Podcasts about brickerbot

A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things (IoT) devices - before abruptly shutting down. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior Security Intelligence Response engineer at Akamai, on his honeypot. Threatpost discusses the new malware with Cashdollar - and what malware strains like this one and BrickerBot mean for the insecure IoT device landscape. 

In the news, Intel warns "Don’t install our patch!", what you need to know about hash length extension attacks, Meltdown and Spectre patching has been a total train wreck,and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode545 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, Intel warns "Don’t install our patch!", what you need to know about hash length extension attacks, Meltdown and Spectre patching has been a total train wreck,and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode545 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, BIND comes apart thanks to ancient denial of service vuln, Brickerbot taking out your IoT one device at a time, Intel fix causes reboots and slowdowns, WiFi alliance announces WPA3 and updates to WPA2, hackers exploiting three Microsoft Office flaws to spread Zyklon malware,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode544 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the news, BIND comes apart thanks to ancient denial of service vuln, Brickerbot taking out your IoT one device at a time, Intel fix causes reboots and slowdowns, WiFi alliance announces WPA3 and updates to WPA2, hackers exploiting three Microsoft Office flaws to spread Zyklon malware,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode544 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In today's podcast, we hear that Berlin says Beijing's been catphishing, and that Beijing says no way. Banking Trojans in Google Play look for Polish accounts. Spider malware spins out of the Balkans. Transferring risk doesn't mean you can ignore it. The SEC calls cease-and-desist on another ICO. That venti in Buenos Aires may have come with a CoinHive miner. Rick Howard from Palo Alto Networks on DevOps vs. site reliability engineers. Marcelle Lee from LookingGlass on the Bad Rabbit ransomware. The Doctor puts down his tools and closes BrickerBot. 

Rather than referring our weekly podcast panelists as security experts, we’re now introducing them as security practitioners. Why? A popular business article on mindset brought to our attention the perils of having self-proclaimed titles, such as experts and gurus. It signals our “thirst for knowledge in a particular subject has been quenched.” That is far from reality! Security is a constantly evolving field, with new threats and vulnerabilities. To have a fighting chance, it would behoove us to start by cultivating a curious learner mindset by asking, “Why?” and “How does this work?” As reformed security know-it-alls, here are some of the stories we covered: Unroll.me apologizes for Not Being Clear It Sells User Data Misinterpretation of Uber buying Unroll.me data BrickerBot breaks unsecured gadgets Antivirus Program Mistakenly IDs Windows as a Threat Hacked Amazon seller accounts Tool of the week: Account Lockout Status

