, 01 Aug 2018 14:00:00 +0100

In the Cisco Live US 2018 speaker room: The podcast team steals a few minutes from Cisco ETA and Stealthwatch experts Matt Robertson and Darrin Miller to discuss the basics of the technology and how it is helping organizations in detecting malicious content in network traffic as it increasingly goes dark (becomes encrypted).

Virtualization Security Roundtable: #191 - Grey Market

Thu, 15 Feb 2018 15:31:27 +0000

Virtualization Security Roundtable: #190 - Treasure Troves

Wed, 03 Jan 2018 13:38:35 +0000

Liquidmatrix Security Digest Podcast: - Episode 73

Mon, 25 Dec 2017 04:01:54 +0000

Episode 0x73

Surprise! Happy Holidays

Are you having a happy holiday? Listen to us and you'll have a happy holiday.

Upcoming this week...

Lots of News
Breaches
SCADA / Cyber, cyber... etc.
finishing it off with DERPs/Mailbag (or Deep Dive)
And there are weekly Briefs - no arguing or discussion allowed

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.

In this episode:

News and Commentary
Breaches
1. Internet Hijacking
2. Free Credit Monitoring from Nissan Finance Canada!
SCADA / Cyber, cyber... etc
1. VMWare has bugs. Who knew?
DERP
1. The person that thought we our recent fail panel was unprofessional
2. Screenshot kernel patch
Mailbag
1. So... what about actually doing this podcast a little more often? Signed: The Internet
Briefly�--�NO ARGUING OR DISCUSSION ALLOWED
1. Enpass
2. Pineapple Fund
3. Die Hard at the Theatre
4. Magic Leap is real... ish
5. Has no link.
Closing Thoughts
1. Seacrest Says: Where the fuck is Matt? Has anyone seen Matt?

�

Creative Commons license: BY-NC-SA

Cyber Chat Podcast: Talking Fraud Trends with Chargebacks911's Monica Eaton-Cardone

Tue, 28 Nov 2017 16:28:24 +0000

It’s been two years since the liability shift around EMV has pushed retailers and financial institutions towards adopting chip-enabled cards and terminals. That shift is also affecting cybercriminals as it is forcing them to move into different areas of fraud, said Monica Eaton-Cardone, the co-founder and COO of Chargebacks911. On this episode of the Cyber Chat, we talk to Monica about the adoption of EMV technology, how organizations can defend against payment card fraud, and how the fraud landscape is changing and will continue to shift in the future.

The Command Line Podcast: 2017-10-22 The Command Line Podcast

Sun, 22 Oct 2017 22:55:17 +0100

This is an episode of The Command Line Podcast.

I talk about the practice of code review, especially when it is challenging.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

The Command Line Podcast: 2017-10-01 The Command Line Podcast

Sun, 01 Oct 2017 23:51:40 +0100

This is an episode of The Command Line Podcast.

I mentioned my new podcasting project for which I have set up a Patreon if you are interested, it will be an interview driven podcast about beer.

In the feature for this episode, I reflect on my experiences being mentored and as a mentor.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Cyber Chat Podcast: Talking the Threat Intelligence Mind Map and How It Can Help Organizations

Tue, 26 Sep 2017 15:24:55 +0100

Threat intelligence covers many different aspects relevant to an organization, including strategic intelligence, operational intelligence, tactical intelligence, digital risk monitoring, and the people and process behind them. Despite being interconnected, they are often viewed individually within organizations, said SurfWatch Labs chief security strategist Adam Meyer. Meyer recently created a mind map to show how those different aspects tie together and should be viewed under one large threat intelligence banner. On this episode of the Cyber Chat, we talk to Adam about the mind map and how it can help organizations better understand threat intelligence. Download the free whitepaper, "Using a Cyber Threat Intelligence Mind Map to Visualize and Improve Your Cybersecurity Program": http://info.surfwatchlabs.com/How-to-Build-CTI-into-Your-Security-Program

Liquidmatrix Security Digest Podcast: - Episode 72

Mon, 22 May 2017 16:18:41 +0100

Episode 0x72

SPECIAL ELECTION EDITION

Vote Dave... please?

