Best Security podcasts (updated May 24, 2015). Latest news, interviews and information.
Exclusive, insightful audio interviews by our staff with info risk/security leading practitioners and thought-leaders
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Podcast by Sophos Security
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Winner of the 2009 and 2007 people's choice award for best Technology/Science podcast. Records live at http://live.twit.tv/ every Tuesday at 1:30pm PT/4:30pm ET.
Join Andy Willingham, Martin Fisher, and Steve Ragan as they discuss information security, news, and interview interesting folks. They focus on the operational and leadership aspects of information security using a distinctly southern viewpoint.
The CyberJungle is the nation's first news talk show on security, privacy and the law.
Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the often insane world of information security. Bringing colorful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.
Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
Risky Business primary podcast.
Co-sponsored by Cigital and IEEE Security & Privacy.
Crypto-Gram is a free monthly e-mail newsletter from security expert Bruce Schneier, with over 100,000 readers. Each issue is filled with interesting commentary, pointed critique, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news. This is the audio version of the Crypto-Gram Newsletter, and is read by Dan Henage.
Security Insider is your resource for information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
Are you ready to ignite your information security career? Well, then buckle up, put on your tin foil hat and get ready for Hackers on Fire! Join your host, cybersecurity veteran Glen Roberts, as he interviews information security professionals about getting into infosec, recommendations for advancing within the cyber security profession and priceless, career-accelerating hacker advice. Information security career development podcast. If you like Black Hat, Defcon, Security Now, Security Weekly, Hak5, Hacker Public Radio and cyber security in general-you will also enjoy Hackers on Fire. You can also listen to the podcast and even download the mp3's at www.HackersOnFire.com.
An in-depth look at computer security from the insides out. Assuming no computer science background we build you from the fundamentals up to being able to deal with current issues in computer security. We're two guys, one with a comprehensive computer security background and the other is here to keep him from jumping too far into the deep end.
In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be.
The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.
The Liquidmatrix Security Digest Podcast - Information Security News and Commentary from Professionals.
SecuraBit is an information security podcast that features some of the biggest names in the industry who come on to talk to us about what they're up to. We also engage in both light and heavy discussion on the latest news and goings on in the community. We aren't intended to be an authoritative source of information if you're writing a paper for some infoseec class inc ollege. Our goal is to bring the community closer together and to help people understand who the movers and shakers are in the industry, as well as to entertain and have fun! We are: Anthony Garther, Chris Gerling, Chris Mills, Jason Mueller, Andrew Borel, and more folks behind the scenes who help us be unique! Please visit our website at http://www.securabit.com and send questions/comments to email@example.com. You can also find us in IRC at irc.freenode.net #securabit and follow us on twitter at @securabit. Thanks!!
Eurotrash Security Podcast is a European focused information security podcast designed as a counterpoint to the myriad of North American infoSec podcasts present in the industry. Eurotrash is a technical podcast with a casual atmosphere (and often a tint of the NSFW). ** Several episodes are missing from the listing here due to copyright reasons. These can be access using the "Old Skool Eurotrash Episodes" link
Covering Tenable's Unified Security Monitoring products including Nessus & Security Center. We also discuss the latest security news and vulnerabilities, in addition to interviewing some of the industry's finest.
This is where you can listen to the ideas and opinions of Michael Farnum and Jim Broome about information security, geek toys, security consulting, and other great topics.
Ransomware Response Kit https://bitbucket.org/jadacyrus/ransomwareremovalkit/overviewGoogle Analysis of "Secret Questions" http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43783.pdf"Ersatz Passwords" https://www.meshekah.com/research/publications_files/tr_ersatz_passwords.pdf
Exploit Kit Delivers Necurs https://isc.sans.edu/forums/diary/Exploit+kits+delivering+Necurs/19719/Latest eFax Malspam https://isc.sans.edu/forums/diary/UpatreDyre+malspam+Subject+eFax+message+from+unknown/19713/Trojaned Version of PuTTY SSH Client http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-informationElectronic Billboard Hacking http://www.wsbtv.com/news/news/local/fbi-investigating-after-pornographic-image-appears/nmGJr/
Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast. A quarter-hour of "news you can use" - entertaining to listen to and educational to hear.
