Podcasts about pantsdown

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We'll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week's sponsor interview. He'll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don't control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher' hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube

[Referências do Episódio] - CVE-2021-46426 no phpIPAM - https://sidechannel.blog/cve-2021-46426-phpipam-1-4-4-permite-xss-refletido-e-csrf-via-funcionalidade-de-sub-redes/ - Detalhes sobre a CVE-2022-22972 - https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ - Pantsdown em servidores da QTC - https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ - Nova campanha do ERMAC - https://blog.cyble.com/2022/05/25/ermac-back-in-action/ - Nova campanha do Grandoreiro - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/grandoreiro-banking-malware-resurfaces-for-tax-season/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

"Pantsdown" in QCT Baseboard Management Controllers. A warning on ChromeLoader. Conti updates. Ransomware's effect on SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands, again. Kyiv honors Google. Josh Ray from Accenture reminds us it's military appreciation month. Our guest is Melissa Bischoping of Tanium with lessons learned from the American Dental Association ransomware attack. And a poacher turned gamekeeper? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/102 Selected reading. Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers (The Hacker News) ChromeLoader: a pushy malvertiser (Red Canary)  Conti leaks data stolen during January attack on Oregon county (The Record by Recorded Future)  Is the Conti Ransomware Gang Stronger Apart Then Together? (OODA Loop)  SpiceJet: Passengers stranded as India airline hit by ransomware attack (BBC News)  SpiceJet's woes continue as ransomware attack delays flights (The Loadstar) . SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace (cnbctv18.com CISA Adds 34 Known Exploited Vulnerabilities to Catalog (CISA)  Mykhailo Fedorov presented the first "Peace prize" to Google (Digital Gov)   Notorious Vietnamese hacker turns government cyber agent (France 24)

This episode we learnt the deeper meaning behind Sir mix a lots baby got back,  the fleeting success of the Jaynes, what the smashing pumpkins are really saying in bullet with butterfly wings, mixed reviews […] http://media.rawvoice.com/joy_triplex/p/joy.org.au/triplex/wp-content/uploads/sites/165/2019/10/Triple-X-Songs-of-a-Generation04-08-2019.mp3 Podcast: Play in new window | Download (Duration: 1:52:47 — 103.3MB) Subscribe or Follow Us: Apple Podcasts | Android | Google Podcasts | Spotify | RSS The post Pantsdown night on Triple X 040819 appeared first on TripleX.

This week, a tool that finds vulnerable robots on the Internet, a new exploit that threatens over 9,000 Cisco routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode205 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, a tool that finds vulnerable robots on the internet, a new exploit that threatens over 9,000 Cisco Routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode205 Visit http://hacknaked.tv to get all the latest episodes!

This week, a tool that finds vulnerable robots on the Internet, a new exploit that threatens over 9,000 Cisco routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode205 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

How can music, art and humour change the world and smash racism? This episode is a discussion with Simon Hunt about his work as Pauline Pantsdown. From cutting up cassette tapes to running an online community and fake "No" camapign during the marriage equality survey.  Follow Simon everywhere @PPantsdown  Follow Emily Mulligan @emilycmulligan

YES I KNOW IT'S BEEN QUITE A WHILE I'VE BEEN VERY BUSY SORRY LOL.  The good news is this episode is well worth the wait. Simon Hunt is a political satirist, film maker, lecturer, sound designer, musician and activist who's best known for his creation "Pauline Pantsdown" - a hugely popular and scathing parody of the One Nation politician Pauline Hanson.  In this extraordinary chat (recorded on the day of Mardi Gras 2016), Simon recounts his experiences of growing up gay in NSW in the 80s and explains his his fascination with religious right-wingers like Fred Nile and Anita Bryant, his politicisation in the face of the AIDS crisis, how he came to create Pantsdown and what Hanson says about us as a country today. Plus he's got some stories that are fucking funny.  The World Keeps Happening at the Melbourne Comedy Festival Boundless Plains To Share at the Melbourne Comedy Festival My episode of Wil Anderson’s Wilosophy My piece for The Saturday Paper on visiting detention centres and writing a comedy show about refugees  SBS’s The Feed story on Boundless Plains To Share @PPantsdown   Pauline on Facebook Pantsdown clips on YouTube Pauline Pantsdown on the Star Observer Electoral Guerilla Theatre in Australia: Pauline Hanson vs. Pauline Pantsdown by Lawrence M. Bogad Cause of the Week: minus18 (minus18.org.au)