Upcoming this week...

We yammer about stuff with no real direction or point.

And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.

DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.

In this episode:

SCADA / Cyber, cyber... etc
1. ETERNALBLUE was being used before wannacry
DERP
1. Hacking Mar-A-Largo... Kinda? Is this legal?
Briefly�--�NO ARGUING OR DISCUSSION ALLOWED
1. https://securityheaders.io/
2. https://www.gofundme.com/crunch-medical-fund
Liquidmatrix Products and Services�-�We do some stuff. Seriously.
1. Advertising�-�pay the bills...
2. 1. Thinking about SecTor this November? Be sure to use the code "liquidmatrix2017" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2017expo" will get you in for $0
  1. Seacrest Says: I can't even remember... something about Kelly.
3. Closing Thoughts

�

Creative Commons license: BY-NC-SA

CyberSpeak's Podcast: HackerNinjaScissors - Lauren Pearce - Journey of a Malware Analyst

Thu, 16 Mar 2017 00:17:09 +0000

HackerNinjaScissors --� With Bret Padres.�www.crypsisgroup.com

Today we talk with Lauren Pearce - a member of the IR team and a malware analyst for Los Alamos National Labs. �Lauren shares with us�her journey to become a malware analyst and talks about the importance of flailing and mentorship.

I have a few free tickets to give out, so let me know if you want free tickets�to the 2017 Incident Response Forum on April 4th, 2017, at the Mayflower Hotel in Washington DC. �

More info here -> incidentresponseforum.com and use Speak100 for $100 off the ticket price.

Crypsis is hiring talented IR consultants!! �Apply on our website: www.crypsisgroup.com

�

CyberSpeak's Podcast: HackerNinjaScissors - Robert M Lee - Cyber Threat Intel

Sat, 04 Feb 2017 08:52:51 +0000

New show in the Feed!

HackerNinjaScissors -- With Bret Padres. www.crypsisgroup.com

New CyberSpeak Podcast reboot in the works. In the mean time check out this new show.

In the inaugural show of HackerNinjaScissors, Bret Padres interviews Robert M Lee.

Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos where he has a passion for control system traffic analysis, digital forensics, and threat intelligence research. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).

Links mentioned in the show:

- dragos.com
- @RobertMLee
- robertmlee.org
- littlebobbycomic.com
- @_LittleBobby
- https://www.amazon.com/Threat-Intelligence-Me-Children-Analysts/dp/1541148819

Data Driven Security: - Episode 30

Tue, 07 Jun 2016 03:22:52 +0100

Episode 30

In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team.

Verizon DBIR

Data Driven Security: - Episode 29

Tue, 10 May 2016 21:15:09 +0100

Episode 29

In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security.

Security, Mobile & Cloud - Caleb Barlow: Innovation Talks: Voices of IBM Security

Mon, 29 Feb 2016 12:30:00 +0000

Today, IBM made a series of announcements, including the planned acquisition of Resilient Systems, Inc., that will aim to provide organizations with a proactive, comprehensive approach to respond to cyber breaches more quickly and effectively across consulting, services and products. With Resilient Systems, a leader in incident response, IBM will be in a position to provide the industry’s first integrated end-to-end Security Operations and Response Platform offering that spans the entire life cycle of an attack, from protection and detection to response. Hear more in this podcast from the team behind the effort.

Security, Mobile & Cloud - Caleb Barlow: Beware: Malware Crossing! Organized Cybercrime Comes to Town

Thu, 04 Feb 2016 16:30:00 +0000

One of the most dominant trends observed in the cybercrime during 2015 was the spread of organized crime groups to new territories.

