Home  /  Podcast Directory  /  Technology  /  Defensive Security


Last update: 2013-06-30

Defensive Security Podcast Episode 24

2013-06-30 :: Jerry Bell
Length: 50s

Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing … … Continue reading

x

Share: Defensive Security Podcast Episode 24


Defensive Security Podcast Episode 23

2013-06-24 :: Jerry Bell
Length: 25s

The discrepancy between perception and reality when it comes to quantifying risk, the major fail that was OpPetrol, Malvertising, EMET 4 released, How not to be a CSO by the Harvard Business Review, Linked In’s DNS woes, and CSOs are not recognizing reality. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Risk Perception Versus Reality: http://www.defensivesecurity.org/risk-perception-reality/ OpPetrol Fail: http://www.techweekeurope.co.uk/news/anonymous-oppetrol-failed-campaign-119681 Malvertising: … … Continue reading

x

Share: Defensive Security Podcast Episode 23


Defensive Security Podcast Episode 22

2013-06-16 :: Jerry Bell
Length: 31s

Risk Science Podcast, Forensic 4Cast podcast, Gartner security myths, 2013 OWASP top ten, FDA finds security risk in medical devices, Oracle fixes 40 more java bugs, B-sides Rhode Island videos, Can the Germans break PGP? Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Risk Science Podcast: http://riskscience.net/ Forensic4Cast :http://forensic4cast.com/ Gartner security myths: http://www.networkworld.com/news/2013/061113-gartner-reveals-top-10-it-270738.html 2013 OWASP top ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project FDA finds … … Continue reading

x

Share: Defensive Security Podcast Episode 22


Defensive Security Podcast Episode 21

2013-06-09 :: Jerry Bell
Length: 17s

Verizon, PRISM and Edward Snowden, Java users are bad at patching, cost of breaches is up, Microsoft operation takes down 1462 Citadel botnets, malware increasingly using peer to peer communications for command and control, and malware trends.   Subscribe in iTunes | Podcast RSS Feed | Twitter | Email   Java users are really bad at patching: http://images.infoworld.com/d/security/java-users-woefully-tardy-patching-220071 Cost of breaches: … … Continue reading

x

Share: Defensive Security Podcast Episode 21


Defensive Security Podcast Episode 20

2013-06-02 :: Jerry Bell
Length: 27s

US power grid is highly vulnerable and under constant attack, Iran attacking energy companies, increase in sophisticated attacks against keys and certificates, Indian government site redirects to black hole exploit kit, FSB report find that only 36% of small businesses regularly patch, 5 quick wins from the DBIR, Google to give software vendors 7 days … … Continue reading

x

Share: Defensive Security Podcast Episode 20


Defensive Security Podcast Episode 19

2013-05-19 :: Jerry Bell
Length: 29s

Adobe and Microsoft patches, signed Mac malware, EC Council website hacked, 7 steps to secure Java,  Microsoft on invulnerable software, more on OpUSA, Ohio city’s taxpayer database stolen and the importance of malware being invisible. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Adobe patches: http://images.infoworld.com/d/security/adobe-releases-critical-security-updates-reader-flash-player-and-coldfusion-218554 Signed Mac malware: http://www.f-secure.com/weblog/archives/00002554.html EC Council hacked: http://www.net-security.org/secworld.php?id=14923 7 steps for java: … … Continue reading

x

Share: Defensive Security Podcast Episode 19


Defensive Security Podcast Episode 18

2013-05-12 :: Jerry Bell
Length: 33s

Adobe warns customers of a Cold Fusion 0day, Washing courts owned by that 0day, web servers found compromised with the Cdorked/Darkleech, critical vulnerability in Nginx, Anonymous’ opUSA turned out to be a bunch of nothing, too many admins is bad for security, Name.com gets compromised, The Onion’s twitter feed is compromise by the SEA, slippery … … Continue reading

x

Share: Defensive Security Podcast Episode 18


Defensive Security Podcast Episode 17

2013-05-05 :: Jerry Bell
Length: 31s

This week: Twitter warns news agencies of attacks and to use dedicated PCs for using twitter, the US department of Labor website was compromised and serving up an 0day for IE8, 18 12-13 year olds in Alaska socially engineered passwords for 300 computers out of their teachers, iOS did NOT have a malicious app discovered, … … Continue reading

