InfoSec

SCADA/ Industrial Security

  • newMalawi Needs <b>Cyber Security</b> Awareness
    Cyber Security is a new area in Malawi and there is need for awareness as the ... Cyber Security is therefore a process of applying security measures to ... the bill provides for investment in public key infrastructure to ensure secure ...
    - 5 hours ago Tuesday, April 28, 2015 -
  • newFACT SHEET: US-Japan Cooperation for a More Prosperous and Stable World
    Expand cooperation in infrastructure development in our respective ... whole-of-government cooperation on critical infrastructure cybersecurity, with an ...
    - 5 hours ago Tuesday, April 28, 2015 -
  • newWhite House unveils <b>cyber</b> pact with Japan
    The U.S. and Japan unveiled a wide-ranging cybersecurity alliance Tuesday ... on helping each other bolster cyber defenses for critical infrastructure.
    - 6 hours ago Tuesday, April 28, 2015 -
  • newReducing the Surface Area of <b>Cyber</b> Risk: IU's IT-28 Initiative
    ... for IT and CIO at Indiana University and Paul Howell, Internet2's Chief Cyber Infrastructure Security Officer, examine IU's cyber risk mitigation policy.
    - 6 hours ago Tuesday, April 28, 2015 -
  • newA <b>cybersecurity</b> treaty? Not so fast, says State cyber czar
    Persistent cyberattacks against U.S. government agencies, infrastructure and private-sector firms have produced concern that not enough is being ...
    - 7 hours ago Tuesday, April 28, 2015 -
  • newDarktrace Launches Industrial Immune System for Critical <b>Infrastructure</b>
    "Nothing is fool-proof in the modern-day challenge of cyber security, ... infrastructure, and the safety of the people that work in these environments.".
    - 7 hours ago Tuesday, April 28, 2015 -
  • newSmithBucklin Helps Launch Fuel User Group <b>Cybersecurity</b> Community
    Fuel is made up of individuals who are interested in advancing and sharing their knowledge on information security and critical infrastructure as well ...
    - 7 hours ago Tuesday, April 28, 2015 -
  • newDarktrace launches new <b>cyber</b> threat detection technology
    Cambridge-based Darktrace has launched a new weapon to fight cyber ... protection of critical infrastructure – “delivering real-time detection of today's most ... said: “Nothing is foolproof in the modern-day challenge of cyber security, ...
    - 11 hours ago Tuesday, April 28, 2015 -
  • newZurich Calls for 'Supranational' Oversight to Strengthen <b>Cyber Security</b>
    A new report on cyber governance commissioned by Zurich Insurance ... are inadequate to ensure the security of the world's cyber infrastructure.”.
    - 11 hours ago Tuesday, April 28, 2015 -
  • newUS goes on offensive with new <b>cyber security</b> policy
    If directed DoD should be able to use cyber operations to disrupt an adversary's command and control networks, military-related critical infrastructure, ...
    - 22 hours ago Monday, April 27, 2015 -
  • newLocking Down Super-Users for Maximum <b>Cybersecurity</b> By @Centrify | @CloudExpo [#Cloud]
    One of the biggest challenges facing PIM is an increasingly decentralized IT infrastructure. The number of exposed surfaces has multiplied from the ...
    - 24 hours ago Monday, April 27, 2015 -
  • newKratos Defense & <b>Security</b> Solutions Schedules First Quarter 2015 Earnings Conference ...
    Kratos Defense & Security Solutions, Inc. (Nasdaq:KTOS) is a specialized ... cybersecurity, information assurance, and critical infrastructure security.
    - 24 hours ago Monday, April 27, 2015 -
  • newKratos Defense & <b>Security</b> Solutions Schedules First Quarter 2015 Earnings Conference Call for <b>...</b>
    ... electronic warfare, unmanned systems, missile defense, cyber warfare, cybersecurity, information assurance, and critical infrastructure security.
    - 24 hours ago Monday, April 27, 2015 -
  • newFBI Readies Multimillion Contract for <b>Cyber</b> Expertise
    To fill its growing list of unique openings -- especially in the cybersecurity ... cyber-based intrusions targeting U.S. national security, critical infrastructure and the ... The National Security Agency faces the same issue thanks to slower ...
    - 1 day ago Monday, April 27, 2015 -
  • Rail Signal Upgrade Could Be Hacked To Cause Crashes

    - 5 days ago Thursday, April 23, 2015 -
  • RSA Conference Survey: Which Security Solutions Made the Grade?

    RSA Conference Survey: Which Security Solutions Made the Grade?

    This week at the RSA Conference, I had the opportunity to talk with dozens upon dozens (more than 100) of information security professionals for Bromium’s “State of Security Report Card,” a survey of opinions about popular security solutions. I…
    - 5 days ago Thursday, April 23, 2015 -
  • Unsolicited Response Podcast: Rios on WhiteScope and Medical Device Security

    Unsolicited Response Podcast: Rios on WhiteScope and Medical Device Security

    Billy Rios of Laconicly joined me on the Unsolicited Response Podcast to discuss two topics: WhiteScope – an online ICS/SCADA whitelist that is trying to solve the last mile supply chain problem until vendors start signing their code. The WhiteScop…
    - 5 days ago Thursday, April 23, 2015 -
  • Your City's Not Smart If It's Vulnerable, Says Hacker

    - 8 days ago Monday, April 20, 2015 -
  • Attacking CANBus – Part 2

    Attacking CANBus – Part 2

    In part 1 we looked at what CAN is and what the difference between CAN and OBDII traffic is on a vehicle network. In this part we’re going to look at simple reverse engineering techniques to determine which CAN IDs are of interest to us. For this e…
    - 12 days ago Thursday, April 16, 2015 -
  • Much Ado about the Verizon Data Breach Incident Report

    Much Ado about the Verizon Data Breach Incident Report

    It’s that time of the year again! No, not Tax Day, the release of the Verizon Data Breach Incident Report, which provides analysis of more than 79,000 security incidents and 21,000 breaches. The report itself is 70 pages long, which you can take th…
    - 13 days ago Wednesday, April 15, 2015 -
  • S4x16 Moves To South Beach

    S4x16 Moves To South Beach

    Save the date: S4x16 is January 12-16 S4x16 is moving to the Fillmore Miami Beach at Jackie Gleason Theater in the heart of South Beach. It’s literally 3 blocks from the beach, 1 block from Lincoln Road and right in the middle of all the SoBe resta…
    - 13 days ago Wednesday, April 15, 2015 -
  • Attacking CANBus – Part 1

    Attacking CANBus – Part 1

    I thought I’d take a step back after releasing tools and presenting on CAN to do a quick intro into what communications are going on inside a vehicle anyway. What is CANBus? What is OBDII? Is there a difference? We’re going to skip all the electr…
    - 15 days ago Monday, April 13, 2015 -
  • iSight Partners Acquires Critical Intelligence

    iSight Partners Acquires Critical Intelligence

    Belden buys Tofino, GE buys Wurldtech, Lockheed Martin buys Industrial Defender and now iSight Partners acquires Critical Intelligence. The trend continues of larger organizations buying ICS security expertise. Bob Huber and Sean McBride left Idaho N…
    - 21 days ago Tuesday, April 7, 2015 -
  • Courage in the face of cyber-nihilism

    Courage in the face of cyber-nihilism

    It’s been a depressing start to the year as far as breaches and malware go, and I’ve seen a worrisome trend toward “cyber-despondency” in the sentiment of many CISOs.   When orgs with huge security budgets are still easily rolled and we see…
    - 22 days ago Monday, April 6, 2015 -
  • S4x15 Video – Creating Secure ICS Protocols

    S4x15 Video – Creating Secure ICS Protocols

    At S4x14 Adam Crain of Automatak, along with Chris Sistrunk, presented the results of their Project Robus that fuzzed DNP3 stacks and found most had problems with processing malformed or illegal responses. This year at S4x15 Adam talked about Avoidin…
    - 22 days ago Monday, April 6, 2015 -
  • Lies, Damned Lies and Statistics – Part 2

