POPULARITY
I'm joined by guests Rob Hamilton, Ben Carman, & Rijndael to go through the list. Timecodes coming soon. Follow link below for full shownotes. Links & Contacts Website: https://bitcoin.review/Podcast Substack: https://substack.bitcoin.review/ Twitter: https://twitter.com/bitcoinreviewhq NVK Twitter: https://twitter.com/nvk Telegram: https://t.me/BitcoinReviewPod Email: producer@coinkite.com Nostr & LN:⚡nvk@nvk.org (not an email!) Full show notes: https://bitcoin.review/podcast/episode-65
What is BadUSB? --- Support this podcast: https://podcasters.spotify.com/pod/show/wikipediaread/support
What is BadUSB? --- Support this podcast: https://podcasters.spotify.com/pod/show/wikipediaread/support
Superbowl TV ads. PC sales see steep decline. AI is being placed into Bing & Google search engines. Why am I not receiving emails from specific email addresses? What is quick connect for Synology and how do you use it? Daniel Suarez interview from Trianguation / TWiT Events. A story about fake storage devices from Amazon... Leo gives an overview of the Soundblast Creative Labs X5 sound card. What is BadUSB, and is there a way to safely read USB drives if you're unaware of its origin? Mikah demonstrates using iMazing to recover files from your iPhone backups. Bad DNSs and how to override them. How to delete your LastPass vault and further protect your password from being breached. Hosts: Leo Laporte and Mikah Sargent Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1961 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: eightsleep.com/twit Melissa.com/twit
Superbowl TV ads. PC sales see steep decline. AI is being placed into Bing & Google search engines. Why am I not receiving emails from specific email addresses? What is quick connect for Synology and how do you use it? Daniel Suarez interview from Trianguation / TWiT Events. A story about fake storage devices from Amazon... Leo gives an overview of the Soundblast Creative Labs X5 sound card. What is BadUSB, and is there a way to safely read USB drives if you're unaware of its origin? Mikah demonstrates using iMazing to recover files from your iPhone backups. Bad DNSs and how to override them. How to delete your LastPass vault and further protect your password from being breached. Hosts: Leo Laporte and Mikah Sargent Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1961 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: eightsleep.com/twit Melissa.com/twit
Superbowl TV ads. PC sales see steep decline. AI is being placed into Bing & Google search engines. Why am I not receiving emails from specific email addresses? What is quick connect for Synology and how do you use it? Daniel Suarez interview from Trianguation / TWiT Events. A story about fake storage devices from Amazon... Leo gives an overview of the Soundblast Creative Labs X5 sound card. What is BadUSB, and is there a way to safely read USB drives if you're unaware of its origin? Mikah demonstrates using iMazing to recover files from your iPhone backups. Bad DNSs and how to override them. How to delete your LastPass vault and further protect your password from being breached. Hosts: Leo Laporte and Mikah Sargent Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1961 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsors: eightsleep.com/twit Melissa.com/twit
Superbowl TV ads. PC sales see steep decline. AI is being placed into Bing & Google search engines. Why am I not receiving emails from specific email addresses? What is quick connect for Synology and how do you use it? Daniel Suarez interview from Trianguation / TWiT Events. A story about fake storage devices from Amazon... Leo gives an overview of the Soundblast Creative Labs X5 sound card. What is BadUSB, and is there a way to safely read USB drives if you're unaware of its origin? Mikah demonstrates using iMazing to recover files from your iPhone backups. Bad DNSs and how to override them. How to delete your LastPass vault and further protect your password from being breached. Hosts: Leo Laporte and Mikah Sargent Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1961 Download or subscribe to this show at: https://twit.tv/shows/total-leo Sponsors: eightsleep.com/twit Melissa.com/twit
Superbowl TV ads. PC sales see steep decline. AI is being placed into Bing & Google search engines. Why am I not receiving emails from specific email addresses? What is quick connect for Synology and how do you use it? Daniel Suarez interview from Triangulation / TWiT Events. A story about fake storage devices from Amazon... Leo gives an overview of the Soundblast Creative Labs X5 sound card. What is BadUSB, and is there a way to safely read USB drives if you're unaware of its origin? Mikah demonstrates using iMazing to recover files from your iPhone backups. Bad DNSs and how to override them. How to delete your LastPass vault and further protect your password from being breached. Hosts: Leo Laporte and Mikah Sargent Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1961 Download or subscribe to this show at: https://twit.tv/shows/all-twittv-shows Sponsors: eightsleep.com/twit Melissa.com/twit