x

Share: Defensive Security Podcast Episode 17


Defensive Security Podcast Episode 16

2013-04-30 :: Jerry Bell
Length: 26s

In this episode, another Java 0day, Symantec’s Q1 2013 0day roundup, the Akamai State of the Internet report, the Verizon 2013 DBIR, AP’s twitter feed hack, and cyber terrorists. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.scmagazine.com/livingsocial-updates-encryption-practices-after-password-breach-affects-50m/article/291042/ Q1 0day vulnerabilities: http://www.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities http://www.akamai.com/stateoftheinternet/ http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf http://akamai.infoworld.com/d/security/5-hot-security-defenses-dont-deliver-217045 http://www.pcworld.com/article/2036261/ap-twitter-hack-prompts-fresh-look-at-cybersecurity-needs.html http://www.hotforsecurity.com/blog/associated-press-twitter-account-hack-hits-us-stock-prices-6015.html http://www.theinquirer.net/inquirer/news/2263460/cyber-terrorists-are-only-a-matter-of-time-warns-eugene-kaspersky…

x

Share: Defensive Security Podcast Episode 16


Defensive Security Podcast Episode 15

2013-04-21 :: Jerry Bell
Length: 39s

This week: Twitter account hacks highlight opportunity for exploitation by attackers, Microsoft and Malwarebytes both release bad patches, Oracle releases a Java patch which fixes 42 security bugs, Oracle announces that Java 8 is delayed due to the focus on Java 7, a new botnet is being created by compromising WordPress installations for some unknown … … Continue reading

x

Share: Defensive Security Podcast Episode 15


Defensive Security Podcast Episode 14

2013-04-15 :: Jerry Bell
Length: 34s

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email I’ll be picking someone to give an e-copy of @Taosecurity’s new book “The Practice of Network Security” who sends me an email with feedback on the show. Encrypt your drives, eve. If you don’t think the computer will leave the office: http://feedly.com/k/ZM172z Spate of … … Continue reading

x

Share: Defensive Security Podcast Episode 14


Defensive Security Podcast Episode 13

2013-04-08 :: Jerry Bell
Length: 19s

The Internet destroying ddos attack that wasn’t http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-cyberheist-victim/ http://hothardware.com/News/Huge-Spike-In-Mobile-Data-Traffic-Drives-IEEE-400-Gigabit-Ethernet-Standard/ http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/ http://nakedsecurity.sophos.com/2013/04/05/ransomware-child-buse/ http://blog.trendmicro.com/trendlabs-security-intelligence/three-lessons-from-the-south-korea-mbr-wiper-attacks/…

x

Share: Defensive Security Podcast Episode 13


Defensive Security Podcast Episode 12

2013-03-24 :: Jerry Bell
Length: 33s

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.informationweek.com/security/vulnerabilities/cisco-password-fumble-hardware-security/240151244 Etsy’s solution for running java: http://codeascraft.etsy.com/2013/03/18/java-not-even-once/ http://www.infosecurity-magazine.com/view/31372/seoul-cautious-in-blaming-north-korea-for-massive-cyberattack- http://blogs.mcafee.com/mcafee-labs/south-korean-banks-media-companies-targeted-by-destructive-malware http://arstechnica.com/security/2013/03/your-hard-drive-will-self-destruct-at-2pm-inside-the-south-korean-cyber-attack/ https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394 https://isc.sans.edu/diary/Wipe+the+drive+Stealthy+Malware+Persistence+-+Part+2/15406 https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+-+Part+3/15448 https://isc.sans.edu/diary/Wipe+the+drive%21++Stealthy+Malware+Persistence+-+Part+4/15460 http://www.defensivesecurity.org/the-usefulness-of-security-education/…

x

Share: Defensive Security Podcast Episode 12


Defensive Security Podcast Episode 11

2013-03-17 :: Jerry Bell
Length: 39s

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Krebs Swatted: http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/ China: http://www.slate.com/articles/technology/future_tense/2013/03/the_u_s_response_to_chinese_cyberespionage_will_backfire.html http://www.crn.com/news/security/240150929/new-exploit-evades-all-antivirus-products-for-almost-a-day.htm http://www.net-security.org/malware_news.php?id=2441 http://m.threatpost.com/en_us/blogs/ramnit-malware-back-and-better-avoiding-detection-031513 http://www.honeynet.org/node/1031 http://arstechnica.com/security/2013/03/national-vulnerability-database-taken-down-by-vulnerability-exploiting-hack/ Mandiant report: http://www.mandiant.com/library/M-Trends_2013.pdf Solutionary report: http://www.solutionary.com/dms/solutionary/Files/SERT/2013GTIR.pdf…

