Filtrar por género
In the security industry, it's easy to get overwhelmed by the constant barrage of information and buzzy trends. On Security Noise, we help you sort through the noise and identify the trends that truly matter. Listen to hear from practitioners in the field who are using the latest tools and methodologies to stay ahead. Whether you're a seasoned security pro or an industry newcomer, our podcast has something for anyone in the business of making the world secure. Presented by TrustedSec, end-to-end cybersecurity helping you to secure what matters most.
- 119 - 6.18 - Careers in InfoSec: Where do you want to go today?
Security Noise starts a multi episode look at how to start or grow a career in infoSec. We begin by talking with Senior Security Consultant Kelsey Segrue and Security Consultant Olivia Cate who took what might be considered the traditional route. They share their stories and offer some insights into how to maximize the advantage of similar opportunities.
About this podcastSecurity Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!
Thu, 11 Apr 2024 - 42min - 118 - 6.17 - A Royal OSINT
On this episode of Security Noise, we are revisiting the topic of open-source intelligence (OSINT) in the wake of the theories spurred by the Royal Family's social media photo that was quickly flagged as being altered. Along with guests, Senior Security Consultants Joe Sullivan and David Boyd, we delve into various theories surrounding the Princess of Wales' controversial Mother's Day photo and the media's subsequential reaction.
Methods for spotting fake images, such as reverse image searches and metadata analysis, are discussed, highlighting the importance of scrutinizing visual content in today's digital age. Additionally, tools like AIornot.com and insights into Twitter/X's handling of metadata add depth to the discussion.
Overall, the episode sheds light on the complexities of image authenticity in the era of digital manipulation and emphasizes the need for critical thinking when consuming visual media.
Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Links: https://fotoforensics.com https://www.aiornot.com/ https://www.getghiro.org/ https://www.suncalc.org
Fri, 29 Mar 2024 - 33min - 117 - 6.16 - Leak Week: Plumbing the Depths of Privacy Pitfalls
It's Leak Week for this episode of Security Noise! Geoff and Skyler chat with Security Consultant Whitney Phillips and Senior Security Consultant Kurt Muhl about a number of recent privacy pitfalls including destructive ransomware groups such as LockBit, leaked government emails, and other data and privacy mishaps.
References:
- https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/ https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/
Security Noise, a TrustedSec podcast, is hosted by Geoff Walton and Producer/Contributor Skyler Tuter in conversation with cybersecurity experts discussing the security topics that interest them the most.
Fri, 08 Mar 2024 - 41min - 116 - 6.15 - OSINT: Digital Detective or Cyber Stalking?Fri, 23 Feb 2024 - 29min
- 115 - 6.14 - Extraordinary Incident Responders and Where to Find Them
Geoff and Skyler talk to Incident Response Practice Lead Tyler Hudak about when you need an IR plan, what kind of relationships you should have with your IR vendor, and what things to know before perusing an IR retainer. The conversation looks at the needs for businesses of various sizes, proposes some self-assessment questions, and concludes with some war stories!
Fri, 02 Feb 2024 - 35min - 114 - 6.13 - Cyber Prophecies for 2024
Geoff and Skyler make bold predictions for 2024 about AI, changes to Air Tags, and Open Source!
LINKS:
https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/
https://www.theregister.com/2023/12/27/bruce_perens_post_open/
Fri, 19 Jan 2024 - 36min - 113 - 6.12 - Yule Time Tool Time
In this very special year-end episode, we're cranking up the heat as we explore some of our favorite InfoSec tools of 2023.
Guest Lineup:
Drew Kirkpatrick - JS-Tap Unleashed
Drew Kirkpatrick is the maestro behind "JS-Tap." He dropped this pentesting bombshell at Wild West Hackin' Fest this year with his talk, "JS-Tap: Weaponizing JavaScript for Red Teams." Skyler snagged an exclusive interview with Drew at the conference and we'll get to hear that discussion on this episode.
Luke Bremer - Hackvertor
Luke Bremer graces our podcast to dive into his blog, "What is Hackvertor (and why should I care?)." Get ready to dive into the use cases of this Burp Suite plugin and how you can utilize it on your next pentest!
Ben Mauch (Ben Ten) - Unveiling Impede
We end our discussion with Ben Mauch, aka @Ben0xA, as he unveils TrustedSec's latest software offering: Impede. Brace yourself for a deep dive into the features and innovations packed into this cybersecurity marvel.
Gather 'round and settle in for our year-end episode of SECURITY NOISE!
Fri, 08 Dec 2023 - 40min - 112 - 6.11 - The Road Ahead: Red Teaming and Targeted Ops
In this episode, we wrap up our 4-part series, "The Road Ahead," with TrustedSec CTO Justin Elze and Targeted Operations Lead Jason Lang as they provide insight into how the targeted operations landscape has evolved for everyone, from client to consultant. We discuss what groups are doing red teaming and what the practice looks like today. Our guests also discuss the impacts of SSO, third-party IDP solutions, and assumed breach strategies.
Get ready to be offensive on this episode of Security Noise!
This episode concludes a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas.
Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 10 Nov 2023 - 37min - 111 - 6.10 - The Road Ahead: Network Penetration Testing
In this episode, we discuss the evolution of the Internal Penetration Test with two experienced practitioners, David Boyd and Justin Bollinger. We cover how test preparation and planning have changed over the years, how hybrid environments with on-premises and cloud-hosted applications have impacted pen testing, and the effects of Zero Trust and contemporary security models. Of course we'll also talk shop, where we look at the current tools of the trade and what the client-consultant relationship looks like today.
This episode is Part 3 of 4 in a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas.
Come along as we explore the history and future of InfoSec!
Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 27 Oct 2023 - 28min - 110 - 6.9 - The Road Ahead: Evolution of AppSec Blue Team
Geoff and Skyler discuss how the defense and vulnerability side of application development and deployment has evolved over the years. They are joined on the panel by two other members of the TrustedSec team, Paul Sems and Mitch Parish, who were there to help and lead organizations through those transitions in their current and prior roles.
This episode is Part 2 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas.
Come along as we explore the history and future of InfoSec!
Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 06 Oct 2023 - 41min - 109 - 6.8 - The Road Ahead: AppSec
On this episode of Security Noise, Geoff and Skyler speak with members of the TrustedSec Software Security team to discuss the past, present, and future of AppSec. Security Consultants Joe Sullivan and Philip DuBois and Director of Software Security Scott White weigh in on the evolution of security tools, how engagements have changed, and where AppSec is heading.
This episode is Part 1 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas.
Come along as we explore the history and future of InfoSec!
Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 15 Sep 2023 - 45min - 108 - 6.7 - DEF CON Debrief
In this episode, nyxgeek joins us to change your mind about enumeration and federation, Producer Skyler Tuter tells us what happened at DEF CON in Vegas, and we hear from Security Consultant Whitney Phillips about her presentation and augmented reality. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 25 Aug 2023 - 31min - 107 - 6.6 - Episode VI: Farewell Mr. Mitnick
On this episode of Security Noise, we remember the man who changed InfoSec forever—Kevin Mitnick, who recently passed away after a battle with cancer. TrustedSec CEO Dave Kennedy joins in to share some of our favorite stories and memories of Kevin. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 04 Aug 2023 - 29min - 106 - 6.5 - Episode V: GreyHats Strike BackFri, 21 Jul 2023 - 36min
- 105 - 6.4 - Episode IV: More Scary Stories
Are you afraid of the dark web? In this week's episode, several folks from TrustedSec's consulting team tell infosec campfire stories. Scott White, Kurt Mhul, Philip Dubois, Skyler Tuter, and Geoff Walton share tales of disaster, near disaster, spooky or straight-up funny stories, and discuss how those experiences changed their perspectives on infosec.
Fri, 30 Jun 2023 - 30min - 104 - 6.3 - Episode III: The Search For Terrestrial Artificial Intelligence
Artificial intelligence is progressing at a quick (and some say alarming) rate. Security Noise returns with a look at Large Language Models (LLMs) as well as AI audio and image generation, exploring emerging possibilities commercial, curious, and malicious. Listen in on the conversation with TrustedSec team members Carlos Perez and Rob Simon as they discuss current topics with host Geoff Walton and Producer/Contributor Skyler Tuter.
