Podcasts about backdoors

Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS. https://support.apple.com/en-us/100100 Expressif Response to ESP32 Debug Commands Expressif released a statement commenting on the recent release of a paper alledging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth. https://www.espressif.com/en/news/Response_ESP32_Bluetooth

❤️ Visite nossa campanha de financiamento coletivo e nos apoie!

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple's decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the […] The post Cybersecurity Impact of DOGE, Apple's Stand Against Encryption Backdoors appeared first on Shared Security Podcast.

La saga de la SAAQ! Shamelessplug Hackfest Swag Join Hackfest/La French Connection Discord Join Hackfest us on Mastodon Conférence SEQure - Québec - 26-27 février 2025 CYBERTECH Global Tel Aviv - Israël - 24-26 mars 2025 InCyber Europe - Lille, France - 1-3 avril 2025 Conference CYBERECO - Montréal - 8-9 avril 2025 ALTSECCON - Halifax - 10-11 avril 2025 World Summit AI - Montréal - 15-16 avril 2025 Conférence NorthSEC - Montréal - 10-18 mai 2025 17th International Conference on Cyber Conflict - Tallinn, Estonie - 27-30 mai 2025 ITSEC Devolution - St-Hyacinthe - 9 juin 2025 Les 101 mots de la cybersécurité : Exporter la cybersécurité et valoriser nos entreprises. Sujet d'opinion La Saga de la SAAQ Nouvelles Le modèle de catégorisation du MCN ? SAAQclic pas pantoute ! Gazette officielle du Québec (2024) – Arrêté ministériel officialisant le modèle de classification de sécurité des données numériques gouvernementales Ministère de la Cybersécurité et du Numérique (2024) – Guide d'accompagnement du modèle de classification LCP-LAG (2024) – Analyse de la mise en œuvre du modèle de classification Un IoT à plusieurs milliards de dollars : Les F-35 sous contrôle américain ? Defense Mirror (2024) – Backdoors potentielles dans les F-35 Tech Startups (2022) – Cyberattaques et vulnérabilités des F-35 Global Defence Technology (2019) – Vulnérabilités du système logistique des F-35 DORA: Le roadmap pour la nomination est publié, c'est quoi un DORA Virginia Legislature Passes High Risk AI Developer and Deployer Act Competition Bureau probes real estate companies' use of software to help set rents China: Hangzhou Internet Court: Generative AI Output Infringes Copyright Lawsuits against DOGE Canada-U.S. Cross-Border Surveillance Negotiations Raise Constitutional and Human Rights Whirlwind under U.S. CLOUD Act White House official pushes to axe Canada from Five Eyes intelligence group Australia bans all Kaspersky products on government systems Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks PCI DSS 4.0 Mandates DMARC By 31st March 2025 La reconnaissance vocale de nos banques fait-elle le poids face à l'IA? Crew Patrick Mathieu Steve Waterhouse Francis Coats Vanessa Henri Crédits Montage audio par Hackfest Communication Music par GreatOwl – Lilia Sin Mi - Xinopua Locaux virtuels par Streamyard

US employee screening firm confirms breach Swedish law enforcement seeking messaging app backdoors Dems warn of exposed entry points on government systems Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teams—all the grunt work nobody wants to do.  Plus, having to finish the dang questionnaire itself.  Well. That teammate exists—Conveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes every questionnaire and knocks out all the coordination in-between.  Sue, Conveyor's AI agent, handles it all so you don't have to. Learn more at www.conveyor.com.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Encryption Dilemmas: When Government Access May Threaten Individual SecurityPub date: 2025-02-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow gets into pressing cybersecurity issues currently making headlines. Listeners are invited to explore the complex challenges governments face to ensure accountability without compromising security.  Aaron examines the implications of global policies that could force tech companies to undermine encryption. Steering clear of political discourse, he focuses on real cybersecurity risks, from untracked government spending to potential backdoors in personal devices and broader national security concerns.  Aaron provides critical insights into how these issues impact businesses, private citizens, and infrastructure, raising questions about privacy and data protection in today's digital age.  Whether you're a cybersecurity expert, a business leader, or someone who values privacy, this episode offers valuable perspectives and strategies to navigate the intricate IT and OT cybersecurity landscape. Join Aaron as he tackles these pressing topics and discusses how to maintain transparency and security for everyone. Key Moments 00:00 Demanding Oversight for Sensitive Expenditures 05:42 Fragmented Infrastructure and Cybersecurity Challenges 09:19 Suing for Backdoors in Secure Communication 11:35 Phone Security and Privacy Concerns 13:40 Cybersecurity Risks of Government Backdoors 16:54 Encryption Backdoors: Security vs. Privacy? Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Applying forgivable vs. unforgivable criteria to reDoS vulns, what backdoors in LLMs mean for trust in building software, considering some secure AI architectures to minimize prompt injection impact, developer reactions to Rust, and more! Show Notes: https://securityweekly.com/asw-319

Applying forgivable vs. unforgivable criteria to reDoS vulns, what backdoors in LLMs mean for trust in building software, considering some secure AI architectures to minimize prompt injection impact, developer reactions to Rust, and more! Show Notes: https://securityweekly.com/asw-319