This week Dave (https://dgshow.org/hosts/dave) and Gunnar (https://dgshow.org/hosts/gunnar) talk about automating ransomware, automating prosecution, automating defense attorneys, and a bridge “Sent from my iPhone”: 5 Helpful Tips on How to Write Emails from Your Phone (https://www.grammarly.com/blog/how-to-write-emails-from-mobile/) Air Conditioning test in Allendale (https://www.atlasobscura.com/places/austin-air-conditioned-village) FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware (https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/) See also: D&G 138 (https://dgshow.org/138) (from 2017!) Almost related: Remote staff are using ‘mouse movers' to keep their computer awake and fool the boss (https://metro.co.uk/2021/12/09/remote-staff-use-mouse-movers-to-keep-laptops-awake-and-fool-bosses-15741764/) Chinese scientists develop AI ‘prosecutor' that can press its own charges (https://www.scmp.com/news/china/science/article/3160997/chinese-scientists-develop-ai-prosecutor-can-press-its-own) "A computer can never be held accountable. Therefore, a computer must never make a management decision." (https://photos.app.goo.gl/Mi2jpYcpsCfiQKfH8) DoNotPay: This 'Robot Lawyer' Might Save Your Banned Social Media Account (https://gizmodo.com/this-robot-lawyer-might-save-your-banned-social-media-a-1848260777) Akron police investigating after 58-foot bridge goes missing (https://fox8.com/news/akron-police-investigating-after-58-foot-bridge-went-missing/) Suspect charged after 58-foot bridge stolen in Akron (https://fox8.com/news/suspect-charged-after-58-foot-bridge-stolen-in-akron/) Cutting Room Floor * Blower (https://apps.apple.com/us/app/blower/id335862325): Blow out candles with iPhone! * How Does This App Blow Out Candles? (https://www.youtube.com/watch?v=tX6XSs2T5Go) * Henry Kissinger fulfilling his dream of being a weatherman. (http://www.weirduniverse.net/blog/comments/henry_kissinger_weatherman) * What your favorite sad dad band says about you (https://www.mcsweeneys.net/articles/what-your-favorite-sad-dad-band-says-about-you) We Give Thanks * The D&G Show Slack Clubhouse for the discussion topics!
What's up, everyone! In this episode, Ryan, Shannon, and LeVon discuss the FBI's flash warning concerning the cybercrime group, FIN7, and their clever use of ransomware-ridden USB drives. Please LISTEN
This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, iOS/MacOS vulnerablities, and new hardware with Microsoft's Pluton Security Processor. ------------------------------------------- Youtube Video Link: https://youtu.be/yQebJcb2j3E ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/more-security-flaws-found-in-apple-s-OS-technologies https://www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/ https://www.csoonline.com/article/3647173/badusb-explained-how-rogue-usbs-threaten-your-organization.html#tk.rss_all https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-excel-40-macros-by-default-to-block-malware/ https://www.csoonline.com/article/3647170/microsofts-pluton-security-processor-tackles-hardware-firmware-vulnerabilities.html#tk.rss_all ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://anchor.fm/blue-security-podcast/message
USB attacks, weighing cloud vs. on-prem, and data science with Anaconda. 2FA app with 10,000 Google Play downloads loaded well-known banking trojan Millions of routers and IoT devices at risk as malware source code surfaces on GitHub BadUSB - Are you prepared to defend against a USB attack? Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users IT Pros may use the cloud, but they trust on-prem more Wi-Fi 7 hardware demos herald next-gen wireless networking Data science with Anaconda co-founder and CEO Peter Wang Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Peter Wang Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT linode.com/twiet CDW.com/Services
USB attacks, weighing cloud vs. on-prem, and data science with Anaconda. 2FA app with 10,000 Google Play downloads loaded well-known banking trojan Millions of routers and IoT devices at risk as malware source code surfaces on GitHub BadUSB - Are you prepared to defend against a USB attack? Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users IT Pros may use the cloud, but they trust on-prem more Wi-Fi 7 hardware demos herald next-gen wireless networking Data science with Anaconda co-founder and CEO Peter Wang Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Peter Wang Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT linode.com/twiet CDW.com/Services
Bu hafta Murat Lostar, FBI'ın Amerika'daki şirketlere gönderilen BadUSB'ler konusunda uyarıda bulunmasını yorumluyor. Keyifli dinlemeler.
ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover: * A Critical H2 Database Vulnerability * DDoS Extortion * Alternate ransomware techniques ***Resources from this week's podcast*** Cyber Threats to the Education System https://www.digitalshadows.com/blog-and-research/cyber-threats-to-education/ How Do Ransomware Groups Launder Payments https://www.digitalshadows.com/blog-and-research/how-do-ransomware-groups-launder-payments/ JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell https://www.zdnet.com/article/jfrog-researchers-find-jndi-vulnerability-in-h2-database-consoles-similar-to-log4shell/ Extortion DDoS attacks grow stronger and more common https://www.bleepingcomputer.com/news/security/extortion-ddos-attacks-grow-stronger-and-more-common FBI: Hackers use BadUSB to target defense firms with ransomware https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.
Welcome to the first Cyber Security Brief of 2022! In this week’s podcast, Dick O’Brien and Brigid O Gorman chat about some of the biggest news stories of the last couple of weeks. The topics up for discussion in this episode include: FIN7 BadUSB attacks return, an interesting new multi-platform backdoor, and the latest way attackers are attempting to abuse Google Docs. Also, a jump in the number of extortion DDoS attacks, how payments to suspicious cryptocurrency wallets have exploded in recent months, corruption of open source libraries as a form of protest, and how one APT group managed to infect itself with its own malware.
