InfoSec

SCADA/ Industrial Security

  • CSOs: Does this Network Admin Work at YOUR Company!?

    CSOs: Does this Network Admin Work at YOUR Company!?

    Information security is hard. Data breaches on the scale of Target, Home Depot, Sony and Anthem serve as a constant reminder that it is impossible to detect a determined attacker until it is too late. Bromium research has consistently found that the…
    - 77 days ago Wednesday, March 11, 2015 -
  • Kaspersky: ‘A very bad incident’ awaits critical infrastructure

    Kaspersky: ‘A very bad incident’ awaits critical infrastructure

    Cyber-terrorism attacks against power grids, water supply systems, chemical plants and other critical infrastructure loom as a threat that could become harsh reality before slow-moving agencies act to secure them better, says the head of Kaspersky La…
    - 78 days ago Tuesday, March 10, 2015 -
  • Is it time to FREAK out?

    Is it time to FREAK out?

    The security industry was whipped into a frenzy this week with the discovery of the FREAK vulnerability, which enables a determined attacker to downgrade SSL traffic from “strong” RSA encryption to “export-grade” RSA encryption. The vulnerabi…
    - 82 days ago Friday, March 6, 2015 -
  • The Hidden Costs of Security

    The Hidden Costs of Security

    I think we are all familiar with the obvious costs of poor security. Millions of dollars lost recovering from breaches, brand damage and etc. This is pretty much the conventional wisdom now days. Luckily my job includes speaking and interacting with…
    - 83 days ago Thursday, March 5, 2015 -
  • First Impression: GAO Report on FAA Security – The Sky is Not Falling

    First Impression: GAO Report on FAA Security – The Sky is Not Falling

    Yesterday, the Government Accountability Office (GAO) released “FAA Needs to Address Weaknesses in Air Traffic Control Systems,” a report that highlights the improvements the Federal Aviation Administration (FAA) needs to make to its critical air…
    - 85 days ago Tuesday, March 3, 2015 -
  • Russian Cyber Menace Threatens Industrial Systems

    - 86 days ago Monday, March 2, 2015 -
  • Wall Street Journal CIO Network Event: Old Thinking Won’t Fix New Problems

    Wall Street Journal CIO Network Event: Old Thinking Won’t Fix New Problems

    Earlier this month, the Wall Street Journal published a blog, “CIOs Name Their Top 5 Strategic Priorities,” which collected the recommendations from a variety of technical leaders at a CIO Network event. Author Steven Norton notes: While proposal…
    - 89 days ago Friday, February 27, 2015 -
  • When Zero Days Become Weeks or Months

    When Zero Days Become Weeks or Months

    As February comes to a close we have already seen critical patches from Adobe and Microsoft. Even more concerning, Microsoft has not yet patched a recently disclosed Internet Explorer zero-day. For better or worse, Google’s “Project Zero” is pu…
    - 91 days ago Wednesday, February 25, 2015 -
  • How ‘Power fingerprint’ could improve security for ICS/SCADA systems

    How ‘Power fingerprint’ could improve security for ICS/SCADA systems

    Most people have heard that one way law enforcement can figure out who might be growing marijuana in their basement is to monitor power consumption.If a small house is sucking up as much electricity as two or three similar houses in the neighborhood,…
    - 93 days ago Monday, February 23, 2015 -
  • Securing Obama’s “Internet Cathedral” – Who are its priests?

    Securing Obama’s “Internet Cathedral” – Who are its priests?

    At last week’s Cyber Security Summit at Stanford, President Obama sought to reset his administration’s relationship with a tech community alienated by an endless stream of disclosures of the government’s penetration of technology companies to…
    - 98 days ago Wednesday, February 18, 2015 -
  • Risky Clicks: End users cause the majority of security headaches

    Risky Clicks: End users cause the majority of security headaches

    In January 2015, Bromium conducted a survey of more than 100 information security professionals, focused on the greatest challenges and risks facing their organizations today. The results indicate that end users continue to remain the greatest sec…
    - 98 days ago Wednesday, February 18, 2015 -
  • Kaspersky SAS 2015 CablemeltingBAD
    Slides from Kaspersky SAS "SCADA in the cloud" talk. If you saw our 31C3 report you can start from the slide N36. Important quotesICS Cybersecurity definitiona process that ensures control object operation with no dangerous failures or damage, but w…
    - 99 days ago Tuesday, February 17, 2015 -
  • Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

    Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes


    - 100 days ago Monday, February 16, 2015 -
  • Siemens Sighs: SCADA Bugs Abound

    - Thursday, February 5, 2015 -
  • The Vicious Cycle of “Assuming Compromise”

    The Vicious Cycle of “Assuming Compromise”

    When you walk the floors of industry trade shows and speak with security vendors, one of the most predominant endpoint security myths is “assume you will be compromised.” Of course, this is a fallacy, but as a result of this axiom, the security i…
    - Friday, January 30, 2015 -
  • Cyber-security: Changing the Economics!