Using banking Trojans to attack banks in new geographies is a significant step because it is considered to be part of the malware’s evolution. Before they can venture into countries they never targeted before, crime groups have to invest in an adequate preparatory stage that includes reconnaissance of the banking systems in that geography. They also have to build or pay for the major components of amassing a botnet in that area: spam campaigns in the corresponding language using suitable social engineering ploys, web injections to match language and transaction authentication requirements, and local money mules they can rely on for moving the stolen money to the hands of the attackers.

In this podcast we will examine some of the most impactful crossings made by malware in 2015, and unsurprisingly learn that all of them were made by major organized cybercrime groups.

The Risk Science Podcast: Episode 21: Lines of Defense

Fri, 29 Jan 2016 00:46:14 +0000

Episode 21: We catch up once again this the risk nerds. �Alex, Ally, Chris and Jay talk about various goings on and Alex and Chris geek out over Lines of Defense. Episode 21: Lines of Defense

Writing and Ramblings: NSP Microcast – G Data Summit – Natalya Kaspersky

Wed, 14 Oct 2015 11:06:09 +0100

It’s taken me a lot longer than it should have, but I finally got my interview with Natalya Kaspersky, CEO of InfoWatch and former CEO of Kaspersky Labs from the G Data Summit edited and posted. �We talked about the nature of current threats against enterprises (hint: �think APT and nationstate) as well as current […]

Writing and Ramblings: NSPMicrocast – G Data Summit – Dr. Thorsten Holz

Thu, 08 Oct 2015 15:00:25 +0100

A couple of weeks ago at the G Data Summit in Bochum, Germany, I got a chance to talk to Dr. Thorsten Holz, CEO and Director of the Horst Gortz Institute of IT Security at Ruhr University. �Dr. Holz and I talk about the nature of training the next generation of security professionals and how […]

Risky Business: Serious Business #5 -- Kanye 2020, vaccination-free childcare and the EU refugee crisis

Mon, 07 Sep 2015 01:00:00 +0100

Hey everyone and welcome to Serious Business number 5! This is the podcast I do about non infosec related topics. It's less of a professional information security digest and more of an excuse for me to blab with my cohost, comedian Dan Ilic, about serious stuff every few weeks.

WARNING: Contains a fair bit of discussion about Australian politics. You may be permanently scarred after listening.

On this edition of the show we're talking to Dan about a bunch of stuff. Kanye West has apparently announced he's running for president in 2020, we talk about that. We talk about Donald Trump because, wow... just wow...

Then we move on to the depressing stuff, the European refugee crisis. Are the handful of flashpoint images and stories actually going to get people motivated about fixing the wider problem? Or will they result in a few Kickstarters to directly help the affected individuals, absolving donors of their first world guilt? We have a bob each way on that one.

We talk about the vaccination free childcare centre springing up in my 'hood -- geez, what could go wrong there -- and finally we look at the way streaming services are reshaping the media landscape, in particular the types of shows that are being commissioned. Could NetFlix spell the end of high-quality tv news and current affairs?

The Social Media Security Podcast: We’ve Moved!

Mon, 17 Aug 2015 16:30:54 +0100

The Social Media Security Podcast has been recently changed to the Shared Security Podcast. �For details on this move please read this�blog post. �Your current podcast subscription should automatically update via iTunes or other podcast player. �Want to listen or subscribe to old Social Media Security Podcast episodes? Check out our archive page. Show descriptions […]

The post We’ve Moved! appeared first on The Social Media Security Podcast.

Risky Business: Serious Business #4 -- Reclaim Australia, Donald Trump and Ashley Madison

Fri, 24 Jul 2015 01:00:00 +0100

This is the podcast I do for shiggles with Australian comedian, radio and TV personality Dan Ilic.

This week we're talking about the nationalist, anti-Islam rallies held across Australia over the last week or so. We also chat about Donald Trump being a douche and Barack Obama's new lease of life as a lame duck president. Oh, and we also talk about the Ashley Madison hack because, hey, who isn't...

