POPULARITY
Google prepara Shielded Email, un nuevo nivel de privacidad para proteger tu correo de spam y filtraciones Google está desarrollando Shielded Email, una función que va a cambiar la forma en que manejamos nuestras direcciones de correo.Escucha Flash Diario aquí y en Spotify.Este sistema permite crear alias de correo electrónico temporales y aleatorios que redirigen mensajes a tu cuenta principal, ocultando tu dirección real. ¿Te suena familiar? Es parecido a “Ocultar mi correo” de Apple, pero podría estar al alcance de los más de 2.500 millones de usuarios de Gmail. Aunque todavía no está activa, esta herramienta ya se ha detectado en los ajustes de Autofill de Android. ¿Qué más podemos esperar de esta nueva apuesta por la privacidad? ¿Será gratuita o Google la incluirá en sus planes de pago? ¿Qué pasaría si pudieras controlar quién tiene acceso real a tu correo? Shielded Email, como su nombre lo sugiere, funciona como un escudo para tu correo. Detectada en el código de la última actualización de Google Play Services, esta función permitirá a los usuarios de Gmail registrar alias temporales, protegiendo su dirección principal. Cada alias será único y redirigirá los mensajes que reciba, permitiendo interactuar sin comprometer tu privacidad. Esta herramienta, similar a la función de Apple “Ocultar mi correo”, se integrará directamente en Android y Gmail, haciéndola fácil de usar. Aunque todavía no está activa, la herramienta promete abordar problemas de spam y filtración de datos de manera innovadora. ¿Quién no ha sufrido la invasión del spam? Cada registro en línea puede exponer tu correo a bases de datos no seguras. Según expertos como Zimperium, muchas de estas filtraciones se convierten en intentos de phishing, diseñados para robar información personal. Apple respondió a este problema con su función “Ocultar mi correo”, pero su alcance está limitado a usuarios de iCloud+. Esto deja fuera a millones de personas que necesitan una solución accesible y efectiva. Google ahora tiene una oportunidad única de ofrecer una alternativa masiva con Shielded Email, pero aún no se sabe si esta función será gratuita o parte de Google One. Shielded Email puede ser una herramienta revolucionaria para proteger tu privacidad. Los alias temporales no solo son útiles para evitar el spam, sino también para rastrear qué servicios están filtrando tus datos. Google, con su amplia base de usuarios, tiene el potencial de hacer que esta tecnología sea accesible a una escala que ni Apple ni servicios como ProtonMail o SimpleLogin han alcanzado. Si Shielded Email se lanza como parte de Google One o como una función gratuita, podría cambiar las reglas del juego para la privacidad en línea. Aunque aún no hay una fecha de lanzamiento, esta integración directa con Android y Gmail promete simplificar su uso para millones de usuarios. ¿Qué significa Shielded Email? Shielded Email se traduce literalmente como "correo protegido". Su función es simple: proteger tu dirección principal al crear alias temporales que actúan como intermediarios. Cuando registras un alias en un formulario o app, los mensajes llegan a tu cuenta principal sin exponer tu dirección real. Esto no solo evita el spam, sino que también te permite desactivar cualquier alias que ya no necesites. Además, cada alias es único, lo que significa que puedes rastrear de dónde provienen los correos no deseados. Es una forma inteligente y práctica de mantener el control sobre tu información personal. Shielded Email promete ser una herramienta poderosa para mantener tu correo seguro y organizado. Con esta función, vas a poder registrar alias temporales, reducir el spam y tener un mayor control sobre tus datos personales. ¿Debería Google ofrecer este servicio gratis? Déjanos tu opinión en los comentarios y no olvides seguirnos en Spotify para más episodios: Escucha Flash Diario. BibliografíaMashable: Google is reportedly developing Shielded EmailAndroid Authority: Shielded Email appears in Google AutofillForbes: Google's latest Gmail update and privacy insightsForbes: Gmail privacy warning and email alias newsApple Support: Cómo usar Ocultar mi correo con iCloud+
A predatory loan app is discovered embedded in mobile apps. Facebook phishing. GPS disruptions are reported in Russian cities. NSA warns against dismissing Russian offensive cyber capabilities. Farewell, SHA-1. Kevin Magee from Microsoft looks at cyber signals. Our guest is Jason Witty of USAA to discuss the growing risk from quantum computing. And welcome to the world, Leviathans. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/240 Selected reading. Zimperium teams discover new malware in Flutter developed apps (SecurityBrief Asia) Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain (Trustwave) GPS Signals Are Being Disrupted in Russian Cities (WIRED) NSA cyber director warns of Russian digital assaults on global energy sector (CyberScoop) Russia's cyber war machine in Ukraine hasn't lived up to Western hype. Report analyses why (ThePrint) NIST Retires SHA-1 Cryptographic Algorithm (NIST) Historic activation of the U.S. Army's 11th Cyber Battalion (DVIDS)
Don't miss this episode of Mobile and Cyber with Jim Kovach, Zimperium and Special Guest, Arielle Baine, Cybersecurity Advisor and State Coordinator (DE), CISA. Tune in and hear a introduction to CISA and the roles of the organization's State Coordinators. Learn about their mission, uniqueness, size, and scope of work. Hear their shared thoughts on the recent Cyber Grant program, and hear why critical infrastructure partners are vital for CISA.
