[subscription channel 711]Best Security podcasts (updated July 3, 2015). Latest news, interviews and information.
Exclusive, insightful audio interviews by our staff with info risk/security leading practitioners and thought-leaders
Podcast by Sophos Security
Risky Business primary podcast.
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Co-sponsored by Cigital and IEEE Security & Privacy.
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people's choice award for best Technology/Science podcast. Records live at http://live.twit.tv/ every Tuesday at 1:30pm PT/4:30pm ET.
Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the often insane world of information security. Bringing colorful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.
An in-depth look at computer security from the insides out. Assuming no computer science background we build you from the fundamentals up to being able to deal with current issues in computer security. We're two guys, one with a comprehensive computer security background and the other is here to keep him from jumping too far into the deep end.
Join Andy Willingham, Martin Fisher, and Steve Ragan as they discuss information security, news, and interview interesting folks. They focus on the operational and leadership aspects of information security using a distinctly southern viewpoint.
The CyberJungle is the nation's first news talk show on security, privacy and the law.
The Standard Deviant Security Podcast is a bi-weekly show that takes an in-depth look at the people behind the cyber security stories you hear in the news. Each episode cuts through the noise and hype to deliver compelling and entertaining interviews with people that are challenging the status quo. Hosted by Tony Martin-Vegue -- www.thestandarddeviant.com
The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.
Crypto-Gram is a free monthly e-mail newsletter from security expert Bruce Schneier, with over 100,000 readers. Each issue is filled with interesting commentary, pointed critique, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news. This is the audio version of the Crypto-Gram Newsletter, and is read by Dan Henage.
The Liquidmatrix Security Digest Podcast - Information Security News and Commentary from Professionals.
Security Insider is your resource for information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
Are you ready to ignite your information security career? Well, then buckle up, put on your tin foil hat and get ready for Hackers on Fire! Join your host, cybersecurity veteran Glen Roberts, as he interviews information security professionals about getting into infosec, recommendations for advancing within the cyber security profession and priceless, career-accelerating hacker advice. Information security career development podcast. If you like Black Hat, Defcon, Security Now, Security Weekly, Hak5, Hacker Public Radio and cyber security in general-you will also enjoy Hackers on Fire. You can also listen to the podcast and even download the mp3's at www.HackersOnFire.com.
In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be.
SecuraBit is an information security podcast that features some of the biggest names in the industry who come on to talk to us about what they're up to. We also engage in both light and heavy discussion on the latest news and goings on in the community. We aren't intended to be an authoritative source of information if you're writing a paper for some infoseec class inc ollege. Our goal is to bring the community closer together and to help people understand who the movers and shakers are in the industry, as well as to entertain and have fun! We are: Anthony Garther, Chris Gerling, Chris Mills, Jason Mueller, Andrew Borel, and more folks behind the scenes who help us be unique! Please visit our website at http://www.securabit.com and send questions/comments to email@example.com. You can also find us in IRC at irc.freenode.net #securabit and follow us on twitter at @securabit. Thanks!!
Eurotrash Security Podcast is a European focused information security podcast designed as a counterpoint to the myriad of North American infoSec podcasts present in the industry. Eurotrash is a technical podcast with a casual atmosphere (and often a tint of the NSFW). ** Several episodes are missing from the listing here due to copyright reasons. These can be access using the "Old Skool Eurotrash Episodes" link
Covering Tenable's Unified Security Monitoring products including Nessus & Security Center. We also discuss the latest security news and vulnerabilities, in addition to interviewing some of the industry's finest.
This is where you can listen to the ideas and opinions of Michael Farnum and Jim Broome about information security, geek toys, security consulting, and other great topics.
Join Sophos experts John Shier and Paul Ducklin for the latest episode of our weekly security podcast, the Chet Chat. News you can use!
