Security Noise

7.6 - Ghost in The Machine: Hardware Hacking w/ Rob Simon Nov 14, 2024

In this episode, Geoff and Skyler dive deep into hardware hacking with Rob Simon! Rob is the Mobile and Hardware Security Practice Lead at TrustedSec and shares the deets on hardware security assessments. The importance of hardware fundamentals in security, especially when it comes to IoT devices, is one of the key takeaways this week.

Rob answers questions like: Who needs hardware assessments? What tools and techniques are used? And what potential vulnerabilities are associated with IoT devices?

Join us for great discussion, stay for the lolz, and clutch your Flipper Zeros tight!

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet!

7.5 - The Rootin’ Tootin’ Best of Wild West Hackin’ Fest Nov 01, 2024

Yeehaw 🤠 This week, Skyler is reporting from the ground in Deadwood, South Dakota at Wild West Hackin' Fest and sits down for an interview with Senior Security Consultant Travis Kaun about the talk he gave there. Our guest Senior Security Consultant Kelsey Segrue, who attended the conference for the first time, chats with Geoff and Skyler about her most memorable moments from her native voyage to Deadwood.

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most.

7.4 - Who's On My Network? Oct 18, 2024

Let's talk about Threat Hunting! On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultants Shane Hartman and Justin Vaicaro to discuss the essential components of a successful Threat Hunting program. But where do you start and how do you access the best resources? Listen as they share insights on building an effective program, operationalizing practices, and the importance of a proactive mindset.

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most.

7.3 - Security Outlook: Cloudy Oct 04, 2024

In this episode of Security Noise, we focus on Cloud Security Testing. Our guest , Security Consultant Edwin David, discusses current objectives for securing the cloud, tools for cloud testing, and the challenges of multi-cloud and hybrid environments.

Key takeaways include:

-The importance of MFA and conditional access

-The need for strong password protection

-The lack of a unified toolset for cloud testing

-The complexities and security implications of multi-cloud and hybrid environments.

About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

7.2 - What I Did at Hacker Summer Camp Sep 19, 2024

This week on Security Noise, we talk about "Hacker Summer Camp" also known as DEF CON and BlackHat in Las Vegas. We chat with Senior Security Consultants Luke Bremer and Aaron James, who both attended for the first time, about initial impressions and takeaways from the cons and Vegas itself.

About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

7.1 - CrowdStrike After Action Sep 03, 2024

On this episode of Security Noise, we discuss the recent CrowdStrike incident with our guests: Director of Advisory Innovation Rockie Brockway and Managing Director of Remediation Services Paul Sems. The incident occurred on July 19, 2024, when a CrowdStrike security platform update caused a large number of Windows platforms to fail to boot, resulting in the largest IT outage in history. We also touch on patch management and the balance between speed and risk. What is the potential for future attacks targeting kernel-level drivers? What can you expect from similar attacks in the future? Listen now as we cover all this and more on Security Noise!

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

6.23 - InfoSec Leaders of the Future Jun 28, 2024

In this episode, Geoff and Skyler are joined by special guests Keith Koehne and Matt Miller from Paradigm Cyber Ventures to discuss their mission to integrate cybersecurity into high school industrial tech education. Through this program, teachers at high schools around the U.S. are trained to deliver an in-depth cybersecurity curriculum to their students which introduces them to the field, giving them practical training and readying them for industry exams. The program prepares and empowers students to join the cybersecurity workforce, attend college, or both.

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

6.22 - VPNs: Can You Keep a Secret? Jun 07, 2024

On this episode of Security Noise, we talk to some veteran network guys to discuss CVE-2024–3661 and other thoughts about VPN security. Geoff and Skyler are joined by Security Consultant Philip DuBois and Principal Security Consultant Justin Bollinger to get their perspective on current issues.

About this podcast:

Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

6.21 - JS-Tap Mk II: A Powerful Tool for Web Application Monitoring and Attack May 23, 2024

On this episode, Skyler talks to Principal Security Consultant Drew Kirkpatrick who recently gave a talk at CackalackyCon where he demonstrated new features of his tool, JS-Tap. The tool allows red teams to monitor and attack web applications by rewriting code in the user's browser. Drew introduced a new feature called Mimic, which automates the process of generating custom JavaScript payloads for performing actions as the user in the application. The payloads can be integrated with a Command and Control (C2) system to execute tasks in the user's browser. Drew provided a demo of the tool using a vulnerable WordPress site. JS-Tap is a powerful tool for monitoring and attacking web applications. It allows users to log in and track client activity, including cookies, local storage, and session storage. JS-Tap can intercept form submissions and network communications, making it useful for both monitoring and attacking. It can generate custom payloads and exfiltrate data from the target application. The tool is versatile and can be used for red teaming, penetration testing, and post-exploitation. JS-TAP is available on GitHub and is open source.

Watch the podcast and demo on YouTube here - https://youtu.be/cU915mxLfTo

About this podcast

Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

6.20 - Targets Operations, Co-Pwnership May 10, 2024

In this episode, we discuss state-of-the-art red team testing with Targeted Operations Practice Lead Jason Lang and Director of Security Intelligence Carlos Perez. The conversation is focused on how to extract more value via enhanced cooperation between the red team and the IT Security organization. We conclude with Jason sharing some highlights from his talk "Modern Hackery: A Look At Current Breaches Through An Attacker's Eyes" which will be presented at NolaCon in New Orleans on May 17, 2024.

Show References: https://services.google.com/fh/files/misc/m-trends-2024.pdf

6.19 - InfoSec: Cybersecurity Education at Bedford High Apr 26, 2024

Join us as we continue our series on developing careers in InfoSec. In this episode, we talk about a unique opportunity for students at Bedford High School in Ohio, a school that is near and dear to TrustedSec Founder and CEO David Kennedy. We chat with Dave about the cybersecurity education program that was launched recently with help from long-time Bedford teacher Darren Pocek and others. Listen to learn how this program was created and how it helps prepare students for careers in cybersecurity.