    Cyber-security: Changing the Economics!

       The impact of recent cyber attacks will be felt for years to come, perhaps having risen to a new level of hurt with the Target and Sony attacks. With a Fortune 500 CEO ousted and a Hollywood movie held hostage, cyber-security is on the minds of…
    - Tuesday, January 27, 2015 -
  • Internet Attack Could Shut Down US Gas Stations

    - Thursday, January 22, 2015 -
  • Attackers Planting Banking Trojans In Industrial Systems

    - Tuesday, January 13, 2015 -
  • 31C3: Too Smart Grid in da Cloud ++

    31C3: Too Smart Grid in da Cloud ++

    This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind a…
    - Tuesday, December 30, 2014 -
  • SOS! Secure Open SmartGrids!

    SOS! Secure Open SmartGrids!

    Dear all,After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.There are dozens of platforms, hundreds of vendors,…
    - Sunday, December 28, 2014 -
  • South Korea Nuclear Plant Hit By Hacker

    - Tuesday, December 23, 2014 -
  • Hack Attack Causes Massive Damage At Steel Works

    - Monday, December 22, 2014 -
  • Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing

    Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing

    Update: Breaking News: ICANN targeted in a spear phishing attack Information security becomes increasingly important as the frequency of cyber attacks increases. From Target to Sony, the past 12 months have played host to the largest volume of attack…
    - Tuesday, December 16, 2014 -
  • Well, Honeywell

    Well, Honeywell

    New knowledge about Honeywell Experion Process Knowledge System. Yes, you must patch it.Yes, it's all about grep +1 SSRF.Thanks to Alexander Tlyapov, Gleb Gritsai, Kirill Nesterov, Artem Chaykin and Ilya KarpovHoneywell advisory/patch:https://www.h…
    - Tuesday, December 16, 2014 -
  • Picture This: Sony Hack Won’t Be the Last

    Picture This: Sony Hack Won’t Be the Last

    The FBI has warned US companies of a wave of destructive cyber attacks, in light of the recent Sony hack. I commented to eSecurityPlanet and SecurityWeek: “These attacks are troublesome, but not surprising. Earlier this year we witnessed Code Space…
    - Thursday, December 11, 2014 -
  • Siemens patches critical SCADA flaws likely exploited in recent attacks
    Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.One of the vulnerabi…
    - Monday, December 1, 2014 -
  • BootKit via SMS

    BootKit via SMS

    One of demo from PacSec and ZeroNights.Short FAQQ: Is it BadUSB?A: Not exactly, but kind of. Can be applied to any Android gadget. Q: Is it local or remote stuff?A: Can be done remotely (web/sms) for 4G/3G modemsQ: Any threats to ICS?A: YesQ: Huawei?…
    - Wednesday, November 19, 2014 -
  • Is it time to Fire your network protection vendor?

    Is it time to Fire your network protection vendor?

    I hereby solemnly promise that Bromium will never have a product with “fire” in its name.  By now every vendor in the  next-gen IDS / IPS / Firewall / honeypot-as-ultimate-defense-against-the-dark-arts market has a next-gen “fire”-branded p…
    - Monday, November 10, 2014 -
  • An Unprecedented Look At Stuxnet, The World's First Digital Weapon

    - Monday, November 3, 2014 -
  • Different type of SCADA...

    Different type of SCADA...