Marcus Bartram is a General Partner at Telstra Ventures, a San Francisco-based VC firm that invests in mid-stage tech companies. He's on the founding team and has led investments in cybersecurity companies like CrowdStrike, Auth0, Anomali, Cequence, CloudKnox, Cofense, CyberGRX, Elastica, vArmour, and Zimperium.Hosts:Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)
Jessica Vose, Vice President of Growth Marketing at Zimperium, talks with Jeremy about devising a content strategy.Highlights:Why you should complete a gap analysis to build the foundation of your content strategyHow to decide what types of content would be most effective for your organizationThe importance of internal communication when developing a marketing strategyLearn more about ZimperiumConnect with Jessica on LinkedInMemorable Quotes:"If you don't actually look at it from the bird's eye view of how that content is serving your business goals, where it's going, what it's saying, to whom is it answering, you know, the issues and the questions that those people are facing, then you're missing the mark.""I think when you're getting started with content strategy, doing that inventory, doing that taxonomy is really fundamentally important to being able to proceed with a lot of good information on what needs to be done.""I feel like on a weekly basis I'm having to educate and re-educate folks on like, okay, but remember, we've talked about this and these are the programs we're running with these themes to meet these business challenges with these value propositions for these audiences. So I do it from that angle and I remind them, you know, here's the plan that I have shared with you."The B2B Content Show is produced by Connversa, a podcast production agency helping B2B brands connecting with prospects, generates TONS of content, and grow revenue. Learn more at connversa.com
Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his time working in the industry, from moving away from the military and into different roles over the years. He notes that giving credit where credit is due, to those who deserve it, is how you keep the audience engaged as a storyteller. We thank Richard for sharing his story.
Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his time working in the industry, from moving away from the military and into different roles over the years. He notes that giving credit where credit is due, to those who deserve it, is how you keep the audience engaged as a storyteller. We thank Richard for sharing his story.
Introducing Oracle Trending Topics, a special spotlight episode for Partner Perspectives. Oracle Trending Topics episodes bring together leaders from Oracle and Oracle Partners to discuss the latest industry and technology trends, offering ideas, and sharing best practices. What are the latest cyberthreats and what do they mean for you? Hear Johnnie Konstantas from Oracle, Jaime Fox from Deloitte & Touche LLP, and JT Keating from Zimperium Inc. discuss trends, offer insights, and share best practices around cloud and mobile security to help protect your organization and build business resilience. See the full discussion: https://www.oracle.com/trendingtopics
Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware. Origins of the Chaos ransomware operation. The GuLoader campaign uses bogus purchase orders. Security researchers are targeted in a malware campaign. Hyperlocal disinformation. Turla reconnaissance has been detected in Austrian and Estonian networks. Ben Yelin describes a content moderation fight that may be headed to the supreme court. Our guest is Richard Melick from Zimperium to discuss threats to mobile security. Robin Hood (or not). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/99 Selected reading. 2022 Data Breach Investigations Report (Verizon Business) Yashma Ransomware, Tracing the Chaos Family Tree (BlackBerry) Spoofed Saudi Purchase Order Drops GuLoader: Part 1 (Fortinet Blog) Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon (Cyble) Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine (CyberScoop) Russian hackers perform reconnaissance against Austria, Estonia (BleepingComputer) New ransomware forces victims to donate to poor (The Independent)
In this episode I talk with Richard Melick about mobile security. Richard is the Director of Threat Reporting for Zimperium, so he knows a thing or two about what is happening out in the mobile world right now.We definitely took a deeper look at the current state of mobile security and the talking points cover a bunch of key areas.Talking Points:What is more important and more secure to have, your wallet or your phone?Mobile threats can happen when you least expect it or in the last place you may suspect, subways anyone?There is no more 'consumer' grade mobile security A closer look at the global mobile threat reportZimperium's Global Mobile Threat Report:https://www.zimperium.com/global-mobile-threat-report/
In this episode Gianna is joined by Richard Melick, Director of Product Strategy at Zimperium, to have an honest conversation on why cybersecurity marketing sucks and how we can do it better. Richard takes a deep dive into his thoughts on product misrepresentation in cyber, ways in which marketing leadership can better support their teams, and how 'The Great Resignation' in cyber and burnout culture are creating unforeseen problems in the community. The two share their stance on white papers and how to make swag that is both useful and memorable. Lastly, Richard explores his philosophy that all good marketing starts with sharing stories people can relate to. Guest Bio: Richard Melick has spent over a decade advancing through the security industry with his considerable experience and focus on the stories surrounding enterprise attack surfaces, hacking, and cyber attacks. He has presented various thought leadership to global audiences, including RSA, GISEC, Infosec London, and more. Links Stay in touch with Richard Melick on LinkedIn and Twitter Connect with Gianna on LinkedIn Connect with Maria on LinkedIn Follow the Cybersecurity Marketing Society on Twitter or learn more at the Cybersecurity Marketing Society website Check out Hacker Valley Media and Breaking Through in Cybersecurity Marketing Podcast
In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267
This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf- Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267
This week, Tim Cathcart from Knox County Schools is with us to discuss breaking into cyber from a high school perspective! Then, Steven Turner from Microsoft joins us to sweep away the noise and level set on Zero Trust! Finally, in the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf- Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267
In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267
I dagens avsnitt av CyberTalks träffar Rolf, Alex och Damon från Zimperium för att prata om mobilsäkerhet. I avsnittet pratar de om varför det blivit viktigare att skydda mobila enheter och också om vilka steg man kan ta för att göra det. See acast.com/privacy for privacy and opt-out information.
CYBER CSÜTÖRTÖK: Felszámolta a REvil hackercsapatot az Oroszországi Föderáció Szövetségi Biztonsági Szolgálata (FSZB). Az akció keretében lefoglalták a szervezet teljes informatikai infrastruktúráját és őrizetbe vettek több tagot is.Egy a REvilhez hasonló méretű hackercsoport kiiktatása eleve történelmi jelentőségű, az pedig, hogy az Egyesült Államok által az egyik legkeresettebb illegális bűnszervezetet orosz földön, orosz erők semlegesítették, nem várt fejleményeket eredményezhet a jelenlegi, a hidegháború óta nem látott mélyponton lévő orosz-amerikai kapcsolatokban. Már a Google Play se biztonságos? Részletes tanulmányt tett közzé a Zimperium kiberbiztonsági cég az általa Dark Herringnek elnevezett akcióról, amelynek során legalább 105 millió felhasználót rövidítettek meg összesen több száz millió dollárral. Mindehhez az ismeretlen hackerek olyan appokat vettek igénybe, amelyeket előzetesen ők töltöttek fel a Google Play alkalmazásboltba. Frész Ferenc, a Cyber Services Zrt. elnök-vezérigazgatója. TŐZSDENYITÁS - Buró Szilárd, pénzügyi innovációs vezető. NOPQ: Krumpli kalandok - utazás a burgonya körül Három magyar burgonyafajta lesz a tányértéma a Bocuse d'Or európai kontinensdöntőjén, amelyet március 23-án és 24-én rendeznek meg Budapesten. Kántor Bandi történeti és logikai krompérlánca.