This week's feature interview is a bit left of field With all the talk about plane hacking flying around over the last couple of months (zing) I thought it might be an idea to talk to an actual airliner pilot. So this week we're joined by an Australian Airbus pilot. He works for an Asian airline but he was in Australia recently and I caught up with him to ask him for his thoughts on the topic. read more
edentials http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdmMultiple Fibercuts in California Caused by Vandalism http://www.usatoday.com/story/tech/2015/06/30/california-internet-outage/29521335/Windows 10 Wi-Fi Sense Feature http://www.windowsphone.com/en-us/how-to/wp8/connectivity/use-wi-fi-sense-to-get-connectedRIPv2 Ued For Reflective DDoS Attacks http://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-ripv1-reflection-ddos.html
Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security. He is the inventor of both the proxy firewall and early-advanced intrusion systems. Gary and Marcus discuss the current state of software security, firewalls, de-perimeterization, and hackers. Marcus also shares how he stays on the cutting edge of security and who his biggest influences are. Gary closes the show with an unexpected “dirty, brilliant trick.” Marcus Ranum’s website Episode 3: Marcus Ranum 6 Dumbest Things in Computer Security’
Adobe issues an emergency out-of-cycle patch for FLASH, an update to Google's Chrome browser unnerves some, an AM radio that steals nearby Crypto keys, a truly fabulous site of privacy tools, and a look at recent research into improving the privacy delivered to users of the Tor network. Download or subscribe to this show at twit.tv/sn. We invite you to read our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)
How Malware Campaigns Employ Google Redirects and Google Analytics https://isc.sans.edu/forums/diary/How+Malware+Campaigns+Employ+Google+Redirects+and+Analytics/19843/Apple Patches https://support.apple.com/en-us/HT201222Amazon Releases OpenSSL Alternative http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-New-Open-Source-TLS-Implementation
http://www.databreaches.net/fbi-cyber-division-bulletin-on-tools-reportedly-used-by-opm-hackers/ https://fortune.com/sony-hack-part-1/ http://www.csoonline.com/article/2938310/data-protection/lieberman-mandiant-and-verizon-wrong-on-unstoppable-threats.html http://www.itworld.com/article/2939255/windows/the-us-navys-warfare-systems-command-just-paid-millions-to-stay-on-windows-xp.html
Powershell: Software Inventory https://isc.sans.edu/forums/diary/The+Powershell+Diaries+2+Software+Inventory/19851/Leap Second https://hpiers.obspm.fr/eoppc/bul/bulc/bulletinc.49 https://access.redhat.com/articles/15145Sophos Update Kills Citrix http://www.theregister.co.uk/2015/06/29/sophos_update_glitch/ARIN Expects to Run out of IPv4 This Week http://teamarin.net/category/ipv4-depletion/
In this episode With me gone, James and Michael run feral! It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June) http://www.information-age.com/technology/security/123459699/top-3-security-priorities-cios-2015 Boils down to: patch faster, improve credentials, code better Is this the right list? It mentioned side-stepping cloud and mobility. What if migrating to the cloud offers the opportunity to not worry about patching or code, and improve your credentials? Someone pointed out to me that this matches the OPM hack; perhaps this is just content driven from that? Does that make it more or less valid? Let us know… #DTSR Cybersecurity tops advisors's compliance worries: poll http://www.thinkadvisor.com/2015/06/24/cybersecurity-tops-advisors-compliance-worries-pol More people concerned. This directly undercuts the notion that people don’t care. They do care. They care about their money. The advisors entrusted with their money care. People care. The question for...
Windows 2003 EOL in July - Status of Windows XP https://isc.sans.edu/forums/diary/Is+Windows+XP+still+around+in+your+Network+a+year+after+Support+Ended/19845/Eicar Test File https://isc.sans.edu/forums/diary/The+EICAR+Test+File/19847/XEN 4.5.1 fixes PCNET VM Escape http://www.xenproject.org/downloads/xen-archives/xen-45-series/xen-451.htmlRecent Vulnerabilty in Magento E-Commerce Platform Exploited https://blog.sucuri.net/2015/06/magento-platform-targeted-by-credit-card-scrapers.html
EP035 Legal Wiretapping First off: No. We didn’t call the whole show off after Rob Fuller’s interview. Although we thought we’d reached a pinnacle there we quickly realized that the information security news and infotech problems are still going so we might as well too. In reality we had an unfortunate series of health and scheduling delays. So the latest episode of course has to cover some of the changes growth and movement since our last podcast which we cover with aplomb! Eventually we get to brand new content! The content this episode is legal wiretapping! the USA PATRIOT Act has elapsed and been replaced with the USA FREEDOM Act which we look at and clear up a bit of the differences and changes that entails. While the US has actually moved away from unwarranted wiretapping search and surveillance Canada is moving TOWARDS it? That’s right. C-51 is Canada’s version of the USA PATRIOT Act. Allowing for wiretapping all over the place. As Canadians we will talk a little about that too...