False Positive: DNS Queries for settings-win.data.microsoft.com https://isc.sans.edu/forums/diary/False+Positive+settingswindatamicrosoftcom+resolving+to+Microsoft+Blackhole+IP/19711/IoT Roundup: Apple Watch Patches and Honeypot Summary https://isc.sans.edu/forums/diary/IoT+roundup+Apple+Watch+Patches+Router+Vulnerabilities/19709/iOS 8.3 Security Guide https://www.apple.com/business/docs/iOS_Security_Guide.pdfLogjam SSL Vulnerability https://weakdh.org
Hosts: Steve Gibson with Leo Laporte Starbucks discovers the downside of convenience over security, the "Venom" vulnerability, and a look at how crooks are ransacking and stealing cars. Download or subscribe to this show at twit.tv/sn. We invite you to read, add to, and amend our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly. Running time: 2:11:35
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)
Safari URL Bar Spoofing Vulnerability https://isc.sans.edu/forums/diary/Address+spoofing+vulnerability+in+Safari+Web+Browser/19705/Social Engineering Used to Compromise Oil Companies http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-tanker-en.pdfProFTP Vulnerability Exploited http://bugs.proftpd.org/show_bug.cgi?id=4169USIS Breached via SAP Vulnerability http://seclists.org/fulldisclosure/2015/May/64IEEE Releases Guidelines to Build Security Code for Medical Devices http://cybersecurity.ieee.org/images/files/images/pdf/building-code-for-medica-device-software-security.pdfSANS Web Application Security Checklist https://www.sans.org/security-resources/posters/securing-web-application-technologies-swat-2014-60
Joseph and Steve were joined by a special guest tonight, Mr. Kevin Riggins. They tackled mafia-style shakedowns, vulnerabilities in medical equipment, and “stunt hacking.” "Breach" Extortion: http://money.cnn.com/2015/05/07/technology/tiversa-labmd-ftc/index.html ICS-CERT issues advisory for medical equipment for the first time: https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01A http://hextechsecurity.com/?p=123 "Stunt Hacking": http://aptn.ca/news/2015/05/15/hacker-told-f-b-made-plane-fly-sideways-cracking-entertainment-system/ http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/ http://idoneous-security.blogspot.com/2015/05/lessons-in-grown-up-security.html http://carnal0wnage.attackresearch.com/2015/05/normal-0-false-false-false-en-us-x-none.html Find us on Twitter: @SFSPodcast @jsokoly @SteveD3@kriggins
In this episode... Netflix launched FIDO (not that one, or that one, no the other one) Focused on automating incident response practices FIDO is an orchestration layer that automates the incident response process by evaluating, assessing and responding to malware and other detected threats. If you don't use it, at least they provide a structured framework for response and IR workflow http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html IT Chief leaves sensitive data in car- spoiler: it gets stolen Something smells like a fish market in the July heat on this story Maybe it's time to check in on YOUR off-site handling procedures? http://www.thestarpress.com/story/news/local/2015/05/10/chief-left-hard-drives-car/27083031/ Crowdstrike discovers, names "Venom" Massive security vulnerability within the floppy disk emulator in virtual machine hypervisors Even if you disable floppy disk emulation, separate bug lets you enable it This has a graphic and everything! http...
A Quick Update on VENOM (Don't panic) https://isc.sans.edu/forums/diary/VENOM+Does+it+live+up+to+the+hype/19701/New Details About Plane Hack https://regmedia.co.uk/2015/05/17/fbi_chris_roberts_search_warrant_application.pdfmSpy Hacked and Data Leackedhttp://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/McAfee Phishing Quizhttps://blogs.mcafee.com/consumer/phishing-quiz-results
http://www.computerworld.com/article/2918406/cybercrime-hacking/cybercriminals-borrow-from-apt-playbook-in-attacking-pos-vendors.html http://www.welivesecurity.com/2015/05/12/5-practical-tips-avoid-ransomware-email/ http://www.zdnet.com/article/what-causes-enterprise-data-breaches-the-terrible-complexity-and-fragility-of-our-it-systems/ http://www.computing.co.uk/ctg/news/2408602/venom-security-vulnerability-allows-hackers-to-infiltrate-networks-via-the-cloud http://arstechnica.com/security/2015/05/penn-state-severs-engineering-network-after-incredibly-serious-intrusion/
Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our no-nonsense computer security podcast.