In this special holiday fundraising episode I have not one but two special guests joining a small panel to discuss the current state of mobile security and the pitfalls of social engineering. Mike Jones is a former Anonymous hacker and founder of the Haunted Hacker security podcast and magazine. Jonathan Scott is a Mobile Security Researcher and the author of the Pegasus ID software. I was also joined by Jim Kuiphof, Director of Information Security for Spectrum Health, Richard Melick from Zimperium, Brian Schneble and Mitch Milligan from Sentinel One, Claudio Cattai and Chuck Chessor from Netskope. Talking Points:Can you really be hacked with just a mobile text message?Is your data 'really' gone after you wiped your phone?Did you know that your smart watch is listening when you wash your hands?Is Pegasus the only Nation State malware out there?How will this affect TeleHealth on mobile devices?What can we do to start reigning this issue?How do we protect ourselves from different social mobile attacks?Episode Sponsors:We are very to have 3 great sponsors for this fundraiser episode. Many thanks to Sentinel One for being a second year sponsor, and to Netskope and Zimperium for helping raise funds for 3 great charities! North Kent Connect, Toys for Tots and Hand for Help. Thank you very much!
Join Randy and Nour as we welcome Ed Carter, CRO at Zimperium onto tomorrows episode of Tech Sales Insights LIVE: 'Leading A Modern Day Sales-Force' Send in a voice message: https://anchor.fm/salescommunity/message
Subiecte principale: colaborarea Asus și Noctua, lansarea Far Cry 6, astronaut vs turist spațial Gazde: Vlad Bănică și Manuel Cheța Show notes: tehnocultura.com
This week on the ATARC Federal IT Newscast, Jim Kovach and JT Keating of Zimperium sit down with CIO of the Army Corps of Engineers, Dovarius Peoples. During this session we receive an overview of what the Army Corps of Engineers does in terms of their disaster relief mission, construction for the DOD, and their monitoring and maintenance of waterways and dams supporting the Pentagon. Peoples shares his thoughts around actions on the Executive Order for Zero Trust and how he sees the mobile landscape shifting in the next 5-10 years and much more!
3Eye joins Kern Smith from Zimperium to discuss Chrome Extension security concerns and the impact of these vulnerabilities on the education space.Hosted by:Reid Estreicher, VP of Business Development, 3Eye Technologieshttps://www.linkedin.com/in/thereid/Guests: Kern Smith, VP - Pre-Sales America's, Zimperiumhttps://www.linkedin.com/in/kernsmith/Company Websites:Zimperium: https://www.zimperium.com/3Eye: https://www.3eyetech.com/
What does the NSO Pegasus hack mean for Device Security? Philip Ingram MBE chats with Ashish Patel from Zimperium Technology, Ian Thornton-Trump, CISO with Cyjax and Andi Robinson, with Data Shield UK. The realities of our poor approach to device security become apparent. For more information about Zimperium, please visit: https://blog.zimperium.com
Rocío se encarga de liderar la sección de noticias, mientras Dani y Javi conducen el monográfico sobre seguridad en Cloud. Para la entrevista contamos con MEHDI BOUZOUBAA, el director comercial de ZIMPERIUM, el fabricante americano especialista en a protección de los móviles. Gracias a Forcepoint, Netskope y TrendMicro.
Rocío se encarga de liderar la sección de noticias, mientras Dani y Javi conducen el monográfico sobre seguridad en Cloud. Para la entrevista contamos con MEHDI BOUZOUBAA, el director comercial de ZIMPERIUM, el fabricante americano especialista en a protección de los móviles. Gracias a Forcepoint, Netskope y TrendMicro. --- Send in a voice message: https://anchor.fm/clickcibernews/message
3Eye joins Krishna Vishnubhotla from Zimperium for another episode of Beyond the Device to discuss how Zimperium addresses mobile security concerns, how to prevent data leakage in mobile apps and Zimperium's Mobile Risk Assessment. Hosted by:Reid Estreicher, VP of Business Development, 3Eye Technologieshttps://www.linkedin.com/in/thereid/Guests: Krishna Vishnubhotla, VP of Product Strategy, Zimperiumhttps://www.linkedin.com/in/krishna-vishnubhotla/Company Websites:Zimperium: https://www.zimperium.com/3Eye: https://www.3eyetech.com/
We all use mobiles to process everything, especially with lockdown, but are they secure? Can they be secured? Philip Ingram MBE talks to Ash Patel from Zimperium and Andi Robinson from DataShield.https://blog.zimperium.com/https://datashield-uk.com
Master Communicator Podcast Episode #118 with Special Guest Scott King. Based out of Dallas Texas, Scott is the Director at Zimperium, where he helps educate digital channel and mobile app owners on the inherent risks and threats to corporate and private information residing on over 6 million mobile apps and 9 billion mobile endpoints. Learn more about Scott and all the great things he is up to at www.thescottking.com
This months guest is another seriously experience member in the Cybersecurity world! Again, a pattern shows itself with a vendor-career starting at Mcafee and then being part of a huge acquisition with a value of $1.4b!If you want to hear about a way into security like never before... LISTEN!!!