Fri, 02 Jun 2023 - 34min - 103 - 6.2 - Episode II Attacks on the Mobile Clients
How much of your life is tied up on your phone? This week, Security Noise looks at the client side of mobile security. In this episode, we explore some current topics surrounding mobiles and how you should treat them. Joining us are several folks from the Mobile Security team at TrustedSec: Drew Kirkpatrick, Rob Simon, and Whitney Phillips. Security Noise is hosted by Geoff Walton with Producer/Contributor Skyler Tuter.
Fri, 12 May 2023 - 45min - 102 - 6.1 - Head in the Clouds
Security Noise kicks off its inaugural episode with host Geoff Walton and Producer/Contributor Skyler Tuter! This week, we discuss cloud transitioning topics with our expert guest panel: Paul Sems, Edwin David, and Phil Rowland. Our guests have a range of perspectives and backgrounds in design, defense, and offensive security. In this episode, we explore the changing roles of IT personnel, where identities live, hybrid environments, DOs and DONTs, and share some stories.
Thu, 20 Apr 2023 - 38min - 101 - 5.21 - Turn 21
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Elze, Justin Bollinger, and David Boyd.
Get ahead of the new PCI requirements
PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.
Penetration testing the cloud isn’t the same as your network
Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Two U.S. Men Charged in 2022 Hacking of DEA Portal
URL: https://krebsonsecurity.com/2023/03/two-us-men-charged-in-2022-hacking-of-dea-portal/
Author: Brian Krebs
Title: Cancer patient sues hospital after ransomware gang leaks her nude medical photos
URL: https://www.theregister.com/2023/03/15/cancer_lvhn_sues_hospital/?td=rt-3a
Author: Jessica Lyons Hardcastle
The Interview:
Justin Elze, CTO and Director of Research at TrustedSec, talks to us about CVE-2023-23397, covering how TrustedSec investigated and responded as well as where it will land in the penetration tester's toolbox.
Fri, 24 Mar 2023 - 33min - 100 - 5.20 - Chatting with Code in the Cloud
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, Kelsey Segrue, and Alex Hamerstone.
Get ahead of the new PCI requirements
PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.
Penetration testing the cloud isn’t the same as your network
Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi
Author: Benj Edwards
Title: OWASP Low-Code/No-Code Top 10
URL: https://owasp.org/www-project-top-10-low-code-no-code-security-risks/
Author: OWASP Project
Title: Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’
URL: https://www.politico.com/news/2023/03/10/white-house-cloud-overhaul-00086595
Authors: John Sakellariadis
Fri, 17 Mar 2023 - 26min - 99 - 5.19 - The Coffeemaker Needs a VLAN
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, David Boyd and Skyler Tuter.
Get ahead of the new PCI requirements
PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.
Penetration testing the cloud isn’t the same as your network
Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Hackers Scored Data Center Logins for Some of the World's Biggest Companies
Author: Jordan Robertson
Title: Best Practices for Securing Your Home Network
Author: NSA
Title: US military email server left exposed for 2 weeks, allowing internal emails to leak
Authors: Jennifer Griffin, Adam Sabes
Fri, 03 Mar 2023 - 39min - 98 - 5.18 - Looking Inside the Things
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Skyler Tuter.
Get ahead of the new PCI requirements
PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.
Penetration testing the cloud isn’t the same as your network
Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
URL: https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html?m=1
Author: Ravie Lakshmanan
Title: Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook
Author: Vani Asawa
Title: Dashlane publishes its source code to GitHub in transparency push
URL: https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/
Author: Paul Sawers
Fri, 10 Feb 2023 - 30min - 97 - 5.17 - C++ On the No-Fly List
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Steven Erwin, and Mitch Parish.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: A call to action: Think seriously about “safety”; then do something sensible about it
URL: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf
Author: Bjarne Stroustrup
Title: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server
URL: https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/
Authors: Mikael Thalen, David Covucci
Fri, 27 Jan 2023 - 27min - 96 - 5.16 - LastPass the Last Time Honest (Well Maybe)
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Scott White, and Scott Nusbaum
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Lastpass: Hackers stole customer vault data in cloud storage breach
URL: https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/
Author: Sergiu Gatlan
Title: Android is adding support for updatable root certificates amidst TrustCor scare
URL: https://blog.esper.io/android-14-updatable-certificates/
Author: Mishaal Rahman
Interview
Guest: Scott White
Subject: Planning your Application Tests
Fri, 06 Jan 2023 - 31min - 95 - 5.15 - Quantum Malware and Your Passwords (again)
Welcome to the TrustedSec Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Skyler Tuter.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: FBI, CISA say Cuba ransomware gang extorted $60M from victims this year
URL: https://techcrunch.com/2022/12/02/fbi-cisa-cuba-ransomware
Author: Carley Page
Title: A new analysis urges CISO’s to take strategic steps ahead of the advent of quantum computing.
URL: https://www.nextgov.com/emerging-tech/2021/11/report-china-may-steal-encrypted-government-data-now-decrypt-quantum-computers-later/187020/
Author: Brandi Vincent
Title: Lastpass says hackers accessed customer data in new breach
URL: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/?mibextid=Zxz2cZ
Author: Sergiu Gatlan
Fri, 09 Dec 2022 - 22min - 94 - 5.14 - Nothing to See Here, Move Along
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kurt Muhl, Justin Bollinger, and David Boyd
Title: A simple Android lock screen bypass bug landed a researcher $70,000
URL: https://techcrunch.com/2022/11/14/android-lock-screen-bypass-google-pixel/
Author: Zack Whittaker
Title: NSA Releases Guidance on How to Protect Against Software Memory Safety Issues
Author: NSA
Title: Flight Radar Report Shows FTX Co-Founder's Private Jet Flew to Argentina, SBF Says He's Still in the Bahamas
Author: Jamie Redman
Mon, 21 Nov 2022 - 20min - 93 - 5.13 - A Dastardly End for Windows 7
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Joe Sullivan, and Whitney Phillips.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Security certification body (ISC)² defends ‘undemocratic’ bylaw changes
URL: https://portswigger.net/daily-swig/security-certification-body-isc-defends-undemocratic-bylaw-changes
Author: Emma Woollacott
Title: Chrome will finally force you to upgrade from Windows 7 in 2023
URL: https://www.androidpolice.com/chrome-windows-7-support/
Author: Stephen Schenck
Tool Time
Link: https://portswigger.net/burp/dastardly
Dastardly TL:DL
docker run --user $(id -u) --rm -v $(pwd):/dastardly -e \ DASTARDLY_TARGET_URL=https://ginandjuice.shop -e \ DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml \ public.ecr.aws/portswigger/dastardly:latest
Mon, 07 Nov 2022 - 19min - 92 - 5.12 - BYO-Driver and GrrCon
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Luke Bremer, and Whitney Phillips.
Stories
Title: No fix in sight for mile-wide loophole plaguing a key Windows defense for years
URL: https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/
Author: Dan Goodin
Title: Intel's Alder Lake BIOS Source Code Reportedly Leaked Online
URL: https://www.tomshardware.com/news/intels-alder-lake-bios-source-code-reportedly-leaked-online
Author: Paul Alcorn
Live-ish From GrrCon
Our panel discusses their experience at GrrCon 2022 so far. Luke mentions some research into recovering old botnets ("Botnets Don't Die") by Aamir Lakhani.
Mon, 17 Oct 2022 - 21min - 91 - 5.11 - Word Clouds, Password Clouds
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Justin Bollinger, and Patrick Mayo.
Stories
URL: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/?mibextid=d3iphx
Author: Sergiu Gatlan
Title: Microsoft Edge and Google Chrome enhanced spellcheck feature exposes passwords
URL: https://www.neowin.net/news/microsoft-edge-and-google-chrome-enhanced-spellcheck-feature-exposes-passwords/
Author: Steve Bennett
Title: AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
URL: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access
Author: Elad Gabay
Tue, 27 Sep 2022 - 27min - 90 - 5.10 - Uber Responsibility
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Skyler Tuter, Alex Hamerstone, and David Boyd.