    +Update http://blog.ptsecurity.com/2015/01/hacking-atm-with-raspberry-pi.htmlSlides and demo from Olga and Alex report on ATM hacking at Black Hat. MS08-067 strikes again. Now ATM.There are a lot of different kinds of SCADA... Click Enjoy...
    - Wednesday, October 29, 2014 -
  • BlackEnergy Malware Has Compromised Systems For 2 Years

    - Wednesday, October 29, 2014 -
  • Attack of the malicious document – what was old is new again

    Attack of the malicious document – what was old is new again

    Recent zero day attacks targeting Windows using malicious Office documents should be a reminder to all of us that no attack vector ever truly dies, it just lurks in the background waiting for it’s time to come again. Malicious Office documents have…
    - Wednesday, October 22, 2014 -
  • Many Eyes Make Credible Security

    Many Eyes Make Credible Security

    We are proud to announce the successful results of an independent source-code review and penetration test of vSentry version 2.4 by the leading security consultancy  IOActive – acknowledged as one of the world’s leading security firms serv…
    - Tuesday, October 14, 2014 -
  • What is my encryption key?

    What is my encryption key?

    Update for update for WinCC <7.3. Now for Siemens SIMATIC PCS 7 <8.1.Details: https://ics-cert.us-cert.gov/advisories/ICSA-14-205-02A
    - Thursday, October 9, 2014 -
  • Why is Bromium InDemand?

    Why is Bromium InDemand?

    Recently LinkedIn recognized Bromium as one of the 10 most InDemand startups in the Bay Area. Thank you LinkedIn, and thank you Bay Area Tech Community! A number of folks, prospective and current co-workers, investors, customers, and friends have per…
    - Friday, October 3, 2014 -
  • Threat Intelligence firm mistakes research for nation-state attack

    Threat Intelligence firm mistakes research for nation-state attack

    [Updates to this story appear on page two.]On Tuesday, Bloomberg published a story based on honeypot scans, which was a follow-up to a previously published piece that explored the nature of attacks against industrial-control systems.Bloomberg's stori…
    - Wednesday, October 1, 2014 -
  • Rogue cell towers discovered in Washington, D.C.

    Rogue cell towers discovered in Washington, D.C.

    Towards the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that their engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the U.S.New information…
    - Wednesday, September 17, 2014 -
  • Goldilocks and the 3 Theres

    Goldilocks and the 3 Theres

      At VMWorld VMware SVP of Security Tom Korn described the hypervisor and virtual network environment of a virtual infrastructure platform as the “Goldilocks Zone” for application security in the software defined data center.  He was right.  A…
    - Thursday, September 11, 2014 -
  • IDG Contributor Network: Tunnel vision: Train security as critical as planes and automobiles

    IDG Contributor Network: Tunnel vision: Train security as critical as planes and automobiles

    In recent weeks you’ve heard a lot of discussion around the cyber risks to aircraft and automobiles. After the Black Hat, DefCon and BSides conferences in Las Vegas, Nev., in July, it would seem that a great deal of necessary attention will be pai…
    - Monday, September 8, 2014 -
  • Next-Gen IDS/IPSs: Caught between a ROC and a hard place

    Next-Gen IDS/IPSs: Caught between a ROC and a hard place

    The market appears to have revisited its irrational exuberance about next-gen network IDS/IPSs, perhaps because every major security vendor has one (truth be told, throwing traffic at a set of cloud- or appliance-hosted sacrificial VMs isn’t rock…
    - Monday, September 8, 2014 -
  • Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase

    Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase

    Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end…
    - Wednesday, September 3, 2014 -
  • Industrial software website used in watering hole attack

    Industrial software website used in watering hole attack

    AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firm's website, suggesti…
    - Tuesday, September 2, 2014 -
  • Few bugs in Wonderware Information Server

    Few bugs in Wonderware Information Server

    Vulnerabilities/fixes in Schneider Electric/Invensys Wonderware Information Server (WIS) to support tradition.The following Schneider Electric WIS versions are affected:Wonderware Information Server 4.0 SP1 Portal,Wonderware Information Server 4.5 Po…
    - Monday, September 1, 2014 -
  • Not by SCADA alone: ATM hack @BH Europe

    Not by SCADA alone: ATM hack @BH Europe

    Alexey and Olga gonna speak @BlackHat 2014 EU on ATM security.Please be careful there!Hint
    - Monday, September 1, 2014 -
  • How a hacker could cause chaos on city streets

    How a hacker could cause chaos on city streets

    Traffic is chaotic enough in major cities, but imagine how much worse it would be if a criminal hacker got control of the traffic lights.That Hollywood scenario is what researchers at the University of Michigan proved could happen given the security…
    - Friday, August 29, 2014 -
  • Workers at U.S. nuclear regulator fooled by phishers