The Risk Science Podcast: Episode 20: Catching up

Thu, 25 Jun 2015 02:14:35 +0100

Episode 20: Ally, Chris and Jay talk about various goings on, discussing stats class and sample sizes, enterprise risk management and communicating complexity. [audio�https://risksciencepodcast.files.wordpress.com/2015/06/episode-20_-catching-up.mp3%5D Episode 2o: Catching up

SecuraBit: Episode 130: Accelerating at MACH37!

Fri, 02 Jan 2015 17:49:55 +0000

Hosts Chris Gerling – @secbitchris Christopher Mills –@thechrisam Guests Robert Stratton III – @strat Topics Cybersecurity Startups and Accelerators featuring MACH37 (Twitter: https://twitter.com/mach37cyber) Northern Virginia based startup accelerator 3 cohorts thus far including 17 cohort companies How tough it can be to start your own product company Pitfalls and lessons learned through assisting cohorts through their founding…

McAfee's 2Minute Warning ™ Daily Security Briefing: McAfee's 2 Minute Warning for October 8 2014

Wed, 08 Oct 2014 13:00:00 +0100

Security News for October 8, 2014

McAfee's 2Minute Warning ™ Daily Security Briefing: McAfee's 2 Minute Warning for October 7 2014

Tue, 07 Oct 2014 13:00:00 +0100

Security News for October 7, 2014

SecuraBit: Episode 129: Bioinformatics and Infosec

Fri, 03 Oct 2014 11:47:09 +0100

Hosts Chris Gerling – @secbitchris Christopher Mills –@thechrisam Guests Patrick Thomas – @coffeetocode Krystal Thomas-White – @KrystalMicrobio Topics Bioinformatics Relation of information security tools and methodologies to biology, research into immune systems, bacteria, as well as how those relate to infosec, polymorphpic malware, and reverse engineering. BsidesChicago2014 Talk: https://www.youtube.com/watch?v=gsZWKj2aAgk Signatures akin to antivirus/whitelisting: http://www.wolfgreenfield.com/newsstand/700-crispr-cas–exciting-addition-genomic-editing https://www.youtube.com/watch?v=ZJ-ChS9roQ0 Reverse…

The Ashimmy Blog: Better communication between security and executive team key to better security

Mon, 05 May 2014 19:06:34 +0100

Better communication between security and executive team key to better security A new survey from the Ponemon Institutue about security metrics and the interaction between security teams and executives sheds some great insights on the communication or rather the lack...

BizSec Podcast: : Recent Mergers and Acquisitions of Information Security Companies

Wed, 19 Feb 2014 01:00:00 +0000

The BizSec Podcast is THE podcast that brings information security concepts and news into the boardroom, translating geek into business. Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. We’re glad to have you subscribed on iTunes, Youtube or however you’re finding us and we always appreciate your 5-star reviews. Follow the conversation with us on Twitter @bizsecpodcast and find more information, links and show notes at BizSecPodcast.com. In this episode we will cover the recent news in information security, and go over the recent mergers and acquisitions in this area. Find out more at: http://www.bizsecpodcast.com/2014/02/18/recent-mergers-acquisitions-information-security-companies/

BizSec Podcast: A Look Back at 2013

Wed, 12 Feb 2014 01:30:00 +0000

The BizSec Podcast is THE podcast that brings information security concepts and news into the boardroom, translating geek into business. Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. We’re glad to have you subscribed on iTunes, Youtube or however you’re finding us and we always appreciate your 5-star reviews. Follow the conversation with us on Twitter @bizsecpodcast and find more information, links and show notes at BizSecPodcast.com. In this episode we take a look back at a few significant events of 2013. We will cover Mandiant's APT1 report, the current situation with LulzSec, and bug bounty programs, protecting connected devices. We will cover how investing in security products and individuals has been increasing over the years, and what we are to expect in 2014 and beyond.