    Lies, Damned Lies and Statistics – Part 2

    Part 1 covered the need to pull and publish more useful information from the gathered ICS incident and vulnerability data. Part 2 covers “Are the numbers intentionally misleading? 245 Incidents Reported To ICS-CERT in 2014 Means What? The big stati…
    - 25 days ago Friday, April 3, 2015 -
  • Lies, Damned Lies and Statistics

    Lies, Damned Lies and Statistics

    “There are three kinds of lies: lies, damned lies, and statistics.” Mark Twain (purportedly quoting Benjamin Disraeli) The latest edition of the ICS Monitor, last week’s USA Today articles and the reemergence of Joe Weiss’s secret database wa…
    - 29 days ago Monday, March 30, 2015 -
  • Retailers Check-Out Intelligence Sharing Platform

    Retailers Check-Out Intelligence Sharing Platform

    News this week that the Retail Cyber Intelligence Sharing Center (R-CISC) is collaborating with the Financial Services ISAC (FS-ISAC) on its new threat intelligence portal. The R-CISC is working with the FS-ISAC to share threat information, in an att…
    - 32 days ago Friday, March 27, 2015 -
  • S4x15 Video – Ginter on Embedding Malware in ICS Protocols

    S4x15 Video – Ginter on Embedding Malware in ICS Protocols

    Andrew Ginter of Waterfall Security Solutions speaks on Embedding Malware in ICS Protocols. His conclusion is this is harder than one thinks. The easier solution might be to use the SQL server, web server, ftp server, or other commonly exploited prot…
    - 32 days ago Friday, March 27, 2015 -
  • Dridex Reminds Us: You Can’t Prevent What You Can’t Detect

    Dridex Reminds Us: You Can’t Prevent What You Can’t Detect

    News this week of the Dridex malware campaign  (the newest member of the GameOver Zeus Trojan family) should serve as a reminder that you can’t stop what you can’t see. According to the research, the attack vectors remain the same as it ever was…
    - 34 days ago Wednesday, March 25, 2015 -
  • ICSage Video: Eireann Leverett on Catastronomics

    ICSage Video: Eireann Leverett on Catastronomics

    Eireann Leverett of the University of Cambridge Centre for Risk Studies looks at control system related catastrophe scenarios and the economic impact of these scenarios with an eye towards how insurance and reinsurance policies will be written and pr…
    - 39 days ago Friday, March 20, 2015 -
  • Call of Duty: Modern Ransomware

    Call of Duty: Modern Ransomware

    Not even an extra life can save gamers now. Bromium Labs has just published research that identifies a new strain of crypto-ransomware that locks many popular games, including Call of Duty, Minecraft and World of Warcraft. Bromium researchers first…
    - 47 days ago Thursday, March 12, 2015 -
  • US Industrial Control Systems Attacked 245 Times In 12 Months

    - 47 days ago Thursday, March 12, 2015 -
  • CSOs: Does this Network Admin Work at YOUR Company!?

    CSOs: Does this Network Admin Work at YOUR Company!?

    Information security is hard. Data breaches on the scale of Target, Home Depot, Sony and Anthem serve as a constant reminder that it is impossible to detect a determined attacker until it is too late. Bromium research has consistently found that the…
    - 48 days ago Wednesday, March 11, 2015 -
  • Kaspersky: ‘A very bad incident’ awaits critical infrastructure

    Kaspersky: ‘A very bad incident’ awaits critical infrastructure

    Cyber-terrorism attacks against power grids, water supply systems, chemical plants and other critical infrastructure loom as a threat that could become harsh reality before slow-moving agencies act to secure them better, says the head of Kaspersky La…
    - 49 days ago Tuesday, March 10, 2015 -
  • Is it time to FREAK out?

    Is it time to FREAK out?

    The security industry was whipped into a frenzy this week with the discovery of the FREAK vulnerability, which enables a determined attacker to downgrade SSL traffic from “strong” RSA encryption to “export-grade” RSA encryption. The vulnerabi…
    - 53 days ago Friday, March 6, 2015 -
  • The Hidden Costs of Security

    The Hidden Costs of Security

    I think we are all familiar with the obvious costs of poor security. Millions of dollars lost recovering from breaches, brand damage and etc. This is pretty much the conventional wisdom now days. Luckily my job includes speaking and interacting with…
    - 54 days ago Thursday, March 5, 2015 -
  • First Impression: GAO Report on FAA Security – The Sky is Not Falling

    First Impression: GAO Report on FAA Security – The Sky is Not Falling

    Yesterday, the Government Accountability Office (GAO) released “FAA Needs to Address Weaknesses in Air Traffic Control Systems,” a report that highlights the improvements the Federal Aviation Administration (FAA) needs to make to its critical air…
    - 56 days ago Tuesday, March 3, 2015 -
  • Russian Cyber Menace Threatens Industrial Systems

    - 57 days ago Monday, March 2, 2015 -
  • Wall Street Journal CIO Network Event: Old Thinking Won’t Fix New Problems

    Wall Street Journal CIO Network Event: Old Thinking Won’t Fix New Problems

    Earlier this month, the Wall Street Journal published a blog, “CIOs Name Their Top 5 Strategic Priorities,” which collected the recommendations from a variety of technical leaders at a CIO Network event. Author Steven Norton notes: While proposal…
    - 60 days ago Friday, February 27, 2015 -
  • When Zero Days Become Weeks or Months

    When Zero Days Become Weeks or Months

    As February comes to a close we have already seen critical patches from Adobe and Microsoft. Even more concerning, Microsoft has not yet patched a recently disclosed Internet Explorer zero-day. For better or worse, Google’s “Project Zero” is pu…
    - 62 days ago Wednesday, February 25, 2015 -
  • How ‘Power fingerprint’ could improve security for ICS/SCADA systems

    How ‘Power fingerprint’ could improve security for ICS/SCADA systems

    Most people have heard that one way law enforcement can figure out who might be growing marijuana in their basement is to monitor power consumption.If a small house is sucking up as much electricity as two or three similar houses in the neighborhood,…
    - 64 days ago Monday, February 23, 2015 -
  • Securing Obama’s “Internet Cathedral” – Who are its priests?

    Securing Obama’s “Internet Cathedral” – Who are its priests?

    At last week’s Cyber Security Summit at Stanford, President Obama sought to reset his administration’s relationship with a tech community alienated by an endless stream of disclosures of the government’s penetration of technology companies to…
    - 69 days ago Wednesday, February 18, 2015 -
  • Risky Clicks: End users cause the majority of security headaches

    Risky Clicks: End users cause the majority of security headaches

    In January 2015, Bromium conducted a survey of more than 100 information security professionals, focused on the greatest challenges and risks facing their organizations today. The results indicate that end users continue to remain the greatest sec…
    - 69 days ago Wednesday, February 18, 2015 -
  • Kaspersky SAS 2015 CablemeltingBAD
    Slides from Kaspersky SAS "SCADA in the cloud" talk. If you saw our 31C3 report you can start from the slide N36. Important quotesICS Cybersecurity definitiona process that ensures control object operation with no dangerous failures or damage, but w…
    - 70 days ago Tuesday, February 17, 2015 -
  • Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes

    Siemens SIMATIC TIA Portal (Step 7/WinCC) fixes


    - 71 days ago Monday, February 16, 2015 -
  • Siemens Sighs: SCADA Bugs Abound

    - 82 days ago Thursday, February 5, 2015 -
  • The Vicious Cycle of “Assuming Compromise”

    The Vicious Cycle of “Assuming Compromise”

    When you walk the floors of industry trade shows and speak with security vendors, one of the most predominant endpoint security myths is “assume you will be compromised.” Of course, this is a fallacy, but as a result of this axiom, the security i…
    - 88 days ago Friday, January 30, 2015 -
  • Cyber-security: Changing the Economics!