    Workers at U.S. nuclear regulator fooled by phishers

    Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three phishing attacks that occurred over a three-year period.The incidents were described in an inspector general report obtained by the public…
    - Tuesday, August 19, 2014 -
  • The Rise and Fall of Enterprise Security

    The Rise and Fall of Enterprise Security

    Every day, enterprises are bombarded by rapidly multiplying and morphing advanced threats—and current network and endpoint security solutions aren’t capable of defeating these targeted attacks. This year a major IT analyst wrote: “Advanced targ…
    - Thursday, August 14, 2014 -
  • IDG Contributor Network: Buckle up: Security threats to connected cars get real

    IDG Contributor Network: Buckle up:  Security threats to connected cars get real

    As our connected cars move from syncing our music to driving us home, drivers, passengers, and pedestrians are starting to wonder if they should trust these high-velocity death-mobiles with their lives.  It’s a good question.Tesla, one of the lea…
    - Tuesday, August 12, 2014 -
  • NIST Wants Better SCADA Security

    - Tuesday, August 12, 2014 -
  • In praise of seamless, small-footprint, light-weight, transparent endpoint security

    In praise of seamless, small-footprint, light-weight, transparent endpoint security

    In a recent blog, Rick Holland of Forrester Research takes aim at meaningless vendor epithets, such as “light-weight”, “non-invasive” and “small-footprint” used to describe their endpoint security products.  As he astutely observes, what…
    - Monday, July 28, 2014 -

IT News

Youtube News - CyberSecurity

https://youtube.com/devicesupport
https://youtube.com/devicesupporthttp://m.youtube.com
- 40 days ago Friday, April 17, 2015 -

InfoSec Podcasts

  • newISC StormCast for Wednesday, May 27th 2015
    IRS Breach Leaks Taxpayer Information http://www.irs.gov/uac/Newsroom/IRS-Statement-on-the-Get-Transcript-ApplicationPossible Wordpress Bothnet C&C: errorcontent.com https://isc.sans.edu/forums/diary/Possible+Wordpress+Botnet+CC+errorcontentcom/19733…
    - 10 hours ago Tuesday, May 26, 2015 -
  • newISC StormCast for Tuesday, May 26th 2015
    Minecraft Scareware Targeting Android Users http://www.welivesecurity.com/2015/05/22/scareware-fake-minecraft-apps-scare-hundreds-thousands-google-play/Z-Way Home Automation Gateway Vulnerabilities http://randywestergren.com/z-way-home-automation-par…
    - 1 day ago Monday, May 25, 2015 -
  • newDtSR Episode 144 - Insights from the ISC2 2015 Survey
    In this episode...David Shearer, Executive Director for ISC2 joins us to talk about the results of the ISC2 2015 Information Security Workforce StudyWe ask David to highlight some of the resultsWe discuss how malware and application security were…
    - 2 days ago Monday, May 25, 2015 -
  • newISC StormCast for Monday, May 25th 2015
    Adult Friend Finder Hacked https://teksecurityblog.com/blog/2015/04/13/hacked-how-safe-is-your-data-on-adult-social-sites/Android Factory Reset Not Reliable http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdfNew Tor Clinet To Fight Nation State Attac…
    - 2 days ago Sunday, May 24, 2015 -
  • Episode 419: Stories, WordPress vulns, and batteries?

    Episode 419: Stories, WordPress vulns, and batteries?

    We started seeing catalytic converters stolen to sell them for the platinum, we have escalated to batteries out of the trunk of a Prius.   Check out the wiki for a full list of stories.
    - 4 days ago Friday, May 22, 2015 -
  • Episode 419: Interview with Gavin Millard

    Episode 419: Interview with Gavin Millard

    Gavin Millard, EMEA Technical Director for Tenable Network Security, is a trained ethical hacker who works with large enterprises to address their cybersecurity challenges. Gavin is also the husband of Mehreen, who you all may know from the popular…
    - 4 days ago Friday, May 22, 2015 -
  • Hack Naked TV 05-22-15