United Airlines Announces Bug Bounty Programhttp://www.united.com/web/en-US/content/contact/bugbounty.aspxCisco Patches for Telepreence TC and TE Softwarehttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tcAPT Botnet Uses MSFT Technet Forum as C&Chttps://github.com/fireeye/iocsNo activation lock for Apple Watchhttp://www.theguardian.com/technology/2015/may/14/concerns-raised-over-apple-watch-lack-of-theft-protectionOpen Source PKI Management Softwarehttp://pki.io
On this week's show we're chatting with Dave Jorm of IIX -- International Internet Exchange. We're previewing his upcoming AusCERT talk all about software defined networking security. It's fancy tech, but there are some interesting little quirks CSOs should definitely be across. This week's show is sponsored by Senetas, big thanks to them. Senetas CTO Julian Fay is this week's sponsor guest. We talk about those horrible Open Smart Grid bugs and a few other things, that's coming up later. Adam Boileau, as usual, joins the show to discuss the week's news headlines. read more
VENOM Virtual Machine Escape http://venom.crowdstrike.comVerizon Mobile API Leaks User Data http://randywestergren.com/multiple-vulnerabilities-in-verizons-fios-mobile-api-exposing-customer-information/SAP Vulnerabilities http://www.coresecurity.com/advisories/sap-lzclzh-compression-multiple-vulnerabilitiesMrBlack Router Botnet https://www.incapsula.com/blog/ddos-botnet-soho-router.html
Hosts: Steve Gibson with Leo Laporte Appeals court rules that sweeping up Americans' data is illegal, Europe's Smart Grid crypto is dumb, SSD on-the-shelf data retention, your questions and Steve's answers! Download or subscribe to this show at twit.tv/sn. We invite you to read, add to, and amend our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly. Running time: 1:54:55
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)
Angler EK Delivers Newish Crypto Ransomwarehttps://isc.sans.edu/forums/diary/Angler+exploit+kit+pushes+new+variant+of+ransomware/19681/Recent Dridex Activityhttps://isc.sans.edu/forums/diary/Recent+Dridex+activity/19687/Microsoft Bulletinshttps://isc.sans.edu/forums/diary/May+2015+Microsoft+Patch+Tuesday+Summary/19685/Adobe Bulletinshttps://helpx.adobe.com/content/help/en/security/products/reader/apsb15-10.htmlhttps://helpx.adobe.com/content/help/en/security/products/reader/apsb15-09.html
Alienvault Vulnerability Fix http://seclists.org/fulldisclosure/2015/May/36Two Men Arrested for Selling Photobucket Hacking Tool http://www.justice.gov/opa/pr/two-men-who-breached-photobucketcom-indicted-and-arrested-conspiracy-and-fraud-relatedIOActive Releases Cyberlock Advisory http://www.ioactive.com/pdfs/IOActive_Advisory_CyberLock.pdfGPU Rootkits https://github.com/x0r1/jellyfish
In this episode... A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant today Simple things that work blocking java (externally) effectively blocking “uncategorized” sites in your forwarding proxies (not) resolving DNS internally (not) default routing to the Internet from inside canaries in the coal mine, or evil canaries Guests James Robinson ( @0xJames ) - https://www.linkedin.com/in/0xjames Currently the Director, Threat and Risk Management at Accuvant-Fishnet Security and part of the Office of the CISO. He has a long and storied career of success as an enterprise defender across various industries. Rob Fuller ( @mubix ) - Rob is an experienced InfoSec industry insider, with many interesting achievements and accomplishments. He's easily findable, as are his many public doings.
Counterfeit Cisco Equipment Sale Leads to Arresthttp://www.securingindustry.com/electronics-and-industrial/uk-police-smash-counterfeit-cisco-ring/s105/a2339/#.VU-fBmA33leSSDs Loose Information Quickly if Powered Downhttps://blog.korelogic.com/blog/2015/03/24#ssds-evidence-storage-issuesAdobe Patch Tuesday Pre-Releasehttps://helpx.adobe.com/security/products/reader/apsb15-10.htmlBullguard and Panda Antivirus Authentication Bypasshttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-019.txt95 % of SAP Systems Vulnerablehttp://www.onapsis.com/onapsis-research-study-reveals-top-three-cyber-attack-vectors-sap-systems
John’s book: http://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense/dp/1491065966/ref=sr_1_1?ie=UTF8&qid=1431313328&sr=8-1&keywords=active+defense
Critical Cisco UCS Central Software Patch http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucscWordpress XSS Vulnerability Actively Exploited https://wordpress.org/news/2015/05/wordpress-4-2-2/AVast False Positive https://forum.avast.com/index.php?topic=170705.45Crypto Errors in Open Smart Grid Protocols https://eprint.iacr.org/2015/428
This week's show is brought to you by BugCrowd -- crowdsourced security testing. Bugcrowd founder and CEO Casey Ellis will join us in this week's sponsor interview to tell us about the latest trends in bounties and crowdsourced security. read more
Lenovo System Update Vulnerabilties http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf5.5% Of Google Requests Triggered By Adware https://cdn3.vox-cdn.com/uploads/chorus_asset/file/3673260/ad_injector_paper.0.pdfApple Releases Safari 8.0.6 https://support.apple.com/en-us/HT204826Using Cellular Voice Stream As Covert Channel For Smartphones http://arxiv.org/pdf/1504.05647v1.pdfSearching scan.io DNS Data http://dnsdumpster.com
Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly computer security podcast. From the future, where Microsoft's Update Tuesday is no more, to 15 years in the past, when we were awash in virus-infected emails that claimed, "ILOVEYOU." News and discussion with plenty of good advice.