In this week's round-up of the latest news in online speech, content moderation and internet regulation, Mike and Ben are joined by a group of students from the Media Law and Policy class at the American University School of Communication. Together they cover:U.K. orders Apple to let it spy on users' encrypted accounts (Washington Post)US lawmakers respond to the UK's Apple encryption backdoor request (Engadget)UK: Encryption order threatens global privacy rights (Human Rights Watch)Analysis: AI Summit emphasizes innovation and competition over trust and safety (DFR Lab)An overdue idea for making the internet safer just got the funding it needs (Platformer)Google-backed public interest AI partnership launches with $400M+ for open ecosystem building (Techcrunch)Britain dances to JD Vance's tune as it renames AI institute (Politico) Section 230 Still Works in the Fourth Circuit (For Now)–M.P. v. Meta (Eric Goldman)TikTok Opts to Not Take Section 230 Immunity Fight to the US Supreme Court (Law.com)Shopify says risk of fraud, not Nazi swastika, was reason for Kanye West store takedown (The Logic)This episode is brought to you with financial support from the Future of Online Trust & Safety Fund. Ctrl-Alt-Speech is a weekly podcast from Techdirt and Everything in Moderation. Send us your feedback at podcast@ctrlaltspeech.com and sponsorship enquiries to sponsorship@ctrlaltspeech.com. Thanks for listening.

This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discussdiscuss a newly discovered SSH backdoor used by Chinese cyber spies, the alarming rise of insider threats in critical U.S. infrastructure, and the significant drop in ransomware payments in 2024. Hector also delivers a passionate rant about government security oversight and the risks posed by unvetted personnel in federal systems. Plus, the duo shares insights on bypassing corporate security with SSH tunneling, the evolution of cybercrime tactics, and why cybersecurity resilience is more crucial than ever. Send HATF your questions at questions@hackerandthefed.com.

On This Episode of the Defending The Edge Podcast with DefendEdge, the team discusses how Subaru Starlink Vehicles have lost control, how hackers are hacking hackers, new AI advancements from both the US and China, and lastly, how the victim count from the United Healthcare Breach has continued to rise in the new year. 

On This Episode of the Defending The Edge Podcast with DefendEdge, the team discusses how Subaru Starlink Vehicles have lost control, how hackers are hacking hackers, new AI advancements from both the US and China, and lastly, how the victim count from the United Healthcare Breach has continued to rise in the new year. 

To Simulate or Replicate: Crafting Cyber Ranges Automating the creation of cyber ranges. This will be a multi part series and this part covers creating the DNS configuration in Windows https://isc.sans.edu/diary/To%20Simulate%20or%20Replicate%3A%20Crafting%20Cyber%20Ranges/31642 Scammers Exploiting Deepseek Hype Scammers are using the hype around Deepseek, and some of the confusion caused by it's site not being reachable, to scam users into installing malware. I am also including a link to a "jailbreak" of Deepseek (this part was not covered in the podcast). https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ https://lab.wallarm.com/jailbreaking-generative-ai/ PyPi Archived Status PyPi introduced a new feature to mark repositories as archived. This implies that the author is no longer maintaining the particular package https://blog.pypi.org/posts/2025-01-30-archival/ ICS Mecial Advisory: Comtec Patient Monitor Backdoor And interested backdoor was found in a Comtech Patient Monitor. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Dennis Fisher. Ryan Naraine (https://twitter.com/ryanaraine) in on work travel.

Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

David Derigiotis, an insurance expert and TED talker, is an AI enthusiast. But he is also a realist about the hurdles ahead for the development of this exciting technology. For example, backdoors and privacy. He talks with Host Llewellyn King and Co-host Adam Clayton Powell III.