Security Wire Weekly: PCI SSC’s Bob Russo, Troy Leach discuss PCI DSS 3.0

Thu, 07 Nov 2013 14:25:39 +0000

On the eve of the release of PCI DSS 3.0, SearchSecurity spoke with Bob Russo, SSC general manager, and Troy Leach, SSC chief technology officer, about the most important changes in the new version of the standard that debuts Nov. 7, 2013. Russo and Leach also offer their perspective on the most important milestones in...

The post PCI SSC’s Bob Russo, Troy Leach discuss PCI DSS 3.0 appeared first on Security Wire Weekly.

The Ashimmy Blog: PCI 3.0 Spells More Risk Management for Midsize Business

Tue, 01 Oct 2013 16:13:04 +0100

The PCI DSS standards have been around for more than a few years now and right or wrong they have found their way into the day to day business functions of most business that accept credit cards or those that...

Security Wire Weekly: Gartner VP Gregg Kreizman assesses corporate IAM landscape

Tue, 16 Jul 2013 02:15:37 +0100

In this SearchSecurity podcast recorded at the 2013 Gartner Security and Risk Management Summit, Gregg Kreizman, research vice president at Stamford, Conn.-based Gartner Inc., sits down with Assistant Site Editor Brandan Blevins and explains how evolving corporate identity standards are affecting the IT security landscape. [0:37] SAML, OAuth 2.0 and OpenID [1:55] Online Secure Transaction...

The post Gartner VP Gregg Kreizman assesses corporate IAM landscape appeared first on Security Wire Weekly.

podcast.michsec.org: BSides Detroit 13 Episode 21

Wed, 29 May 2013 15:00:04 +0100

Chris (@rattis) is our last guest before BSides Detroit 13. In this episode, Chris chats with Wolfgang Goerlich about last year’s podcast, Chris’s work as the EMU IA president, and what Chris has planned for this year’s lockpick village. For those participating in the CTF, stay tuned for hints on the physical challenges. For more […]

podcast.michsec.org: BSides Detroit 13 Episode 20

Wed, 22 May 2013 15:00:44 +0100

David Schwartzberg (@DSchwartzberg) is this week’s podcast guest. David discusses GrrCON,�ZeuS bot Exploit Kit Command & Control, and David’s book:�Computers for Kids: Something In, Something Out. David will be giving his talk,�Zeus C&C for Tech Support, on Saturday. We end the podcast with an announcement from BSides: BSides Detroit Kids. In conjunction with Brain Monkeys, […]

The Social Media Security Podcast: The New Facebook Graph Search: How to Protect Your Privacy

Tue, 19 Mar 2013 21:34:46 +0000

Over the last several months, Facebook has been making significant design and UI changes. Besides the newsfeed changes announced several weeks ago, Facebook has recently begun rolling out a large change in the way you search for information through the platform. While this feature is still in “beta” status, you can tell if you have […]

The post The New Facebook Graph Search: How to Protect Your Privacy appeared first on The Social Media Security Podcast.

InfoSec Daily Podcast: Episode 839

Wed, 06 Feb 2013 02:07:29 +0000

Episode 839 - Goodbye, Farewell and So Long

InfoSec Daily Podcast: Episode 838

Tue, 05 Feb 2013 03:20:39 +0000

Episode 838 - BigBrother in .de, FTC do not track mobile, Cisco study, 2FA for Twitter, and 4k banker credentials leaked.

iNetizen Podcast: Episode 9

Sun, 26 Feb 2012 02:26:35 +0000

Jason Scott

iNetizen Podcast: Episode 8

Sun, 05 Feb 2012 04:54:39 +0000

On this episode, we discuss the next Messiah.. We also look at the recent FBI/Scotland Yard phone conference eavesdrop, Dickturnip wins an iNetizen goodie bag, and Beave talks about his log analysis system - Sagan.

Executive Spotlight Podcasts: Executive Spotlight Podcast: County of York, Pennsylvania

Fri, 20 Jan 2012 04:00:00 +0000

Symantec's Patrick Spencer talks with Tom Williams, assistant director of technology of County of York, Pennsylvania, about how Backup Exec, Enterprise Vault, Endpoint Protection and Enterprise Support Services have positively impacted the fast-growing local government's process efficiency, compliance fidelity, security posture and return on taxpayer dollars.