    Hack Naked TV 05-22-15

    The Hack Naked episode for the week of May 22nd, 2015 is up! In this episode we talk about a number of vulnerabilities, and breaches that occurred over the last two weeks. Also, we talk about security companies extorting organizations to sell a serv…
    - 5 days ago Friday, May 22, 2015 -
  • ISC StormCast for Friday, May 22nd 2015
    Ransomware Response Kit https://bitbucket.org/jadacyrus/ransomwareremovalkit/overviewGoogle Analysis of "Secret Questions" http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43783.pdf"Ersatz Passwords" https://www.meshek…
    - 5 days ago Thursday, May 21, 2015 -
  • ISC StormCast for Thursday, May 21st 2015
    Exploit Kit Delivers Necurs https://isc.sans.edu/forums/diary/Exploit+kits+delivering+Necurs/19719/Latest eFax Malspam https://isc.sans.edu/forums/diary/UpatreDyre+malspam+Subject+eFax+message+from+unknown/19713/Trojaned Version of PuTTY SSH Client h…
    - 6 days ago Wednesday, May 20, 2015 -
  • Chet Chat 199 - May 20, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.A quarter-hour of "news you can use" - entertaining to listen to and educational to hear.
    - 7 days ago Wednesday, May 20, 2015 -
  • ISC StormCast for Wednesday, May 20th 2015
    False Positive: DNS Queries for settings-win.data.microsoft.com https://isc.sans.edu/forums/diary/False+Positive+settingswindatamicrosoftcom+resolving+to+Microsoft+Blackhole+IP/19711/IoT Roundup: Apple Watch Patches and Honeypot Summary https://isc.s…
    - 7 days ago Tuesday, May 19, 2015 -
  • Episode 418: Stories of the Week

    Episode 418: Stories of the Week

      Check out the wiki for a full list of all of our stories including links.
    - 8 days ago Monday, May 18, 2015 -
  • Episode 418: Security DeathMatch Round 2

    Episode 418: Security DeathMatch Round 2

    Security deathmatch round 2, featuring Not Kevin live in studio. We discuss some technical tips, industry trends and privacy issues.   Technical topic: What is your most favorite tool or technique you’ve been using? Non-tech: Is vulnerability scor…
    - 8 days ago Monday, May 18, 2015 -
  • ISC StormCast for Tuesday, May 19th 2015
    Safari URL Bar Spoofing Vulnerability https://isc.sans.edu/forums/diary/Address+spoofing+vulnerability+in+Safari+Web+Browser/19705/Social Engineering Used to Compromise Oil Companies http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-ta…
    - 8 days ago Monday, May 18, 2015 -
  • Episode 159 - Stunt Podcasting
    Joseph and Steve were joined by a special guest tonight, Mr. Kevin Riggins. They tackled mafia-style shakedowns, vulnerabilities in medical equipment, and “stunt hacking.” "Breach" Extortion:http://money.cnn.com/2015/05/07/technology/tiversa-…
    - 8 days ago Monday, May 18, 2015 -
  • DtSR Episode 143 - NewsCast for May 18th, 2015
    In this episode...Netflix launched FIDO (not that one, or that one, no the other one)Focused on automating incident response practicesFIDO is an orchestration layer that automates the incident response process by evaluating, assessing and respondi…
    - 9 days ago Monday, May 18, 2015 -
  • ISC StormCast for Monday, May 18th 2015
    A Quick Update on VENOM (Don't panic) https://isc.sans.edu/forums/diary/VENOM+Does+it+live+up+to+the+hype/19701/New Details About Plane Hack https://regmedia.co.uk/2015/05/17/fbi_chris_roberts_search_warrant_application.pdfmSpy Hacked and Data Leacke…
    - 9 days ago Sunday, May 17, 2015 -
  • Chet Chat 198 - May 14, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our no-nonsense computer security podcast.
    - 12 days ago Friday, May 15, 2015 -
  • ISC StormCast for Friday, May 15th 2015
    United Airlines Announces Bug Bounty Programhttp://www.united.com/web/en-US/content/contact/bugbounty.aspxCisco Patches for Telepreence TC and TE Softwarehttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tcAPT Bot…
    - 12 days ago Thursday, May 14, 2015 -
  • Risky Business #366 -- Software defined networking security
    On this week's show we're chatting with Dave Jorm of IIX -- International Internet Exchange. We're previewing his upcoming AusCERT talk all about software defined networking security. It's fancy tech, but there are some interesting little quirks CSOs…
    - 13 days ago Wednesday, May 13, 2015 -
  • ISC StormCast for Thursday, May 14th 2015
    VENOM Virtual Machine Escape http://venom.crowdstrike.comVerizon Mobile API Leaks User Data http://randywestergren.com/multiple-vulnerabilities-in-verizons-fios-mobile-api-exposing-customer-information/SAP Vulnerabilities http://www.coresecurity.com/…
    - 13 days ago Wednesday, May 13, 2015 -
  • ISC StormCast for Wednesday, May 13th 2015
    Angler EK Delivers Newish Crypto Ransomwarehttps://isc.sans.edu/forums/diary/Angler+exploit+kit+pushes+new+variant+of+ransomware/19681/Recent Dridex Activityhttps://isc.sans.edu/forums/diary/Recent+Dridex+activity/19687/Microsoft Bulletinshttps://isc…
    - 14 days ago Tuesday, May 12, 2015 -
  • ISC StormCast for Tuesday, May 12th 2015
    Alienvault Vulnerability Fix http://seclists.org/fulldisclosure/2015/May/36Two Men Arrested for Selling Photobucket Hacking Tool http://www.justice.gov/opa/pr/two-men-who-breached-photobucketcom-indicted-and-arrested-conspiracy-and-fraud-relatedIOAct…
    - 15 days ago Monday, May 11, 2015 -
  • Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Program (Slides & Video)

    Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Program (Slides & Video)

    Watch my latest presentation about vulnerability management given at Bsides Boston 2015: What is this talk about? Well, a robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time…
    - 16 days ago Monday, May 11, 2015 -
  • Awards and Stuff

    Awards and Stuff

    I would like to take a brief moment to thank everyone involved in Security Weekly as we have won the RSA Social Security Awards Security Bloggers Best Security Podcast for 2015. Thanks to all who have listened for the past (almost) ten years. Thanks…
    - 16 days ago Monday, May 11, 2015 -
  • DtSR Episode 142 - Basics and Fundamentals, That Win
    In this episode...A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant todaySimple things that workblocking java (externally)effectively blocking “uncategorized” sites in your forwarding proxie…
    - 16 days ago Monday, May 11, 2015 -
  • ISC StormCast for Monday, May 11th 2015
    Counterfeit Cisco Equipment Sale Leads to Arresthttp://www.securingindustry.com/electronics-and-industrial/uk-police-smash-counterfeit-cisco-ring/s105/a2339/#.VU-fBmA33leSSDs Loose Information Quickly if Powered Downhttps://blog.korelogic.com/blog/20…
    - 16 days ago Sunday, May 10, 2015 -
  • Hack Naked TV 05-08-15

    Hack Naked TV 05-08-15

    The Hack Naked episode for the week of May 8th, 2015 is up! In this episode we talk about Microsoft’s Local Administrator Password Solution (LAPS), and Netflix’s Fully Integrated Defense Operation (FIDO). Links from this episode below: http://ti…
    - 19 days ago Friday, May 8, 2015 -
  • Episode 417: Interview with Chris Roberts

    Episode 417: Interview with Chris Roberts

      We have Chris on for an interview, get his take on our five questions, and mix up some drinks.
    - 19 days ago Friday, May 8, 2015 -
  • ISC StormCast for Friday, May 8th 2015
    Critical Cisco UCS Central Software Patch http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucscWordpress XSS Vulnerability Actively Exploited https://wordpress.org/news/2015/05/wordpress-4-2-2/AVast False Positiv…
    - 19 days ago Thursday, May 7, 2015 -
  • Episode 416: Stories of the Week

    Episode 416: Stories of the Week

    This week, we talk about core WordPress vulns, a cool website with XSS shortcuts, and a thank you to our viewers for winning Security of the Year podcast.
    - 20 days ago Thursday, May 7, 2015 -
  • Episode 416: Tech Segment with Dan McInerney