    Cyber-security: Changing the Economics!

       The impact of recent cyber attacks will be felt for years to come, perhaps having risen to a new level of hurt with the Target and Sony attacks. With a Fortune 500 CEO ousted and a Hollywood movie held hostage, cyber-security is on the minds of…
    - 91 days ago Tuesday, January 27, 2015 -
  • Internet Attack Could Shut Down US Gas Stations

    - 96 days ago Thursday, January 22, 2015 -
  • Attackers Planting Banking Trojans In Industrial Systems

    - Tuesday, January 13, 2015 -
  • 31C3: Too Smart Grid in da Cloud ++

    31C3: Too Smart Grid in da Cloud ++

    This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind a…
    - Tuesday, December 30, 2014 -
  • SOS! Secure Open SmartGrids!

    SOS! Secure Open SmartGrids!

    Dear all,After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.There are dozens of platforms, hundreds of vendors,…
    - Sunday, December 28, 2014 -
  • South Korea Nuclear Plant Hit By Hacker

    - Tuesday, December 23, 2014 -
  • Hack Attack Causes Massive Damage At Steel Works

    - Monday, December 22, 2014 -
  • Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing

    Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing

    Update: Breaking News: ICANN targeted in a spear phishing attack Information security becomes increasingly important as the frequency of cyber attacks increases. From Target to Sony, the past 12 months have played host to the largest volume of attack…
    - Tuesday, December 16, 2014 -
  • Well, Honeywell

    Well, Honeywell

    New knowledge about Honeywell Experion Process Knowledge System. Yes, you must patch it.Yes, it's all about grep +1 SSRF.Thanks to Alexander Tlyapov, Gleb Gritsai, Kirill Nesterov, Artem Chaykin and Ilya KarpovHoneywell advisory/patch:https://www.h…
    - Tuesday, December 16, 2014 -
  • Picture This: Sony Hack Won’t Be the Last

    Picture This: Sony Hack Won’t Be the Last

    The FBI has warned US companies of a wave of destructive cyber attacks, in light of the recent Sony hack. I commented to eSecurityPlanet and SecurityWeek: “These attacks are troublesome, but not surprising. Earlier this year we witnessed Code Space…
    - Thursday, December 11, 2014 -
  • Siemens patches critical SCADA flaws likely exploited in recent attacks
    Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.One of the vulnerabi…
    - Monday, December 1, 2014 -
  • BootKit via SMS

    BootKit via SMS

    One of demo from PacSec and ZeroNights.Short FAQQ: Is it BadUSB?A: Not exactly, but kind of. Can be applied to any Android gadget. Q: Is it local or remote stuff?A: Can be done remotely (web/sms) for 4G/3G modemsQ: Any threats to ICS?A: YesQ: Huawei?…
    - Wednesday, November 19, 2014 -
  • Is it time to Fire your network protection vendor?

    Is it time to Fire your network protection vendor?

    I hereby solemnly promise that Bromium will never have a product with “fire” in its name.  By now every vendor in the  next-gen IDS / IPS / Firewall / honeypot-as-ultimate-defense-against-the-dark-arts market has a next-gen “fire”-branded p…
    - Monday, November 10, 2014 -
  • An Unprecedented Look At Stuxnet, The World's First Digital Weapon

    - Monday, November 3, 2014 -
  • Different type of SCADA...

    Different type of SCADA...

    +Update http://blog.ptsecurity.com/2015/01/hacking-atm-with-raspberry-pi.htmlSlides and demo from Olga and Alex report on ATM hacking at Black Hat. MS08-067 strikes again. Now ATM.There are a lot of different kinds of SCADA... Click Enjoy...
    - Wednesday, October 29, 2014 -
  • BlackEnergy Malware Has Compromised Systems For 2 Years

    - Wednesday, October 29, 2014 -
  • Attack of the malicious document – what was old is new again

    Attack of the malicious document – what was old is new again

    Recent zero day attacks targeting Windows using malicious Office documents should be a reminder to all of us that no attack vector ever truly dies, it just lurks in the background waiting for it’s time to come again. Malicious Office documents have…
    - Wednesday, October 22, 2014 -
  • Many Eyes Make Credible Security

    Many Eyes Make Credible Security

    We are proud to announce the successful results of an independent source-code review and penetration test of vSentry version 2.4 by the leading security consultancy  IOActive – acknowledged as one of the world’s leading security firms serv…
    - Tuesday, October 14, 2014 -
  • What is my encryption key?

    What is my encryption key?

    Update for update for WinCC <7.3. Now for Siemens SIMATIC PCS 7 <8.1.Details: https://ics-cert.us-cert.gov/advisories/ICSA-14-205-02A
    - Thursday, October 9, 2014 -
  • Why is Bromium InDemand?

    Why is Bromium InDemand?

    Recently LinkedIn recognized Bromium as one of the 10 most InDemand startups in the Bay Area. Thank you LinkedIn, and thank you Bay Area Tech Community! A number of folks, prospective and current co-workers, investors, customers, and friends have per…
    - Friday, October 3, 2014 -
  • Threat Intelligence firm mistakes research for nation-state attack

    Threat Intelligence firm mistakes research for nation-state attack

    [Updates to this story appear on page two.]On Tuesday, Bloomberg published a story based on honeypot scans, which was a follow-up to a previously published piece that explored the nature of attacks against industrial-control systems.Bloomberg's stori…
    - Wednesday, October 1, 2014 -
  • Rogue cell towers discovered in Washington, D.C.

    Rogue cell towers discovered in Washington, D.C.

    Towards the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that their engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the U.S.New information…
    - Wednesday, September 17, 2014 -
  • Goldilocks and the 3 Theres

    Goldilocks and the 3 Theres

      At VMWorld VMware SVP of Security Tom Korn described the hypervisor and virtual network environment of a virtual infrastructure platform as the “Goldilocks Zone” for application security in the software defined data center.  He was right.  A…
    - Thursday, September 11, 2014 -
  • IDG Contributor Network: Tunnel vision: Train security as critical as planes and automobiles

    IDG Contributor Network: Tunnel vision: Train security as critical as planes and automobiles

    In recent weeks you’ve heard a lot of discussion around the cyber risks to aircraft and automobiles. After the Black Hat, DefCon and BSides conferences in Las Vegas, Nev., in July, it would seem that a great deal of necessary attention will be pai…
    - Monday, September 8, 2014 -
  • Next-Gen IDS/IPSs: Caught between a ROC and a hard place

    Next-Gen IDS/IPSs: Caught between a ROC and a hard place

    The market appears to have revisited its irrational exuberance about next-gen network IDS/IPSs, perhaps because every major security vendor has one (truth be told, throwing traffic at a set of cloud- or appliance-hosted sacrificial VMs isn’t rock…
    - Monday, September 8, 2014 -
  • Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase

    Black Hat Survey: End Users Remain Biggest Security Headache as Compromised Endpoints Increase

    Earlier this year, Bromium published “Endpoint Protection: Attitudes and Opinions,” a statistical analysis of more than 300 information security professionals. The results revealed that endpoints are vulnerable, anti-virus is ineffective and end…
    - Wednesday, September 3, 2014 -
  • Industrial software website used in watering hole attack

    Industrial software website used in watering hole attack

    AlienVault Labs has discovered a watering hole attack that's using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firm's website, suggesti…
    - Tuesday, September 2, 2014 -
  • Few bugs in Wonderware Information Server

    Few bugs in Wonderware Information Server

    Vulnerabilities/fixes in Schneider Electric/Invensys Wonderware Information Server (WIS) to support tradition.The following Schneider Electric WIS versions are affected:Wonderware Information Server 4.0 SP1 Portal,Wonderware Information Server 4.5 Po…
    - Monday, September 1, 2014 -
  • Not by SCADA alone: ATM hack @BH Europe