Cisco Patches Default SSH Key Vulnerability https://isc.sans.edu/forums/diary/Cisco+default+credentials+again/19839/Exploiting Cookie/Get Parameter Confusion in Web Applicationshttps://isc.sans.edu/forums/diary/Web+security+subtleties+and+exploitation+of+combined+vulnerabilities/19837/ESET Nod32 Antirvirus Remote Code Executionhttp://googleprojectzero.blogspot.com/2015/06/analysis-and-exploitation-of-eset.htmlSamsung Statement about Disabling Windows Update (see end of article)http://bsodanalysis.blogspot.ca/2015/06/samsung-deliberately-disabling-windows.htmlAngularJS Expression Security Internalshttp://www.veracode.com/blog/2015/06/angularjs-expression-security-internals
Join Sophos security experts Chester Wisniewski and Paul Ducklin in the latest episode of our Chet Chat security podcast. This week: US Navy keeps XP alive, Apple gets CORED, Android starts bug bounties, Drupal needs a patch, and alleged megacarder Ercan Findikoglu *will* be extradited from Germany to the US after all.
In this week's feature interview we chat with Richard Beijtlich. He serves as the chief security strategist at FireEye. He's a nonresident fellow with the Brookings Institute and he joins me this week to talk about the OPM breach, honeypots, China and Edward Snowden. This week's show is sponsored by Palo Alto Networks. This week's sponsor interview is with Ryan Olson of Palo's Threat Intelligence Unit 42 -- yes, that is a hitchhikers guide reference. He'll be joining us to discuss an APT campaign they uncovered in Asia -- it's called Lotus Blossom and it's yet another example of likely state sponsored APT activity targeting the region. Depressingly, it uses CVEs that start with 2012. Ugh. read more
Using Powershell to Audit User Accounts https://isc.sans.edu/forums/diary/The+Powershell+Diaries+Finding+Problem+User+Accounts+in+AD/19833/Wind River VXWorks TCP Predictable Initial Sequence Numbers https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01Samsung Disables Windows Update http://bsodanalysis.blogspot.in/2015/06/samsung-deliberately-disabling-windows.htmlNew Zealand Radar Outage Grounds All Planes in New Zealand http://www.radionz.co.nz/news/national/277006/hacking-largely-ruled-out-of-radar-glitchJune 30th DNSSEC Day In Germany http://www.heise.de/netze/artikel/Am-30-Juni-ist-DNSSEC-Day-2691734.html
A significant cross-application security flaw in Mac OS X and iOS, the Samsung keyboard flaw, how safe is your Lastpass master password, transmitting sensitive data to "tech-unsavvy people", and more of your questions with Steve's answers! Download or subscribe to this show at twit.tv/sn. We invite you to read our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)
Adobe Flash Player Patch https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlXOR DDOS Trojan Trouble https://isc.sans.edu/forums/diary/XOR+DDOS+Mitigation+and+Analysis/19827/More Details on LOT Attack http://www.theregister.co.uk/2015/06/23/planegrounding_airport_attack_revealed_to_be_ddos/Spiceworks Social Login Fail https://community.spiceworks.com/topic/1025099-security-issue-linkedin-and-facebook-on-spiceworks-login-screenFacebook Extending Free osquery Tool to Detect XARA Exploits https://www.facebook.com/notes/protect-the-graph/detecting-unauthorized-cross-app-resource-access-on-os-x/1619875274919284
This episode, the gang was joined by Chris Burton (@cyberhiker) to talk about the OPM breach. OPM - The Breach that Keeps on Giving: Second OPM Hack Exposed Information About Military, Intelligence Workers - Defense Onehttp://www.defenseone.com/technology/2015/06/second-opm-hack-compromised-information-military-intelligence-workers/115213/ Report: Hack of government employee records discovered by product demo | Ars Technica http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/ Carnal0wnage Attack Research Blog: Hard to Sprint When You Have Two Broken Legshttp://carnal0wnage.attackresearch.com/2015/06/hard-to-sprint-when-you-have-two-broken.html Data hacked from U.S. government dates back to 1985: U.S. official | Reutershttp://www.reuters.com/article/2015/06/06/us-cybersecurity-usa-idUSKBN0OL1V320150606?irpc=932 Brief: 4 million federal employees affected by data breach at OPM | CSO Onlinehttp://www.csoonline.com/article/2931560/data...