This show has been flagged as Explicit by the host. table td.shrink { white-space:nowrap } hr.thin { border: 0; height: 0; border-top: 1px solid rgba(0, 0, 0, 0.1); border-bottom: 1px solid rgba(255, 255, 255, 0.3); } New hosts Welcome to our new host: SolusSpider. Last Month's Shows Id Day Date Title Host 4240 Fri 2024-11-01 The First Doctor, Part 1 Ahuka 4241 Mon 2024-11-04 HPR Community News for October 2024 HPR Volunteers 4242 Tue 2024-11-05 Interview with Lorenzo 'kelset' Sciandra Ken Fallon 4243 Wed 2024-11-06 Hand Warmer, long term product review MrX 4244 Thu 2024-11-07 Two methods of digitizing photos. Henrik Hemrin 4245 Fri 2024-11-08 What's in my bag? Trey 4246 Mon 2024-11-11 Bytes, Pages and Screens Lee 4247 Tue 2024-11-12 Installing GuixSD--Part Deux Rho`n 4248 Wed 2024-11-13 Millie Perkins Ken Fallon 4249 Thu 2024-11-14 Audio Streams on the Command Line Kevie 4250 Fri 2024-11-15 Playing Civilization IV, Part 3 Ahuka 4251 Mon 2024-11-18 Dave and MrX turn over a new leaf Dave Morriss 4252 Tue 2024-11-19 Privacy is not hiding Some Guy On The Internet 4253 Wed 2024-11-20 A brief introduction of myself Kinghezy 4254 Thu 2024-11-21 Cake Money Money Cake Money Money Cake! operat0r 4255 Fri 2024-11-22 What is on My Podcast Player 2024, Part 1 Ahuka 4256 Mon 2024-11-25 Birds of a Feather Talk at OLF 2024 Thaj Sara 4257 Tue 2024-11-26 Movie review: The Artifice Girl Kevie 4258 Wed 2024-11-27 Introduction and History of Using Computers SolusSpider 4259 Thu 2024-11-28 Why digitize photos Henrik Hemrin 4260 Fri 2024-11-29 The Golden Age Ahuka Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 61 comments in total. Past shows There are 21 comments on 17 previous shows: hpr0870 (2011-12-02) "Computer Memories" by Deltaray. Comment 3: SolusSpider - Peter Paterson on 2024-11-29: "Commonality on Deltaray's computer experiences" hpr1322 (2013-08-27) "Kevin O'Brien - Ohio LinuxFest 2013" by Ken Fallon. Comment 1: SolusSpider - Peter Paterson on 2024-11-26: "Attended OLF2013" hpr1642 (2014-11-18) "Frist Time at Oggcamp" by Al. Comment 2: SolusSpider - Peter Paterson on 2024-11-27: "Al at Oggcamp - 10 years later" hpr1890 (2015-10-30) "A short walk with my son" by thelovebug. Comment 4: SolusSpider - Peter Paterson on 2024-11-11: "Comment on A short walk with my son" hpr2503 (2018-03-07) "My journey into podcasting" by thelovebug. Comment 3: SolusSpider - Peter Paterson on 2024-11-18: "Comment on TheLoveBug journey into podcasting." hpr2673 (2018-10-31) "Urandom - Ohio Linux Fest 2-18 Podcaster Roundtable" by Thaj Sara. Comment 1: SolusSpider - Peter Paterson on 2024-11-26: "Wonderful OLF Podcasters Banter" hpr3315 (2021-04-16) "tesseract optical character recognition" by Ken Fallon. Comment 2: SolusSpider - Peter Paterson on 2024-11-28: "Tessaract OCR User" Comment 3: SolusSpider - Peter Paterson on 2024-11-29: "Spelling of tesseract" hpr3998 (2023-11-29) "Using open source OCR to digitize my mom's book" by Deltaray. Comment 3: SolusSpider - Peter Paterson on 2024-11-29: "Experience with Tesseract OCR software" hpr4106 (2024-04-29) "My tribute to feeds" by Henrik Hemrin. Comment 1: SolusSpider - Peter Paterson on 2024-11-27: "New(ish) to Feeds" Comment 2: Henrik Hemrin on 2024-11-29: "Thanks for feedback" hpr4129 (2024-05-30) "How I found Hacker Public Radio" by Henrik Hemrin. Comment 1: SolusSpider - Peter Paterson on 2024-11-27: "My own story of finding HPR" hpr4132 (2024-06-04) "Urandom talks about the future of HPR" by Thaj Sara. Comment 4: SolusSpider - Peter Paterson on 2024-11-18: "Comment on Urandom talks about the future of HPR" hpr4195 (2024-08-30) "Hacking HPR Hosts" by Ken Fallon. Comment 2: SolusSpider - Peter Paterson on 2024-11-29: "Another comment for Ken - he hacked this host" hpr4200 (2024-09-06) "Intro to Doctor Who" by Ahuka. Comment 5: SolusSpider - Peter Paterson on 2024-11-09: "Comment on Introduction To Doctor Who" hpr4220 (2024-10-04) "How Doctor Who Began" by Ahuka. Comment 1: SolusSpider - Peter Paterson on 2024-11-11: "Comment on How Doctor Who Began" hpr4233 (2024-10-23) "OggCamp 2024 Day 1" by Ken Fallon. Comment 1: @geospart on 2024-11-09: "Nice" hpr4236 (2024-10-28) "History of Nintendo" by Lochyboy. Comment 3: SolusSpider - Peter Paterson on 2024-11-10: "Comment on History of Nintendo" Comment 4: John Curwood - blindape on 2024-11-20: "Virtual Boy" hpr4238 (2024-10-30) "Snaps are better than flatpaks" by Some Guy On The Internet. Comment 2: Elliot B on 2024-11-01: "Snaps are the least worst" Comment 3: mpardo on 2024-11-02: "Snaps are indeed better that Flatpaks" This month's shows There are 40 comments on 16 of this month's shows: hpr4240 (2024-11-01) "The First Doctor, Part 1" by Ahuka. Comment 1: Kevie on 2024-10-31: "Keep them coming"Comment 2: Kevin O'Brien on 2024-11-02: "More to come"Comment 3: Ken Fallon on 2024-11-07: "Daleks" hpr4241 (2024-11-04) "HPR Community News for October 2024" by HPR Volunteers. Comment 1: ClaudioM on 2024-11-04: "Commentary on Ep. 4231 (Tmux+dd+FreeBSD)"Comment 2: Torin Doyle on 2024-11-10: "Hunting, Buzzing"Comment 3: Dave Morriss on 2024-11-14: "Buzzing?"Comment 4: Dave Lee (thelovebug) on 2024-11-16: "Dave's buzzing"Comment 5: Torin Doyle on 2024-11-18: "Re: Buzzing (more like a hum) in the audio for Dave Morriss."Comment 6: Dave Morriss on 2024-11-18: "The buzzing of the brain" hpr4244 (2024-11-07) "Two methods of digitizing photos." by Henrik Hemrin. Comment 1: Henrik Hemrin on 2024-11-07: "Clarification equipment for repro photo"Comment 2: Ken Fallon on 2024-11-07: "What hardware are you using"Comment 3: Henrik Hemrin on 2024-11-07: "Response to Ken"Comment 4: Charles in NJ on 2024-11-08: "Missed this show because feed is broken"Comment 5: Ken Fallon on 2024-11-08: "Bug Report"Comment 6: Ken Fallon on 2024-11-09: "Please send me your version of bashpodder" hpr4245 (2024-11-08) "What's in my bag?" by Trey. Comment 1: men Fallon on 2024-11-07: "Backdoors and breaches" hpr4246 (2024-11-11) "Bytes, Pages and Screens" by Lee. Comment 1: Ken Fallon on 2024-11-07: "Terry Pratchett"Comment 2: Torin Doyle on 2024-11-18: "Podcasts, Books, TV" hpr4248 (2024-11-13) "Millie Perkins" by Ken Fallon. Comment 1: Kevie on 2024-11-13: "A fantastic Oggcamp Talk" hpr4249 (2024-11-14) "Audio Streams on the Command Line" by Kevie. Comment 1: Ken Fallon on 2024-11-07: "Great Tips"Comment 2: SolusSpider - Peter Paterson on 2024-11-14: "Comment on Audio Streams on the Command Line"Comment 3: Jan on 2024-11-14: "Just Thanks"Comment 4: Henrik Hemrin on 2024-11-29: "Command Line" hpr4251 (2024-11-18) "Dave and MrX turn over a new leaf" by Dave Morriss. Comment 1: FXB on 2024-11-23: "using wttr.in"Comment 2: Dave Morriss on 2024-11-23: "Re: wttr.in" hpr4252 (2024-11-19) "Privacy is not hiding" by Some Guy On The Internet. Comment 1: Tim J on 2024-11-20: "Big Tech is Watching You" hpr4253 (2024-11-20) "A brief introduction of myself" by Kinghezy. Comment 1: SolusSpider - Peter Paterson on 2024-11-20: "Comment on kinghezy's introduction show hpr4253" hpr4256 (2024-11-25) "Birds of a Feather Talk at OLF 2024" by Thaj Sara. Comment 1: Ken Fallon on 2024-11-21: "Suspense"Comment 2: Thaj on 2024-11-25: "Resolution"Comment 3: Windigo on 2024-11-26: "Future shows"Comment 4: Torin Doyle on 2024-11-30: "OLF?" hpr4257 (2024-11-26) "Movie review: The Artifice Girl" by Kevie. Comment 1: SolusSpider - Peter Paterson on 2024-11-26: "Also watched The Atifice Girl" hpr4258 (2024-11-27) "Introduction and History of Using Computers" by SolusSpider. Comment 1: Dave Lee (thelovebug) on 2024-11-18: "Welcome to the HPR family"Comment 2: present_arms on 2024-11-19: "This Podcast hpr4258 :: Introduction and History of Using Computers"Comment 3: archer72 on 2024-11-27: "Welcome to HPR"Comment 4: Henrik Hemrin on 2024-11-29: "Welcome as HPR host!" hpr4259 (2024-11-28) "Why digitize photos" by Henrik Hemrin. Comment 1: SolusSpider - Peter Paterson on 2024-11-28: "The thoughts behind digitizing photos"Comment 2: Henrik Hemrin on 2024-11-29: "Thanks for your comment" hpr4272 (2024-12-17) "Embed Mastodon Threads" by hairylarry. Comment 1: Ken Fallon on 2024-11-28: "Wayne Myers ?? Where did I hear that name before ?" hpr4320 (2025-02-21) "Switching my Mastodon account" by Ahuka. Comment 1: Ken Fallon on 2024-11-25: "Target Audience of 1" Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mail List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: https://lists.hackerpublicradio.com/pipermail/hpr/2024-November/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page. Any other business It's been another hectic month here at HPR Towers. As we discussed on the mailing list most of the time was taken by the migration to Mastodon, and the implementation of the mirrors on the Community Content Delivery Network. Some daily stats are been updated on https://hub.hackerpublicradio.org/hpr_ccdn_stats.tsv Summary of the changes to the repo https://repo.anhonesthost.net/HPR Dave updated his tooling for processing shows and they are now available on the Gitea repo. We finally got around to creating the HPR Documentation wiki. Community Content Delivery Network (CCDN) A location to track the deployment of the HPR Community Content Delivery Network, that provides a mirror network for our content. HPR Website Design This is literally in the whiteboard phase of the HPR website redesign. Where we can track Compatibility of the clients subscribed to our feeds. Useful Resources Where we can link to other free culture sites that provide useful services. Requested Topics Where we can track topics that have been requested, and link to shows that addressed them. There is also a list with information about Podcatcher and Podcasting Platform Compatibility. If anyone wants to adopt a player then please do so. The section on Workflow will be changing shortly due to Dave stepping aside, and also the need to distribute to multiple end points. All the processing will happen first, and then all the checks will be done at the same stage just prior to posting. For this to work we need help finding a simple manageable WYSIWYG editor that can produce sane HTML when the host uploads the show. We also need a new system to distribute the files from an origin to all the mirrors. Other changes and fixes. The day of the week is now available on the website. Fixed the RSS feed to show explicit status. Fixed a bug that limited the future feed to just 10 shows. Fixed a typo in the status page. Following feedback, added emphasis about the upcoming two weeks, to the scheduling guidelines. Notable shout out to the people who are promoting HPR and are helping people out with audio issues. Provide feedback on this episode.

