SpiderLabs Radio

In this week’s episode: Carder Scams Zerodium and iOS 9 jailbreak So Long, and Thanks for All the Fish! This episode marks the last SpiderLabs Radio podcast so I can focus on other Trustwave projects like our popular SpiderLabs blog. Thanks to all of our loyal listeners and I hope to see you over on the blog!

Two separate SpiderLabs vulnerabilities released: Assi Barak Discovers Magmi Zero Day Asaf Orpani Discovers Critical Joomla SQL injection Also A New IoT Vulnerability In Your Connected Tea Kettle Links mentioned in the show: Assi Barak - Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild Asaf Orpani - Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

In this week’s episode: SpiderLab’s Rodel Mendrez dissects the Quaverse RAT Current state of medical device security from DerbyCon 2015 Links mentioned in the show:Rodel Mendrez - Quaverse RAT: Remote-Access-as-a-ServiceDerbyCon 2015 videos

In this week’s episode: SYNFul Knock compromised routers TSA Master keys leaked

In this week’s episode: 225K iPhones hacked Sleepy Puppy Chrome and Amazon blocks (some) Flash Carbanak comes back

In this week’s episode: Android Certifi-gate vulnerability exploited in the wild Agora Dark Market shuts down New Crypto Snakeoil: 4YEO

In this week’s episode: What Ashley Madison got right New Internet Explorer Vuln patched out of band Study on Android Lock Patterns

In this week’s episode: Android Vulnerabilites: DoS and Stagefright New Attack on Tor

In this week’s episode: Microsoft’s July Patch Tuesday and Windows Server 2003 EOL Darkode gets taken down

In this week’s episode we talk about the Hacking Team getting hacked.

In this week’s episode: SwiftKey Android and Apple zero days LastPass breach

In this week’s episode: OpenSesame: Hacking Garage Door Openers Two Ransomware Authors Get Out Of The Game

In this week’s episode: Tox: Ransomware Builder Bots outnumber humans LogJam Hacking Airplanes

In this week’s episode: May’s Patch Tuesday VENOM VM escape vulnerability

In this week`s episode: Wordpress Zero Day BACKRONYM: SSL vulnerability in MySQL Angler EK and Bedep campaign used for political hacktivism Links mentioned in the show: BACKRONYMBedep trojan malware spread by the Angler exploit kit gets political

In this week’s episode it’s all things RSA Conference. I’ll be discussing two talks put on by Trustwave SpiderLabs researchers; one on PoS security and one on hacking SAP ASE databases. I’ll also talk about our password cracking rig and how it stood up against attendee provided passwords.   Links mentioned in the show: Building a Password Cracking Rig  David Byrne and Charles Henderson “That Point of Sale Is a PoS” Martin Rakhmanov: “Owning SAP ASE: Chained Database Attack”  CVE-2014-6284 - "Probe" login access vulnerability in SAP ASE  Custom ASE “probe” account client 

In this week’s episode: Rootpipe finally fixed for some Microsoft Patch Tuesday Punkey PoS Malware Links mentioned in the show: New POS Malware Emerges - Punkey

In this week’s episode: TrueCrypt audit Silk Road back in the news once more, again DDoS on GitHub SSLv3 and PCI Links mentioned in the show: Bring Out Your Dead: An Update on the PCI relevance of SSLv3  

In this week’s episode: Root Certificate Used to Spoof TLS POSeidon Point of Sale Malware Flaw in Hotel WiFi Routers Allows Remote Control Bar-Mitzvah attack against RC4/SSL

In this week’s episode: The not-so-bad New Vuln in OpenSSL How to Infect a BIOS The Pwn2Own Results Darkmarket Evo Shuts Down

In this week’s episode: Microsoft’s March Patch Tuesday and the Return of Stuxnet The Row Hammer Physical Memory Attack

In this week’s episode: The Angler Exploit Kit and Domain Shadowing FREAK is the new POODLE

In this week’s episode: Superfish and HTTPS MITM attacks SpiderLabs Honeypots and DDoS Malware SpiderLabs teardown of the RIG EK Links mentioned in this podcast: [Honeypot Alert] FHS Null Byte Attack (CVE-2014-6287) Attempts to Install DDoS Malware (Iptablex)RIG Exploit Kit Source Code Leak - The End or Just the Beginning of RIG?RIG Exploit Kit – Diving Deeper into the Infrastructure

In this week’s episode: Microsoft Patch Tuesday and Zero Days Ten Million Passwords Publicly Released New Anti-Forensic Technique: HARES

In this week’s episode: 2015 Changes to the Google Bug Bounty CTB-Locker ransomware Yet Another Flash Zero Day Links mentioned in this podcast: Kafiene’s Breakdown of CTB-LockerBen Hayak: A New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild

In this week’s episode: Critical Vulnerability Discovered in BlackPhone Google Zero Days hit OS X Facebook Magnet Malware The GHOST Vulnerability   Links mentioned in this article:GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

In this week’s episode: Two Flash 0-Days Cause Confusion The trials of Ross Ulbricht and Barrett Brown