There's much news in the container world with DockerCon and Red Hat having had conferences, plus Docker gets a new CEO. We also do a hindsight analysis of what wrong with the losers of the Cloud Wars. And, as always, recommendations from the three of us. Mid-roll Coté: CF Summit 2017 (https://www.cloudfoundry.org/event/summit-silicon-valley-2017/) - 20% off registration code: cfsv17cote Coté: Want 2 days of Spring knowledge? Check out SpringDays in ATL, NYC, and Chicago (https://www.springdays.io/ehome/index.php?eventid=228094&). Get 50% w/code SpringDays_HalfOff: SpringDays.io in Chicago (May 30th to 31st) (https://www.springdays.io/ehome/spring-days/chicago), New York (June 20th to 21st) (https://www.springdays.io/ehome/spring-days/new-york), and Atlanta (July 18th to 19th) (https://www.springdays.io/ehome/spring-days/atlanta) Coté: OSCON Expo Plus (https://conferences.oreilly.com/oscon/oscon-tx/public/content/exhibitplus) discount: I wanted to present to you a Free Expo hall Plus Pass for OSCON coming to Austin May 10/11. You get way more than just a pass to the expo, it also covers three full-day events: TensorFlow Day, InnerSource Day, and our Open Container Summit. If you are interested, you can use the code AUSTIN at checkout. You can see the entirety of what is offered here (https://conferences.oreilly.com/oscon/oscon-tx/public/content/exhibitplus). Matt: ChefConf May 22-24 (https://chefconf.chef.io/2017/) Matt Ray’s APAC Biz Travel Fun 5 different airlines in a month. Emirates is the best. This is why we can’t have nice things - American Airlines raises pay. Red Hat. Some cloud stuff we need to read-on more. Check out Coté's summary of a recent Brian Gracely post on the OpenShift momentum (https://cote.io/2017/05/01/red-hat-openshift-momentum-highlights/). Cloud Rules Everything Around Me As summarized by Derrick (http://news.architecht.io/issues/architecht-daily-it-s-earnings-and-ipo-season-for-cloud-and-cloudera-55782) (via CNBC (http://www.cnbc.com/2017/04/27/microsoft-azure-growing-faster-than-aws-google-cloud-behind.html): AWS brought in $3.66 billion in revenue, which was up 42 percent from last year. However, year-over-year growth dropped from last year’s first quarter. Microsoft’s “Intelligent Cloud” unit, which includes Azure, grew 11 percent, to $6.8 billion. Microsoft doesn’t break out Azure revenue specifically, but said Azure saw a 93 percent increase in revenue over last year. Google Cloud is buried somewhere in “Other Bets” on Alphabet earnings, a segment that grew 50 percent to $3.1 billion. What’s the Halo Effect on this? It’s easy to blame the big vendors for shying away from public cloud but it was some scary shit, business-case wise, back in 2008. Verizon sells cloud stuff to IBM (http://www.zdnet.com/article/ibm-to-snap-up-remnants-of-verizons-cloud-managed-hosting-business/). Docker is now Moby, wait what? LinuxKit - the host OS, where you run the containers. “Moby (https://mobyproject.org/) is recommended for anyone who wants to assemble a container-based system” Moby = open source development Docker CE = free product release based on Moby Docker EE = commercial product release based on Docker EE Moby is the name of the upstream umbrella project supervising the open source pieces that are used to build Docker, which is now the commercial-focused product Docker CE/EE Letter about Moby (https://osenetwork.com/2017/04/21/)an-open-letter-to-docker-about-moby/ Moby is Fedora, Docker is like RHEL, Eclipse, Genuitec. Coté’s Notebook on Moby and such (https://cote.io/2017/04/22/the-news-from-docker-land-plus-the-money-being-fought-over-notebook/) Coté's Notebook on Docker's new CEO (https://cote.io/2017/05/03/dockers-new-ceo-steve-singh-highlights/). BONUS LINKS! Not covered in show. EngineYard done! Press Release (http://finance.yahoo.com/news/engine-yard-leader-ruby-rails-131500016.html) A snarky Tweet (https://twitter.com/craig_tracey/status/857004524447432704) Another Press Release (http://www.prnewswire.com/news-releases/engine-yard-a-leader-in-ruby-on-rails-acquired-by-crossover-to-become-a-full-stack-ruby-platform-300444820.html) Jay Lyman at 451 (https://451research.com/report-short?entityId=92309&type=mis&alertid=445&contactid=0033200001wgKCKAA2&utm_source=sendgrid&utm_medium=email&utm_campaign=market-insight&utm_content=newsletter&utm_term=92309-Engine+Yard%27s+end+of+the+road+is+acquisition+by+Crossover): “It generated revenue of about $36m in 2016.” - I seem to recall that EngineYard would report on revenue. “Native” Windows Server Support for Docker Link (https://blogs.technet.microsoft.com/hybridcloud/2017/04/18/dockercon-2017-powering-new-linux-innovations-with-hyper-v-isolation-and-windows-server/) “Linux containers running natively on Windows Server through our Hyper-V isolation technology” Sysdig Docker Usage Report 2017 Link 1 (https://sysdig.com/blog/sysdig-docker-usage-report-2017/) Link 2 (http://www.infoworld.com/article/3189385/open-source-tools/kubernetes-is-king-in-container-survey.html) Always fun to read “real” numbers 10 containers/host and Kubernetes out in front Microsoft and the NSA Exploits Leak Link (https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/) Patch your servers and run modern versions people. Amazon’s Coming to Australia Link (http://mashable.com/2017/04/19/amazon-confirms-australia-expansion/) “The moment Australian retailers have dreaded is here. “ Intel Drops out of OpenStack Innovation Center Link (http://fortune.com/2017/04/14/intel-openstack-project-rackspace/) 30 Rackers moving internally, Intel is still participating within OpenStack Huawei Want to Enter the Cloud Fray Link (http://www.cbronline.com/news/cloud/public/cloud-wars-huawei-enters-fray-sets-sights-aws/) Everybody wants a piece of AWS Microsoft buys Deis Coté’s notebook on the topic (https://cote.io/2017/04/10/microsoft-buys-deis-deeper-into-kubernetes-1-1bn-container-market-notebook/). Oracle Buys Wercker Link (http://blog.wercker.com/oracle) “container lifecycle management” - foundation for a container PaaS if you tie it to the StackEngine acquisition? How Many Data Centers Needed World-Wide Link (http://perspectives.mvdirona.com/2017/04/how-many-data-centers-needed-world-wide/) Deep cut from James Hamilton, AWS Datacenter guru Re: Oracle “if you assume the big three are spending roughly equally, how can $1.7B compete with more than $10B when it comes to serving customers?” “2+1 redundancy is cheaper than 1+1 and, when there are 3 facilities, a single facility can experience a fault without eliminating all redundancy from the system. Consequently, whenever AWS goes into a new region, it’s usual that three new facilities be opened rather than just one with some racks on different power domains.” “latency is not the prime driver of very large numbers of regions” “being close to population centers and major communications hubs matters to most operators more than cooling costs” Canonical/Ubuntu priorities Link (https://insights.ubuntu.com/2017/04/05/growing-ubuntu-for-cloud-and-iot-rather-than-phone-and-convergence/) Dropping Unity desktop and phone stuff in favor of desktop, cloud & IOT BrickerBot Bricks Unsecured IOT Devices Link (https://www.bleepingcomputer.com/news/security/new-malware-intentionally-bricks-iot-devices/) “BrickerBot the work of a vigilante?” OmniTI Shutting Down OmniOS Development Link (https://lists.omniti.com/pipermail/omnios-discuss/2017-April/008699.html) Open source Solaris-compatible clone “OmniTI will be suspending active development of OmniOS” Apple makes GarageBand, iMovie and iWork free Link (http://www.theverge.com/2017/4/18/15344834/apple-free-apps-garageband-imovie-pages-keynote-numbers) MacOS and IOS! Keynote is the best, why not open source for an attempt at cross-platform? Recommendations Brandon: S-town podcast (https://stownpodcast.org/), some background from the creator (https://longform.org/posts/longform-podcast-239-brian-reed). Matt Ray: Google Translate video realtime AR stuff. Coté: The Big Sleep (http://amzn.to/2pyAeak).