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠ --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

[glossary_exclude]They assume perfection, and we all know how that goes.[/glossary_exclude] by Leo A. Notenboom (Image: DALL-E 3) A phrase we've heard more and more often in recent years is encryption backdoor. The concept is simple: government agencies want to be able to monitor otherwise encrypted communications. The concept is flawed. [glossary_exclude]Encryption backdoors[/glossary_exclude][glossary_exclude]Encryption backdoors allow governments or other entities to access private communications, undermining privacy. These backdoors create vulnerabilities; they rely on the trustworthiness of those entities to use backdoor keys responsibly and prevent leaks. Criminals can still bypass such measures using traditional, non-backdoored encryption. Encryption backdoors risk your privacy without effectively improving anyone's security.[/glossary_exclude] Securing communications with encryption The fundamental concept of encrypted communications is that only the sender and the recipient can read a message exchanged between them. The sender encrypts it before sending, and only the recipient has the ability to decrypt it.1 One example I run into regularly is sending someone a password -- you don't want someone "in the middle" to be able to see it. An end-to-end encrypted messaging service is one solution. Governments don't like this at all. At its most basic, encryption prevents law enforcement from monitoring potentially illegal activities. At its most extreme, it prevents oppressive governments from monitoring what their citizens might be up to. As a result, from time to time we hear of proposed legislation to force service providers to provide a back door that would allow authorized entities such as governments and perhaps others to access otherwise inaccessible communications. How a backdoor might work Traditional encryption works in one of two ways. One method uses a common secret, like a password, which is used to both encrypt and decrypt data. The other method uses a key-pair: one key can decrypt data encrypted by the other, and vice versa. Without the appropriate password or key, encrypted data cannot be decrypted.2 What both these approaches have in common is math -- lots and lots of advanced, complex math. A backdoor adds more math. In addition to the password or key, some kind of "master key" would also be needed to decrypt the data. That master key would be shared only with trusted entities (like governments) with (hopefully) legitimate reasons to decrypt the data. A real-world physical example Consider the TSA-approved padlock. TSA's "back door" on a combination lock. (Image: askleo.com) This padlock might have a key or combination. If you have the key or know the combination, you can unlock it. In the United States, the TSA (Transportation Security Administration) has mandated that approved padlocks also have an additional key slot -- a key slot for which their agents have a master key. This master key is a back door allowing them to bypass your padlock's mechanism completely and open it. This allows them to examine the contents of your luggage. You can use a non-compliant padlock, but the TSA has the right to break the lock. There's a reasonable argument that this contributes to public safety. However, even though it's likely illegal to possess, the master key has long been available to anyone who cares to get it. Travelers have been forced to sacrifice personal privacy for public security. Physical versus digital The major difference between our physical example and encryption is the bolt cutter. Luggage locks are easily broken. Even the most secure locking mechanisms can typically be thwarted with enough skill or force. That's not quite the same as digital encryption. An appropriately strong encryption algorithm can be practically impossible to break. Again, governments don't like this. They would very much like a way to break the lock,

We get frustrated with Nintendo. Then, dig into the 30-year-old backdoor that was recently exploited and the hard lesson we should learn from it. Then, we'll break down some "hot tips" that promise to make you the next DevRel star.

Every once in awhile I hear about someone in law enforcement sure that tech people can build in a safe, secure way for data to be unencrypted by the company or vendor. The latest appears to be from Australia, where the Security Intelligence Organization wants tech companies to build this into products. Backdoors never work. Anytime an encryption key is stored, it could be stolen. We see this all the time. Keys are just data, and companies lose data all the time. At scale. Governments are certainly not immune from this. One of the reasons that Azure allows a BYOK (bring your own key) for encryption mechanisms is that many organizations don't want to trust Microsoft to store their keys. I'm guessing Microsoft doesn't want the liability, either. Read the rest of No Backdoors