Stories
Title: Google Chrome Emergency Update Fixes New Zero-Day Used in Attacks
URL: https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-new-zero-day-used-in-attacks/
Author: Sergiu Gatlan
Title: IRS says it exposed some confidential taxpayer data on website
URL: https://www.marketwatch.com/story/irs-says-it-exposed-some-confidential-taxpayer-data-on-website-11662148381
Author: Richard Rubin
Tue, 27 Sep 2022 - 33min - 89 - 5.9 - Pre-Shared (Private) Keys
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Steve Erwin, Alex Hamerstone, and Melvin Langvik.
Stories
Title: PayPal Phishing Scam Uses Invoices Sent Via Paypal
URL: https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/
Author: Brian Krebs
Title: Hyundai Uses Example Keys for Encryption System
URL: https://www.theregister.com/2022/08/17/software_developer_cracks_hyundai_encryption/
Author: Thomas Claburn
The Interview
Melvin Langvik talks TeamFiltration
URL: https://github.com/Flangvik/TeamFiltration
Mon, 29 Aug 2022 - 23min - 88 - 5.8 - Who is Reading Your Gmail?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Steve Erwin, Justin Bollinger, and Skyler Tuter.
Stories
Title: New Gmail Attack Bypasses Passwords And 2FA To Read All Email
Author: Davey Winder
Title: Post-quantum encryption contender is taken out by single-core PC and 1 hour
Author: Dan Goodin
The Interview
A talk with Steve Marchewitz on his visit to the Gartner Conference.
Fri, 05 Aug 2022 - 27min - 87 - 5.7 - Privacy Screen
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Edwin David.
Stories
Title: Your Phone's Lock Screen Is Getting a Big Revamp
URL: https://www.cnet.com/tech/mobile/your-phone-lock-screen-is-getting-a-big-revamp/
Author: Lisa Eadicicco
Title: Facebook has started to encrypt links to counter privacy-improving URL Stripping
URL: https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/
Author: Martin Brinkmann
Tool Time
A burp plugin by Geoff Walton to locate relationships between UUID/GUID request parameters and appearances of the same identifiers in HTTP responses to other resources.
https://github.com/GeoffWalton/UUID-Watcher/blob/main/UUID.rb
Fri, 22 Jul 2022 - 20min - 86 - 5.6 - A Nice Relaxing Dip into Powershell
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Skyler Tuter, and Costa Petros.
Stories
Title: Mega says it can’t decrypt your files. New POC exploit shows otherwise
Author: Dan Goodin
Title: NSA shares tips on securing Windows devices with PowerShell
Author: Ionut Ilascu
Title: Security flaws in internet-connected hot tubs exposed owners’ personal data
URL: https://techcrunch.com/2022/06/22/jacuzzi-flaws-admin-exposed-users/
Author: Carly Page
Tue, 05 Jul 2022 - 23min - 85 - 5.5 - Outspending the Ransomware Gangs
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Travis Kaun, and David Boyd.
Stories
Title: Most Security Product Byers Aren’t Getting Promised Results
URL: https://www.esecurityplanet.com/trends/most-security-product-buyers-arent-getting-promised-results/
Author: Paul Shread
Title: NSA: Ransomware Gangs Are Getting Rich Enough to Buy Zero-Day Exploits
URL: https://www.pcmag.com/news/nsa-ransomware-gangs-are-getting-rich-enough-to-buy-zero-day-exploits
Author: Michael Kan
Interview
Guest: Travis Kaun
Subject: PWNton Pack!
Links: https://www.trustedsec.com/blog/pwnton-pack-an-unlicensed-802-11-particle-accelerator/
Fri, 17 Jun 2022 - 23min - 84 - 5.4 - Free Sushi
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bolinger, Alex Hamerstone, and David Boyd.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Enrollment is open
Enrollment is open for the next online training course, PowerShell for Offense and Defense, taking place on September 30th. Class participants learn how to attack and defend against Powershell attacks within simulated corporate environments and find out the tactics, techniques, and procedures (TTPs) commonly used by penetration testers.
Stories
Title: The Math Prodigy Whose Hack Upended DeFi Won’t Give Back His Millions
URL: https://www.bloomberg.com/news/features/2022-05-19/crypto-platform-hack-rocks-blockchain-community
Author: Christopher Beam
Title: Hackers can hack your online accounts before you even register them
URL: https://www.bleepingcomputer.com/news/security/hackers-can-hack-your-online-accounts-before-you-even-register-them/
Author: Bill Toulas
Title: Fake Windows exploits target infosec community with Cobalt Strike
URL: https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/
Author: Lawrence Abrams
Fri, 03 Jun 2022 - 25min - 83 - 5.3 - Intergalactic Security Outpost
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Skyler Tuter, Edwin David, and Alex Hamerstone.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Your Phone May Soon Replace Many of Your Passwords
URL: https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/
Author: Brian Krebs
Title: Heroku Status – 2413 Updated
URL: https://status.heroku.com/incidents/2413?updated
Author: Heroku Security
Interview
Special Event Commentary – With David Kennedy, Chris Boesch, Martin Bos, Justin Elze, and Eric Girard!
Fri, 13 May 2022 - 25min - 82 - 5.2 - Hope I Never Lose My Crypto-Wallet
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, David Boyd, and Alex Hamerstone.
Stories
Title: Cybercriminals do their homework for latest banking scam
URL: https://www.theregister.com/2022/04/15/the_latest_scam_pay_yourself/
Author: Brandon Vigliarolo
Title: Breach of Internal Tools at Mailchimp Used To Deliver Phishing Attacks Targeted at Crypto Wallets
URL: https://www.cpomagazine.com/cyber-security/breach-of-internal-tools-at-mailchimp-used-to-deliver-phishing-attacks-targeted-at-crypto-wallets/
Author: Scott Ikeda
Title: GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
URL: https://www.bleepingcomputer.com/news/security/github-attacker-breached-dozens-of-orgs-using-stolen-oauth-tokens/
Author: Sergui Gatlan
Mon, 25 Apr 2022 - 27min - 81 - 5.1 - Hi, I am Officer Friendly
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Rob Simon, and David Boyd.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”
URL: https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
Author: Brian Krebs
Title: Nestlé: Anonymous Didn't Hack Us, We Leaked Our Own Data
URL: https://gizmodo.com/nestle-denies-anonymous-hack-claims-says-it-leaked-dat-1848691484
Author: Lucas Ropek
Interview
Guest: Rob Simon
Subject: Hardware Hacking
Links: https://www.trustedsec.com/blog/hacking-the-my-arcade-contra-pocket-player-part-i/
Mon, 11 Apr 2022 - 35min - 80 - 5.0 - Report All The Things
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Justin Bollinger, and Drew Kirkpatrick. Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Hacked US companies to face new reporting requirements
Author: Alan Suderman and Eric Tucker
Title: Russia creates its own TLS certificate authority to bypass sanctions
Author: Bill Toulas
Interview
Guest: Drew Kirkpatrick
Subject: Service Workers
Links:
https://www.trustedsec.com/blog/persistence-through-service-workers-part-2-c2-setup-and-use/ https://www.trustedsec.com/blog/persistence-through-service-workers-part-3-easy-javascript-payload-deployment/
Fri, 18 Mar 2022 - 27min - 79 - 5.0preAlpha1 - Shocking Revelations
SHOW NOTES
This episode features the following members: Adam Compton, David Boyd, and Justin Bollinger.
Stories
Title: Vulnerable U.S. electric grid facing threats from Russia and domestic terrorists
URL: https://www.cbsnews.com/news/america-electric-grid-60-minutes-2022-02-27/
Author: Bill Whitaker
Title: BitConnect’s Indicted Founder Kumbhani Vanished, SEC Says
URL: https://www.bloomberg.com/news/articles/2022-03-01/bitconnect-s-indicted-founder-kumbhani-has-disappeared-sec-says
Author: David Voreacos
Tool Time
Title: bkcrack
Link: https://github.com/kimci86/bkcrack
About
The TrustedSec Security Podcast is a production of TrustedSec. To learn more about how TrustedSec can help your organization’s security program, visit TrustedSec.com.