Executive Spotlight Podcasts: Executive Spotlight Podcast: IT Transformation at Missouri’s Laclede Gas Company

Tue, 10 Jan 2012 04:00:00 +0000

Host Patrick Spencer talks to Gary Kay, Director of Infrastructure and Security Services at Laclede Gas Company, about the company’s transition from a legacy mainframe environment to a virtualized server blade infrastructure. Topics covered include the move’s implications for business continuity, storage, backup and recovery, web security, endpoint security, IT compliance, mobile device management, messaging security, data archiving/e-discovery, and ITIL best practices.

Symantec Small & Mid-Sized Business Podcasts: Switch and Save! Switch to the fastest, most effective endpoint security solution

Thu, 22 Dec 2011 22:00:00 +0000

Learn the details of this exciting offer for small and medium businesses. For a limited time switch from a competing endpoint security product and receive 70% off Symantec Endpoint Protection.

Symantec Enterprise Podcasts: Symantec ApplicationHA 6.0

Tue, 20 Dec 2011 04:00:00 +0000

Listen to Chaya Adatrao, Senior Product Marketing Manager at Symantec, discuss how businesses can confidently ensure high availability for business-critical applications inside virtual machines across heterogeneous platforms.

Symantec Enterprise Podcasts: The Psychology of Insider Theft: What Pushes Employees to Steal?

Thu, 08 Dec 2011 04:00:00 +0000

Do you recognize the early warning signs of employees who are likely to steal intellectual property? Leading forensic psychologists Dr. Harley Stock sheds new light on his research recent research with Dr. Eric Shaw into the motivations and behaviors of malicious insiders. What motivates them to steal an organization’s confidential information?

Symantec Security Response Podcasts: Intelligence Report Podcast – November 2011

Wed, 07 Dec 2011 04:00:00 +0000

Eric Park and Deaddin Edris from Symantec discuss the November 2011 Intelligence Report in this monthly podcast series. Topics include the volume of spam seen by Symantec in the previous month, the latest spam trends and techniques, and tips on how to avoid spam messages. The Intelligence Report leverages security data from the Symantec Global Intelligence Network to keep organizations and consumers informed of the latest threats to their messaging infrastructure.

Symantec Small & Mid-Sized Business Podcasts: Protection and Vitality Consulting Services

Fri, 02 Dec 2011 22:00:00 +0000

Steve Bradshaw, director at Commitments Protection and George Ilko, co-founder and CTO of Vitality Consulting Services, discuss how they have worked together to simplify and automate the backup process at Commitments Protection using Symantec system recovery.

Symantec Security Response Podcasts: Intelligence Report Podcast – October 2011

Fri, 28 Oct 2011 05:00:00 +0100

Eric Park and Deaddin Edris from Symantec discuss the October 2011 Intelligence Report in this monthly podcast series. Topics include the volume of spam seen by Symantec in the previous month, the latest spam trends and techniques, and tips on how to avoid spam messages. The Intelligence Report leverages security data from the Symantec Global Intelligence Network to keep organizations and consumers informed of the latest threats to their messaging infrastructure.

Symantec Customer Success Podcasts: Customer Connect Podcast: Cetnaj

Thu, 10 Mar 2011 01:00:00 +0000

Cetnaj Lighting~Electrical~Data operations manager, Tony Cuffe and Ian Irving, director of Sales, SureBridge IT discuss Cetnaj’s evolving IT needs.

Symantec Customer Success Podcasts: Customer Connect Podcast: KWA Blinds

Fri, 04 Mar 2011 00:00:00 +0000

The teams from KWA Blinds and 9spheres Technologies discuss how Symantec and Microsoft technologies have helped transform how KWA Blinds manages its business.

Beyond The Perimeter: Episode 97: What Changes do Businesses Need to Make in the Coming Year?