    Episode 416: Tech Segment with Dan McInerney

    Check out the wiki for links to Dan’s github and Twitter.
    - 20 days ago Thursday, May 7, 2015 -
  • Risky Business #365 -- Defence in derpth
    This week's show is brought to you by BugCrowd -- crowdsourced security testing. Bugcrowd founder and CEO Casey Ellis will join us in this week's sponsor interview to tell us about the latest trends in bounties and crowdsourced security.read more
    - 20 days ago Thursday, May 7, 2015 -
  • ISC StormCast for Thursday, May 7th 2015
    Lenovo System Update Vulnerabilties http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf5.5% Of Google Requests Triggered By Adware https://cdn3.vox-cdn.com/uploads/chorus_asset/file/3673260/ad_injector_paper.0.pdfAppl…
    - 20 days ago Wednesday, May 6, 2015 -
  • Chet Chat 197 - May 6, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly computer security podcast.From the future, where Microsoft's Update Tuesday is no more, to 15 years in the past, when we were awash in virus-infected email…
    - 21 days ago Wednesday, May 6, 2015 -
  • ISC StormCast for Wednesday, May 6th 2015
    Hospira Drug Infusion Pump Vulnerabilities http://hextechsecurity.com/?p=123Netflix releases FIDO http://techblog.netflix.com/2015/05/introducing-fido-automated-security.htmlRombertik Descrutive Malware http://blogs.cisco.com/security/talos/rombertik
    - 21 days ago Tuesday, May 5, 2015 -
  • ISC StormCast for Tuesday, May 5th 2015
    Fiesta Exploit Kit Traffic Pattern Changehttps://isc.sans.edu/forums/diary/Traffic+pattern+change+noted+in+Fiesta+exploit+kit/19655/Upatre / Dyre Spamhttps://isc.sans.edu/forums/diary/UpatreDyre+the+daily+grind+of+botnetbased+malspam/19657/No More Pa…
    - 22 days ago Monday, May 4, 2015 -
  • Episode 158 - Beware the Whitehat
    This week, Joseph and Steve talked about what these "six hacker tribes" are, and the recent rise of some accountability in security in both the government and the private sector."The Six Hacker Tribes"http://www.telegraph.co.uk/technology/internet-s…
    - 22 days ago Monday, May 4, 2015 -
  • DtSR Episode 141 - NewsCast for May 4th, 2015
    In this episode...A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security"The study only looked at mobile apps and app developersLess than half (of their study) test the mobile apps they bui…
    - 23 days ago Monday, May 4, 2015 -
  • ISC StormCast for Monday, May 4th 2015
    Microsoft Releases "Local Administrator Password Solution"https://technet.microsoft.com/en-us/library/security/3062591Google Password Alert Bypass Releasedhttp://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googl…
    - 23 days ago Sunday, May 3, 2015 -
  • ISC StormCast for Friday, May 1st 2015
    Dalexis/CTB-Locker Malspam Campaignhttps://isc.sans.edu/forums/diary/DalexisCTBLocker+malspam+campaign/19641/Knock Knock OS X Malware Scannerhttp://www.downloadcrew.com/article/33275-knockknock_uiRyan Air Victim in 5 Million USD Fund Transfer Scamhtt…
    - 26 days ago Thursday, April 30, 2015 -
  • Chet Chat 196 - Apr 30, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of the weekly Chet Chat podcast.From bugs to busts, here's the computer security news you can use.
    - 27 days ago Thursday, April 30, 2015 -
  • Risky Business #364 -- The cuckoo's carton
    In this week's feature interview we chat with John Strand, a SANS instructor and co-host of Security Weekly's Webcasts. He runs Black Hills information security and he's a maintainer of the ADHD Linux distro -- it's essentially a curation of active d…
    - 27 days ago Thursday, April 30, 2015 -
  • ISC StormCast for Thursday, April 30th 2015
    STUN Traffic To Amazon Cloud / Whiteops Bot Detectionhttps://isc.sans.edu/forums/diary/UDP3478+to+Amazon+54849242+got+packets+solved/19639/Great Firewall of China Causing Problems (again)http://www.reddit.com/r/China/comments/33wpk3/anyone_else_almos…
    - 27 days ago Wednesday, April 29, 2015 -
  • Episode 157 - Ch Ch Ch Changes
    The gang is back with some cast changes. Martin will be taking a break for a while, so Joseph will be hosting for the next while.This week, we talked Wordpress, Steve's experiences at RSAC, and this year's DBIR:Wordpress:http://www.csoonline.com/ar…
    - 28 days ago Wednesday, April 29, 2015 -
  • ISC StormCast for Wednesday, April 29th 2015