The show is hosted and moderated by Geoff Walton
Our podcast music was composed by Steve Neme
Fri, 04 Mar 2022 - 31min - 78 - 4.27 - Macro Vision
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin, David, David Boyd, and Justin Elze.
Stories
Title: Website fined by German court for leaking visitor's IP address via Google Fonts
URL: https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr
Author: Thomas Claburn
Title: Helping users stay safe: Blocking internet macros by default in Office
Author: Kellie Eickmeyer
Title: North Korea Hacked Him. So He Took Down Its Internet
URL: https://www.wired.com/story/north-korea-hacker-internet-outage/
Author: Andy Greenberg
Fri, 11 Feb 2022 - 32min - 77 - 4.26 - Calling all Malware Authors
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Melvin Langvik.
Stories
Title: Linux malware is on the rise. Here are three top threats right now
URL: https://www.zdnet.com/article/linux-malware-is-on-the-rise-here-are-three-top-threats-right-now/
Author: Liam Tung
Title: Intel CEO Urges Lawmakers to ‘Not Waste This Crisis’ in Chip Push
URL: https://www.bloomberg.com/news/articles/2022-01-19/intel-urges-lawmakers-to-not-waste-this-crisis-with-chip-push
Author: Ian King
Tool Time
Link: https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
Link: https://github.com/trustedsec/SeeYouCM-Thief
Fri, 28 Jan 2022 - 23min - 76 - 4.25 - Dependency Hell
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd and Justin Bollinger.
Stories
Title: Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Author: Ax Sharma
Title: FTC warns legal action against companies who fail to mitigate Log4Shell
URL: https://therecord.media/ftc-warns-legal-action-against-companies-who-fail-to-mitigate-log4shell/
Author: Catalin Cimpanu
Title: Threat actors can simulate iPhone reboots and keep iOS malware on a device
URL: https://therecord.media/threat-actors-can-simulate-iphone-reboots-and-keep-ios-malware-on-a-device/
Author: Catalin Cimpanu
Fri, 14 Jan 2022 - 29min - 75 - 4.24 - Sealing Wax and Other Fancy Stuff
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, David Boyd, and Dave Kennedy!
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: FBI document shows what data can be obtained from encrypted messaging apps
URL: https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/
Author: Catalin Cimpanu
Title: New Windows zero-day with public exploit lets you become an admin
URL: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/
Author: Lawrence Abrams
Fri, 10 Dec 2021 - 29min - 74 - 4.23 - Don't Sideload This Podcast
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Melvin Langvik, and Edwin David.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Microsoft to Kill OneDrive for Windows 7, 8, 8.1 in Early 2022
URL: https://www.thurrott.com/cloud/microsoft-consumer-services/onedrive/259004/microsoft-to-kill-onedrive-for-windows-7-8-8-1-in-early-2022
Author: Paul Thurrott
Title: Tim Cook: Users Who Want to Sideload Apps Can Use Android, While the iPhone Experience Maximizes 'Security and Privacy'
URL: https://www.macrumors.com/2021/11/09/tim-cook-users-sideloading-use-an-android/
Author: Sami Fathi
Title: Complexity is killing software developers
URL: https://www.infoworld.com/article/3639050/complexity-is-killing-software-developers.html
Author: Scott Carey
Mon, 15 Nov 2021 - 27min - 73 - 4.22 - That is a Lot Mobile Data You Have There
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Stefano Ratto, and David Boyd.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories of Interest
Title: FBI Raids Chinese Point-of-Sale Giant PAX Technology
URL: https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/
Author: Brian Krebs
Title: Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon
URL: https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon
Author: Joseph Cox
Fri, 29 Oct 2021 - 24min - 72 - 4.21 - A Route to Failure
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinnger, Carlos Perez, and David Boyd.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
PentesterLab Giveaway
To enter visit https://www.trustedsec.com/podcastgiveaway please submit on or before October 22, 2021 to be eligible.
Stories
Title: What Happened to Facebook, Instagram, & WhatsApp?
URL: https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/
Author: Brian Krebs
Title: Company That Routes Billions of Text Messages Quietly Says It Was Hacked
URL: https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked
Author: Lorenzo Franceschi-Bicchierai
Title: Apple Pay with VISA lets hackers force payments on locked iPhones
URL: https://www.bleepingcomputer.com/news/security/apple-pay-with-visa-lets-hackers-force-payments-on-locked-iphones/
Author: Ionut Ilascu
Fri, 08 Oct 2021 - 32min - 71 - 4.20 - How the Sausage is a Made
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Alex Hamerstone, and David Boyd.
Announcements
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
PentesterLab Giveaway
To enter visit https://www.trustedsec.com/podcastgiveaway please submit on or before October 22, 2021 to be eligible.
Stories
Title: US Fine former NSA employees who provided hacker-for-hire services to UAE
URL: https://therecord.media/us-fines-former-nsa-employees-who-provided-hacker-for-hire-services-to-uae/
Author: Catalin Cimpanu
Title: Researchers compile list of vulnerabilities abused by ransomware gangs
URL: https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/
Author: Sergiu Gatlan
Title: Customer Care Giant TTEC Hit By Ransomware
URL: https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/
Author: Brian Krebs
Fri, 24 Sep 2021 - 30min - 70 - 4.19 - Where Do Want to Work Today?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Carlos Perez, and Justin Bollinger .
Stories
Title: You can post LinkedIn jobs as almost ANY employer
URL: https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/
Author: Ax Sharma
Title: ChaosDB: How we hacked thousands of Azure customers’ databases
URL: https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases
Authors: Nir Ohfeld and Sagi Tzadik
Tool Time
Subject: iHide
Link: https://www.trustedsec.com/blog/introducing-ihide-a-new-jailbreak-detection-bypass-tool/
Fri, 03 Sep 2021 - 32min - 69 - 4.18 - Hacker to Hacker - Petit Potam
Welcome to the Trusted Security Podcast – In this hacker to hacker talk Justin gets Geoff up to speed on some newer ADS relay attacks. The episode features the following members: Geoff Walton and Justin Bollinger.
Links
https://github.com/sensepost/assless-chaps
Fri, 06 Aug 2021 - 21min - 68 - 4.17 - It's Zero-day in the Mobile Phone World
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone and David Boyd.
Stories
Title: New Law Will Help Chinese Government Stockpile Zero-Days
URL: https://www.securityweek.com/new-law-will-help-chinese-government-stockpile-zero-days
Author: Kevin Townsend
Title: Huge data leak shatters the lie that the innocent need not fear surveillance
URL: https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance
Author: Paul Lewis
Title: Kaseya Hack Floods Hundreds of Companies with Ransomware
URL: https://techcrunch.com/2021/07/05/kaseya-hack-flood-ransomware
Author: Zach Whittaker
Fri, 23 Jul 2021 - 27min - 67 - 4.16 - What Do Printer Techs Make These Days?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Alex Hamerstone, and David Boyd.
Announcements
Black Hat Training
Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug
URL: https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bug/
Author: Catalin Cimpanu
Title: LinkedIn breach reportedly exposes data of 92% of users, including inferred salaries
URL: https://9to5mac.com/2021/06/29/linkedin-breach/
Author: Ben Lovejoy
Title: MyBook Users Urged to Unplug Devices from Internet
URL: https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/
Author: Brian Krebs
Fri, 02 Jul 2021 - 34min - 66 - 4.15 - A Breach is a Breach No Matter How Small
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Rockie Brockway.
Announcements
Black Hat Training
Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.
Join the TrustedSec Discord Community
TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.
Stories
Title: Largest US propane distributor discloses '8-second' data breach
URL: https://www.bleepingcomputer.com/news/security/largest-us-propane-distributor-discloses-8-second-data-breach/
Author: Ax Sharma
Title: McDonald’s Hit by Data Breach
URL: https://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800
Author: Heather Haddon
Title: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
URL: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Author: Kevin Backhouse
Fri, 18 Jun 2021 - 23min - 65 - 4.14 - Because 4.13 Could Never Have Brought Us Luck
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott Nusbaum, and Paul Sems.