Sat, 04 Sep 2010 00:46:48 +0100

Amrit Williams, BigFix CTO, concludes his discussion about the Verizon Business 2010 Data Breach Report with Alex Hutton, Principal of Research and Intelligence at Verizon Business.

Beyond The Perimeter: Episode 96: Verizon Business Releases the 2010 Data Breach Report

Sat, 28 Aug 2010 10:21:25 +0100

Amrit Williams, BigFix CTO, digs into the details of the Verizon Business 2010 Data Breach Report with Alex Hutton, Principal of Research and Intelligence at Verizon Business.

Cisco Security Podcast Series: Web Security and Secure Mobility - What are your Employees doing Online?

Mon, 15 Mar 2010 00:13:45 +0000

David Paschich and Michael Weir discuss Web security, secure mobility, and application visibility and control. (Podcast - 20:13 min)

Infosecurity Europe Podcast: Phil Zimmerman

Fri, 29 Jan 2010 00:00:00 +0000

Jon Collins talks to Phil Zimmerman

Infosecurity Europe Podcast: Marcus Ranum

Fri, 29 Jan 2010 00:00:00 +0000

Brian McKenna talks to Marcus Ranum on cyberwarfare

Blue Box: The VoIP Security Podcast: Blue Box #86: An Update on Blue Box, One Year Later

Thu, 22 Oct 2009 17:47:39 +0100

Synopsis: Blue Box #86: Dan and Jonathan provide an update on what's happened in the year since Blue Box #85 and talk a bit about what's next Welcome to Blue Box: The VoIP Security Podcast #86, a 19-minute podcast from...

Symantec Home & Home Office Podcasts: Symantec Report on Rogue Security

Wed, 14 Oct 2009 17:00:00 +0100

The Symantec Report on Rogue Security is an in-depth analysis of rogue security software programs. Kevin Haley, Director of Symantec Security Response, provides an analysis of the prevalence of rogue security software globally and discusses some of the more noteworthy rogue software related scam.

Data Breach Today Podcast: Wounded Warriors: Digital Forensics Training for Veterans

Tue, 18 Aug 2009 16:21:17 +0100

Data Breach Today Podcast: The Need for Forensics - Interview with Keith Barger of KPMG

Tue, 04 Aug 2009 18:46:52 +0100

Black Hat Webcasts RSS Feed: Black Hat Webcast 10: Mobility and Security

Thu, 21 May 2009 02:19:12 +0100

Overview:
We're trying out a new format for the May 21 webcast on Mobility and Security. We're going to bring in some researchers and some industry folks and have a round-table discussion on the current state and future direction of securing the mobile devices we all can't live without. The idea behind this new style of presentation is to increase the amount of interactivity, both with the guests and the audience, so please join us and bring your ideas and questions.

Alex Stamos, Founding Partner, iSEC Partners
Charlie Miller, Principal Analyst, Independent Security Evaluators
Vincenzo Iozzo, Student, Politecnico di Milano
Roberto Gassira', Security Researcher, Mobile Security Lab
Roberto Piccirillo, Security Researcher, Mobile Security Labbr

Black Hat Webcasts RSS Feed: Black Hat Webcast 9: Europe 2009 Sneak Peek

Wed, 25 Mar 2009 20:01:43 +0000

Overview:
Black Hat Europe is right around the corner - we'll be returning to Amsterdam April 14-17. We're very excited about the lineup of speakers we've put together, and this webcast will be a sort of sneak preview of what kind of presentations attendees will get to see at the live event. Webcast speakers include:

Enno Rey and Daniel Mende
All Your Packets Are Belong to Us - Attacking Backbone Technologies

Charlie Miller and Vincenzo Iozzo
Fun and Games Using In-Memory Execution on Mac OS X and iPhone

Stefano Zanero adn Claudio Criscione
Masibty: a Web Application Firewall Based on Anomaly Detection