On this week's show Patrick Gray, Katie Nickels and Joe Slowik discuss the week's security news, including: US Government warns of impending critical infrastructure hacks Log4j bug in VMWare gets a workout Ex Uber CSO Joe Sullivan facing wire fraud charges Signal to push ahead on cryptocurrency payments Italian literary nerd busted for running one man APT operation Much, much more This week's show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he's joining us this week to talk about the log4j bug and some adjacent issues. He's working on a paper with IST about the bug and what it all means, and he's joining us this week to talk about why the log4j drama was different. Links to everything that we discussed are below and you can follow Katie, Joe or Patrick on Twitter if that's your thing. Show notes US warns of Russian state-sponsored attacks on critical infrastructure - The Record by Recorded Future UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits - The Record by Recorded Future Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns CISA director: Log4Shell has not resulted in 'significant' government intrusions yet - The Record by Recorded Future Researchers discover Log4j-like flaw in H2 database console | The Daily Swig Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up' | The Daily Swig Signal's Cryptocurrency Feature Has Gone Worldwide | WIRED Alex Stamos on Twitter: "I'm glad that @CaseyNewton wrote about the legal risks of marrying E2EE with hard-to-trace money transmission and I was glad to talk to him. I think @signalapp is underestimating the legal attack surface they are opening up here. https://t.co/qx3qzwd6mk" / Twitter Signal >> Blog >> New year, new CEO Deposits to illicit crypto addresses nearly doubled in 2021, Chainalysis finds Italian man arrested for stealing unpublished book manuscripts - The Record by Recorded Future Activision Sues and Unmasks Alleged 'Call of Duty: Warzone' Cheat Sellers FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware - The Record by Recorded Future Threat actors can simulate iPhone reboots and keep iOS malware on a device - The Record by Recorded Future SOHO routers impacted by bug in USB-over-network component - The Record by Recorded Future Google Docs commenting feature abused in phishing operations - The Record by Recorded Future Coming to a laptop near you: A new type of security chip from Microsoft | Ars Technica SFile (Escal) ransomware ported for Linux attacks - The Record by Recorded Future FinalSite discloses ransomware attack that crippled websites for 8,000 schools - The Record by Recorded Future Albuquerque impacted by ransomware attack on Bernalillo County government - The Record by Recorded Future Hotel chain switches to Chrome OS to recover from ransomware attack - The Record by Recorded Future Moxie Marlinspike >> Blog >> My first impressions of web3
The FIN7 ransomware group has been sending malware laden BadUSB devices to targets in the United States. https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/ Yealink phones are communicating with Chinese based servers three times a day and are able to review and log all network traffic flowing through the headset. https://www.defenseone.com/technology/2022/01/common-office-desk-phone-could-be-leaking-info-chinese-government-report-alleges/360500/ 0:00 - Intro 0:38 - Yealink handsets calling home to Chinese servers 4:20 - Mitigating Yealink concerns 8:55 - FIN7 sending LilyGo branded malware laden BadUSB drives to American companies and agencies 12:00 - How to mitigate these two threats 21:36 - Outro Eric Taylor https://www.linkedin.com/in/ransomware/ https://twitter.com/barricadecyber https://www.barricadecyber.com https://www.buymeacoffee.com/erictaylor Shiva Maharaj https://www.linkedin.com/in/shivamaharaj https://twitter.com/kontinuummsp https://www.kontinuum.com/ https://www.buymeacoffee.com/shivaemmvaemm --- Support this podcast: https://anchor.fm/amplifiedandintensified/support
VMware Horizon & Log4Shell, Patching Woes and USB Ransomware Cybersecurity News CyberHub Podcast January 10th, 2021 Today's Headlines and the latest #cybernews from the desk of the #CISO: Threat actor targets VMware Horizon servers using Log4Shell exploits SonicWall Patches Y2K22 Bug in Email Security, Firewall Products QNAP Urges Users to Secure NAS Devices as Attacks Surge Eight New macOS Malware Families Emerged in 2021 FIN7 hackers target US companies with BadUSB devices to install ransomware WordPress 5.8.3 Patches Several Injection Vulnerabilities Story Links: https://therecord.media/uk-nhs-threat-actor-targets-vmware-horizon-servers-using-log4shell-exploits/ https://www.securityweek.com/sonicwall-patches-y2k22-bug-email-security-firewall-products https://www.securityweek.com/qnap-urges-users-secure-nas-devices-attacks-surge https://www.securityweek.com/eight-new-macos-malware-families-emerged-2021 https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/ https://www.securityweek.com/wordpress-583-patches-several-injection-vulnerabilities “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast Gettr: @Jamesazar ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7's BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on their report - The Government Called, Are You Ready to Answer? Chris Novak from Verizon on PCI 4.0. And Russo-American talks open in Geneva. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/6
Sponsor by SEC Playground Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support
Joe has the story of a very exposing scam, Dave has the scoop on a rare BadUSB attack, The Catch of the Day is a 'lame scammer who needs to get a life' and later in the show our conversation with Tom Miller from ClearForce on continuous discovery in the workplace, and the human side of protecting your business. Links to stories: ‘What kind of breast check-up would need my face?’: Woman falls victim to Facebook Messenger scam Rare BadUSB attack detected in the wild against US hospitality provider Thanks to our sponsor, KnowBe4.