    Not by SCADA alone: ATM hack @BH Europe

    Alexey and Olga gonna speak @BlackHat 2014 EU on ATM security.Please be careful there!Hint
    - Monday, September 1, 2014 -
  • How a hacker could cause chaos on city streets

    How a hacker could cause chaos on city streets

    Traffic is chaotic enough in major cities, but imagine how much worse it would be if a criminal hacker got control of the traffic lights.That Hollywood scenario is what researchers at the University of Michigan proved could happen given the security…
    - Friday, August 29, 2014 -
  • Workers at U.S. nuclear regulator fooled by phishers

    Workers at U.S. nuclear regulator fooled by phishers

    Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three phishing attacks that occurred over a three-year period.The incidents were described in an inspector general report obtained by the public…
    - Tuesday, August 19, 2014 -
  • The Rise and Fall of Enterprise Security

    The Rise and Fall of Enterprise Security

    Every day, enterprises are bombarded by rapidly multiplying and morphing advanced threats—and current network and endpoint security solutions aren’t capable of defeating these targeted attacks. This year a major IT analyst wrote: “Advanced targ…
    - Thursday, August 14, 2014 -
  • IDG Contributor Network: Buckle up: Security threats to connected cars get real

    IDG Contributor Network: Buckle up:  Security threats to connected cars get real

    As our connected cars move from syncing our music to driving us home, drivers, passengers, and pedestrians are starting to wonder if they should trust these high-velocity death-mobiles with their lives.  It’s a good question.Tesla, one of the lea…
    - Tuesday, August 12, 2014 -
  • NIST Wants Better SCADA Security

    - Tuesday, August 12, 2014 -
  • In praise of seamless, small-footprint, light-weight, transparent endpoint security

    In praise of seamless, small-footprint, light-weight, transparent endpoint security

    In a recent blog, Rick Holland of Forrester Research takes aim at meaningless vendor epithets, such as “light-weight”, “non-invasive” and “small-footprint” used to describe their endpoint security products.  As he astutely observes, what…
    - Monday, July 28, 2014 -
  • Siemens SIMATIC WinCC 7.3: Vulnerabilities/Fixes

    Siemens SIMATIC WinCC 7.3: Vulnerabilities/Fixes

    New version of WinCC/new features/new advisories/new vulnerabilities. Kudos Gleb Gritsai, Dmitry Nagibin and Alexander Tlyapov .CVE-2014-4682/HTTP/sensitive data (session) leakage CVE-2014-4683/HTTP/remote privileges escalation (useful with CVE-2014-…
    - Wednesday, July 23, 2014 -
  • Microvisor + Hypervisor Makes Your VMs Secure by Design

    Microvisor + Hypervisor Makes Your VMs Secure by Design

    I often get asked whether micro-virtualization can be used with a traditional hypervisor and full-OS “fat” VMs (humor: FAT VMs are another matter). YES! There are powerful benefits in both client and server scenarios. I’ll focus on the user cen…
    - Wednesday, July 16, 2014 -
  • How do you spell “Polymorphic”?

    How do you spell “Polymorphic”?

    I guess the answer is “i r o n y”:  Last week a Bromium field employee searched for “polymorphic” on dictionary.com and was treated to a gloriously literal definition: The site dropped a banking Trojan! Although the user was unaware of th…
    - Tuesday, July 15, 2014 -
  • Detectible Dysfunction

    Detectible Dysfunction

    In 2003, security industry analyst Richard Stiennon famously declared that intrusion detection systems would be obsolete by 2005, writing at the time: “The underlying problem with IDS is that enterprises are investing in technology to detect intrus…
    - Thursday, July 10, 2014 -
  • If you had only one more security dollar…

    If you had only one more security dollar…

    what would you spend it on?   Improve endpoint security, or better protect your network or your applications? This was the topic debated by three Gartner security analysts: Neil MacDonald (endpoint), Greg Young (network) and Joseph Feiman (applicati…
    - Tuesday, July 8, 2014 -
  • New Resource Page for the latest on Havex / Dragonfly / Energetic Bear Campaign
    Get the latest on the current ICS cyber threat intelligence related to the Dragonfly / Energetic Bear campaign and the use of the Havex exploit, including new vectors exploiting trusted supplier software troganization.
    - Thursday, July 3, 2014 -
  • The Dawn Of A New Era In Corporate Cyber Threats?

    The Dawn Of A New Era In Corporate Cyber Threats?

      Cyber criminals know where the money is and have been attacking businesses in the hopes of getting a big payout for many years. Hacking and manipulating financial systems to steal money or customer credit and banking information to sell on the bla…
    - Tuesday, July 1, 2014 -

IT News

  • newReport: China hijacking Facebook login buttons
    Chinese Internet users visiting websites with a “Login with Facebook” button are being redirected, according to numerous reports.It appears to be an orchestrated cyberattack perhaps backed by Beijing officials, but its intent and target is unclea…
    - 29 mins ago Tuesday, April 28, 2015 -
  • new<a rel="nofollow"> </a><a rel="nofollow"…

    - 43 mins ago Tuesday, April 28, 2015 -
  • newNew Version Of USA Freedom Surveillance Reform Bill To Hit The Senate This Week

    New Version Of USA Freedom Surveillance Reform Bill To Hit The Senate This Week

    The USA Freedom Act is back in another attempt to rein in the NSA -- one that was sabotaged twice last year. A bill under this name was first introduced in the House, which actually passed out of committee, but only after being gutted in response to…
    - 60 mins ago Tuesday, April 28, 2015 -
  • newIoT Effect on Applications

    IoT Effect on Applications

    As more applications are needed to run those Things, traditional infrastructure concerns like scale and reliability will become paramount. Additional challenges with identity and access, improving the user experience, and the need for faster provisio…
    - 1 hour ago Tuesday, April 28, 2015 -
  • newShaking Someone Down for His Password
    A drug dealer claims that the police leaned him over an 18th floor balcony and threatened to kill him if he didn't give up his password. One of the policemen involved corroborates this story.This is what's known as "rubber-hose cryptanalysis," well…
    - 2 hours ago Tuesday, April 28, 2015 -
  • newThis one time at RSA…

    This one time at RSA…

    See my top 5 observations from this year’s RSA convention in San Francisco.
    - 2 hours ago Tuesday, April 28, 2015 -
  • newChina Censors Facebook.net, Blocks Sites With “Like” Buttons
    Chinese government censors at the helm of the "Great Firewall of China" appear to have errantly blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook's "like" buttons. While the apparent sc…
    - 2 hours ago Tuesday, April 28, 2015 -
  • newNetflix Says Striking Cap-Exempt Deals With Australian ISPs Was A Mistake It Won't Make Again

    Netflix Says Striking Cap-Exempt Deals With Australian ISPs Was A Mistake It Won't Make Again

    Early last month we noted how Netflix was taking heat for its decision to strike deals with Australian ISPs exempting Netflix's traffic from usage caps ahead of Netflix's March launch in the country. The decision was seen as hypocritical for a compan…
    - 2 hours ago Tuesday, April 28, 2015 -
  • newThe 12 security questions you should ask your cloud provider
    ENISA has just released its cloud security guide for small and medium-sized businesses, and it makes essential reading for any SME wanting to understand the security risks and opportunities they should consider when switching to cloud services.Read…
    - 3 hours ago Tuesday, April 28, 2015 -
  • newDHS searching for ‘all-star’ to head cyber hub
    Homeland Security Secretary Jeh Johnson told senators Tuesday he will hire “a recognized all-star” to head his department’s cybersecurity hub, as Congress considers whether to put the agency in charge of the public-private exchange of cyber thr…
    - 3 hours ago Tuesday, April 28, 2015 -
  • newWordPress Patches Critical Zero-Day Flaw That Could Hijack Millions of Sites