In our 162nd episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Stephanie Roy, Alan Cohn, and Brian Egan discuss: this is what a risk-averse signals intelligence agency looks like: giving up intelligence to satisfy elite opinion; FCC’s plan for net neutrality emerges; this week in sex toy security: the FTC to the rescue?; remember this story the next time Silicon Valley says the government can’t be trusted with crypto keys because of Snowden; the Russians who hacked Clinton are going after Macron in France, says Trend Micro; this week in vigilante cybersecurity: Flexispy is doxed; Brickerbot secures the IOT by administering “Internet Chemotherapy”; our guest interview is with Michael Schmitt, Professor of Law at the University of Exeter, the US Naval War College, and the US Military Academy at West Point and a leader in the effort to articulate the law of armed conflict in cyberspace known as Talinn 2.0. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Участники подкаста: Артём Гавриченков, Константин Игнатов, Дмитрий Шемонаев, Александр Козлов. Спонсоры подкаста: виски Ardbeg, перфоратор неизвестной марки. — Эволюция Mirai — ботнет Hajime: https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf, https://arstechnica.com/security/2017/04/vigilante-botnet-infects-iot-devices-before-blackhats-can-hijack-them/ — Brickerbot: https://blog.radware.com/security/2017/04/brickerbot-3-janit0r-back-with-vengeance/, https://www.bleepingcomputer.com/news/security/brickerbot-author-claims-he-bricked-two-million-devices/ — Спам-ботнет с Виагрой, хитро обходящий фильтры: https://www.incapsula.com/blog/viagra-spam-botnet.html — Протечка заголовков Netflix: https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf — Архив Shadow Brokers — 24 месяца заключения для двадцатилетнего хозяина стрессера из Великобритании: https://krebsonsecurity.com/2017/04/uk-man-gets-two-years-in-jail-for-running-titanium-stresser-attack-for-hire-service/ — Реализация голосовых звонков в Телеграме: https://habrahabr.ru/post/326566/