Om Shownotes ser konstiga ut så finns de på webben här också: https://www.enlitenpoddomit.se/e/en-liten-podd-om-it-avsnitt-236 Avsnitt 236 spelades in den 20:e Oktober och eftersom slaget i Hastings inte hände i Hastings så handlar dagens avsnitt om: FEEDBACK OCH BACKLOG * BONUSLÄNK: Trailern till filmen LEIF * Mats är här, David är här, Björn är här, och Johan är ganska närvarande han också. Även om det är lite mindre Johan än tidigare... * Mats har föreläst i veckan om företagshemligheter. * Förra veckan pratades det om att Android inte alls är så dåligt som det påstods i en artikel. Nu pratar vi om det vi pratade om då, och vad andra sedan har pratat om igen för att ändra det som de pratat om från början. * BONUSLÄNK: förra avsnittet * Kaspersky: 20 000 attacker var 15 minut mot olika IoT enheter. Om man har nått som är kopplat på nätet så se till att inte köra med default lösenorden. * Floppys är framtiden! Eller inte, för nu ska floppyn ersättas till och med hos Amerikanska flottan * BONUSLÄNK: skärmsydd kan göra att fingeravtrycksläsare på Samsung godkänner det mesta... MICROSOFT * Det kommer möjlighet att begränsa skärmtid både i windows och android * Använd yubikey för att logga in i Windows * Nytt tangentbord från Microsoft med knappar för Office och emojii * "Azure Files" växer upp och blir lite större. :) * GA för "Desktop Analytics". Sjukt nice för alla som kör SCCM * Superkort: Gå igenom era roller i AAD. Det finns nya nu som gör att många som idag är global Admins troligen kan klara sig med mindre. APPLE * MacOS catalina har tydligen fått lite problem * Bara Apples utvecklare får tillgång till NFC-chippet på Apple enheter. Det är folk arga på, och EU också... GOOGLE Har varit Google Event, johan har lyssnat och lärt sig saker... * Nyheter är bland annat * google pixel 4 och 4XL * Google Nest Wifi * Google Nest Mini * Google pixel Buds 2 * Bra att ha länkar: * https://gizmodo.com/everything-google-announced-today-1839062480 * https://gizmodo.com/every-exciting-google-assistant-feature-announced-today-1839060163 * https://www.theverge.com/2019/10/15/20908082/nest-wifi-smart-speaker-router-assistant-hands-on-photos-video-price * https://www.theverge.com/2019/10/14/20914114/google-nest-home-mini-assistant-smart-speaker-leaked-photos * https://www.engadget.com/2019/10/15/google-nest-ultrasound-sensing-hands-on-hub-max-hub-mini/ * Https://www.androidcentral.com/why-google-dropped-fingerprint-sensor-and-why-thats-bad-thing * https://www.theverge.com/2019/10/15/20915452/google-pixel-4-recorder-app-transcription-real-time-free-language-processing * https://9to5google.com/2019/10/08/google-stream-transfer-assistant/ * https://techcrunch.com/2019/10/08/googles-grasshopper-coding-class-for-beginners-comes-to-the-desktop/ * BONUSLÄNK: Google netst har sålt 11 miljoner sedan 2011 * Flytta med musik, Publicerades för en dryg vecka sedan ANDRA NYHETER * DISNEY+, Vilket material kommer finnas * LINKSYS kan känna av vart man befinner sig i huset * GAMLA COOLA MS DOS SPEL!!!!!! SHUT UP AND TAKE MY MONEY: * Mats: Antingen en Letherman eller en Captian america smart-klocka * Björn: Snart är det vinter. That sucks.. Så flip-flops med gräs behövs nu * David: En helt sjukt dyr fåtölj * Johan: Nest Wifi EGNA LÄNKAR * En Liten Podd Om IT på webben * En Liten Podd Om IT på Facebook LÄNKAR TILL VART MAN HITTAR PODDEN FÖR ATT LYSSNA: * Apple Podcaster (iTunes) * Overcast * Acast * Spotify * Stitcher LÄNK TILL DISCORD DÄR MAN HITTAR LIVE STREAM + CHATT https://discord.gg/gfKnEGQ (Tack för att du har läst hela vägen hit, du får veckans guldstjärna! Tyvärr är erbjudandet om rabatt till TechDays slut, men vi hoppas att vi träffas där ändå)
We break down the ASUS Live Update backdoor and explore why these kinds of supply chain attacks are on the rise. Plus an update from the linux vendor firmware service, your feedback, and more!