TikTok, el spyware viral y ”legal” de China. Cómo Tik Tok espía a sus usuarios. Los resultados de investigadores de Zimperium, descubrieron que la app tiene riesgos de seguridad y privacidad ya que puede realizar acciones sin que el usuario lo note. Estas son solo algunas de MUCHAS de ellas en su versión en Android: Accede a datos del usuario, contactos, identificadores únicos del dispositivo. Puede mostrarle adware al usuario. Envía SMS. Almacena datos y establece comunicaciones de forma insegura. También hace uso del SDK de Facebook, el cual, la versión que TikTok usa es vulnerable al secuestro de sesiones. Contiene un SDK de la empresa lgexin, a quien la empresa de seguridad Lookout descubrió en el 2017 que tiene la capacidad de espiar a las víctimas a través de aplicaciones benignas descargando complementos maliciosos. A través de una URL envía información sensible en algunos parámetros. Puede acceder a fotos, a la cámara trasera y tomar fotos sin interacción del usuario. Obtiene la información del portapapeles (Información que el usuario copia y pega desde otras apps). Accede al micrófono del dispositivo. Puede acceder a la última ubicación registrada del dispositivo cuando los servicios de localización no están disponibles. Si el dispositivo está rooteado, puede acceder a comandos del sistema operativo o en algunas situaciones cuando la app viene preinstalada, tiene asignados privilegios de sistema. Por otro lado, la versión beta de iOS 14 descubrió a través de sus funcionalidades de privacidad integradas en esta nueva versión cómo TikTok accede secretamente a los portapapeles de los usuarios. Jeremy Burge Chief Emoji Officer, “Emojipedia” (Pfff) descubrió que mientras tecleaba algunos caracteres en la app, TikTok accedía al contenido del portapapeles cada 1-3 pulsaciones de teclas. iOS 14 le envíaba notificaciones de que TikTok estaba accediendo a información del portapapeles que provenía de Instagram. Tras hacerse viral esto, India decidió banear 59 aplicaciones chinas. El gobierno de la India declaró "Son Perjudicial para la soberanía e integridad de la India, en defensa de la India, por la seguridad del estado y el orden público". Algunas de las apps son: TikTok Baidu Map Shein Virus Cleaner WeChat Weibo My Video Call - Xiaomi WeSync Cam Scanner Wonder Camera Photo Wonder Baidu translate
3Eye joins Rick Remes and Steve Flowers for a conversation about mobile threat defense, how critical it is for organizations and individuals to be prepared, and then a live demo of a phishing attack and a man in the middle attack.Hosted by: Reid Estreicher, Director of Solutions Engineering, 3Eye TechnologiesGuests: Greg Waddell, Partner Manager, 3Eye TechnologiesRick Remes, Senior Director of Worldwide Channels, ZimperiumSteve Flowers, Presales Engineer, Zimperium
丽莎老师讲机器人之人工智能在网络安全中的作用和可能的产品选择欢迎收听丽莎老师讲机器人,想要孩子参加机器人竞赛、创意编程、创客竞赛的辅导,找丽莎老师!欢迎添加微信号:153 5359 2068,或搜索钉钉群:31532843。越来越多的企业采用人工智能技术,为他们在现代IT环境中的安全工作提供帮助。数据、设备、处理能力、算法和网络系统的指数级增长,也伴随着新的风险和漏洞。面对这一现实,很多企业已经意识到,仅仅采取被动措施是不够的;它们不仅必须扩展和自动化威胁应对计划,还必须制定积极的措施。人工智能的功能是由一系列的技术支持的,比如机器学习、深度学习、计算机视觉和自然语言处理,以检测模式并作出推论。在网络安全领域,人工智能在网络安全中的作用是识别用户、数据、设备、系统和网络行为模式,并区分异常和正常。它还帮助管理员分析大量数据,调查新类型威胁,以及更快地响应和应对威胁。根据调研机构对网络安全市场和供应商的研究和分析,以下是六个常见的使用案例1.安全分析师和加强安全运营中心(SOC)人工智能在网络安全中最常见的用例之一是对分析师的支持。毕竟,人工智能不太可能取代有经验的安全分析师。在机器擅长的领域,例如,分析大数据、消除人员疲劳并使其摆脱繁琐的任务,这样他们就可以利用更加复杂的技能(例如创造力、细微差别和专业知识)来增强人们的能力。