00:00 - Introduction01:22 - The Scenario02:50 - First Steps03:48 - Endpoint Analysis Roll04:22 - Logon Scripts Were installed05:09 - I.R. Team Introductions07:17 - Second Step10:32 - Network Threat Hunting Roll11:36 - Third Step15:12 - Anyway Here's Firewall Roll15:43 - Fourth Step18:26 - SIEM Roll19:41 - Fifth Step20:47 - UEBA Roll21:19 - Senario Recap22:20 - Senario Plausibility?25:51 - Wrap-up Takeaways

I'm joined by guests Future Paul & Rijndael to go through the list.Timecodes coming soon. Full shownotes on the link below.Links & Contacts:⁠⁠⁠⁠Website⁠⁠⁠⁠: https://bitcoin.review/Podcast⁠⁠⁠⁠Substack⁠⁠⁠⁠: https://substack.bitcoin.review/⁠⁠⁠⁠Twitter⁠⁠⁠⁠: https://twitter.com/bitcoinreviewhq⁠⁠⁠⁠NVK Twitter⁠⁠⁠⁠: https://twitter.com/nvk⁠⁠⁠⁠Telegram⁠⁠⁠⁠: https://t.me/BitcoinReviewPod⁠⁠⁠⁠Email⁠⁠⁠⁠: producer@coinkite.comNostr & LN:⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-74

Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Backdoors as an analogy for deceptive alignment, published by Jacob Hilton on September 6, 2024 on The AI Alignment Forum. ARC has released a paper on Backdoor defense, learnability and obfuscation in which we study a formal notion of backdoors in ML models. Part of our motivation for this is an analogy between backdoors and deceptive alignment, the possibility that an AI system would intentionally behave well in training in order to give itself the opportunity to behave uncooperatively later. In our paper, we prove several theoretical results that shed some light on possible mitigations for deceptive alignment, albeit in a way that is limited by the strength of this analogy. In this post, we will: Lay out the analogy between backdoors and deceptive alignment Discuss prior theoretical results from the perspective of this analogy Explain our formal notion of backdoors and its strengths and weaknesses Summarize the results in our paper and discuss their implications for deceptive alignment Thanks to Boaz Barak, Roger Grosse, Thomas Read, John Schulman and Gabriel Wu for helpful comments. Backdoors and deceptive alignment A backdoor in an ML model is a modification to the model that causes it to behave differently on certain inputs that activate a secret "trigger", while behaving similarly on ordinary inputs. There is a wide existing literature on backdoor attacks and defenses, which is primarily empirical, but also includes some theoretical results that we will mention. Deceptive alignment is a term from the paper Risks from Learned Optimization in Advanced Machine Learning Systems (Section 4) that refers to the possibility that an AI system will internally reason about the objective that it is being trained on, and decide to perform well according to that objective unless there are clues that it has been taken out of its training environment. Such a policy could be optimal on the training distribution, and yet perform very badly on certain out-of-distribution inputs where such clues are present, which we call defection triggers.[1] The opposite of deceptive alignment is robust alignment, meaning that this performance degradation is avoided. Since a deceptively aligned model and a robustly aligned model behave very differently on defection triggers, but very similarly on typical inputs from the training distribution, deceptive alignment can be thought of as a special kind of backdoor, under the following correspondence: Deceptive alignment Backdoors Robustly aligned model Original (unmodified) model Deceptively aligned model Backdoored model Defection trigger Backdoor trigger The main distinguishing feature of deceptive alignment compared to other kinds of backdoors is that the deceptively aligned model is not produced by an adversary, but is instead produced through ordinary training. Thus by treating deceptive alignment as a backdoor, we are modeling the training process as an adversary. In our analysis of deceptive alignment, the basic tension we will face is that an unconstrained adversary will always win, but any particular proxy constraint we impose on the adversary may be unrealistic. Static backdoor detection An important piece of prior work is the paper Planting Undetectable Backdoors in Machine Learning Models, which uses a digital signature scheme to insert an undetectable backdoor into a model. Roughly speaking, the authors exhibit a modified version of a "Random Fourier Features" training algorithm that produces a backdoored model. Any input to the backdoored model can be perturbed by an attacker with knowledge of a secret key to produce a new input on which the model behaves differently. However, the backdoor is undetectable in the sense that it is computationally infeasible for a defender with white-box access to distinguish a backdoored model from an or...

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

CrowdStrike Exec's "Most Epic Fail" Award Hardware backdoors discovered in Chinese-made key cards Counterfeit CISCO networking gear SpinRite Errata NPD breach updates from listeners Looking back at old SN episodes Cascading Bloom Filters Show Notes - https://www.grc.com/sn/SN-989-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT 1password.com/securitynow e-e.com/twit GO.ACILEARNING.COM/TWIT code SN100

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Hardware backdoors found in Chinese key cards

This is a special interview episode with Meredith Whittaker, the president of the Signal Foundation. I'm sure you all know, and maybe even use, the Signal messaging app. Here we sat down with Whittaker to talk all about the state of Signal today, the threat of AI to end-to-end encryption, what backdoors actually look like, and much more. This is a wide-ranging discussion where one of the few journalists who has revealed new details about backdoors (Joseph) gets to speak to one of the most important people in the world of encryption (Whittaker). Definitely take a listen. Paid subscribers got access to this episode early by the way. Dark Wire: The Incredible True Story of the Largest Sting Operation Ever Signal page on government data requests Microsoft Will Switch Off Recall by Default After Security Backlash Telegram CEO Pavel Durov interview Subscribe at 404media.co for early access and bonus content. Learn more about your ad choices. Visit megaphone.fm/adchoices

