Get the podcast on Apple Podcasts
×

DanielMiessler

search
Login Become a Member Subscribe

T1SP: Episode 25


Created/Updated: December 17, 2019

take1

[ Subscribe to the Podcast: iTunes | Android]

News

  • [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet
  • [ ] SSH backdoor found in Fortinet firewalls
  • [ ] SSH client vulnerability
  • [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015
  • [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon
  • [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business
  • [ ] Twitter might be ending its 140 character limit
  • [ ] Major vulns still being found in Health and Fitness mobile apps
  • [ ] Angler exploit kit continues to evade detection
  • [ ] LostPass attack is a phishing email attack that works against LastPass (showed at Shmoocon this weekend)
  • [ ] Virus just took down the Melbourne Health computer system
  • [ ] Lastpass has found a workaround for the LostPass attack
  • [ ] A bit match fixing problem has been found in Tennis
  • [ ] Trustwave is being sued by Affinity for supposedly missing an second hack that was going on while they were there to fix an initial hack

Ideas, updates, and discussion

  • [ ] IR is messy and dangerous; assume compromise; assume continued compromise; be extremely careful saying that things were contained; if you’re not Mandiant you’re probably not doing a great job
  • [ ] Smartphone encryption and the gun debate: same coin? ISIS supposedly has its own encryption app. What next, make murder illegal?

Tools, talks, and projects

  • [ ] FIR – Fast Incident Response Management Platform
  • [ ] DIVA damn insecure and vulnerable Android app
  • [ ] Kill Chain for Kali Linux 2.0 : recon, weaponization, delivery, exploit, installation, c2, actions
  • [ ] EZ-Wave: exploiting Z-Wave networks using SDR
  • [ ] GoPhish: open source phishing framework
  • [ ] V3n0m SQLi scanner
  • [ ] VScan : uses NSE scripts to find vulns
  • [ ] SleepyPuppy Burp Extension
  • [ ] DBDAT — Database Assessment Tool — https://github.com/foospidy/DbDat

Announcements

  • [ ] Speaking at AppSec Cali next week (Tuesday) on ATM
  • [ ] Shmoocon hiring list: http://www.room362.com/2016/01/2016-shmoocon-hiring-list.html

Miscellaneous

  • [ ] Great security news source: https://security.didici.cc/news
  • [ ] Thanks to Tripwire for giving a shoutout to the podcast on Twitter

[ Subscribe to the Podcast: iTunes | Android ]

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

DanielMiessler
© Daniel Miessler 1999-2023


Security, Tech, and Society in 10 Minutes
20 hours of reading and analysis condensed into a 10-minute summary every Monday morning.


Join 55,000+ readers who see the patterns in the noise.