在某些情况下,分析人员扩充涉及将预测分析合并到安全运营中心(SOC)工作流中,以进行分类或查询大数据集。Darktrace公司的Cyber?? AI Analyst是一个软件程序,通过只显示高优先级事件来支持分析师。同时,它查询海量数据并在整个网络中枢收集调查背景,进行调查并整理低优先级案件。通过分析Darktrace的分析师如何调查警报,来训练在数千个部署中开发的数据集,Cyber?? AI Analyst使用多种机器学习、深度学习和数学技术来处理n维数据,以机器速度生成数千个查询,并进行调查所有并行威胁。2.新的攻击识别尽管恶意软件或其他类型的威胁检测已经存在了很多年,通常是将可疑代码与基于签名的系统相匹配,但人工智能现在正在将技术转向推断,以预测新的攻击类型。通过分析大量的数据、事件类型、来源和结果,人工智能技术能够识别新的攻击形式和类型。这一点非常关键,因为攻击技术会随着其他技术的进步而不断发展。FireEye公司在其MalwareGuard产品中提供了一种新的攻击识别示例。它使用机器学习算法来发现新的、变形的或高级的攻击,其中签名尚未被创建或尚未存在。其引擎利用了私人和公共数据源,其中包括大约1700万个部署的端点安全代理、基于超过100万个攻击响应小时的攻击分析,以及通过全球和多语种安全分析网络收集的情报。3.行为分析和风险评分行为分析技术已经在一些不那么关键的领域(比如广告领域)中率先出现,现在正朝着身份认证和反欺诈的关键用例发展。在这里,人工智能算法挖掘大量的用户和设备行为模式、地理位置、登录参数、传感器数据以及大量数据集,以获得用户真实身份。万事达卡公司的NuData Security是一个利用多因素大数据分析来评估风险,并为端点和用户安全性开发每个事件的动态配置文件的平台。该公司使用机器和深度学习来分析四个领域:(1)行为数据:浏览器类型、流量变化、浏览速度和页面停留时间。(2)被动生物识别技术:用户的键入速度、设备角度、击键和压力。(3)设备智能:特定设备的已知连接与新连接、位置和网络交互。(4)行为信任联盟:万事达卡(Mastercard)的大数据存储库,可在人口级别分析数十亿个数据点。4.基于用户的威胁检测从内部威胁到特权滥用和管理滥用再到黑客,人类是网络风险的重要而多样的载体。因此,人工智能技术应运而生,以检测用户在IT环境中的交互方式的变化,并描述他们在攻击环境中的行为特征。LogRhythm公司正在使用其下一代SIEM平台CloudAI来进行基于用户的威胁检测。具体来说,该公司将不同的用户帐户(VPN、工作电子邮件、个人云存储)以及相关的标识符(例如用户名和电子邮件地址)映射到实际用户的身份,以建立全面的行为基准和用户配置文件。此外,CloudAI旨在随着时间的推移而发展,以用于当前和将来的威胁检测。分析师在正常的调查过程中对系统进行培训,并从整个平台的扩展客户群中收集数据以进行威胁培训。CloudAI还可以配置模型以通过连续调整进行自我修复,而无需人工干预。Vectra AI公司通过分析攻击生命周期对这种用例采用了差异化的方法。使用大约60种机器学习模型来分析攻击者在攻击生命周期中可能执行的所有行为,其中包括远程访问工具、隐藏通道、后门、侦察工具,凭证滥用和过滤。该公司声称,其Cognito平台颠覆了传统的基于用户的威胁检测方法,为防御者提供了多种机会来检测攻击者。5.跨端点终止链的设备上检测移动设备在企业中的兴起,开启了网络安全威胁的新时代,改变了端点安全的本质。企业通常管理传统的端点,比如笔记本电脑,而现在的移动“系统管理员”是最终用户。无论是员工、消费者还是黑客,都会采用下载、应用程序、通信渠道和网络交互等服务。此外,应用程序通常都在自己的容器中,这限制了传统的补丁管理。这种根本不同的配置意味着,攻击者的目标是通过提供根访问漏洞来持久化,从而危害整个设备,同时有效地避开企业网络。因此,移动端点保护必须保护整个杀伤链——从仿冒应用程序或网络的钓鱼尝试到各种不同的恶意攻击类型。在这里,管理员将机器学习应用于每个攻击向量,而不是为每个攻击向量部署不同的检测系统,以便预测任何给定点交互威胁系统接管的可能性。Zimperium公司是一家专门从事移动终端安全的公司,它使用机器学习在整个移动杀伤链中提供设备上检测,监控所有恶意软件、网络钓鱼、设备、应用程序和网络交互。虽然目前没有在设备上运行机器学习模型,但Zimperium在通过基于云计算的深度学习技术派生的设备上部署了基于机器学习的检测技术,在7000万多台设备上使用,它监控来自所有恶意软件、网络钓鱼、设备、应用程序、网络交互的所有矢量的匿名数据,使用云计算技术分析特定的攻击路径,识别来自信号的噪声,运行测试场景,并部署分类器以改进逻辑和算法,然后应用于设备上检测。这个循环对于在当前和新的威胁类型(贯穿整个杀伤链)攻击或实现持久接管之前进行检测至关重要。6.断开连接的环境中的主动安全性随着数据和设备渗透到物理世界,保护和减少平均检测和响应时间的能力成为连接和计算能力的问题。越来越复杂的技术基础设施意味着对其运营的安全性和效率的更大需求,这些基础设施可以在航空、能源、国防和海事等关键任务环境中实现数据价值。在这些环境中,计算密集度更高的人工智能应用程序仍处于萌芽状态,但新技术不断涌现,可以通过本地支持促进基于机器学习的脚本、文件、文档和恶意软件分析的安全性。SparkCognition公司自称是一家人工智能公司,而不是一家安全公司,该公司支持在断开连接的环境中使用的应用程序。当地911调度中心采用其应用程序管理其托管的敏感信息。SparkCognition公司的DeepArmor通过现场管理控制台运行。具体来说,DeepArmor使用机器学习对大约20,000个独特文件功能进行静态文件分析,以确定在几秒钟内恶意活动的可能性。尽管管理人员必须在这些环境中人工执行模型更新,但DeepArmor没有签名要求,这意味着它不需要每日签名扫描。人工智能在网络安全中的作用正在扩大当然,还有其他一些规模较小的用例可用于将机器学习和深度学习应用于网络安全需求,其中包括以下内容:大数据查询的生成和分析威胁扩散和扩散检测自主响应代理合并和跨其他安全工具的部署威胁阻止自动化恶意软件分类攻击分类(未知、内部、持续)假阳性减少产品自我修复机器数据理解(超过800种不同的设备类型)加密的流量分析政策合规性分析网络风险保险增强网络风险尽职调查(合并和收购前)尽管机器学习具有很大的潜力,但它并不是灵丹妙药,它只是一种工具。人工智能取决于数据的质量,而在安全性方面,这不仅仅意味着大数据,还意味着多语言的实时数据,最重要的是良好的数据。它的成功需要安全专家和数据科学家之间的合作。尽管有很高的营销要求,但现实情况是,企业安全环境是巨大的、动态的网络,管理人员必须根据持续的、不可预测的、内部和外部的威胁向量不断地监视、审计和更新。人工智能在检测、调查和应对威胁的能力方面引入了各种增强功能,但它是人员与技术的结合,能够在不断发展的安全环境中真正管理全方位的威胁。