It's been a while huh? Apologies for our absence, but the team are back with a run through of everything we've got going on at Black Hat - from our 10 year birthday celebrations, the interesting lightning talks in our booth, and Joe Marshall's "Backdoors and Breaches" game. Come and visit us at Cisco Booth 1732 and Splunk Booth 1940.Before that, Matt encourages Mitch and Lurene to join him in the joy of Tekkno Train by Electric Callboy (Choo Choo!) and Mitch explains why his son has developed a huge potty mouth, with no sense of irony. Lurene also reveals insights into creating a university curriculum for cyber weapons development.Stick around for an illumunating discussion on how AI could affect a Furby. Just don't google "Long Furbie". You just googled it didn't you? Ah man, we warned you...

Guests: Vas Mavroudis, Principal Research Scientist, The Alan Turing InstituteWebsite | https://mavroud.is/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757Jamie Gawith, Assistant Professor of Electrical Engineering, University of BathOn LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

Guests: Vas Mavroudis, Principal Research Scientist, The Alan Turing InstituteWebsite | https://mavroud.is/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#vasilios-mavroudis-34757Jamie Gawith, Assistant Professor of Electrical Engineering, University of BathOn LinkedIn | https://www.linkedin.com/in/jamie-gawith-63560b60/At BlackHat | https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jamie-gawith-48261____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesAs Black Hat Conference 2024 approaches, Sean Martin and Marco Ciappelli are gearing up for a conversation about the complexities of deep reinforcement learning and the potential cybersecurity threats posed by backdoors in these systems. They will be joined by Vas Mavroudis from the Alan Turing Institute and Jamie Gawith from the University of Bath, who will be presenting their cutting-edge research at the event.Setting the Stage: The discussion begins with Sean and Marco sharing their excitement about the upcoming conference. They set a professional and engaging tone, seamlessly leading into the introduction of their guests, Jamie and Vas.The Core Discussion: Sean introduces the main focus of their upcoming session, titled "Backdoors in Deep Reinforcement Learning Agents." Expressing curiosity and anticipation, he invites Jamie and Vas to share more about their backgrounds and the significance of their work in this area.Expert Introductions: Jamie Gawith explains his journey from working in power electronics and nuclear fusion to focusing on cybersecurity. His collaboration with Vas arose from a shared interest in using reinforcement learning agents for controlling nuclear fusion reactors. He describes the crucial role these agents play and the potential risks associated with their deployment in critical environments.Vas Mavroudis introduces himself as a principal research scientist at the Alan Turing Institute, leading a team focused on autonomous cyber defense. His work involves developing and securing autonomous agents tasked with defending networks and systems from cyber threats. The conversation highlights the vulnerabilities of these agents to backdoors and the need for robust security measures.Deep Dive into Reinforcement Learning: Vas offers an overview of reinforcement learning, highlighting its differences from supervised and unsupervised learning. He emphasizes the importance of real-world experiences in training these agents to make optimal decisions through trial and error. The conversation also touches on the use of deep neural networks, which enhance the capabilities of reinforcement learning models but also introduce complexities that can be exploited.Security Concerns: The discussion then shifts to the security challenges associated with reinforcement learning models. Vas explains the concept of backdoors in machine learning and the unique challenges they present. Unlike traditional software backdoors, these are hidden within the neural network layers, making detection difficult.Real-World Implications: Jamie discusses the practical implications of these security issues, particularly in high-stakes scenarios like nuclear fusion reactors. He outlines the potential catastrophic consequences of a backdoor-triggered failure, underscoring the importance of securing these models to prevent malicious exploitation.Looking Ahead: Sean and Marco express their anticipation for the upcoming session, highlighting the collaborative efforts of Vas, Jamie, and their teams in tackling these critical issues. They emphasize the significance of this research and its implications for the future of autonomous systems.Conclusion: This pre-event conversation sets the stage for a compelling session at Black Hat Conference 2024. It offers attendees a preview of the insights and discussions they can expect about the intersection of deep reinforcement learning and cybersecurity. The session promises to provide valuable knowledge on protecting advanced technologies from emerging threats.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________This Episode's SponsorsLevelBlue: https://itspm.ag/levelblue266f6cCoro: https://itspm.ag/coronet-30deSquareX: https://itspm.ag/sqrx-l91____________________________Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasOn YouTube:

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we've learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