Announcements
Black Hat Training
Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.
Carlos Mimikatz Training
Enroll in our next online training course: Mimikatz: Everything You Need to Know. Taking place on June 10- June 11 and led by TrustedSec Research Practice Lead, Carlos Perez. Visit TrustedSec.com to learn more and enroll.
Stories
Title: The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
URL: https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/amp/
Authors: Renee Dudley and Daniel Golden
Title: PowerShell Is Source of More Than a Third of Critical Security Threats
URL: https://www.esecurityplanet.com/threats/powershell-source-of-third-of-critical-security-threats/
Author: Paul Shread
Fri, 28 May 2021 - 27min - 64 - 4.12 - Got Gas?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kelsey Segrue, Alex Hamerstone and David Boyd .
Stories
Title: Absolute stupidity': Cybersecurity experts condemn White House for breaking with FBI and suggesting private companies could pay ransomware demands
URL: https://www.dailymail.co.uk/news/article-9566489/Cybersecurity-experts-condemn-White-House-suggesting-companies-canpay-ransomware-demands.html
Author: Rob Crilly
Title: Thousands of Tor exit nodes attacked cryptocurrency users over the past year
URL: https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year/
Author: Catalin Cimpanu
Title: Malicious Office 365 Apps Are the Ultimate Insiders
URL: https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/
Author: Brian Krebs
Fri, 14 May 2021 - 25min - 63 - 4.11 - A Bountiful Harvest of Exploits
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kelsey Segrue, Justin Bollinger, and David Boyd.
Stories
Title: Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment
URL: https://securityledger.com/2021/04/deere-john-researcher-warns-ag-giants-site-provides-a-map-to-customers-equipment/
Author: Paul Roberts
Title: D.C. Police Department Victim Of Apparent Ransomware Attack
URL: https://www.npr.org/2021/04/27/991116344/d-c-police-department-victim-of-apparent-ransomware-attack
Author: Jaclyn Diaz
Title: Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops
URL: https://www.vice.com/en/article/k78q5y/signal-ceo-hacks-cellebrite-iphone-hacking-device-used-by-cops
Author: Lorenzo Franceschi-Bicchierai
Fri, 30 Apr 2021 - 33min - 62 - 4.10.1998 - You Have Only Yourself to Blame
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon and David Boyd .
Stories
Title: NAME:WRECK vulnerabilities impact millions of smart and industrial devices
URL: https://therecord.media/namewreck-vulnerabilities-impact-millions-of-smart-and-industrial-devices/
Author: Catalin Cimpanu
Original Research Link: https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/
Title: PHP's Git server hacked to add backdoors to PHP source code
URL: https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
Author: Ax Sgarna
Title: Facebook Says It’s Your Fault That Hackers Got Half a Billion User Phone Numbers
URL: https://www.vice.com/en/article/88awzp/facebook-says-its-your-fault-that-hackers-got-half-a-billion-user-phone-numbers
Author: David Gilbert
Fri, 16 Apr 2021 - 31min - 61 - 4.9 - Message Me that Review
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger and David Boyd .
Stories
Title: A Security App’s Fake Reviews Give Us a Window Into ‘App Store Optimization’
URL: https://www.vice.com/en/article/n7vxgd/a-security-apps-fake-reviews-give-us-a-window-into-app-store-optimization
Author: Lorenzo Franceschi-Bicchierai
Title: Can We Stop Pretending SMS is Secure Now
URL: https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
Author: Brian Krebs
Tool Time
Title: Response Tinker
Link: https://www.trustedsec.com/?p=23828&preview=1&_ppp=ffd12e7902
Fri, 26 Mar 2021 - 26min - 60 - 4.8 - Go Watch Exchange
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Logan Sampson, and David Boyd .
Stories
Title: Finding Evil Go Packages
URL: https://michenriksen.com/blog/finding-evil-go-packages/
Author: Michael Henriksen
Title: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
URL: https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
Author: William Turton
Title: A Basic Timeline of the Exchange Mass-Hack
URL: https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack Author: Brian Krebs
Fri, 12 Mar 2021 - 33min - 59 - 4.7 - Flash and Malware Sharing One Last Headline?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Adam Compton, and David Boyd.
Title: New Windows 10 update permanently removes Adobe Flash
URL: https://www.zdnet.com/article/new-windows-10-update-permanently-removes-adobe-flash
Author: Liam Tung
Title: M1 Malware Has Arrived
URL: https://gizmodo.com/m1-malware-has-arrived-1846286255
Author: Victoria Song
Title: The Long Hack: How China Exploited a U.S. Tech Supplier
URL: https://www.bloomberg.com/features/2021-supermicro/
Author: Jordan Robertson and Michael Riley
Fri, 26 Feb 2021 - 31min - 58 - 4.6 - Let’s Pour Cold Water on Your F A V I C O N S!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger.
Stories of Interest
Title: Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers
URL: https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf
ALT URL: https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online
Authors: Konstantinos Solomos, John Kristoff, Chris Kanich, Jason Polakis
Title: Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
URL: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
Author: Alex Birsan
Title: Florida city attacked by a hacker trying to poison its drinking water
URL: https://www.engadget.com/oldsmar-florida-water-treatment-hack-225713558.html
Author: I. Bonifacic
Fri, 12 Feb 2021 - 30min - 57 - 4.5 - Hello Fellow 0-day Researchers!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Alex Hamerstone, and Justin Bollinger.
Title: New campaign targeting security researchers URL: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Author: Adam Weidemann
Title: After disabling Adobe Flash trains in Dalian, China could hardly open URL: https://verietyinfo.com/taiwaneng/after-disabling-adobe-flash-trains-in-dalian-china-could-hardly-open-technews-%E7%A7%91%E6%8A%80-%E6%96%B0-%E6%8A%A5/ ALT URL: https://arstechnica.com/tech-policy/2021/01/deactivation-of-flash-cripples-chinese-railroad-for-a-day/
Title: SolarWinds: What Hit Us Could Hit Others URL: https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/ Author: Brian Krebs
Fri, 29 Jan 2021 - 28min - 56 - 4.4 - Opsec is Hard
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Carlos Perez, Adam Compton, Kelsey Segrue.
[Stories of Interest]
Title: All Aboard the Pequod!
URL: https://krebsonsecurity.com/2021/01/all-aboard-the-pequod/
Author: Brian Krebs
Title: Kazuar: Multiplatform Espionage Backdoor with API Access
URL: https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/
Author: Brandon Levene, Robert Falcone and Tyler Halfpop
Title: Security researchers claims downloading 70TB of sensitive Parler data
URL: https://www.hackread.com/security-researchers-leak-70tb-parler-data/
Author: Waqas
[Tool Time]
https://github.com/trustedsec/SysmonCommunityGuide
Fri, 15 Jan 2021 - 36min - 55 - 4.3 - Security Dumpster Fire
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Alex, and David Boyd.
Title: GE puts default password in radiology devices, leaving healthcare networks exposed
URL: https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/
Author: Dan Goodin
Title: FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
URL: https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
Author: David E. Sanger and Nicole Perlroth
Title: What you need to know about Amazon Sidewalk
URL: https://appleinsider.com/articles/20/11/24/what-you-need-to-know-about-amazon-sidewalk
Author: Mike Peterson
Mon, 14 Dec 2020 - 36min - 54 - 4.2 - Can you Trust Criminal Types with your IPs?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Justin Bollinger, and Rob Simon.
[Stories]
Title: Apple search bot leaked internal IPs via proxy configuration
URL: https://www.bleepingcomputer.com/news/security/apple-search-bot-leaked-internal-ips-via-proxy-configuration/
Author: Ax Sharma
Title: Woman accused of impersonating prosecutor, dropping criminal charges against herself
URL: https://www.unionleader.com/news/courts/woman-accused-of-impersonating-prosecutor-dropping-criminal-charges-against-herself/article_1fdb1551-147d-53dd-ad45-6680bfc556fa.html?fbclid=IwAR2ovZ_mr_uVcIXJIcW3j_bEji7eLjE1yw_s90IPUKzsSxZ94-cDE-7YDys
Author: Mark Hayward
Title: Why Paying to Delete Stolen Data is Bonkers
URL: https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/
Author: Brian Krebs
Mon, 16 Nov 2020 - 26min - 53 - 4.1 - A Preview of Things to Come
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, and David Boyd.