丽莎老师讲机器人之人工智能在网络安全中的作用和可能的产品选择欢迎收听丽莎老师讲机器人,想要孩子参加机器人竞赛、创意编程、创客竞赛的辅导,找丽莎老师!欢迎添加微信号:153 5359 2068,或搜索钉钉群:31532843。越来越多的企业采用人工智能技术,为他们在现代IT环境中的安全工作提供帮助。数据、设备、处理能力、算法和网络系统的指数级增长,也伴随着新的风险和漏洞。面对这一现实,很多企业已经意识到,仅仅采取被动措施是不够的;它们不仅必须扩展和自动化威胁应对计划,还必须制定积极的措施。人工智能的功能是由一系列的技术支持的,比如机器学习、深度学习、计算机视觉和自然语言处理,以检测模式并作出推论。在网络安全领域,人工智能在网络安全中的作用是识别用户、数据、设备、系统和网络行为模式,并区分异常和正常。它还帮助管理员分析大量数据,调查新类型威胁,以及更快地响应和应对威胁。根据调研机构对网络安全市场和供应商的研究和分析,以下是六个常见的使用案例1.安全分析师和加强安全运营中心(SOC)人工智能在网络安全中最常见的用例之一是对分析师的支持。毕竟,人工智能不太可能取代有经验的安全分析师。在机器擅长的领域,例如,分析大数据、消除人员疲劳并使其摆脱繁琐的任务,这样他们就可以利用更加复杂的技能(例如创造力、细微差别和专业知识)来增强人们的能力。在某些情况下,分析人员扩充涉及将预测分析合并到安全运营中心(SOC)工作流中,以进行分类或查询大数据集。Darktrace公司的Cyber?? AI Analyst是一个软件程序,通过只显示高优先级事件来支持分析师。同时,它查询海量数据并在整个网络中枢收集调查背景,进行调查并整理低优先级案件。通过分析Darktrace的分析师如何调查警报,来训练在数千个部署中开发的数据集,Cyber?? AI Analyst使用多种机器学习、深度学习和数学技术来处理n维数据,以机器速度生成数千个查询,并进行调查所有并行威胁。2.新的攻击识别尽管恶意软件或其他类型的威胁检测已经存在了很多年,通常是将可疑代码与基于签名的系统相匹配,但人工智能现在正在将技术转向推断,以预测新的攻击类型。通过分析大量的数据、事件类型、来源和结果,人工智能技术能够识别新的攻击形式和类型。这一点非常关键,因为攻击技术会随着其他技术的进步而不断发展。FireEye公司在其MalwareGuard产品中提供了一种新的攻击识别示例。它使用机器学习算法来发现新的、变形的或高级的攻击,其中签名尚未被创建或尚未存在。其引擎利用了私人和公共数据源,其中包括大约1700万个部署的端点安全代理、基于超过100万个攻击响应小时的攻击分析,以及通过全球和多语种安全分析网络收集的情报。3.行为分析和风险评分行为分析技术已经在一些不那么关键的领域(比如广告领域)中率先出现,现在正朝着身份认证和反欺诈的关键用例发展。在这里,人工智能算法挖掘大量的用户和设备行为模式、地理位置、登录参数、传感器数据以及大量数据集,以获得用户真实身份。万事达卡公司的NuData Security是一个利用多因素大数据分析来评估风险,并为端点和用户安全性开发每个事件的动态配置文件的平台。该公司使用机器和深度学习来分析四个领域:(1)行为数据:浏览器类型、流量变化、浏览速度和页面停留时间。(2)被动生物识别技术:用户的键入速度、设备角度、击键和压力。(3)设备智能:特定设备的已知连接与新连接、位置和网络交互。(4)行为信任联盟:万事达卡(Mastercard)的大数据存储库,可在人口级别分析数十亿个数据点。4.基于用户的威胁检测从内部威胁到特权滥用和管理滥用再到黑客,人类是网络风险的重要而多样的载体。因此,人工智能技术应运而生,以检测用户在IT环境中的交互方式的变化,并描述他们在攻击环境中的行为特征。LogRhythm公司正在使用其下一代SIEM平台CloudAI来进行基于用户的威胁检测。具体来说,该公司将不同的用户帐户(VPN、工作电子邮件、个人云存储)以及相关的标识符(例如用户名和电子邮件地址)映射到实际用户的身份,以建立全面的行为基准和用户配置文件。此外,CloudAI旨在随着时间的推移而发展,以用于当前和将来的威胁检测。分析师在正常的调查过程中对系统进行培训,并从整个平台的扩展客户群中收集数据以进行威胁培训。CloudAI还可以配置模型以通过连续调整进行自我修复,而无需人工干预。Vectra AI公司通过分析攻击生命周期对这种用例采用了差异化的方法。使用大约60种机器学习模型来分析攻击者在攻击生命周期中可能执行的所有行为,其中包括远程访问工具、隐藏通道、后门、侦察工具,凭证滥用和过滤。该公司声称,其Cognito平台颠覆了传统的基于用户的威胁检测方法,为防御者提供了多种机会来检测攻击者。5.跨端点终止链的设备上检测移动设备在企业中的兴起,开启了网络安全威胁的新时代,改变了端点安全的本质。企业通常管理传统的端点,比如笔记本电脑,而现在的移动“系统管理员”是最终用户。无论是员工、消费者还是黑客,都会采用下载、应用程序、通信渠道和网络交互等服务。此外,应用程序通常都在自己的容器中,这限制了传统的补丁管理。这种根本不同的配置意味着,攻击者的目标是通过提供根访问漏洞来持久化,从而危害整个设备,同时有效地避开企业网络。因此,移动端点保护必须保护整个杀伤链——从仿冒应用程序或网络的钓鱼尝试到各种不同的恶意攻击类型。在这里,管理员将机器学习应用于每个攻击向量,而不是为每个攻击向量部署不同的检测系统,以便预测任何给定点交互威胁系统接管的可能性。Zimperium公司是一家专门从事移动终端安全的公司,它使用机器学习在整个移动杀伤链中提供设备上检测,监控所有恶意软件、网络钓鱼、设备、应用程序和网络交互。虽然目前没有在设备上运行机器学习模型,但Zimperium在通过基于云计算的深度学习技术派生的设备上部署了基于机器学习的检测技术,在7000万多台设备上使用,它监控来自所有恶意软件、网络钓鱼、设备、应用程序、网络交互的所有矢量的匿名数据,使用云计算技术分析特定的攻击路径,识别来自信号的噪声,运行测试场景,并部署分类器以改进逻辑和算法,然后应用于设备上检测。这个循环对于在当前和新的威胁类型(贯穿整个杀伤链)攻击或实现持久接管之前进行检测至关重要。6.断开连接的环境中的主动安全性随着数据和设备渗透到物理世界,保护和减少平均检测和响应时间的能力成为连接和计算能力的问题。越来越复杂的技术基础设施意味着对其运营的安全性和效率的更大需求,这些基础设施可以在航空、能源、国防和海事等关键任务环境中实现数据价值。在这些环境中,计算密集度更高的人工智能应用程序仍处于萌芽状态,但新技术不断涌现,可以通过本地支持促进基于机器学习的脚本、文件、文档和恶意软件分析的安全性。SparkCognition公司自称是一家人工智能公司,而不是一家安全公司,该公司支持在断开连接的环境中使用的应用程序。当地911调度中心采用其应用程序管理其托管的敏感信息。SparkCognition公司的DeepArmor通过现场管理控制台运行。具体来说,DeepArmor使用机器学习对大约20,000个独特文件功能进行静态文件分析,以确定在几秒钟内恶意活动的可能性。尽管管理人员必须在这些环境中人工执行模型更新,但DeepArmor没有签名要求,这意味着它不需要每日签名扫描。人工智能在网络安全中的作用正在扩大当然,还有其他一些规模较小的用例可用于将机器学习和深度学习应用于网络安全需求,其中包括以下内容:大数据查询的生成和分析威胁扩散和扩散检测自主响应代理合并和跨其他安全工具的部署威胁阻止自动化恶意软件分类攻击分类(未知、内部、持续)假阳性减少产品自我修复机器数据理解(超过800种不同的设备类型)加密的流量分析政策合规性分析网络风险保险增强网络风险尽职调查(合并和收购前)尽管机器学习具有很大的潜力,但它并不是灵丹妙药,它只是一种工具。人工智能取决于数据的质量,而在安全性方面,这不仅仅意味着大数据,还意味着多语言的实时数据,最重要的是良好的数据。它的成功需要安全专家和数据科学家之间的合作。尽管有很高的营销要求,但现实情况是,企业安全环境是巨大的、动态的网络,管理人员必须根据持续的、不可预测的、内部和外部的威胁向量不断地监视、审计和更新。人工智能在检测、调查和应对威胁的能力方面引入了各种增强功能,但它是人员与技术的结合,能够在不断发展的安全环境中真正管理全方位的威胁。
In this episode, Scott King talks about: How does Zimperium leverage AI in their product What should marketing and sales leaders be thinking about What technologies are changing the space right now