The next Internet? 50 million NXT stolen? Also, PCell, how to get to an anarchist society, BadUSB, Star Trek, and much, much more… Special Guest: None Stories of the Week:--Rapidfire Stories: DirectX 12, Acer Chromebook 13, Google Hangouts Ultra Violet and Stars, Twitter is starting video ads, Google laying down fiber from Cali to Japan again since 2009, NXT opens a digital goods store and gets hacked.--”Outernet” Link: goo.gl/xFf2nk--”PCell” Link: goo.gl/Pge6US Tech Roulette:--”Whose NXT?” Link: goo.gl/1BISgU Game of Choice:--”Nanosaur” Link: www.wikiwand.com/en/Nanosaur Important Email:--”Applause? Not so crazy ideas? Luddites? To Leave or Not to Leave?” Website of the Week:--”Anything2mp3” Link: anything2mp3.com/ Hacksec:--”Black Hats and Defcons” Link: goo.gl/W4a9pj Software of the Week:--”WikiWand” Link: www.wikiwand.com/ The Climax:--”The State of Star Trek” Link: goo.gl/XGvzhD, goo.gl/xvRvQe, APPENDIX:--“Updated NXT white paper (July 2014)” Link: goo.gl/Z8dFHY--”Steve Gibson’s comments on Black Hat” Link: goo.gl/YLzy33--”Star Trek: Prelude to Axanar” Link: goo.gl/1GKr5r-------------------------------------------------------------------------------------------------------------------NXT: NXT-4V3J-VA4W-4EY3-GUWV2BLACKCOIN: BP88JtwY9xLev5RKbxpZVuwyhtVdChrADNAMECOIN: NHfN1kpj8G9aUCCHuummBKa8mPvppN1UFaLITECOIN: LLUXwfWrKDpuK38ZnPD14K6zc6rUaRgo9WBITCOIN: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d---------------------------------------------------------------------------------------------------------------------Don’t forget you can e-mail the show at: sovryntech@riseup.netYou can also visit our IRC channel on Freenode: #SovrynBalnea---------------------------------------------------------------------------------------------------------------------Brian Sovryn prefers RetroShare! Below is the certificate to find and connect with the show on RetroShare (Username: SovrynTech) Af8AAAJbxsBNBFOcuC4BCACpKFnd9cS2LBoLSsRfbVdt9rPVxyDbi0YsV06WGGlkfuXtbJNDFVw8ckhaQeVQk+6Mk7m2WsbG/CpRSA9jfezXYqPv4433gTVQVSQA+od9K4dpXKOWhsk2OPDDlrqFvisGlW1gcM7SWwoX0LQhbnkzhYMh2wQIZjpKU0iSYVmVDEe0ukSnV/NdPzsZmqd+dSFTkjiPtGVRsYKoOBz86mub9vxUKsItGioB8ag/qqEpOHaBRmGhRePSfSUe9IbLX1wz8PBvLnZsyH154cCnVkSTMoHk0hgSJWzXrW0XyjQQAfruLDNlKMYlNnNWCUU9eZ3jVDqtBoaLM2LRlT/Sxm+DABEBAAHNJ1NvdnJ5blRlY2ggKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU5y4LgkQ0wM5pbKbGccCGQEAAEYAB/0YKCpXZCU6A1/yEjSmvIePbBh5tFgv4966+QbOTtQArGwBiqMxkXwNfG8o6OZBD/5tuoPZbSdaPLU5pEY1b8HA0dYGYmGaATSnEN96KfKVrJPE2AYfNwSIrWj/9EWxfTJLozbO74/IIGOrOxy5iNAG6f3sk1Y4mBxESbNpWxdtAlk9n1Asp9f7Zs3/K8dyrLam3xThq4n3xA9ZqUTOLQEzBubTcvsTA0+1hzvf/tkOd+hJvTp9PeCWr5kJzV5+uEA2IdYSvBh8iqHwFQAFBKqgA1NXmhE6VuAn1UQ2myARpDt8M0EIpwbcgJeRHD5HMmaKE450uv8l5eu2ZQqNta7dAgZCV3ye46YDBsCoKj/jpgQABghMYXB0b3AgMQUQBLtrCoMIoacOKhFsx7KIvw==---------------------------------------------------------------------------------------------------------------------You can also contact the show through BitMessage at the address: BM-NBMFb4W42CqTaonxApmUji1KNbkSESki---------------------------------------------------------------------------------------------------------------------And we are on Twister! The P2P microblogging platform: @sovryntech ---------------------------------------------------------------------------------------------------------------------If you wish to send me a PGP-encrypted e-mail, the public key is below, and please send your e-mail to: brian@freetalklive.com (note: this also works for KryptoKit) -----BEGIN PGP PUBLIC KEY BLOCK-----Version: SKS 1.1.4Comment: Hostname: pgp.mit.edu