Large SMTP Brute Force Login Attempts http://isc.sans.edu/forums/diary/SMTP+Brute+Forcing/19823/Polish Airline Grounded After Hack http://www.reuters.com/article/2015/06/21/us-poland-lot-cybercrime-idUSKBN0P10X020150621TOR Exit Nodes "Listening In" https://chloe.re/2015/06/20/a-month-with-badonions/MOVuscater Obfuscation Tool https://github.com/xoreaxeaxeax/movfuscator/
http://www.bankinfosecurity.com/blogs/did-fisma-facilitate-opm-hack-p-1879/op-1 http://www.csoonline.com/article/2936723/data-breach/user-error-is-an-expected-business-problem.html http://www.databreachtoday.com/blogs/post-malware-outbreak-rip-replace-p-1877 http://www.csoonline.com/article/2936615/data-breach/6-breaches-lessons-reminders-and-potential-ways-to-prevent-them.html http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html
In this episode... What is the Security Advisor Alliance? We discuss some of the issues facing CISOs today Clayton gives us his perspective on how to solve some of those issues Clayton tells us about the mission of the SAA If your'e a CISO, are you signed up for the SAA Summit? Shoot Clayton an email Guest Clayton Pummill ( @cp48isme ) - https://www.linkedin.com/pub/clayton-pummill/10/32a/44a - Clayton is the executive director of the Security Advisor Alliance. He also has a storied background so I encourage you to give it a check!
Ubuntu Privilege Escalation Vulnerability Patched Last Week http://seclists.org/oss-sec/2015/q2/717Side Channel Attacks Against Crypto Keys http://www.tau.ac.il/~tromer/radioexp/Analysis of Free Proxies https://blog.haschek.at/2015-analyzing-443-free-proxiesHP Releases Details About ASLR Bypass http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/599/1/WP-Hariri-Zuckerbraun-Gorenc-Abusing_Silent_Mitigations.pdf
The Verizon Data Breach Investigations Report (DBIR) is one of the most, if not the most, widely read and well respected annual security reports in the industry. The report analyzes nearly 80,000 cyber attacks based on contributions from 70 organizations. The resultant data is staggering - and publicly available through the VERIS framework for everyone to benefit from. The DBIR team then analyzes the data for the better part of a year and comes up with a pretty amazing report. The report gives analysis on cyber attacks broken down by victim industry, method of attack, the target and many other vectors. This year the DBIR tackled the cost of a data breach. For the last decade or so the standard accepted by the industry was the Ponemon Institute's model. The latest DBIR offers a new model, one that is build on a completely different data collection method than Ponemon's.This new model ended up causing quite a bit of commotion, controversy and media attention because the conclusion is starkly...
Join Sophos security experts John Shier and Paul Ducklin as they dig into the latest security news in our weekly "Chet Chat" podcast. In this episode: the LastPass breach", "Facebook and its new-look photo privacy", "our readers react to Windows 10's rolling update model", "and the Samsung phones where an update could make your security worse!
SAP HANA Database Default Key Vulnerability http://erpscan.com/press-center/news/static-encryption-keys-as-the-latest-trend-in-sap-security/#more-8205National Vulnerability Database Vulnerable to XSS https://www.youtube.com/watch?v=dhfnUE-EQygDrupal Vulnerabilities https://www.drupal.org/SA-CORE-2015-002IPv6 Leakage in Commercial VPNS http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdfPresentation Slides: How to Contribute to the Internet Storm Center https://isc.sans.edu/presentations/ISCContributing.pdf
The podcast panel discusses ASA version 9.3(2) and new features such as the REST API, 5506-X support, configuration sessions, TLS v1.2, Smart licensing and traffic zone support.
On this week's show we chat with Dan Guido of Trail of Bits about DARPA's Cyber Grand Challenge. There was a competition round last week and he tells us all about it. read more
Apple iOS Cross Application Resource Access (XARA) https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view?usp=sharingSamsung Smartphone Keyboard Vulnerability https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/New Version of VolDiff https://github.com/aim4r/VolDiffLet's Encrypt Updated Timeline https://letsencrypt.org/2015/06/16/lets-encrypt-launch-schedule.html
Latest Dridex Malware Spam https://isc.sans.edu/forums/diary/Botnetbased+malicious+spam+seen+this+week/19807/AV Bypass Used In Recent Targeted Attacks https://isc.sans.edu/forums/diary/CVE20144114+and+an+Interesting+AV+Bypass+Technique/19809/FBI Probe into Houston Cardinals Hacking Rival Baseball Team http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html?smid%3D=tw-nytsports&_r=1Mackeeper Weakness Exploited By Malware http://baesystemsai.blogspot.ch/2015/06/new-mac-os-malware-exploits-mackeeper.html
Hosts: Steve Gibson with Leo Laporte The LastPass network breach, more bad news from the Office of Personnel Management, did China & Russia obtain and decrypt Snowden's document cache? And examining the revelations about the current state of Internet user tracking arising from Mozilla's Firefox tracking protection instrumentation. Download or subscribe to this show at twit.tv/sn. We invite you to read, add to, and amend our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly.
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)