Stories
Title: Link Previews: How a Simple Feature Can Have Privacy and Security Risks
URL: https://www.mysk.blog/2020/10/25/link-previews/
Author: Talal Haj Bakry and Tommy Mysk
Title: Hackers behind life-threatening attack on chemical-maker are sanctioned
URL: https://arstechnica.com/information-technology/2020/10/us-sanctions-russian-hackers-who-hit-chemical-maker-with-dangerous-malware/
Author: Dan Goodin
Title: Three npm packages found opening shells on Linux, Windows systems
URL: https://www.zdnet.com/article/three-npm-packages-found-opening-shells-on-linux-windows-systems/ Author: Catalin Cimpanu
Fri, 30 Oct 2020 - 34min - 52 - 4.0 - Shameless Version Bump!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Costa Petros, and David Boyd.
Stories
Title: POLICE departments across the country Monday night reported their 911 systems nonoperational
URL: https://www.the-sun.com/news/1548945/911-lines-go-down-across-us/
Author: Catherina Gioino
Title: Looks Like the Windows XP Source Code Just Leaked on 4chan
URL: https://www.gizmodo.com.au/2020/09/looks-like-the-windows-xp-source-code-just-leaked-on-4chan/
Author: Cam Wilson
Title: Microsoft: Some ransomware attacks take less than 45 minutes
URL: https://www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes/ Author: Catalin Cimpanu
Fri, 02 Oct 2020 - 31min - 51 - 3.36 - Download My Tesla Theme
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Aaron James, Alex Hamerstone, and David Boyd.
Stories
Title: Windows 10 themes can be abused to steal Windows passwords
URL: https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/
Author: Lawrence Abrams
Title: The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy
URL: https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/
Author: Fred Lambert
Tool Time
SPAnalyzer -
https://www.trustedsec.com/blog/fuzzing-the-front-end/
Fri, 11 Sep 2020 - 26min - 50 - 3.35 - Pub
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Logan Sampson, and Justin Bollinger.
Stories
Title: Former Uber Executive Charged With Paying 'Hush Money' To Conceal Massive Breach
URL: https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach
Author: Shannon Bond
Title: Report: AI Company Leaks Over 2.5M Medical Records
URL: https://www.pcmag.com/news/report-ai-company-leaks-over-25m-medical-records
Author: Matthew Humphries
Title: Picking Locks with Audio Technology
URL: https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext
Author: Paul Marks
Fri, 28 Aug 2020 - 34min - 49 - 3.34 - Taken your Pulse Lately?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, David Boyd, and Aaron James.
Stories:
Title: Hacker leaks passwords for 900+ enterprise VPN servers
URL: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/
Author Catalin Cimpanu
Title: Three Charged in July 15 Twitter Compromise
URL: https://krebsonsecurity.com/2020/07/three-charged-in-july-15-twitter-compromise/
Author: Brian Krebs
Title: Web Cache Entanglement: Novel Pathways to Poisoning
URL: https://portswigger.net/research/web-cache-entanglement
Author: James Kettle
Fri, 07 Aug 2020 - 36min - 48 - 3.33 - Too Many, Too Old, or Too Familiar
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Rob Simon, and Alex Hamerstone.
Title: The more cybersecurity tools an enterprise deploys, the less effective their defense is URL: https://www.zdnet.com/article/the-more-cybersecurity-tools-an-enterprise-deploys-the-
less-effective-their-defense-is/
Author: Charlie Osborne
Title: Home Router Security Report 2020
URL:https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouter
Security_2020_Bericht.pdf
Author: Peter Weidenbach Johannes vom Dorp
Title: SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in
Windows DNS Servers
URL: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-
a-17-year-old-bug-in-windows-dns-servers/
Author: Sagi Tzadik
And…Talking Twitter
Fri, 17 Jul 2020 - 34min - 47 - 3.32 - Happy Fourth!
SHOW NOTES
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, David Boyd, and Scott Nusbaum
Stories
Title: A hacker gang is wiping Lenovo NAS devices and asking for ransoms
URL: https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/
Author: Catalin Cimpanu
Title: FCC formally declare Huawei, ZTE ‘national security threats’
URL: https://techcrunch.com/2020/06/30/fcc-huawei-zte-national-security/
Author: Zack Whittaker, Devin Coldewey
Tool Time
Link: https://www.trustedsec.com/blog/access-locked-files-with-tscopy/
Thu, 02 Jul 2020 - 23min - 46 - 3.31 - See the World They Said
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Drew Kirkpatrick, and David Boyd.
Title: Career Choice Tip: Cybercrime is Mostly Boring URL: https://krebsonsecurity.com/2020/05/career-choice-tip-cybercrime-is-mostly-boring/ Author: Brian Krebs
Title: Ripple 20 URL: https://www.jsof-tech.com/ripple20/\ Authors: Moshe Kol, Ariel Schon, Shlomi Oberman, Andrey Zagrebin, Yuli Shapiro
Title: Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More URL: https://www.wired.com/story/dating-apps-leak-explicit-photos-screenshots/ Authors: Lily Hay Newman
Fri, 19 Jun 2020 - 31min - 45 - 3.30 - Print Me Some Monero Tendies
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Paul Sems, and David Boyd
[Stories]
Title: PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
URL: https://windows-internals.com/printdemon-cve-2020-1048/
Author: Yarden Shafir & Alex Ionescu
Title: Supercomputers hacked across Europe to mine cryptocurrency
URL: https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/
Author: Catalin Cimpanu
[Tool Time]
Pop open your Windows 10 Terminal and run:
pktmon help
Fri, 22 May 2020 - 31min - 44 - 3.29 - The Past Is Our Future
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Logan Sampson, and David Boyd
Stories of Interest
Title: Cisco spotlights new IT roles you've never heard of
URL: https://www.networkworld.com/article/3541363/cisco-spotlights-new-it-roles-youve-never-heard-of.html
Author: Michael Cooney
Title: The three early, maddening viruses that shook the world—and Microsoft
URL: https://www.fastcompany.com/90500378/iloveyou-virus-microsoft-steven-sinofsky-book Author: Steveen Sinofsky
Fri, 08 May 2020 - 28min - 43 - 3.28 - Enterprise Grade
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rick Yocum, and David Boyd
Stories of Interest
Title: Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay
URL: https://www.theregister.co.uk/2020/04/10/lockheed_martin_spacex_ransomware_leak/
Author: Shaun Nichols and Gareth Corfield
Title: DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs
URL: https://www.zdnet.com/article/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpns/
Author: Catalin Cimpanu
Title: Researchers Say They Caught an iPhone Zero-Day Hack in the Wild
URL: https://www.vice.com/en_us/article/pken5n/iphone-email-zero-day-hack-in-the-wild/
Author: Lorenzo Franceschi-Bicchierai
Fri, 24 Apr 2020 - 33min - 42 - 3.27 - Security Outlook Cloudy
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rick Yocum, and Rockie Brockway
Feature: Discussion with TrustedSec Advisory Services on migrating to remote work
Stories
Title: Beware—This Open Database On Google Cloud ‘Exposes 200 Million Americans’: Are You At Risk?