    Spam / Suspect Web Sites Soliciting Funds for Nepalhttps://isc.sans.edu/forums/diary/Scammy+Nepal+earthquake+donation+requests/19635/AFNetworking 2.5.2 Not Verifying Domains for SSL Certs by Defaulthttp://sourcedna.com/blog/20150424/afnetworking-stri…
    - 28 days ago Tuesday, April 28, 2015 -
  • ISC StormCast for Tuesday, April 28th 2015
    Wordpress XSS Vulnerabilityhttp://klikki.fi/adv/wordpress2.htmlMagento Vulnerability Exploitedhttps://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.htmlYubico Neo Vulnerabilityhttps://developers.yubico.com/ykneo-openpgp/Sec…
    - 29 days ago Monday, April 27, 2015 -
  • DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015
    In this episode...What about public safety, where do we draw the line on open research?Self-regulation? Disclosure? What are our options…What makes a researcher? We discuss“Chilling security research”A quick dive into bug bounty programs;…
    - 30 days ago Monday, April 27, 2015 -
  • ISC StormCast for Monday, April 27th 2015
    Quantum Insert Attackhttp://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/Android wpa_supplicant heap buffer overflowhttp://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19Geolocation Browsers Using the Browser Cachehttp://www.c…
    - 30 days ago Sunday, April 26, 2015 -
  • Risky Business #363 -- Software defined radio gets interesting
    This week's show was cut together from our nation's capital, Canberra!I've been down here to attend the Australian Cyber Security Centre conference, which was actually pretty good. There were some great technical talks. One of them was by Balint See…
    - 33 days ago Friday, April 24, 2015 -
  • ISC StormCast for Friday, April 24th 2015
    Case Study: Why Webapplication Pentests Need to Include Manual Testshttps://isc.sans.edu/forums/diary/When+automation+does+not+help/19615/Gaps In OS X Securityhttps://threatpost.com/bypassing-os-x-security-tools-is-trivial-researcher-says/112410Samsu…
    - 33 days ago Thursday, April 23, 2015 -
  • Chet Chat 195.5 - Apr 22, 2015
    Sophos experts Paul Ducklin and John Shier take a quick look at what's happening at the RSA Conference 2015.From "joined up security" to the suggestion that Google proclaimed the end of malware on Android, find out what's happening at RSA...
    - 34 days ago Thursday, April 23, 2015 -
  • ISC StormCast for Thursday, April 23rd 2015
    FBI Warns of Airplane Hackers http://www.wired.com/2015/04/fbi-tsa-warn-airlines-tampering-onboard-wifi/Magneto Shopping Cart Vulnerabilityhttp://blog.checkpoint.comAndroid Touchjackinghttp://www.nes.fr/securitylab/?p=1865
    - 34 days ago Wednesday, April 22, 2015 -
  • ISC StormCast for Wednesday, April 22nd 2015
    Dridex Now Using Google to Obfuscate Link Furtherhttps://isc.sans.edu/forums/diary/Dridex+Redirecting+to+Malicious+Dropbox+Hosted+File+Via+Google/19609/OS X Rootpipe Bug Still Not Fixed in Yosemitehttps://objective-see.com/blog.htmlGoogle Allows Down…
    - 35 days ago Tuesday, April 21, 2015 -
  • Chet Chat 195 - Apr 21, 2015
    This week, Chester Wisniewski is at RSA 2015 in San Francisco. He talks to fellow Sophos security expert Paul Ducklin straight from Sophos's booth at the trade show.
    - 36 days ago Tuesday, April 21, 2015 -
  • ISC StormCast for Tuesday, April 21st 2015
    Google Serving Ads Over httpshttp://googleonlinesecurity.blogspot.com.au/2015/04/ads-take-step-towards-https-everywhere.htmlJavascript CPU Cache Sidechannel Attackhttp://arxiv.org/pdf/1502.07373v2.pdfRussian APT Attacks Used 0-day in Flash and Window…
    - 36 days ago Monday, April 20, 2015 -
  • DtSR Episode 139 - NewsCast for April 20th, 2015
    In this episode...Friend and security researcher Chris Roberts steps into it... A poorly-conceived tweet, followed by mass hysteriaMost everyone talking about this is missing the point entirelyOf course, the EFF jumps in to keep from "chilling r…
    - 37 days ago Monday, April 20, 2015 -
  • ISC StormCast for Monday, April 20th 2015
    RSA Panelhttps://www.rsaconference.com/events/us15/agenda/sessions/1731/the-six-most-dangerous-new-attack-techniques-andExtracting Compressed Streams From PDFshttps://isc.sans.edu/forums/diary/Handling+Special+PDF+Compression+Methods/19597/Minecraft…
    - 37 days ago Sunday, April 19, 2015 -
  • Chet Chat 194 - Apr 17, 2015
    Joi