Hospira Drug Infusion Pump Vulnerabilities http://hextechsecurity.com/?p=123Netflix releases FIDO http://techblog.netflix.com/2015/05/introducing-fido-automated-security.htmlRombertik Descrutive Malware http://blogs.cisco.com/security/talos/rombertik
Hosts: Steve Gibson with Leo Laporte The "Pixie Dust" failure of WPS, disabling RC4, Mozilla putting on the pressure to phase out HTTP, two very different and well thought out statements about law enforcement backdoors. Download or subscribe to this show at twit.tv/sn. We invite you to read, add to, and amend our show notes. You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Bandwidth for Security Now is provided by Cachefly. Running time: 1:52:56
By firstname.lastname@example.org (Leo Laporte)
By email@example.com (Leo Laporte)
Fiesta Exploit Kit Traffic Pattern Changehttps://isc.sans.edu/forums/diary/Traffic+pattern+change+noted+in+Fiesta+exploit+kit/19655/Upatre / Dyre Spamhttps://isc.sans.edu/forums/diary/UpatreDyre+the+daily+grind+of+botnetbased+malspam/19657/No More Patch Tuesday For Window 10 (Consumer) http://www.theregister.co.uk/2015/05/04/microsoft_windows_10_updates/Barracuda Update Fixes SSL Flaws in Web Inspections https://community.barracudanetworks.com/forum/index.php?%2Ftopic%2F25516-barracuda-delivers-updated-ssl-inspection-feature%2FUSBKill "Kills" Computer in case of USB Port Change https://github.com/hephaest0s/usbkill
This week, Joseph and Steve talked about what these "six hacker tribes" are, and the recent rise of some accountability in security in both the government and the private sector. "The Six Hacker Tribes"http://www.telegraph.co.uk/technology/internet-security/11568376/Unmasked-the-six-hacker-tribes-you-need-to-watch-out-for.html “Accountability in Security” on multiple fronts:http://www.forbes.com/sites/davelewis/2015/04/29/notes-from-rsa-accountability-in-security/ http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-customers-get-liability-shield-thanks-to-safety-act.html And if you have any feedback, questions, or comments, find us at @SFSPodcast on Twitter.
In this episode... A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security" The study only looked at mobile apps and app developers Less than half (of their study) test the mobile apps they build About 33% never test their apps http://www.eweek.com/developer/ibm-study-shows-mobile-app-developers-neglecting-security.html Illinois Bill SB1833 expands the definition of PII to include almost everything Requires notification in the event of a breach of... Online browsing history, online search history, or purchasing history Is this absurd, or just protecting our privacy? http://www.eweek.com/developer/ibm-study-shows-mobile-app-developers-neglecting-security.html The DOJ has jumped in and issued some sound fundamental breach guidance! 4 sections: what to do before, during and after a breach plus what NOT to do after a breach Fantastic fundamentals... great idea The push to fundamentals is critical! http://www.alstonprivacy.com/doj...
Microsoft Releases "Local Administrator Password Solution"https://technet.microsoft.com/en-us/library/security/3062591Google Password Alert Bypass Releasedhttp://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googles-password-alert/Mozilla Going to Deprecate HTTPhttps://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdfMySQL "BACKRONYM" Vulnerabilityhttps://www.duosecurity.com/blog/backronym-mysql-vulnerabilityDridex Malware now Localizedhttps://isc.sans.edu/forums/diary/Massive+malware+spam+campain+to+corporate+domains+in+Colombia/19647/
Dalexis/CTB-Locker Malspam Campaignhttps://isc.sans.edu/forums/diary/DalexisCTBLocker+malspam+campaign/19641/Knock Knock OS X Malware Scannerhttp://www.downloadcrew.com/article/33275-knockknock_uiRyan Air Victim in 5 Million USD Fund Transfer Scamhttp://www.irishtimes.com/news/crime-and-law/ryanair-falls-victim-to-4-6m-hacking-scam-via-chinese-bank-1.2192444old(?) sudo bug coming back in Ubuntuhttps://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1219337