mQENBFKYHJoBCADYLMoFR5/6Je/vViGjbdRobuDXQjGlUP7dGcp8Sh+V4pCkTcpLc0eSrGCzBSverUDtHYe/sAWAINwW3NxB5P/0LgXpt+fZSTe0kdPtrxfmi6tjOCLQHSXoaI4baXVUdZma2ww0QtPY9lS+v5oLEZV74m183JQvtsjTuCnrT9LGN/JIlLZ+FHnox1iMgfcJHhIn0WJgHsYEQrP7Y4GW4lIVWO7FHdREGM9Uf2/syT79fObNthqEv5OdeIaTItpBQpd7yhEY6OyB5ed8Oxh7/iAN+BlNMf2/CfRYN0EPioZGosv/4h42NV+vuDEvEo8KjxgK+3ESO7X4Z0PjIBr8SN6nABEBAAG0JUJyaWFuIFNvdnJ5biA8YnJpYW5AZnJlZXRhbGtsaXZlLmNvbT6JARwEEAEIABAFAlKYHJ0JEBT+3jU4bu7EAAAwewf/dDzv2oTi7WLBm4QJjmuc+7BAFJFkk585SC4pcq/Lp5T/DhMChIWnLbvqki+JdezbCrYJH5rOLUMlAWxiyPvxNps2RC0U4TTbv2zSsqjSw7riQo0gBtoJv9TwqvMAjQzHOOgQKpX25Quk+3ViCd52XtE1MKzzq8n5grcGTlsXjacLTCB41vMQjRRBGxlTIbFdba+GTHkkPZzgtXiIcIRf8s1wxZWYvWy8mlNPgRfq5OmSRwlhLCpj6qtkYZBztmuyuSbrVIcC+5L0kdld0If6ryW2P8m4DRYvlC/dQ7hvn4XrBBZwWf5UvTkJaUeWUwkw7tGmTk4gpqV1aPZRJuWsag===aZrF-----END PGP PUBLIC KEY BLOCK--------------------------------------------------------------------------------------------------------------------------www.sovryntech.comwww.twitter.com/sovryntechplus.google.com/+BrianSovryn1i/liberty.me/members/briansovryn/
The next Internet? 50 million NXT stolen? Also, PCell, how to get to an anarchist society, BadUSB, Star Trek, and much, much more… Special Guest: None Stories of the Week:--Rapidfire Stories: DirectX 12, Acer Chromebook 13, Google Hangouts Ultra Violet and Stars, Twitter is starting video ads, Google laying down fiber from Cali to Japan again since 2009, NXT opens a digital goods store and gets hacked.--”Outernet” Link: goo.gl/xFf2nk--”PCell” Link: goo.gl/Pge6US Tech Roulette:--”Whose NXT?” Link: goo.gl/1BISgU Game of Choice:--”Nanosaur” Link: www.wikiwand.com/en/Nanosaur Important Email:--”Applause? Not so crazy ideas? Luddites? To Leave or Not to Leave?” Website of the Week:--”Anything2mp3” Link: anything2mp3.com/ Hacksec:--”Black Hats and Defcons” Link: goo.gl/W4a9pj Software of the Week:--”WikiWand” Link: www.wikiwand.com/ The Climax:--”The State of Star Trek” Link: goo.gl/XGvzhD, goo.gl/xvRvQe, APPENDIX:--“Updated NXT white paper (July 2014)” Link: goo.gl/Z8dFHY--”Steve Gibson’s comments on Black Hat” Link: goo.gl/YLzy33--”Star Trek: Prelude to Axanar” Link: goo.gl/1GKr5r-------------------------------------------------------------------------------------------------------------------NXT: NXT-4V3J-VA4W-4EY3-GUWV2BLACKCOIN: BP88JtwY9xLev5RKbxpZVuwyhtVdChrADNAMECOIN: NHfN1kpj8G9aUCCHuummBKa8mPvppN1UFaLITECOIN: LLUXwfWrKDpuK38ZnPD14K6zc6rUaRgo9WBITCOIN: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d---------------------------------------------------------------------------------------------------------------------Don’t forget you can e-mail the show at: sovryntech@riseup.netYou can also visit our IRC channel on Freenode: #SovrynBalnea---------------------------------------------------------------------------------------------------------------------Brian Sovryn prefers RetroShare! Below is the certificate to find and connect with the show on RetroShare (Username: SovrynTech) Af8AAAJbxsBNBFOcuC4BCACpKFnd9cS2LBoLSsRfbVdt9rPVxyDbi0YsV06WGGlkfuXtbJNDFVw8ckhaQeVQk+6Mk7m2WsbG/CpRSA9jfezXYqPv4433gTVQVSQA+od9K4dpXKOWhsk2OPDDlrqFvisGlW1gcM7SWwoX0LQhbnkzhYMh2wQIZjpKU0iSYVmVDEe0ukSnV/NdPzsZmqd+dSFTkjiPtGVRsYKoOBz86mub9vxUKsItGioB8ag/qqEpOHaBRmGhRePSfSUe9IbLX1wz8PBvLnZsyH154cCnVkSTMoHk0hgSJWzXrW0XyjQQAfruLDNlKMYlNnNWCUU9eZ3jVDqtBoaLM2LRlT/Sxm+DABEBAAHNJ1NvdnJ5blRlY2ggKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU5y4LgkQ0wM5pbKbGccCGQEAAEYAB/0YKCpXZCU6A1/yEjSmvIePbBh5tFgv4966+QbOTtQArGwBiqMxkXwNfG8o6OZBD/5tuoPZbSdaPLU5pEY1b8HA0dYGYmGaATSnEN96KfKVrJPE2AYfNwSIrWj/9EWxfTJLozbO74/IIGOrOxy5iNAG6f3sk1Y4mBxESbNpWxdtAlk9n1Asp9f7Zs3/K8dyrLam3xThq4n3xA9ZqUTOLQEzBubTcvsTA0+1hzvf/tkOd+hJvTp9PeCWr5kJzV5+uEA2IdYSvBh8iqHwFQAFBKqgA1NXmhE6VuAn1UQ2myARpDt8M0EIpwbcgJeRHD5HMmaKE450uv8l5eu2ZQqNta7dAgZCV3ye46YDBsCoKj/jpgQABghMYXB0b3AgMQUQBLtrCoMIoacOKhFsx7KIvw==---------------------------------------------------------------------------------------------------------------------You can also contact the show through BitMessage at the address: BM-NBMFb4W42CqTaonxApmUji1KNbkSESki---------------------------------------------------------------------------------------------------------------------And we are on Twister! The P2P microblogging platform: @sovryntech ---------------------------------------------------------------------------------------------------------------------If you wish to send me a PGP-encrypted e-mail, the public key is below, and please send your e-mail to: brian@freetalklive.com (note: this also works for KryptoKit) -----BEGIN PGP PUBLIC KEY BLOCK-----Version: SKS 1.1.4Comment: Hostname: pgp.mit.edu mQENBFKYHJoBCADYLMoFR5/6Je/vViGjbdRobuDXQjGlUP7dGcp8Sh+V4pCkTcpLc0eSrGCzBSverUDtHYe/sAWAINwW3NxB5P/0LgXpt+fZSTe0kdPtrxfmi6tjOCLQHSXoaI4baXVUdZma2ww0QtPY9lS+v5oLEZV74m183JQvtsjTuCnrT9LGN/JIlLZ+FHnox1iMgfcJHhIn0WJgHsYEQrP7Y4GW4lIVWO7FHdREGM9Uf2/syT79fObNthqEv5OdeIaTItpBQpd7yhEY6OyB5ed8Oxh7/iAN+BlNMf2/CfRYN0EPioZGosv/4h42NV+vuDEvEo8KjxgK+3ESO7X4Z0PjIBr8SN6nABEBAAG0JUJyaWFuIFNvdnJ5biA8YnJpYW5AZnJlZXRhbGtsaXZlLmNvbT6JARwEEAEIABAFAlKYHJ0JEBT+3jU4bu7EAAAwewf/dDzv2oTi7WLBm4QJjmuc+7BAFJFkk585SC4pcq/Lp5T/DhMChIWnLbvqki+JdezbCrYJH5rOLUMlAWxiyPvxNps2RC0U4TTbv2zSsqjSw7riQo0gBtoJv9TwqvMAjQzHOOgQKpX25Quk+3ViCd52XtE1MKzzq8n5grcGTlsXjacLTCB41vMQjRRBGxlTIbFdba+GTHkkPZzgtXiIcIRf8s1wxZWYvWy8mlNPgRfq5OmSRwlhLCpj6qtkYZBztmuyuSbrVIcC+5L0kdld0If6ryW2P8m4DRYvlC/dQ7hvn4XrBBZwWf5UvTkJaUeWUwkw7tGmTk4gpqV1aPZRJuWsag===aZrF-----END PGP PUBLIC KEY BLOCK--------------------------------------------------------------------------------------------------------------------------www.sovryntech.comwww.twitter.com/sovryntechplus.google.com/+BrianSovryn1i/liberty.me/members/briansovryn/
In Kalenderwoche 34 geht es im CISO Summit um um ein neues kritisches Problem bei GhostScript, USBHarpoon und wichtigen Patches. #CisoSummit #Ghostscript #USBHarpoon GhostScript ———————————————————————— // ImageMagick, Evince, GIMP, and most other PDF/PS tools Im Ghostscript-Interpreter wurden kritische Sicherheitslücken entdeckt. Diese sind auch vergleichsweise leicht auszunutzen und Proof of Concept Quellcode wird von den Entdeckern gleich mitgeliefert. Laut den Entdeckern wird die Sicherheitslücke auch bereits aktiv ausgenutzt. Über die Lücken können Dateien ausgelesen und Schadcode ausgeführt werden. Die Sicherheitslücke tritt in dem Ghostscript-Interpreter auf. Somit sind Programm wie ImageMagick, Gimp und viele weitere PDF/PS-Tools betroffen. Besonders gefährlich wird die Lücke bei Webservern. Dort kann ein Angreifer Informationen auslesen, oder direkt Systemfunktionen ausführen. Patches gibt es noch nicht, aber das Sicherheitsproblem kann behoben werden, indem die policy.xml von ImageMagick angepasst wird. Dort sollten die Dateitypen PS, EPS, PDF und XPS durch folgende Zeilen deaktiviert werden: Quellen: https://bugs.chromium.org/p/project-zero/issues/detail?id=1640 https://www.kb.cert.org/vuls/id/332928 Tags: #RemoteCodeExecution #ImageMagick #GhostScript #USBHarpoon ———————————————————————— USBHarpoon ist ein Angriffsvektor, der auf dem im Jahr 2014 vorgestellten BadUSB basiert. Bei BadUSB wurde die Firmware von USB-Geräten wie zum Beispiel USB-Sticks manipuliert. So konnte der Stick nicht nur Daten speichern, sondern auch Befehle ausführen und somit Code auf dem Rechner ausführen. Da USB-Ladekabel seit einiger Zeit nicht nur Kabel sind, sondern auch Microcontroller implementiert haben, wurde nun festgestellt, dass diese das gleiche Problem aufweisen. Der Sicherheitsforscher hat auch gleich den Schutzmechanismus von sogenannten USB-Kondomen ausgehebelt. Dadurch soll die Datenübertragung via USB deaktiviert werden und nur noch reines Laden erlaubt sein. Da mittlerweile auch Laptops über einfache USB-Kabel geladen werden und Smartphones sowieso, ist die Angriffsfläche recht groß. Jedoch muss das USB-Kabel aktiv eingesteckt werden. Es sollte also darauf geachtet werden, dass keine Fremden und als unsicher erscheinden USB-Kabel verwendet werden. Dazu könnten zum Beispiel öffentliche Ladestationen zählen. Quellen: https://vincentyiu.co.uk/usbharpoon/ http://mg.lol/blog/badusb-cables/ Tags: #USBHarpoon #BadUSB #CodeExecution Patches ———————————————————————— Auch diese Woche wurden einige