Nachdem anfänglichem Geschenkeaustausch, wobei es zwei FirefoxOS-Smartphones gab (danke Jörn) sowie ein Rubber Ducky auf Arduino-Basis für Stefan und 2 Flaschen Bier für Sven, widmeten wir uns kurz den News, in denen von einem Urteil im Bereich des Illegalen Streaming von urheberrechtlich geschützten Materialien, sowie dem BrickerBot und Backdoors in Android-Software die Rede ist. Um das Thema der Sendung (VPN) haben wir uns unabhängig voneinander vorbereitet und einmal ausprobiert ob es mit uns funktionieren würde, wenn wir beide das selbe Thema behandeln. Überraschend gut und lange ging die Sendung dann auch mal wieder. Aufgenommen am: 27.04.2017 Veröffentlicht am: 29.04.2017 Intro & Outro Chiptune: Pumped by ROCCOW

In today's podcast we hear that cyber gangs are busily at work reverse-engineering the last ShadowBrokers' document dump. But the Russian ones at least are probably getting some state help. Insider threats and mole hunts. BrickerBot's author plays a dangerous vigilante game—operating technology may be particularly at risk. Hollywood's best depictions of hacking. Ben Yelin describes a weaponized animated GIF. Carson Sweet from CloudPassage on government requests that providers turn over emails and lagging legislation. And there are forty-three million dollars in a Nigerian apartment. No, really—forty-three million in cash.

Épisode 44 (2017/04/20)

In Episode 8 of Hidden Forces, host Demetri Kofinas speaks with cybersecurity expert and cyber safety advocate, Josh Corman. Josh is the founder of I am The Cavalry, an advocacy group actively engaged in addressing some of the most pressing issues of public safety and threats to human life on the Internet today. He is also the Director of the Cyber Statecraft Initiative at the Atlantic Council. Josh Corman is part of the 2016 Cybersecurity Task Force commissioned by the United States Congress to address the growing risk to our hospitals, medical infrastructure, and connected devices, from cyber-attacks. Gone are the quaint, innocent days of the early Internet, with its pesky Trojan’s, Macro Viruses, RATs, slammer worms, and blaster worms. Today’s cybersecurity landscape features a wide assortment of easily accessible and robust attack tools that exploit software bugs like Shellshock and Heartbleed. This is a cybersecurity landscape littered with DDoS and PDoS attacks like the Mirai Botnet and the recently released Brickerbot. The use of ransomware tools like CryptoLocker and SamSam have become billion-dollar criminal industries. Cybercrime is estimated to cost the global economy hundreds of billions to trillions of dollars a year. Yet, we accept the losses as the simple cost of doing business. But what about when the cost of these crimes escalates from dollars and cents to flesh and blood? What are the risks to our industrial control systems? What about our aviation and emergency response infrastructure? What are the vulnerabilities in our connected devices, cars, and hospitals? The threats posed by cyber criminals, terrorists, and hackers are no longer fringe concerns. They strike at the heart of our increasingly interconnected, exposed, and vulnerable society. In this episode, we explore what to do about them.  Producer & Host: Demetri Kofinas Editor & Engineer: Stylianos Nicolaou Join the conversation on Facebook, Instagram, and Twitter at @hiddenforcespod

Episode #242 - BrickerBot malware, Robocalling and Internet Weather. Originally recorded April 11, 2017.

Word 0-day, BrickerBot, iOS GIF, Russian arrested, Tizen, OilRig, APT10 MSPs, Dallas sirens, ATM drilling, Watson golf, Uber Italy, AI memory, links, projects, and more… Support the show: https://danielmiessler.com/support/ See omnystudio.com/listener for privacy information.

In today's podcast, we hear about how Operation TradeSecret collected intelligence on US trade policy during the run-up to the Sino-American summit at Mar a Lago. BrickerBot is out, a PDoS campaign that looks like nasty vigilante work, so close your Telnet ports and change your IoT device default passwords. The Amnesia campaign is after unpatched DVRs. Sathurbot exploits unpatched WordPress instances and infects Torrent users. Lancaster University’s Awais Rashid has concerns over IoT devices limited interfaces. Endgame’s Andrea Little Limbago shares her story from the Women in Cybersecurity Conference. Surveillance and influence operations allegations in the last US Presidential campaign have their counterparts in the current French one.