All posts by jb

Defensive Security Podcast Episode 189

https://www.wsj.com/articles/cybersecurity-startup-tanium-exposed-california-hospitals-network-in-demos-without-permission-1492624287

95% of enterprise risk assessments find employees using TOR, private VPNs to bypass security, report says

http://www.csoonline.com/article/3191286/security/most-employees-willing-to-share-sensitive-information-survey-says.html

https://www.bleepingcomputer.com/news/security/over-36-000-computers-infected-with-nsas-doublepulsar-malware/

Defensive Security Podcast Episode 188

https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/

https://www.bleepingcomputer.com/news/security/former-sysadmin-accused-of-planting-time-bomb-in-companys-database/

http://www.computerworld.com/article/3189059/security/what-prevents-breaches-process-technology-or-people-one-answer-is-pc-and-one-is-right.html

http://www.csoonline.com/article/3187422/network-security/report-30-of-malware-is-zero-day-missed-by-legacy-antivirus.amp.html

How Hackers Hijacked a Bank’s Entire Online Operation

http://news.softpedia.com/news/two-laptops-with-hong-kong-s-3-7-million-voters-data-stolen-514346.shtml

Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks

Defensive Security Podcast Episode 187

http://www.itworld.com/article/3182431/security/some-https-inspection-tools-might-weaken-security.html

https://www.bleepingcomputer.com/news/legal/former-it-admin-accused-of-leaving-backdoor-account-accessing-it-700-times/

http://www.securityweek.com/what-cisos-can-learn-er-doctors

http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html

https://arstechnica.com/security/2017/03/microsofts-silence-over-unprecedented-patch-delay-doesnt-smell-right/

Defensive Security Podcast Episode 186

http://www.bankinfosecurity.com/emory-healthcare-database-breach-what-happened-a-9745

http://www.networkworld.com/article/3176718/security/dealing-with-overwhelming-volume-of-security-alerts.html#tk.rss_security

http://www.networkworld.com/article/3175030/security/trend-micro-report-ransomware-booming.html

https://www.helpnetsecurity.com/2017/03/02/yahoo-cookie-forging-incident/

http://www.darkreading.com/risk/new-cybersecurity-regulations-begin-today-for-ny-banks/d/d-id/1328295

http://www.pcworld.com/article/3179348/security/after-cia-leak-intel-security-releases-detection-tool-for-efi-rootkits.html
https://arstechnica.com/security/2017/03/wikileaks-publishes-what-it-says-is-trove-of-cia-hacking-tools/
http://www.csoonline.com/article/3177994/security/cia-false-flag-team-repurposed-shamoon-data-wiper-other-malware.html

Defensive Security Podcast Episode 184

https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/file/169827/1/ATA%20Playbook.pdf

http://www.securityweek.com/google-shares-data-corporate-email-attacks

http://www.databreachtoday.com/reworked-ny-cybersecurity-regulation-takes-effect-in-march-a-9733

http://www.computerworld.com/article/3169386/security/recent-malware-attacks-on-polish-banks-tied-to-wider-hacking-campaign.html#tk.rss_security

http://www.computerworld.com/article/3166824/security/polish-banks-on-alert-after-mystery-malware-found-on-computers.html

http://www.forbes.com/sites/thomasbrewster/2017/02/16/dnc-fancy-bear-russia-hackers-mac-malware-hacking-team-fbi-fsb/#3998bc7812bc

Defensive Security Podcast Episode 181

http://www.businessinsider.com/russian-hacking-fears-reportedly-triggered-by-vermont-employee-checking-his-email-2017-1

http://www.cio.com/article/3153706/security/4-information-security-threats-that-will-dominate-2017.html

http://www.databreachtoday.com/major-breach-insurer-blames-system-integrator-a-9603

http://www.zdnet.com/article/this-ransomware-targets-hr-departments-with-fake-job-applications/

https://securosis.com/mobile/tidal-forces-the-trends-tearing-apart-security-as-we-know-it/full

https://securosis.com/blog/network-security-in-the-cloud-age-everything-changes

http://blog.erratasec.com/2017/01/notes-about-ftc-action-against-d-link.html

Slack Channel: http://https://defensivesecurity.org/slack-channel/

Defensive Security Podcast Episode 180

https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/

http://arstechnica.com/tech-policy/2016/12/disgraced-it-worker-stole-confidential-expedia-e-mails-even-after-he-left/

http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/

http://www.reuters.com/article/us-cyber-heist-bangladesh-exclusive-idUSKBN1411ST

http://motherboard.vice.com/read/newly-uncovered-site-suggests-nsa-exploits-for-direct-sale

http://arstechnica.com/security/2016/12/what-can-you-do-with-a-billion-yahoo-passwords-lots-of-bad-things/

Defensive Security Podcast Episode 178

Slack channel:  https://defensivesecurity.org/slack-channel/

http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/

http://www.csoonline.com/article/3143713/analytics/shall-we-care-about-zero-day.html

http://www.databreachtoday.com/umass-amherst-hit-650000-hipaa-settlement-a-9554

http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/

http://www.securityweek.com/disgruntled-gamer-likely-behind-october-us-hacking-expert

http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/

https://blog.instant2fa.com/an-economic-model-for-security-spending-3d982d05d0c1#.fpcnkz5qn

http://www.securityweek.com/when-ransomware-hits-business-paying-unlikely-guarantee-resolution

http://www.csoonline.com/article/3142889/security/ransomware-victims-able-to-thwart-attacks-report-says.html

Defensive Security Podcast Episode 177

Book recommendations: https://defensivesecurity.org/resources/recommended-books/

Slack channel: http://https://defensivesecurity.org/slack-channel/

http://arstechnica.com/information-technology/2016/11/kaspersky-accuses-microsoft-of-anticompetitive-bundling-of-antivirus-software/

https://nakedsecurity.sophos.com/2016/11/11/yahoo-staff-knew-they-were-breached-two-years-ago/

http://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html