URL: https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/#cd6889985879
Author: Zak Doffman
Title: Marriott says new data breach affects 5.2 million guests
URL: https://abcnews.go.com/Technology/wireStory/marriott-data-breach-affects-52-million-guests-69895558
Author: Dee-Ann Durbin
Fri, 03 Apr 2020 - 27min - 41 - 3.26 - Cyber Contagions
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Paul Sems, and David Boyd
Stories
Title: Trump signs law banning use of federal funds to purchase Huawei equipment
URL: https://thehill.com/policy/cybersecurity/487266-trump-signs-into-law-bill-banning-use-of-federal-funds-to-purchase
Author: Maggie Miller
Title: You can now take up to 12 ounces of hand sanitizer through airport security
URL: https://www.theverge.com/2020/3/13/21179120/tsa-hand-sanitizer-liquid-size-airport-screening-coronavirus-covid-19
Author: Andrew Hawkins
Title: Live Coronavirus Map Used to Spread Malware
URL: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
Author: Brian Krebs
Fri, 20 Mar 2020 - 30min - 40 - 3.25 - The Things On The Internet
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, and David Boyd
Title: Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep
URL: https://www.zdnet.com/article/cybersecurity-warning-almost-half-of-connected-medical-devices-are-vulnerable-to-hackers-exploiting-bluekeep/
Author: Danny Palmer
Title: Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers
URL: https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
Author: By Eclypsium
Title: Pay Up, Or We’ll Make Google Ban Your Ads
URL: https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/
Author: Brian Krebs
Fri, 21 Feb 2020 - 41min - 39 - 3.24 - Citrix Mayhem
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Alex Hamerstone and Rob Simon.
Title: Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution
URL: https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/
Author: David Kennedy
Title: Microsoft patches Windows 10 after the NSA quietly told it about a major vulnerability
URL: https://www.cnbc.com/2020/01/14/microsoft-to-patch-windows-10-after-nsa-finds-vulnerability.html
Author: Kate Fazzini
URL2: https://news.ycombinator.com/item?id=22048619
Author2: tptacek
URL3: https://curveballtest.com/index.html
Author3: SANS Internet Storm Center
Title: Seven Years Later, Scores of EAS Systems Still sit UN-Pached, Vulnerable
URL: https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/
Author: Paul Roberts
Fri, 31 Jan 2020 - 29min - 38 - 3.23 - Merry Christmas
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and David Boyd.
Title: Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
URL: https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Author: Brian Krebs
Title: Chrome now warns you when your password has been stolen
URL: https://www.theverge.com/2019/12/10/21004434/google-chrome-79-password-protections-security-stolen-password-data-features
Author: Tom Warren
Title: Breaking the Rules: A Tough Outlook for Home Page Attacks
URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Authors: Matthew McWhirt, Nick Carr, Douglas Bienstock
Fri, 20 Dec 2019 - 23min - 37 - 3.22 - Process, Process, Process
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Rob Simon, and Steve Maxwell!
Stories
Title: A bug in Microsoft’s login system put users at risk of account hijacks
URL: https://techcrunch.com/2019/12/02/microsoft-login-flaw-account-hijack/
Author: Zack Whittaker
Title: It’s Way Too Easy to Get a .gov Domain Name
URL: https://krebsonsecurity.com/2019/11/its-way-too-easy-to-get-a-gov-domain-name/
Author: Brian Krebs
Title: Two malicious Python libraries caught stealing SSH and GPG keys
URL: https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
Author: Catalin Cimpanu
Fri, 06 Dec 2019 - 29min - 36 - 3.21 - DoH! Robinhood Strikes Again, Nord
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rob Simon, and David Boyd!
Stories
Title: NordVPN users’ passwords exposed in mass credential-stuffing attacks
Author: Dan Goodin
Title: ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says
Author: Jon Brodkin
Title: Robinhood Traders Discovered a Glitch That Gave Them ‘Infinite Leverage’
Author: Brandon Kochkodin
Fri, 08 Nov 2019 - 30min - 35 - 3.20 - So Much is Broken
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Justin Bollinger, and Alex Hamerstone!
Stories
Title: Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X
URL: https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html?m=1
Author: Mohit Kumar
Title: Researchers uncover 125 vulnerabilities across 13 routers and NAS devices
URL: https://www.helpnetsecurity.com/2019/09/17/vulnerabilities-iot-devices/
Title: Mozilla Won't Turn on DoH as Default in the UK Like It's Planning to Do in the US
URL: https://www.gizmodo.co.uk/2019/09/mozilla-doh-not-default-in-uk/
Author: Shabana Arif
Letters
We have good success using the historical DNS data available at https://securitytrails.com to locate the origin servers. This facilitates bypassing filtering to attack web applications.
Fri, 04 Oct 2019 - 25min - 34 - 3.19 - DerbyCon Victory Lap!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos
This show features a little different format we look back on nine years of DerbyCon with two of the principle organizers!
Fri, 13 Sep 2019 - 22min - 33 - 3.18 - Live From Vegas!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd
In this episode we share what happened in Vegas! Wait is that allowed?
Links from the show:
Gone to the Dogs - Constructing Kerberos Attacks with Delegation Primitives
HTTP Desync Attacks: Request Smuggling Reborn
Owning the Cloud Through Server-Side Request Forgery
Fri, 16 Aug 2019 - 17min - 32 - 3.17 - The End of End to End
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone.
Title: Kazakhstan's HTTPS Interception
URL: https://censoredplanet.org/kazakhstan
Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi
Title: DMARC's abysmal adoption explains why email spoofing is still a thing
URL: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/
Author: Catalin Cimpanu
Title: My browser, the spy: How extensions slurped up browsing histories from 4M users
URL: https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/
Author: Dan Goodin
Fri, 02 Aug 2019 - 26min - 31 - 3.16 - Pay the Ransoms
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, Alex Hamerstone and David Boyd
Title: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Author: Renee Dudley and Jeff Kao
Title: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
URL: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
Author: Alex Perekalin
Title: Track This is a new kind of incognito, says Mozilla
URL: https://www.hackread.com/mozillas-track-this-choose-fake-identity-to-deceive-advertisers/
Author: Waqas
Letters Home:
Try busting that CAPTCHA
Fri, 05 Jul 2019 - 30min - 30 - 3.15 - Let us Diagnose Your Information Security Failings
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing
the latest news on information security and the industry. This episode
features the following members: Geoff Walton, Justin Bollinger, and Steve Maxwell!
Stories
Title: Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached
URL: https://www.nbcnewyork.com/news/local/Quest-Diagnostics-12-Million-People-Data-Breach-510754611.html
Author: NBC New York
Title: Google disables Baltimore's Gmail accounts used during ransomware recovery
URL: https://www.baltimoresun.com/maryland/baltimore-city/bs-md-ci-gmail-accounts-20190523-story.html
Author: Ian Duncan
Title: Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches
URL: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches
Author: Tom Warren
Fri, 07 Jun 2019 - 35min - 29 - 3.14 - Pi
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Justin Bollinger, and David Boyd!
Stories
Title: Exposing lockbox rental scam
URL: https://www.cbs46.com/investigations/better_call_harry/better-call-harry-exposing-lockbox-rental-scam/article_d9a7242a-6ae4-11e9-bad4-b3ba30648147.html
Author: Harry Samler (CBS46 Atlanta)
Title: In a first, Israel responds to Hamas hackers with an air strike
URL: https://www.zdnet.com/article/in-a-first-israel-responds-to-hamas-hackers-with-an-air-strike/#ftag=RSSbaffb68
Author: Catalin Cimpanu
Title: Uber apologizes after racist tweet
URL: https://mashable.com/article/uber-racist-tweet
Author: Jake Morse
Fri, 10 May 2019 - 36min - 28 - 3.13 - The Law, Passwords, 5G and GRC
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing
the latest news on information security and the industry. This episode
features the following members: Geoff Walton, Rob Simon, Justin Bollinger, and David Boyd!
Stories
Title: The Feds Are Dropping Child Porn Cases Instead of Revealing Info on Their Surveillance Systems
URL: https://reason.com/2019/04/24/the-feds-are-dropping-child-porn-cases-instead-of-revealing-info-on-their-surveillance-systems/
Author: Elizabeth Nolan Brown
Title: Microsoft admits expiring-password rules are useless
URL: https://www.cnet.com/news/microsoft-admits-expiring-password-rules-are-useless/
Author: Ian Sherr
Title: Huawei row: UK to let Chinese firm help build 5G network
URL: https://www.bbc.com/news/uk-48032286
Author: BBC
Fri, 26 Apr 2019 - 36min - 27 - 3.12 - Money, Malware, and Facebook Reads Your Mail
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing
the latest news on information security and the industry. This episode
features the following members: Geoff Walton, Oddvar Moe, Justin Bollinger, and Alex Hamerstone!