    WordPress Patches Critical Zero-Day Flaw That Could Hijack Millions of Sites

    The popular blogging platform has released a security update to mitigate a recently discovered critical zero-day flaw potentially impacting millions of WordPress websites. Finland-based security researcher Jouko Pynnönen disclosed on Sunday that cur…
    - 3 hours ago Tuesday, April 28, 2015 -
  • newThe Health Internet of Things
    Several months ago, I had the unique opportunity of judging a security competition at a major university in New York City. The ground rules were simple. Students needed to propose the best legislation to help secure the consumer from hacking and cybe…
    - 3 hours ago Tuesday, April 28, 2015 -
  • newAs deadline nears, Congress introduces new bills to end bulk NSA surveillance
    The new bill lands with just over a month before the Patriot Act sunsets.
    - 3 hours ago Tuesday, April 28, 2015 -
  • newThe CIA Will Keep Killing Civilians With Drone Strikes Because The 'Rules' For Drone Strikes Aren't Actually Rules

    The CIA Will Keep Killing Civilians With Drone Strikes Because The 'Rules' For Drone Strikes Aren't Actually Rules

    Extrajudicial killing by pilotless air strikes is just something our government does now. Weaponized drones are sent out to eliminate enemies of the United States, supposedly under the guidance of the Dept. of Justice and some presidential policy dir…
    - 3 hours ago Tuesday, April 28, 2015 -
  • newCryptologists, Gaggle of
    Certainly an eponymous panel of cryptographic scientists, inclusive of Paul Kocher (Moderator) , Adi Shamir, Whitfield Diffie, Ed Giorgio, Ronald Rivest holding forth, as it were...Permalink
    - 3 hours ago Tuesday, April 28, 2015 -
  • newSilk Road creator denied new trial
    A federal judge in New York denied a new trial for the man convicted of owning and operating the Silk Road, a large online drug market. Ross Ulbricht, who was convicted in February, asked for a new trail after two law enforcement agents helping...
    - 4 hours ago Tuesday, April 28, 2015 -
  • newWith clock ticking, lawmakers unveil Patriot Act bill
    A bipartisan group of lawmakers will introduce legislation on Tuesday that would make major reforms to the National Security Agency while also extending three expiring provisions of the Patriot Act.The negotiated legislation from House Judiciary...
    - 4 hours ago Tuesday, April 28, 2015 -
  • newIf You're Promoting Copyright Without Fair Use, You're Promoting Out And Out Censorship

    If You're Promoting Copyright Without Fair Use, You're Promoting Out And Out Censorship

    A couple of weeks ago, we wrote about how the Sony email hack revealed the MPAA's true position on "fair use," which was that it was "extremely controversial," and the MPAA didn't want it included in various trade agreements. It was amazing to see so…
    - 4 hours ago Tuesday, April 28, 2015 -
  • newCyber general: US satellite networks hit by 'millions' of hacks
    The top cyber official for the Air Force says the service’s space and satellite networks are being constantly hacked by outside groups.“There’s millions of probes every year into our networks, from every corner of the world,” Gen. John Hyten,…
    - 5 hours ago Tuesday, April 28, 2015 -
  • newToday: Conversation with a Cyber Warrior

    Today: Conversation with a Cyber Warrior

    In-brief: Join Security Ledger and Invincea today at 1:00 PM ET for a chat with Gen. Rhett Hernandez, former commander of U.S. Army Cyber Command. A note to Security Ledger readers that, along with our friends at Invincea, we’re hosting a great han…
    - 5 hours ago Tuesday, April 28, 2015 -
  • newWhite House unveils cyber pact with Japan
    The U.S. and Japan unveiled a wide-ranging cybersecurity alliance Tuesday morning, a step toward the White House's goal of creating international cyber norms amid growing hacking threats from China and North Korea.The pact came after a daylong...
    - 6 hours ago Tuesday, April 28, 2015 -
  • newESPN Sues Verizon For Trying To Give Consumers What They Want

    ESPN Sues Verizon For Trying To Give Consumers What They Want

    As we noted last week, Verizon is responding to more flexible Internet TV bundles by offering a few new options of their own. Verizon's new FiOS Custom TV broadband bundles include a core lineup of channels with the option of adding on an assortment…
    - 6 hours ago Tuesday, April 28, 2015 -
  • newHackers hit Hawaii state website on Sunday
    Hackers successfully disrupted traffic to the Hawaii government’s website on Sunday in an attack that appeared to protest a major construction project in the state. The denial-of-service attack affected the website’s availability for several hour…
    - 6 hours ago Tuesday, April 28, 2015 -
  • newA cybersecurity treaty? Not so fast, says State cyber czar
    Calls for an international treaty on cybersecurity are premature given the evolving nature of online threats, the State Department’s cyber envoy said Monday. Christopher Painter, the department’s coordinator for cyber issues since 2011, acknowled…
    - 7 hours ago Tuesday, April 28, 2015 -
  • newEmail delivery service confirms data breach
    An email delivery service that sends more than 18 billion online messages per month experienced a data breach earlier this year, the company confirmed on Monday. SendGrid is urging its employees and customers to change their passwords and enable two.…
    - 7 hours ago Tuesday, April 28, 2015 -
  • newCitizen, Protect Thyself: Privacy in the Internet of Things

    Citizen, Protect Thyself: Privacy in the Internet of Things

    In-brief: Despite the technical interconnectivity that the IoT brings, there is no technology that will help us regain our privacy, writes Marc Blackmer of Cisco. We are responsible for guarding our privacy as we adopt advances such as connected ca…
    - 7 hours ago Tuesday, April 28, 2015 -
  • newJudge Responds To Ross Ulbricht's Request For A New Trial: Ha Ha Ha Ha, No.

    Judge Responds To Ross Ulbricht's Request For A New Trial: Ha Ha Ha Ha, No.

    This is not a huge surprise, but the judge who oversaw Ross Ulbricht's trial for being the guy behind the original Silk Road wasted very little time in flat out rejecting his request for a new trial. To say that Judge Katherine Forrest is skeptical o…
    - 8 hours ago Tuesday, April 28, 2015 -
  • newChina's Top Mobile Company Complains About Counterfeits

    China's Top Mobile Company Complains About Counterfeits

    The rise of China has been predicted for a while now, and in the field of technology we are already seeing Chinese companies that are likely to have a global impact. One manifestation of that is the $25 billion US IPO of Alibaba -- roughly, China's e…
    - 11 hours ago Tuesday, April 28, 2015 -
  • newSan Franciscans: Please Join Carl Malamud's Campaign To Help Free Up Court Documents

    San Franciscans: Please Join Carl Malamud's Campaign To Help Free Up Court Documents

    For many years, we've discussed various Carl Malamud projects to help make government information and documents more widely available (especially ones that are locked up for no good reason). One particular target of his is PACER, the court's electron…
    - 16 hours ago Monday, April 27, 2015 -
  • newCrazy! Hacker Implants NFC Chip In His Hand To Hack Android Phones

    Crazy! Hacker Implants NFC Chip In His Hand To Hack Android Phones


    - 19 hours ago Monday, April 27, 2015 -
  • newDailyDirt: No More Teaching To The Test?

    DailyDirt: No More Teaching To The Test?