In this week’s episode we discuss Responsible Vulnerability Disclosure in the wake of Google’s release of Microsoft zero days. Links mentioned in this article: Microsoft: A Call for Better Coordinated Vulnerability Disclosure Intro to HDMoore’s Law The Speed is from the Devil – Some Thoughts about Google’s New Disclosure Policy

In this week’s episode: Welcome back and Happy 2015! The Return of the Malicious Macro New Apple Exploits: iDict and Thunderstrike One Final Microsoft Zero Day for 2014 Links mentioned in this podcast: Deobfuscating Malicious Macros Using Python Thunderstrike 31c3

In this week's episode: Last Patch Tuesday of 2014 New POODLEv2 Malware signed with Sony certificate Happy Holidays and Farewell until 2015

In this week's episode: The Sony Breach Operation Cleaver

In this week's episode: The Out of Band Microsoft Kerberos Vulnerability Popular Messaging App WhatsApp Adds End-to-End Encryption  Tech Collective to Offer Free Certificate Authority ATT Stops SuperCookie Injection An Update on Tor added Malware: OnionDuke

In this week's episode: Microsoft Patch Tuesday discloses critical vulnerabilities DarkHotel targets high level executives The Wirelurker campaign unleashes the Masque attack

In this episode: The mysterious Rootpipe vuln affecting OS X The not so mysterious Wirelurker targeting Apple devices The arrest of Silkroad 2.0 operator, Defcon New Backoff PoS malware variants

In this episode: Drupalocalypse Spotting fake data dumps Tor exit node adds malware New Web Attack: Reflected File Download (RFD) Here are some of the links discussed in this weeks show: Allison Nixon's Spotting Fake Data Dumps Download The Backdoor Factory (BDF)Watch Joshua Pitts Talk on BDFAnalysis of Malicious Tor Exit Node  Oren Hafif's Reflected File Download Technique  

In this episode: Google offering Security Key for 2FA New Microsoft OLE vulnerability Ebola Phishing Campaign   Here are some of the links discussed in this weeks show: SpiderLabs writeup of CVE-2014-4114Microsoft advisory for CVE-2014-6352  

In this episode we'll be talking about the zero days patched by Microsoft's Patch Tuesday as well as all things POODLE.

In this episode: BadUSB iWorm OS X botnet Tyupkin ATM malware links from the show notes:  BadAndroid v0.1Phison BadUSB code    

In this episode: All things Shellshock DerbyCon was GREAT, thanks for asking Get well soon, Cap'n Crunch Links mentioned in this weeks show: Mubix's existing shellshock attack vectors and PoCsSpiderLabs: Shellshock a Week Later: What We Have SeenDerbycon 2014 VideosHelp John Draper (Cap'n Crunch)

In this episode: Apple new security features iOS8 XSS bug reintroduced in Kindle Bleep, a new secure messaging app Android Browser Privacy Bug Updates for Adobe Reader/Acrobat

In this episode I talk about the non-existent massive leak of 5 million Google email credentials and discuss the security aspects of Apple's newly announced Apple Pay payment system.

In this episode: All things iCloud and Naked Celebrity Leaks Plus tracking Criminals with VirusTotal

In this episode: Synolocker cure from F-Secure Windows Update re-released Android App hack Sony PSN DDoS, bomb threat Backoff update Beeswarm New Netflix tools

In this episode: New Gameover Zeus Variant Synolocker Gang Calls It Quits Microsoft Pulls a Patch Hacking Traffic Lights Grabbing Audio From a Phone's Gyroscope Stealing GPG Keys By Touch

In this episode: Trustwave's new live Global Security Report New Backoff PoS malware family The Magnitude Exploit Kit How hard is it to crack 625,000 passwords? Historical security trends

Hello loyal listeners. I just wanted to let you know that this is not the podcast you were looking for. With all of the preparations being done to get ready for BlackHat and DefCon I'm forced to delay the podcast this week. But stay tuned, because with convention season upon us, all the news that researchers have been holding on to all year is starting to see the light of day. I'll be discussing a new PoS malware family dubbed Backoff that my colleagues here at SpiderLabs recently discovered and we'll probably have a couple of surprises up our sleeve then. I'll catch you next week in Vegas, so until then, stay safe! 

In this episode: Vulnerabilites in password managers New Gameover Zeus Malware Kronos Malware Tesla Model S Vulnerabilities Google's Project Zero Network Attacks during World Cup

In this episode: Rosetta Flash vulnerability BrutPoS Track2, a Russian PoS criminal, is arrested  Smart Lightbulbs leak wifi passwords Office macro malware makes a comeback Fraudulent SSL certificates found impersonating Google, Yahoo Data farmed from used cellphones

In this episode: Apple ships patches for all the things 20 year old LZO bug resurrected New Zeus variant Lite Zeus Dragonfly campaign targets US Energy Microsoft seizes No-IP

In this episode: PayPal 2FA in mobile bypassed Android update for OpenSSL vuln Reuters compromised by SEA through 3rd party TimThumb Webshot RCE vulnerability DDoS used as a distraction NTP patches stem DDoS flood

In this episode: Tweetdeck suffers from an XSS worm Even Hackers pick bad password MS releases an Emergency Patch  SimpLocker Android Ransomware encryption bypassed Researchers find vulnerabilties in both Google Play and thousands of Apps New towelroot root exploit for Android