This week, we talk Enterprise News, to talk about How to Create Easy and Open Integrations with VMRays REST API, Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR, PacketViper Deception360 now available for Microsoft Azure, Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, and Say Goodbye to Windows Server 2008 and Hello to Azure?! In our second segment, we welcome Mark Orlando, Founder, and CEO of Bionic, to discuss Outdated Defense Approaches and the need to revisit traditional thinking about security operations in the Enterprise! In our final segment, we welcome Ward Cobleigh, Product Line Manager at VIAVI Solutions, to discuss VISA Security Alerts - What we can learn, and what we can do! Show Notes: https://wiki.securityweekly.com/ESWEpisode168 To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about How to Create Easy and Open Integrations with VMRays REST API, Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR, PacketViper Deception360 now available for Microsoft Azure, Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, and Say Goodbye to Windows Server 2008 and Hello to Azure?! In our second segment, we welcome Mark Orlando, Founder, and CEO of Bionic, to discuss Outdated Defense Approaches and the need to revisit traditional thinking about security operations in the Enterprise! In our final segment, we welcome Ward Cobleigh, Product Line Manager at VIAVI Solutions, to discuss VISA Security Alerts - What we can learn, and what we can do! Show Notes: https://wiki.securityweekly.com/ESWEpisode168 To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management! Show Notes: https://wiki.securityweekly.com/ESWEpisode166 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management! Show Notes: https://wiki.securityweekly.com/ESWEpisode166 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In the Enterprise News, we talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
In the Enterprise News, we talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
James T Keating, Vice President of Product Strategy at Zimperium based in the United States, participates in Risk Roundup to discuss “The Weaponization of Wi-Fi.” The Weaponization of Wi-Fi Over the years, the fear of the potential misuse of wireless technologies as a covert weapon system is becoming very real. The reason behind that is […] The post The Weaponization Of Wi-Fi appeared first on Risk Group.
Google steps up support for older Chromebooks, Microsoft Edge is coming to Linux, and the App Defense Alliance teams up to fight Android malware. Plus Google Cardboard goes open source, and a neat machine-learning tool to pull songs apart. Special Guest: Wes Payne.
Google steps up support for older Chromebooks, Microsoft Edge is coming to Linux, and the App Defense Alliance teams up to fight Android malware. Plus Google Cardboard goes open source, and a neat machine-learning tool to pull songs apart. Special Guest: Wes Payne.
Google steps up support for older Chromebooks, Microsoft Edge is coming to Linux, and the App Defense Alliance teams up to fight Android malware. Plus Google Cardboard goes open source, and a neat machine-learning tool to pull songs apart. Special Guest: Wes Payne.
Google joins forces to better protect Android from malware, Yubico announces its first security key with a fingerprint reader, Microsoft starts shipping HoloLens 2, and Google takes Cardboard VR open source.