    A Singaporean math test question went viral not too long ago, confusing some people and making others wonder how American kids should be taught math. Plenty of other countries perform better on international standardized tests than US kids do, but it…
    - 20 hours ago Monday, April 27, 2015 -
  • newPatriot Act showdown looms for Republican presidential field
    One of the first fights of the Republican presidential primary season will be over U.S. spying.Congress’s upcoming debate over reforming government surveillance and extending portions of the Patriot Act will ensnare Republicans with their eyes on..…
    - 20 hours ago Monday, April 27, 2015 -
  • newSeattle PD Hires Coder Who Demanded It Hand Over Every Video Produced By Its Body Cameras

    Seattle PD Hires Coder Who Demanded It Hand Over Every Video Produced By Its Body Cameras

    Back in December, an anonymous person requested pretty much every report the Seattle PD generates daily, along with all footage from its newly-instituted body camera program. Today, that man is no longer anonymous and was recently hired by the Seattl…
    - 21 hours ago Monday, April 27, 2015 -
  • newOVERNIGHT CYBERSECURITY: Japan joins the cyber fight
    Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead...
    - 21 hours ago Monday, April 27, 2015 -
  • newCopyright Troll Gets Fed; Resumes Torrent Lawsuits After Multiple Dismissals Led To A 19-Month Pause In Filings

    Copyright Troll Gets Fed; Resumes Torrent Lawsuits After Multiple Dismissals Led To A 19-Month Pause In Filings

    Don't feed the trolls. OPINION AND ORDER granting in part and denying in part 20 21 the Motions for Default Judgment. Philip Spain and Heather Dew are permanently enjoined from infringing plaintiff's copyrighted work, as outlined in the Opinion and…
    - 22 hours ago Monday, April 27, 2015 -
  • newHacking WordPress Website with Just a Single Comment

    Hacking WordPress Website with Just a Single Comment


    - 22 hours ago Monday, April 27, 2015 -
  • newLynch vows cyber focus at DOJ
    Cybersecurity got prominent mention during Attorney General Loretta Lynch’s swearing-in ceremony on Monday.The issue is expected to consume a significant portion of Lynch’s tenure at the head of the Department of Justice (DOJ), which has been...
    - 22 hours ago Monday, April 27, 2015 -
  • newThe US Government Should Release These 7,584 Fruit Paintings

    The US Government Should Release These 7,584 Fruit Paintings

    The federal government is sitting on 7,584 historical agricultural watercolor paintings that it should make freely available to the public today. Currently, people have access only to low-quality previews of the images; the United States Department o…
    - 23 hours ago Monday, April 27, 2015 -
  • newNSA's Stellar Wind Program Was Almost Completely Useless, Hidden From FISA Court By NSA And FBI

    NSA's Stellar Wind Program Was Almost Completely Useless, Hidden From FISA Court By NSA And FBI

    A huge report (747 pages) on the NSA's Stellar Wind program has been turned over to Charlie Savage of the New York Times after a successful FOIA lawsuit. Stellar Wind has its basis in an order issued by George W. Bush shortly after the 9/11 attacks.…
    - 1 day ago Monday, April 27, 2015 -
  • newDaily Deals: Interactive Coding Bootcamp

    Daily Deals: Interactive Coding Bootcamp

    If you're grumbling on your way to work every Monday, it could be time to try something else... like some web development skills (too bad for you if you're already a web developer). The Techdirt Deals store now has 92% off of an Interactive Coding Bo…
    - 1 day ago Monday, April 27, 2015 -

Youtube News - CyberSecurity

Cybersecurity Bills Pass the House
Congressman Dennis Ross (FL-15) and Sri Sridharan, Managing Director/Chief Operating Officer of the Florida Center for Cybersecurity at USF, talk about H.R. 1560 (the Protecting Cyber Networks...
- 53 mins ago Tuesday, April 28, 2015 -
Why Cybersecurity at Bay Path
description.
- 3 hours ago Tuesday, April 28, 2015 -
What Will You Learn - Cybersecurity at Bay Path
description.
- 3 hours ago Tuesday, April 28, 2015 -
The Drell Lecture: Rewiring the Pentagon, Charting a New Path on Innovation and Cybersecurity
April 23, 2015 The Honorable Ashton B. Carter, 25th US Secretary of Defense and former distinguished visiting fellow at the Hoover Institution was at Stanford University on Thursday, April...
- 3 hours ago Tuesday, April 28, 2015 -
Dennis Thibodeaux - Let's Talk About Cybersecurity
Dennis Thibodeaux talks about protecting ourselves and companies online.
- 4 hours ago Tuesday, April 28, 2015 -
Professor Phoha's Cybersecurity Research
Professor Vir Phoha speaks about his work in cybersecurity at the 2015 Nunan Research Day.
- 7 hours ago Tuesday, April 28, 2015 -
Infosec 2015 zurka - bend The Gift
Telegroup Infosec 2015. Dobra atmosfera uz "The Gift" bend.
- 9 hours ago Tuesday, April 28, 2015 -
cyber week 2014 the 4th annual international cybersecurity conference Balvatnik

- 9 hours ago Tuesday, April 28, 2015 -
Baltimore, MD cybersecurity firm in Ukraine?
http://www.huffingtonpost.com/2014/03/29/vitali-klitschko_n_5055043.html ...
- 9 hours ago Tuesday, April 28, 2015 -
Održana Telegroup Infosec 2015 konferencija
Кompanija TeleGroup po treći put u Beogradu organizovala je TeleGroup Infosec konferenciju koja se održala 23. aprila 2015. godine. Poslovni sistemi i državne institucije imali su priliku...
- 10 hours ago Tuesday, April 28, 2015 -
Infosec 2015 - The struggle with software vulnerabilities, Trend Micro
Кompanija TeleGroup po treći put u Beogradu organizovala je TeleGroup Infosec konferenciju koja se održala 23. aprila 2015. godine. Poslovni sistemi i državne institucije imali su priliku...
- 10 hours ago Tuesday, April 28, 2015 -
Infosec 2015 - Data Center Security, Check Point
Кompanija TeleGroup po treći put u Beogradu organizovala je TeleGroup Infosec konferenciju koja se održala 23. aprila 2015. godine. Poslovni sistemi i državne institucije imali su priliku...
- 11 hours ago Tuesday, April 28, 2015 -

InfoSec Podcasts

  • newEpisode 415: Bash commandline Tips

    Episode 415: Bash commandline Tips

    Check out our segment on user-submitted bash command line tips, tricks, and timewasters.
    - 7 hours ago Tuesday, April 28, 2015 -
  • newEpisode 415: Interview with Apollo Clark

    Episode 415: Interview with Apollo Clark

    Apollo joins us in-studio to mix drinks and talk about Kali Linux.
    - 7 hours ago Tuesday, April 28, 2015 -
  • newISC StormCast for Tuesday, April 28th 2015
    Wordpress XSS Vulnerabilityhttp://klikki.fi/adv/wordpress2.htmlMagento Vulnerability Exploitedhttps://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.htmlYubico Neo Vulnerabilityhttps://developers.yubico.com/ykneo-openpgp/Sec…
    - 18 hours ago Monday, April 27, 2015 -
  • newDtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015
    In this episode...What about public safety, where do we draw the line on open research?Self-regulation? Disclosure? What are our options…What makes a researcher? We discuss“Chilling security research”A quick dive into bug bounty programs;…
    - 2 days ago Monday, April 27, 2015 -
  • newISC StormCast for Monday, April 27th 2015
    Quantum Insert Attackhttp://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/Android wpa_supplicant heap buffer overflowhttp://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19Geolocation Browsers Using the Browser Cachehttp://www.c…
    - 2 days ago Sunday, April 26, 2015 -
  • Hack Naked TV 4-24-15