Roberto Gassira' and Roberto Piccirillo
Hijacking Mobile Data Connections

SECTHIS.COM Security Podcast: Podcast 51- WPA, Utimaco, FISMA, MI6

Mon, 05 Jan 2009 15:52:39 +0000

Hosts

Music

Jonathan Coulton

Black Hat Announcements: Black Hat Webcast #6 Audio Now Online

Tue, 23 Dec 2008 21:49:25 +0000

You can now listen David Litchfield's webcast presentation about his new Oracle database forensics tool orablock online here:

Bookmarkable audio version:
https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b

Web Sync Version

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981

Black Hat Announcements: Black Hat Japan 2008 Audio Now Online

Wed, 10 Dec 2008 05:10:02 +0000

Bookmarkable audio for all talks is now available in the Japan 08 archive. Lots of good stuff there - please enjoy. The archive link is

https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html

The Keynote is enclosed with this entry, but there are lots of great presentations to check out.

Cisco Security Podcast Series: Async OS 6.5 - Flexibility and Ease of Use

Tue, 02 Dec 2008 00:00:00 +0000

A new major release for the IronPort Email Security appliance. Product Line Manager David Mayer and Product Manager Amanda Holdan discuss the benefits.

Blue Box: The VoIP Security Podcast: Blue Box RSS feed dead - waiting for Feedburner to update its DNS

Sun, 26 Oct 2008 12:24:43 +0000

Ah, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers...

Symantec Home & Home Office Podcasts: Norton AntiVirus 2009 and Norton Internet Security 2009 Product Overview

Tue, 09 Sep 2008 08:05:00 +0100

In this podcast, Senior Vice President of the Consumer Products Group, Rowan Trollope, provides a detailed overview of the 2009 releases of Norton AntiVirus and Norton Internet Security. Trollope also discusses the emphasis on performance, security, and quality in each of the products. For more information about Norton Internet Security 2009 and Norton AntiVirus 2009, visit www.norton.com/faster.

SECTHIS.COM Security Podcast: Podcast 49 - Idiots, SCADA, ID Theft, Apple

Mon, 30 Jun 2008 04:42:37 +0100

Disgruntled admin gets 63 months for massive data deletion
Intellipedia?
AT&T manager on laptop loss: 'It is pathetic'
FTC wants to hit the spyware guys where it hurts
Software security hole shows utilities and other infrastructure vulnerable
Verizon Business 2008 Data Breach Investigations Report
Bank of America check card data compromised
Ransomware
We lost both Ben and Doug 30 min into the podcast - excuse the slight dead air.
Intro music by Walt Ribeiro - Rush

Hosts

Threat Monitor: Finding malware on your Windows box (using the command line)

Thu, 16 Aug 2007 14:14:40 +0100

Security professionals typically overlook the Windows command line, instead spending their time with more complex GUI-based forensics tools. In this tip, Ed Skoudis explains how just a few command-line tricks can help users closely examine the configuration of a Windows machine and discover whether a box is infected by malware.

Threat Monitor: Metamorphic malware sets new standard in antivirus evasion

Thu, 16 Aug 2007 14:13:16 +0100

Mutating computer viruses have been around for some time, but one type of malware possesses the ability to constantly rewrite its own code to successfully evade the most sophisticated antivirus systems. Noah Schiffman explains how metamorphic malware works, how it differs from polymorphic malware and which defense strategies are best for enterprises.

Symantec IT Compliance Podcasts: Compliance Briefing # 1: Why Compliance?

Fri, 13 Oct 2006 17:00:00 +0100

In the premier episode of Compliance Briefing, Host David Smith talks about why the compliance initiatives have moved to the forefront of Information Security programs and how Compliance and Information Security are related as disciplines.

Symantec IT Compliance Podcasts: Compliance Briefing # 2: The Role of Access Control

Fri, 13 Oct 2006 17:00:00 +0100

In this Compliance Briefing, special guest Jim Robinson of Symantec Consulting Services discusses the importance of managing access control and a cornerstone component of a successful Information Security Compliance Program.