Kevin David Mitnick. Some call him The Condor or The Darkside Hacker. For me, he’s a hacker who got “famous.” Today, Mitnick is the head of a security consulting firm - Mitnick Security Consulting, LLC - and is the Chief Hacking Officer of KnowBe4. KnowBe4 is a security awareness training company. He’s also on the advisory board of Zimperium which is a firm that is developing mobile intrusion prevention systems. He is atoning for his pas actions, which to say the least were nothing but nefarious. Before delving into computers, Mitnick was growing a passion for social engineering. Ultimately this was what he decided to study but used social engineering in a number of occasions. The most notable time was when he was 16 and gained unauthorized access to a computer network in 1979. The company he infiltrated was Digital Equipment Corp. After that, Mitnick was on the run for several years until he was caught and convicted for the crime in 1988. At the time he was sentenced to a year in prison and had three years of supervised release. However near the end of that three year period Mitnick hacked into Pacific Bell’s voice mail computers. After a warrant was issued, Mitnick fled and was a fugitive for two and a half years. Mitnick was captured again by 1995 which started a string of events where Mitnick was treated poorly. The whole process sparked a campaign from people called FreeKevin. Supporters were also given bumper stickers to raise awareness of it. A documentary also emerged talking about Mitnick and his story. It’s called Freedom Downtime. Mitnick also published a book in 2003 called The Art of Deception which explained in detail his intentions and his experiences. What we can learn from Mitnick is that not all hacking is bad and not all hackers are bad people. After Mitnick has been released, he has worked with companies to improve security and he’s published three other books since 2003. Those books and the controversy revolving around his life in prison are what makes him famous. And considering his skills, it’s nice to have a hacker on our side and to help protect us against the various cybersecurity threats.
This week, the cybersecurity world turned on a popluar video conferencing app, more home security services are being attacked, and we have what we believe to be the first compliance unicorn. In our interview we talk to JP Keating from Zimperium about the security around mobile banking apps.
The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi's popular M365 scooter model has a worrying bug. The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking.
In today's podcast we hear about a possible Charming Kitten sighting. Phishing in Tibet shows just how successful cheap skid labor can be. Cisco patches a serious flaw in VPN products. Fitness app Strava says it will work to close privacy holes. Experts say you're just a tap away from giving yourself away, and it's not just Strava, not by a long shot. South Korea considers how cryptocurrency might be regulated. The US SEC shuts down an allegedly fraudulent ICO. Yossi Oren from BGU on insecure mobile device cases. Guest is JT Keating from Zimperium on the effects of Meltdown and Spectre on mobile devices. And what do you call an ICO that steals the price of a cheap seat?
For those of you unfamiliar with "THE" Scott King – he is a life-long sales and marketing man who has sold bicycles, food, hardware, software and services. His career has helped him develop strengths to communicate with all types of people and to portray value propositions based on each role at each stage of the purchasing process. Scott falls into the master connector category bringing together leading marketers and addressing the challenges and latest and greatest things happenings within the marketing community. He has worked at ITKO, CA Technologies and Zimperium always with the focus of gaining customers and better marketing to them. Scott resides in Dallas, Texas – and will often employ his kids to handle the dirty work of his popular CMO Podcast show.
DTEK60 aka Argon popped up on a do not publish page on BlackBerry's website this past week revealing all aspects of the specifications, dimensions and build of this purported successor to the DTEK50 launched just last month. BlackBerry has partnered with Zimperium, a startup that found a critical Android exploit last year, to provide mobile threat detection to government and enterprise customers through Good Dynamics & BES12. With BlackBerry Q2 2017 fiscal results just three days away a big sale on ShopBlackBerry has devices seeing nice discounts. Lastly, BlackBerry Radar has named its first partner in Canada, Caravan Transport Group. Blog: https://berryflow.com/2016/09/upstream-117-argon/ Aired September 25th, 2016 - Join BerryFlow on social media - YouTube: http://www.youtube.com/user/BBRYFLOW Twitter: https://twitter.com/bbryflow Instagram: https://www.instagram.com/bbryflow/ Facebook: https://www.facebook.com/bbryflow RSS: http://berryflow.com/feed/ Google+: http://www.google.com/+Berryflow Soundcloud: https://soundcloud.com/berryflowupstream
In today's Daily Podcast we hear about the ongoing story of the MedStar Health hack, which anonymous sources say was ransomware. The incident remains under investigation. We hear about ransomware's evolution. Big Law finds itself in the crosshairs of a Russian (or Ukrainian?) cyber gang. The Justice Department hints at more litigation over decryption. We talk to the University of Maryland's Markus Rauschecker about the NIST Framework, and we finish our conversation with Zimperium about their successful experience integrating their mobile security solution with a big telecom's services.
In today's Daily Podcast we hear about yesterday's apparent hack of MedStar Health—possibly ransomware, but that's still unconfirmed. FireEye warns that legacy point-of-sale systems are under increasing attack. Kaspersky says Turla spyware is using satellite connections to work around C2 server takedowns. The FBI says its succeeded in cracking that jihadi's iPhone. We talk to Accenture's Malek Ben Salem on healthcare cyber security, and we hear from Zimperium about their successful experience integrating their mobile security solution with a big telecom's services.
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Joshua-Drake-Stagefright-Scary-Code-in-the-Heart-of-Android-UPDATED.pdf Stagefright: Scary Code in the Heart of Android Joshua J. Drake Sr. Director of Platform Research and Exploitation, Zimperium With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best -- arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code. This presentation centers around the speaker's experience researching a particularly scary area of Android, the Stagefright multimedia framework. By limiting his focus to a relatively small area of code that's critically exposed on 95% of devices, Joshua discovered a multitude of implementation issues with impacts ranging from unassisted remote code execution down to simple denial of service. Apart from a full explanation of these vulnerabilities, this presentation also discusses; techniques used for discovery, Android OS internals, and the disclosure process. Finally, proof-of-concept code will be demonstrated. After attending this presentation, you will understand how to discover vulnerabilities in Android more effectively. Joshua will show you why this particular code is so scary, what has been done to help improve the overall security of the Android operating system, and what challenges lie ahead. Joshua J. Drake is the Sr. Director of Platform Research and Exploitation at Zimperium and lead author of the Android Hacker's Handbook. Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience auditing and exploiting a wide range of application and operating system software with a focus on Android since early 2012. In prior roles, he served at Metasploit and VeriSign’s iDefense Labs. Joshua previously spoke at BlackHat, RSA, CanSecWest, REcon, Ruxcon/Breakpoint, Toorcon, and DerbyCon. Other notable accomplishments include exploiting Oracle's JVM for a win at Pwn2Own 2013, successfully compromising the Android browser via NFC with Georg Wicherski at BlackHat USA 2012, and winning the DEF CON 18 CTF with the ACME Pharm team in 2010. Twitter: @jduck