    Hack Naked TV 4-24-15

    The Hack Naked episode for the week of April 24th, 2015 is up! In this episode we talk about “fileless malware”, and how you can use PowerSploit’s Invoke-Shellcode to simulate this type of attack. Links from this episode are below: http://tinyu…
    - 4 days ago Friday, April 24, 2015 -
  • Risky Business #363 -- Software defined radio gets interesting
    This week's show was cut together from our nation's capital, Canberra!I've been down here to attend the Australian Cyber Security Centre conference, which was actually pretty good. There were some great technical talks. One of them was by Balint See…
    - 5 days ago Friday, April 24, 2015 -
  • ISC StormCast for Friday, April 24th 2015
    Case Study: Why Webapplication Pentests Need to Include Manual Testshttps://isc.sans.edu/forums/diary/When+automation+does+not+help/19615/Gaps In OS X Securityhttps://threatpost.com/bypassing-os-x-security-tools-is-trivial-researcher-says/112410Samsu…
    - 5 days ago Thursday, April 23, 2015 -
  • Chet Chat 195.5 - Apr 22, 2015
    Sophos experts Paul Ducklin and John Shier take a quick look at what's happening at the RSA Conference 2015.From "joined up security" to the suggestion that Google proclaimed the end of malware on Android, find out what's happening at RSA...
    - 5 days ago Thursday, April 23, 2015 -
  • ISC StormCast for Thursday, April 23rd 2015
    FBI Warns of Airplane Hackers http://www.wired.com/2015/04/fbi-tsa-warn-airlines-tampering-onboard-wifi/Magneto Shopping Cart Vulnerabilityhttp://blog.checkpoint.comAndroid Touchjackinghttp://www.nes.fr/securitylab/?p=1865
    - 6 days ago Wednesday, April 22, 2015 -
  • ISC StormCast for Wednesday, April 22nd 2015
    Dridex Now Using Google to Obfuscate Link Furtherhttps://isc.sans.edu/forums/diary/Dridex+Redirecting+to+Malicious+Dropbox+Hosted+File+Via+Google/19609/OS X Rootpipe Bug Still Not Fixed in Yosemitehttps://objective-see.com/blog.htmlGoogle Allows Down…
    - 7 days ago Tuesday, April 21, 2015 -
  • Chet Chat 195 - Apr 21, 2015
    This week, Chester Wisniewski is at RSA 2015 in San Francisco. He talks to fellow Sophos security expert Paul Ducklin straight from Sophos's booth at the trade show.
    - 7 days ago Tuesday, April 21, 2015 -
  • ISC StormCast for Tuesday, April 21st 2015
    Google Serving Ads Over httpshttp://googleonlinesecurity.blogspot.com.au/2015/04/ads-take-step-towards-https-everywhere.htmlJavascript CPU Cache Sidechannel Attackhttp://arxiv.org/pdf/1502.07373v2.pdfRussian APT Attacks Used 0-day in Flash and Window…
    - 8 days ago Monday, April 20, 2015 -
  • Episode 414 – Israel Barak, Co-Founder, General Manager Sentrix Americas

    Episode 414 – Israel Barak, Co-Founder, General Manager Sentrix Americas

    Israel Barak is the co-founder of Sentrix, co-founding the company in 2011. He currently functions as Sentrix GM business operations for the Americas. Mr. Barak specializes in developing and assimilating innovative technologies and enhancing organiza…
    - 8 days ago Monday, April 20, 2015 -
  • Episode 414 – Guest interview with Jon Callas

    Episode 414 – Guest interview with Jon Callas

    View our featured interview with Jon Callas, check out the wiki for more topics.
    - 8 days ago Monday, April 20, 2015 -
  • DtSR Episode 139 - NewsCast for April 20th, 2015
    In this episode...Friend and security researcher Chris Roberts steps into it... A poorly-conceived tweet, followed by mass hysteriaMost everyone talking about this is missing the point entirelyOf course, the EFF jumps in to keep from "chilling r…
    - 9 days ago Monday, April 20, 2015 -
  • ISC StormCast for Monday, April 20th 2015
    RSA Panelhttps://www.rsaconference.com/events/us15/agenda/sessions/1731/the-six-most-dangerous-new-attack-techniques-andExtracting Compressed Streams From PDFshttps://isc.sans.edu/forums/diary/Handling+Special+PDF+Compression+Methods/19597/Minecraft…
    - 9 days ago Sunday, April 19, 2015 -
  • Chet Chat 194 - Apr 17, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.
    - 10 days ago Saturday, April 18, 2015 -
  • ISC StormCast for Friday, April 17th 2015
    HTTP.sys Vulnerability Updatehttps://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/HTTP.sys Webcasthttps://www.sans.org/webcasts/isc-threat-update-20150416-100152Teslacrypt Ransom Warehttps://isc…
    - 12 days ago Thursday, April 16, 2015 -
  • Risky Business #362 -- Bob Rudis on the Verizon Data Breach Investigation report
    In this week's show we're chatting with Bob Rudis of Verizon about that company's annual data breach investigation report. After what I thought was a bit of a lapse in relevance last year, the 2015 report has come back stronger than ever. There are s…
    - 13 days ago Thursday, April 16, 2015 -
  • ISC StormCast for Thursday, April 16th 2015
    HTTP.sys Vulnerabilityhttps://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583Cisco Desktop Cache Cleaner Remote Execution Vulnerabilityhttp://tools.cisco.com/security/center/content/CiscoSecurityAd…
    - 13 days ago Wednesday, April 15, 2015 -
  • ISC StormCast for Wednesday, April 15th 2015
    Microsoft Patcheshttps://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+April+2015/19577/Adobe Patcheshttps://helpx.adobe.com/security/products/flash-player/apsb15-06.htmlGoogle Chrome Phasing Out NPAPI, Affecting Javahttps://developer.chrome.com/…
    - 13 days ago Wednesday, April 15, 2015 -
  • Episode 413: Prying Eyes Are Watching You

    Episode 413: Prying Eyes Are Watching You

    This short segment on tradeoffs between security and privacy features a discussion around Dropcam. Read more on the wiki here.
    - 14 days ago Tuesday, April 14, 2015 -
  • Episode 413: Interview with Steve Crocker

    Episode 413: Interview with Steve Crocker

    Dr. Crocker was the IETF’s first area director for security, and later served on the Internet Architecture Board. He has been involved with ICANN since 2002 when he chaired the newly formed Security and Stability Advisory Committee (SSAC). He has b…
    - 14 days ago Tuesday, April 14, 2015 -
  • Episode 413: Special Segment with Rob Cheyne

    Episode 413: Special Segment with Rob Cheyne

    Rob is responsible for running SOURCE Boston, a really cool conference that everyone should attend! In this segment we will talk to Rob about some of the training he is doing in the areas of user awareness, threat modeling and training the trainer.
    - 14 days ago Tuesday, April 14, 2015 -
  • Episode 412: The Dapper Hacker Segment

    Episode 412: The Dapper Hacker Segment

    In this segment, we discuss appropriate attire for physically penetrating dumpsters and buildings. Read more on our wiki here.
    - 14 days ago Tuesday, April 14, 2015 -
  • ISC StormCast for Tuesday, April 14th 2015
    Ruby SSL Wildcard Certificate Validation Bug https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/Simda Botnet Takedown http://blog.trendmicro.com/trendlabs-security-intelligence/simda-a-botnet-takedown/Simda Chec…
    - 15 days ago Monday, April 13, 2015 -
  • DtSR Episode 138 - Useful Knowledge on Intelligence
    In this episode...Where do you even start with “threat intelligence”?Ryan talks about context, and why it’s *the* most important thing when it comes to threat intelHow does a SME make use of a “luxury item” like threat intelligence?Mich…
    - 16 days ago Monday, April 13, 2015 -
  • ISC StormCast for Monday, April 13th 2015
    Reversing Belkin's WPS Algorithmshttp://www.devttys0.com/2015/04/reversing-belkins-wps-pin-algorithm/Pastebin Used as C&C Channelhttps://isc.sans.edu/forums/diary/The+Kill+Chain+Now+With+Pastebin/19569/Citizen Lab Analyzes "Great Firewall" DoS Attack…
    - 16 days ago Sunday, April 12, 2015 -
  • Episode 412: Interview with John McAfee

    Episode 412: Interview with John McAfee

    John McAfee pioneered commercial antivirus when he founded McAfee Anti Virus in 1987; he is considered one of the greatest, most controversial and outspoken minds when it comes to Information Security and privacy. Prior to McAfee Associates, John has…
    - 18 days ago Friday, April 10, 2015 -
  • Episode 411: Stories of the Week