Stories
Title: Casino Screwup Royale: A tale of “ethical hacking” gone awry
URL: https://arstechnica.com/information-technology/2019/03/50-shades-of-greyhat-a-study-in-how-not-to-handle-security-disclosures/
Author: Sean Gallagher
Title: Researchers Find Google Play Store Apps Were Actually Government Malware
URL: https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv
Author: Lorenzo Franceschi-Bicchierai and Riccardo Coluccini
Title: ‘Beyond Sketchy’: Facebook Demanding Some New Users’ Email Passwords
URL: https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords
Author: Kevin Poulsen
Letters home
A discussion with Alex Hamerstone about how the need to plan communications before you deploy a honeypot or other deception technology.
Fri, 05 Apr 2019 - 27min - 26 - 3.11 - (For Workgroups) Ghidra, Citrix and Beto Oh My!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rockie Brockway, Steve Maxwell, Hans Lakhan, and David Boyd
Title: Iranian-backed hackers stole data from major U.S. government contractor
URL: https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986
Author: Dan De Luce and Courtney Kube
Title: Beto O'Rourke Was Reportedly a Member of a 'Hacktivist' Group. What's That?
URL: http://time.com/5552860/beto-orourke-hacktivist-cdc/
Author: By Patrick Lucas
Title: NSA releases Ghidra, a free software reverse engineering toolkit
URL: https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/
Author: Catalin Cimpanu
Fri, 22 Mar 2019 - 29min - 25 - 3.10 - Thunder, Flash, and Run BMC!
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger, and Jessica Ryan
Title: Thunderbolt vulnerabilities leave computers wide-open
URL: https://www.itnews.com.au/news/thunderbolt-vulnerabilities-leave-computers-wide-open-519855
Author: Juha Saarinen
Title: Microsoft Edge lets Facebook run Flash code behind users' backs
URL: https://www.zdnet.com/article/microsoft-edge-lets-facebook-run-flash-code-behind-users-backs/
Author: Catalin Cimpanu
Title: Supermicro hardware weaknesses let researchers backdoor an IBM cloud server
URL: https://arstechnica.com/information-technology/2019/02/supermicro-hardware-weaknesses-let-researchers-backdoor-an-ibm-cloud-server/
Author: Dan Goodin
Tool Time
Tool: Monitor.App
URL: https://www.fireeye.com/services/freeware/monitor.html
Author: FIREEYE
Fri, 01 Mar 2019 - 31min - 24 - 3.9 - Turn off the Internet, The Containers are Leaking, and Why are my genitals in the Enquirer
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Alex Hamerstone, David Boyd and Jessica Ryan
Title: Russia to disconnect from the internet as part of a planned test
URL https://www.zdnet.com/article/russia-to-disconnect-from-the-internet-as-part-of-a-planned-test/
Author: Catalin Cimpanu
Title: Doomsday Docker security hole uncovered
URL: https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/
Author: Steven J. Vaughan-Nichols
Title: How Bezo's dick pics might've been exposed
URL: https://blog.erratasec.com/2019/02/how-bezos-dick-pics-mightve-been-exposed.html?m=1
Author: Errata Security
Additional Links:
https://www.keepassx.org/
https://haveibeenpwned.com/
https://www.spokeo.com/
https://pipl.com/
Fri, 15 Feb 2019 - 31min - 23 - 3.8 - Updating Your Reputable Plugins
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, and Jessica Ryan
Title: How Web Apps Can Turn Browser Extensions Into Backdoors
URL: https://threatpost.com/web-apps-browser-extensions-backdoors/141061/
Author: Tom Spring
Title: How Web Apps Can Turn Browser Extensions Into Backdoors
URL: https://threatpost.com/web-apps-browser-extensions-backdoors/141061/
Author: Tom Spring
Link to original research: http://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf
Title: Most out of date applications exposed: Shockwave, VLC and Skype top the list
URL: https://www.helpnetsecurity.com/2019/01/23/most-out-of-date-applications/ /
Author: Unspecified
Mon, 28 Jan 2019 - 28min - 22 - 3.7 - Intelligence and an End to USB Espionage?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, David Kennedy, and Alex Hamerstone
Title: NSA to release a free reverse engineering tool
URL https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/
Author: Catalin Cimpanu
Title: USB Type-C Authentication Program launched to protect your devices
URL https://newatlas.com/usb-c-authentication-program/57844/
Author: Paul Ridden
Title: The 6 reasons why Huawei gives the US and its allies security nightmares
URL: https:// www.technologyreview.com/s/612556/the-6-reasons-why-huawei-gives-the-us-and-its-allies-security-nightmares/
Author: Martin Giles and Elizabeth Woyke
Tool Time:
Tool by: GitHub user ecthros
URL: https://github.com/ecthros/uncaptcha2
Fri, 11 Jan 2019 - 30min - 21 - 3.6 - Facebook and China China China
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, Justin Bollinger, and Alex Hamerstone
Title: facebook reaveals bug exposed 6.8 million users’ photos URL https://www.cnn.com/2018/12/14/tech/facebook-private-photos-exposed-bug/index.html Author: Donie O’Sullivan
Title: As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants URL https://www.nytimes.com/2018/12/18/technology/facebook-privacy.htmlAuthor: Donie O’Sullivan Author: Gabriel Dance
Title: Hackers swipe card numbers from local government payment portals URL: https://www.zdnet.com/article/hackers-swipe-card-numbers-from-local-government-payment-portals/ Author: Catalin Cimpanu
Title: Chinese spies reportedly behind massive Marriott hack URL: https://www.cnet.com/news/chinese-spies-reportedly-behind-massive-marriott-hack/ Author: Steven Musil
Fri, 21 Dec 2018 - 32min - 20 - 3.5 – What's Hidden In Your Cart?
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Rocky Brockway
Title: Amazon exposed customer names and emails in a 'technical error'
URL https://www.cnbc.com/2018/11/21/amazon-exposed-customer-names-and-emails-in-a-technical-error.html
Author: Jack Gillum
Title: Tiny Twitter thumbnail tweaked to transport different file types
URL: https://www.theregister.co.uk/2018/10/31/twitter_thumbnail_code/
Author: Thomas Claburn
Title: Who’s In Your Online Shopping Cart?
URL: https://krebsonsecurity.com/2018/11/whos-in-your-online-shopping-cart/
Author: Brian Krebs
[Tool Time]
URL: https://attack.mitre.org/
Fri, 30 Nov 2018 - 24min
Podcasts similares a Security Noise
Global News Podcast BBC World Service- El Partidazo de COPE COPE
- Herrera en COPE COPE
- The Dan Bongino Show Cumulus Podcast Network | Dan Bongino
- Es la Mañana de Federico esRadio
- La Noche de Dieter esRadio
- Hondelatte Raconte - Christophe Hondelatte Europe 1
- Dateline NBC NBC News
- 財經一路發 News98
- La rosa de los vientos OndaCero
- Más de uno OndaCero
- La Zanzara Radio 24
- L'Heure Du Crime RTL
- El Larguero SER Podcast
- Nadie Sabe Nada SER Podcast
- SER Historia SER Podcast
- Todo Concostrina SER Podcast
- 安住紳一郎の日曜天国 TBS RADIO
- TED Talks Daily TED
- アンガールズのジャンピン[オールナイトニッポンPODCAST] ニッポン放送
- 辛坊治郎 ズーム そこまで言うか! ニッポン放送
- 飯田浩司のOK! Cozy up! Podcast ニッポン放送
- 吳淡如人生實用商學院 吳淡如
- 武田鉄矢・今朝の三枚おろし 文化放送PodcastQR
![アンガールズのジャンピン[オールナイトニッポンPODCAST]](https://is1-ssl.mzstatic.com/image/thumb/Podcasts126/v4/a3/d0/03/a3d0036b-fb99-56ad-928e-2fdabbea43b6/mza_8898289893618631728.jpg/300x300bb.jpg)