In this interview at Black Hat Asia 2024, we spoke with Adrian Wood and Mary Walker, security engineers from Dropbox, about the critical issues surrounding AI security, backdoors, and malware.Adrian and Mary explained that many users rely on pre-existing machine learning (ML) models from public repositories rather than creating their own. This introduces vulnerabilities similar to those found in open-source software. Using in-house data requires careful handling to avoid bias and unintended consequences, while third-party models can be compromised.They emphasized that downloading and running models from the internet can introduce malware. Attackers can backdoor models to alter their functions or insert malicious code, posing significant threats, especially in sensitive industries.Adrian and Mary also stressed the importance of understanding the ML environment, ensuring proper logging, and having incident response plans in place. Companies should prepare by conducting tabletop exercises and securing their supply chains.For more educational information on machine learning: https://gist.github.com/5stars217/236bab5d1d8d50e9785a4136aca8cf20 --------Dropbox, Security Engineer - Adrian Wood, aka threlfall, currently works for Dropbox on their red team. He has worked as a red team consultant for WHITEHACK, a company he founded, and later as a lead engineer for an offensive security research team at a US bank. His research recently has been in supply chain attacks on CI/CD and ML systems, which includes maintaining the offsec ml playbook and has presented on these topics at DEFCON 30, 31, the DEFCON AI village, Cackalackycon and more.Dropbox, Security Engineer - Mary Walker, aka mairebear, currently works for Dropbox on their threat intelligence team; she splits her time at work between research (primarily focused on ML) and building tooling to help her team move faster. She's previously worked at a major online retailer on their malware analysis and forensics team, a US bank on their red team, and an energy company in their SOC. Her background is primarily in DFIR and malware analysis, with a keen interest in production environments.Recorded 18th April 2024, 4.30pm, BlackHat Asia 2024, Singapore #BHAsia #mysecuritytv #blackhat

This episode reports on the break up of a North Korean scheme tricking American firms into hiring who they thought were Americans app developers to work remotely, and more 

Agradece a este podcast tantas horas de entretenimiento y disfruta de episodios exclusivos como éste. ¡Apóyale en iVoox! Puertas traseras en nuestra vida cotidiana. Que son, como funcionan...Escucha este episodio completo y accede a todo el contenido exclusivo de MISTERIOS UNIVERSALES con Artur Homs. Descubre antes que nadie los nuevos episodios, y participa en la comunidad exclusiva de oyentes en https://go.ivoox.com/sq/465562

The ubiquitous semiconductor chips have acquired huge importance in today's geopolitical environment. Join Arindam Goswami and Satya Sahu in this episode of All Things Policy as they uncover the intricate world of chip-based hardware backdoors, exploring their implications for cybersecurity, national security and public policy.

Join Andrea and Michelle in a laughter-filled journey where they spill the beans on spicing up your love life! From the hilarity of shopping for vibrators to navigating the uncharted waters of self-pleasure and the delicate dance of enjoying moments with your spouse, these two witty minds guide you through the ups and downs (literally!). It's the perfect blend of humor and wisdom on the road to a healthier, happier, and, let's face it, more exciting sex life. Get ready for candid conversations, laughs, and a few blush-worthy tales!

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-823

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd Show Notes: https://securityweekly.com/psw-823

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-823

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800 https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor https://github.com/amlweems/xzbot https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/ https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/ https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504 https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ https://xeiaso.net/notes/2024/xz-vuln/ https://infosec.exchange/@AndresFreundTec@mastodon.social https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd Show Notes: https://securityweekly.com/psw-823

Join Andrea and Michelle in a laughter-filled journey where they spill the beans on spicing up your love life! From the hilarity of shopping for vibrators to navigating the uncharted waters of self-pleasure and the delicate dance of enjoying moments with your spouse, these two witty minds guide you through the ups and downs (literally!). It's the perfect blend of humor and wisdom on the road to a healthier, happier, and, let's face it, more exciting sex life. Get ready for candid conversations, laughs, and a few blush-worthy tales!

Threat actors install backdoor on Barracuda appliances iPhone triangulation exploit used undocumented features New York Times starts the publisher LLM lawsuits Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com!  The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.  

We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curvesLinks:- Steve's post: https://saweis.net/posts/nist-curve-seed-origins.html- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf- “A RIDDLE WRAPPED IN AN ENIGMA”: https://eprint.iacr.org/2015/1018.pdf- https://arstechnica.com/information-technology/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-institute-of-standards-and-technology-78756/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-security-agency-78755/- Filippo's bounty: https://words.filippo.io/dispatches/seeds-bounty/- Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters - NIST 800-186 with Curve25519 and friends- RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier- https://www.rfc-editor.org/rfc/rfc4492#section-6- https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/- https://en.wikipedia.org/wiki/Bullrun_(decryption_program)- https://en.wikipedia.org/wiki/BSAFE- https://sockpuppet.org/blog/2015/08/04/is-extended-random-malicious/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

This episode reports on the possiblity that thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability, and more

China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K's Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET)  China teases imminent exposé of seismic US spying scheme (Register)  2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability (SecurityWeek)  Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) LinkedIn Accounts Under Attack (Cyberint) LinkedIn faces surge of account hijacking (Computing) LinkedIn accounts hacked in widespread hijacking campaign (BleepingComputer) Raccoon Stealer malware returns with new stealthier version (BleepingComputer) FBI warns of increasing cryptocurrency recovery scams (BleepingComputer)  Russia slaps Reddit, Wikipedia with fines (Cybernews)