    Episode 411: Stories of the Week

    This week we talk about how to air-gap your system, securing your BIOS from attacks, and how to build a better sandboxed browser.
    - 18 days ago Friday, April 10, 2015 -
  • ISC StormCast for Friday, April 10th 2015
    TV Station TV5Monde Cripled After Cyber Attackhttp://www.theguardian.com/world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackersApple Patches "Hidden Backdoor" in Yosemitehttps://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-a…
    - 19 days ago Thursday, April 9, 2015 -
  • Risky Business #361 -- ISIS pwns French TV, Russians pwn White House
    We've got a shorter than usual show for you this week. It's actually been a three day week here in Australia because we get Easter Friday and Easter Monday off. So there's no feature interview this week, sorry about that.But nonetheless we've got a…
    - 20 days ago Thursday, April 9, 2015 -
  • ISC StormCast for Thursday, April 9th 2015
    Apple Security Updateshttps://support.apple.com/en-us/HT201222Google Expired Certificate Authorityhttp://www.securityweek.com/google-lets-smtp-certificate-expireSHA1 Signed SSL Certificates Will No Loger Be Trusted by Chrome in 2016https://blog.filip…
    - 20 days ago Wednesday, April 8, 2015 -
  • Microcast - Proving Grounds
    It's going to be a little bit before the next episode of the podcast as we work out some changes.  Until then take a listen to some news about BSides Las Vegas Proving Grounds!  See you in Vegas!
    - 20 days ago Wednesday, April 8, 2015 -
  • Chet Chat 193 - Apr 8, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest computer security stories in their inimitable style.Turn news into advice with the Sophos Security Chet Chat!
    - 20 days ago Wednesday, April 8, 2015 -
  • ISC StormCast for Wednesday, April 8th 2015
    Firefox Update Deactivates Oportunistic Encryptionhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-44/3 out of 4 Large Organizations Still Vulnerable to Heartbleedhttps://www.venafi.com/assets/pdf/wp/Hearts-Continue-to-Bleed-Research-Report…
    - 21 days ago Tuesday, April 7, 2015 -
  • ISC StormCast for Tuesday, April 7th 2015
    ChameleonMini RFID/NFC Emulator https://github.com/emsec/ChameleonMini/wikiMalware Analysis Service https://www.hybrid-analysis.com/Malware installing Chrome Extensions https://ocelot.li/the-malware-campaign-that-went-unnoticed/USB Deaddrops https://…
    - 22 days ago Monday, April 6, 2015 -
  • DtSR Episode 137 - NewsCast for April 6th, 2015
    In this episode...TrueCrypt security audit results are good news, right? Why are some of the most depended-upon http://arstechnica.com/security/2015/04/truecrypt-security-audit-is-good-news-so-why-all-the-glum-faces/At Aetna, CyberSecurity is…
    - 23 days ago Monday, April 6, 2015 -
  • ISC StormCast for Monday, April 6th 2015
    Google Report About Android Security https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdfCalculating ssh fingerprints for Cisco iOS https://isc.sans.edu/forums…
    - 23 days ago Sunday, April 5, 2015 -
  • ISC StormCast for Friday, April 3rd 2015
    Google Removing CNNIC SSL Certificate Authority from Chrome http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.htmlGoogle Removes Adware Extensions http://googleonlinesecurity.blogspot.ro/2015/03/out-with-unwant…
    - 26 days ago Thursday, April 2, 2015 -
  • Risky Business #360 -- The Great GitHub DDoS of 2015
    In this week's show we chat with Arbor Networks' Roland Dobbins about the Great GitHub DDoS of 2015, Paul Asadoorian of Tenable Network Security about vulnerability management and, of course, Adam Boileau about the week's security news.Links are in…
    - 27 days ago Thursday, April 2, 2015 -
  • ISC StormCast for Thursday, April 2nd 2015
    Mozilla 37 Supports Opportunistic Encryptionhttp://bitsup.blogspot.de/2015/03/opportunistic-encryption-for-firefox.htmlLittle Change in Online Behaviour Folliwng Snowden Revelationshttp://www.pewinternet.org/2015/03/16/americans-privacy-strategies-po…
    - 27 days ago Wednesday, April 1, 2015 -
  • Chet Chat 192 - Mar 31, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest news in our weekly computer security podcast.From the G20 leaders' "passport leak" to World Backup Day, we turn news into useful advice!
    - 27 days ago Wednesday, April 1, 2015 -
  • ISC StormCast for Wednesday, April 1st 2015
    Google Fixes YouTube Authentication Bypass in API http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.htmlMore Details about Chinese Firewall as Attack Tool http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-th…
    - 28 days ago Tuesday, March 31, 2015 -
  • ISC StormCast for Tuesday, March 31st 2015
    YARA Rules For Shellcodehttps://isc.sans.edu/forums/diary/YARA+Rules+For+Shellcode/19527/Converting PCAPs into XML and SQLitehttps://isc.sans.edu/forums/diary/Select+Star+from+PCAP+Treating+Packet+Captures+as+Databases/19529/G20 Data Sent to Wrong Em…
    - 29 days ago Monday, March 30, 2015 -
  • DtSR Episode 136 - Crypto and Privacy with Jon Callas
    In this episode...Jon Callas gives a little of his background and his current roleWe talk through why cryptography is so hard, and so broken todayJon overviews compatibility, audit and making cryptography usefulJon brings up open source, security…
    - 30 days ago Monday, March 30, 2015 -
  • ISC StormCast for Monday, March 30th 2015
    Malicious XML with Nested ("Matryoshka") Encodingshttps://isc.sans.edu/forums/diary/Malicious+XML+Matryoshka+Edition/19521/Github DDoShttps://status.github.comhttp://insight-labs.org/?p=1682Prisoner Sends Fake Release E-Mail to Prisonhttp://www.bbc.c…
    - 30 days ago Sunday, March 29, 2015 -
  • ISC StormCast for Friday, March 27th 2015
    ANTLabs InnGate Unauthenticated rsync server http://blog.cylance.com//spear-team-cve-2015-0932Samsung Going to Offer Iris Scanning in Future Mobile Devices http://www.sri.com/newsroom/press-releases/sri-international-offer-iris-biometric-embedded-pro…
    - 33 days ago Thursday, March 26, 2015 -
  • Risky Business #359 -- Whisper? More like shout!
    This week Risky Business takes you behind the scenes of a spat between the makers of the Whisper App and Stephen Ridley's company Xipiter.Ridley's crew say they found some 24-carat-facepalm security problems with the app, subsequently publishing a b…
    - 34 days ago Thursday, March 26, 2015 -
  • ISC StormCast for Thursday, March 26th 2015
    Certificate Pinninghttps://isc.sans.edu/forums/diary/Pinup+on+your+Smartphone/19513/Elastichoneyhttp://jordan-wright.github.io/blog/2015/03/23/introducing-elastichoney-an-elasticsearch-honeypot/Android Installer Vulnerability Can Lead to Installing U…
    - 34 days ago Wednesday, March 25, 2015 -
  • Chet Chat 191 - Mar 25, 2015
    Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our computer security podcast.This week's Chet Chat comes to you from an al fresco café in downtown Ljubljana, as Chester gets ready to present at a conference in Sl…
    - 34 days ago Wednesday, March 25, 2015 -
  • ISC StormCast for Wednesday, March 25th 2015
    Repurposing Logshttps://isc.sans.edu/forums/diary/Repurposing+Logs/19503/Old Vulnerable Flash Applets Still Deployed And Need to be Recompiledhttp://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.htmlWind Turbine Web Admin Vulnerabi…
    - 35 days ago Tuesday, March 24, 2015 -
  • ISC StormCast for Tuesday, March 24th 2015
    Cisco IP Phones Vunerable To Evesdroppinghttp://tools.cisco.com/security/center/viewAlert.x?alertId=37946http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-opensslPOSeidon Point of Sales Malwarehttp://blogs.cisco.c…
    - 36 days ago Monday, March 23, 2015 -
  • DtSR Episode 135 - NewsCast for March 23rd, 2015
    Remember folks, as you listen reach out