wichtige Patches veröffentlicht. Apache Struts, Photoshop CC und OpenSSH sollten gepacht werden. Der Patch für den Apache Struts Webserver beseitigt eine gefährliche Remote-Code-Execution Lücke. Hier schließt der Patch lediglich die Sicherheitslücke und sollte deshalb keine Probleme bereiten. Auch der Patch für Photoshop CC schließt eine kritische Remote Code Exection Lücke. Die Lücke betrifft die Windows- und macOS-Version. Der SSH-Patch schließt eine 19 Jahre alte Sicherheitslücke in OpenSSH. Darüber kann herausgefunden werden, ob ein Benutzer existiert oder nicht. Somit ist es ein Informationsabfluss, wodurch ein Angreifer im Anschluss versuchen kann das Passwort durch Bruteforcen zu knacken. Quellen: https://cwiki.apache.org/confluence/display/WW/S2-057 https://helpx.adobe.com/security/products/photoshop/apsb18-28.html http://seclists.org/oss-sec/2018/q3/124 Tags: #Patchen #ApacheStruts #RemoteCodeExecution #SSH #OpenSSH #PhotoshopCC Diese Woche wurde das CISO Summit von Alexander Dörsam präsentiert. Besuchen Sie uns auf https://antago.info
Bandwidth and connection speed, POP3 versus IMAP, cell phone use in hospitals, USB security risks (infected firmware, BadUSB), Profiles in IT (Jordan K. Hubbard, co-founder of FreeBSD project), GPS-based kill switch in cars (installed when credit is poor), MS Office free on iPad (subscription to Office365 not required to edit files), Google survey of phishing scams (as high as 45 percent success rate, don't click on email links), free apps that collect your personal data (rated at privacygrade.org), origin of o'clock, time is always 9:41 in Apple ads, and link available to deregister iMessage (important when leaving iPhone ecosystem). This show originally aired on Saturday, November 15, 2014, at 9:00 AM EST on WFED (1500 AM).
Bandwidth and connection speed, POP3 versus IMAP, cell phone use in hospitals, USB security risks (infected firmware, BadUSB), Profiles in IT (Jordan K. Hubbard, co-founder of FreeBSD project), GPS-based kill switch in cars (installed when credit is poor), MS Office free on iPad (subscription to Office365 not required to edit files), Google survey of phishing scams (as high as 45 percent success rate, don't click on email links), free apps that collect your personal data (rated at privacygrade.org), origin of o'clock, time is always 9:41 in Apple ads, and link available to deregister iMessage (important when leaving iPhone ecosystem). This show originally aired on Saturday, November 15, 2014, at 9:00 AM EST on WFED (1500 AM).
iWorm, BadUSB, Netflix y Adam Sandler
Topics covered The petition on WhiteHouse.gov titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well we talk about it with an attorney and some necessary skepticism https://petitions.whitehouse.gov/petition/unlock-public-access-research-software-safety-through-dmca-and-cfaa-reform/DHzwhzLD My take: http://blog.wh1t3rabbit.net/2014/10/to-reform-and-institutionalize-research.html A Marriott property in Nashville (Gaylord Opryland) will pay $600,000 in an FCC settlement for jamming/blocking guests' personal WiFi hotspots http://www.fcc.gov/document/marriott-pay-600k-resolve-wifi-blocking-investigation A Pakistani man has been indicted in Virginia for selling "StealthGenie", an app designed specifically as spyware http://www.justice.gov/opa/pr/pakistani-man-indicted-selling-stealthgenie-spyware-app The code for the badUSB attack was published and released at DerbyCon - we discuss implications http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/ Cedars-Sinai Medical Center loss of data is much worse than they thought, but it's actually worse than that - a teachable moment here- http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story.html
Discutam despre acest podcast si misiunea sa, despre malware-ul BadUSB, trucuri GMail pentru sporirea productivitatii si trimiterea de articole pe Kindle prin Readability si Instapaper.