x

Share: Defensive Security Podcast Episode 11


Defensive Security Podcast Episode 10

2013-03-10 :: Jerry Bell
Length: 14s

Feedback/comments – info@defensivesecurity.org @defensivesec Interesting Writeup by ESET on sink holing the zortob.b botnet http://www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/ - common phishing emails emanating from it at the rate of 80m per hour Ryan Naraine interviewed VUPEN CEO: http://www.securityweek.com/podcast-vupen-ceo-chaouki-bekrar-addresses-zero-day-marketplace-controversy-cansecwest - all browsers and all plugins have vulnerabilities Results of the pwn2own contest: http://nakedsecurity.sophos.com/2013/03/08/pwn2own-results-day-two-adobe-reader-and-flash-owned-java-felled-yet-again/ Firefox – owned IE10 – owned … … Continue reading

x

Share: Defensive Security Podcast Episode 10


Defensive Security Podcast Episode 9

2013-03-03 :: Jerry Bell
Length: 30s

Episode 9 – From Las Vegas Comments/questions/hate mail to info@defensivesecurity.org Follow podcast on twitter @defensivesec DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/ Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250 Site compromised – serving malware, had rudimentary defense against automated analysis Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/ - kudos to bit9 for transparency … … Continue reading

x

Share: Defensive Security Podcast Episode 9


Defensive Security Podcast Episode 8

2013-02-24 :: Jerry Bell
Length: 30s

News: Burger King & Jeep twitter accounts hacked Microsoft and Apple hacked with same exploit that hit Facebook NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Bit9 hack started in July 2012 Bit9 released hashes Krebs search of VT turned up … … Continue reading

x

Share: Defensive Security Podcast Episode 8


Defensive Security Podcast Episode 7

2013-02-17 :: Jerry Bell
Length: 27s

defensive security episode 7Please rate the podcast on iTunes! Follow me on twitter @defensivesec Send comments to info@defensivesecurity.org News: Zombie attack EAS at a Montana TV station was hacked Mad rush to point fingers at systemic weaknesses in EAS gear Security is too hard for smaller TV stations PDF exploit Enable protected view. Spear phishing … … Continue reading

x

Share: Defensive Security Podcast Episode 7


Defensive Security Podcast Episode 6

2013-01-29 :: Jerry Bell
Length: 28s

Suggestions to podcast@defensivesecurity.org News: ISD Podcast shuts down Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites Yet another Java update.  Oracle seems to have gotten the message. Combofix, a free tool for removing certain kinds of malware, was infected with Sality Do not download repackaged software from other file hosting … … Continue reading

x

Share: Defensive Security Podcast Episode 6


Defensive Security Podcast Episode 5

2013-01-20 :: Jerry Bell
Length: 18s

Download the MP3 here Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org A lot has happened since the last Podcast: HIPAA mega rule released – all 563 pages Zero day in Java Freak-outs ensued Oracle released a Java patch Freak-outs … Continue reading

x

Share: Defensive Security Podcast Episode 5


Defensive Security Podcast Episode 4

2013-01-06 :: Jerry Bell
Length: 17s

Happy New Year! In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post. First, a bit of … Continue reading

x

Share: Defensive Security Podcast Episode 4


Defensive Security Podcast Episode 3

2012-12-26 :: Jerry Bell
Length: 16s

2013 security predictions I have collected security predictions from many IT security vendors While there are many, many unrelated predictions, and some that are self-serving, some trends emerge: Changes to the tactics used by attackers: Focus on web browser attacks … Continue reading

x

Share: Defensive Security Podcast Episode 3


Defensive Security Episode 2

2012-12-16 :: Jerry Bell
Length: 14s

Episode 2 – December 16, 2012 Topics South Carolina released a report on the attack which resulted in the loss of millions of tax payers information What happened? resulted from an employee clicking on a link or attachment in a phishing email compromised the employee’s computer with a remote access trojan compromised 44 servers using stolen credentials obtained by stealing hashes 33 unique pieces of malware were used What can...…

x

Share: Defensive Security Episode 2


Defensive Security Podcast Episode 1

2012-12-07 :: Jerry Bell
Length: 27s

Episode 1 – December 7, 2012 Introduction Topics DigiNotar Final Report What happened? At least 531 certificates forged Resulted in MITM attacks of 600000 Iranians How did it happen? vulnerable web apps (dotnetnuke) traversing network using credentials found (connected to MSSQL server on an internal network from external web server using credentials found on the web server) apparently poor hygiene (note references to weak passwords and many exceptions to firewall...…

x

Share: Defensive Security Podcast Episode 1


Defensive Security

Defensive Security


Switch to our mobile site