6.18 - Careers in InfoSec: Where do you want to go today? Apr 11, 2024

Security Noise starts a multi episode look at how to start or grow a career in infoSec. We begin by talking with Senior Security Consultant Kelsey Segrue and Security Consultant Olivia Cate who took what might be considered the traditional route. They share their stories and offer some insights into how to maximize the advantage of similar opportunities.

About this podcast

Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

6.17 - A Royal OSINT Mar 29, 2024

On this episode of Security Noise, we are revisiting the topic of open-source intelligence (OSINT) in the wake of the theories spurred by the Royal Family's social media photo that was quickly flagged as being altered. Along with guests, Senior Security Consultants Joe Sullivan and David Boyd, we delve into various theories surrounding the Princess of Wales' controversial Mother's Day photo and the media's subsequential reaction.

Methods for spotting fake images, such as reverse image searches and metadata analysis, are discussed, highlighting the importance of scrutinizing visual content in today's digital age. Additionally, tools like AIornot.com and insights into Twitter/X's handling of metadata add depth to the discussion.

Overall, the episode sheds light on the complexities of image authenticity in the era of digital manipulation and emphasizes the need for critical thinking when consuming visual media.

Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

Links: https://fotoforensics.com https://www.aiornot.com/ https://www.getghiro.org/ https://www.suncalc.org

6.16 - Leak Week: Plumbing the Depths of Privacy Pitfalls Mar 08, 2024

It's Leak Week for this episode of Security Noise! Geoff and Skyler chat with Security Consultant Whitney Phillips and Senior Security Consultant Kurt Muhl about a number of recent privacy pitfalls including destructive ransomware groups such as LockBit, leaked government emails, and other data and privacy mishaps.

References:

Security Noise, a TrustedSec podcast, is hosted by Geoff Walton and Producer/Contributor Skyler Tuter in conversation with cybersecurity experts discussing the security topics that interest them the most.

6.15 - OSINT: Digital Detective or Cyber Stalking? Feb 23, 2024

Skyler and Geoff chat with Senior Security Consultant Joe Sullivan about using open-source intelligence (OSINT) for gathering ideas and information. We discuss some of the ethical questions about what you can do with what you learn.

6.14 - Extraordinary Incident Responders and Where to Find Them Feb 02, 2024

Geoff and Skyler talk to Incident Response Practice Lead Tyler Hudak about when you need an IR plan, what kind of relationships you should have with your IR vendor, and what things to know before perusing an IR retainer. The conversation looks at the needs for businesses of various sizes, proposes some self-assessment questions, and concludes with some war stories!

6.13 - Cyber Prophecies for 2024 Jan 19, 2024

Geoff and Skyler make bold predictions for 2024 about AI, changes to Air Tags, and Open Source!

LINKS:

https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/

https://arstechnica.com/security/2023/12/researchers-come-up-with-better-idea-to-prevent-airtag-stalking/

https://www.theregister.com/2023/12/27/bruce_perens_post_open/

6.12 - Yule Time Tool Time Dec 08, 2023

In this very special year-end episode, we're cranking up the heat as we explore some of our favorite InfoSec tools of 2023.

Guest Lineup:

Drew Kirkpatrick - JS-Tap Unleashed

Drew Kirkpatrick is the maestro behind "JS-Tap." He dropped this pentesting bombshell at Wild West Hackin' Fest this year with his talk, "JS-Tap: Weaponizing JavaScript for Red Teams." Skyler snagged an exclusive interview with Drew at the conference and we'll get to hear that discussion on this episode.

Luke Bremer - Hackvertor

Luke Bremer graces our podcast to dive into his blog, "What is Hackvertor (and why should I care?)." Get ready to dive into the use cases of this Burp Suite plugin and how you can utilize it on your next pentest!

Ben Mauch (Ben Ten) - Unveiling Impede

We end our discussion with Ben Mauch, aka @Ben0xA, as he unveils TrustedSec's latest software offering: Impede. Brace yourself for a deep dive into the features and innovations packed into this cybersecurity marvel.

Gather 'round and settle in for our year-end episode of SECURITY NOISE!

6.11 - The Road Ahead: Red Teaming and Targeted Ops Nov 10, 2023

In this episode, we wrap up our 4-part series, "The Road Ahead," with TrustedSec CTO Justin Elze and Targeted Operations Lead Jason Lang as they provide insight into how the targeted operations landscape has evolved for everyone, from client to consultant. We discuss what groups are doing red teaming and what the practice looks like today. Our guests also discuss the impacts of SSO, third-party IDP solutions, and assumed breach strategies.

Get ready to be offensive on this episode of Security Noise!

This episode concludes a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas.

Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.10 - The Road Ahead: Network Penetration Testing Oct 27, 2023

In this episode, we discuss the evolution of the Internal Penetration Test with two experienced practitioners, David Boyd and Justin Bollinger. We cover how test preparation and planning have changed over the years, how hybrid environments with on-premises and cloud-hosted applications have impacted pen testing, and the effects of Zero Trust and contemporary security models. Of course we'll also talk shop, where we look at the current tools of the trade and what the client-consultant relationship looks like today.

This episode is Part 3 of 4 in a short series called "The Road Ahead." Each episode highlights an area of Information Security and features guests who are experts in those areas.

Come along as we explore the history and future of InfoSec!

Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.9 - The Road Ahead: Evolution of AppSec Blue Team Oct 06, 2023

Geoff and Skyler discuss how the defense and vulnerability side of application development and deployment has evolved over the years. They are joined on the panel by two other members of the TrustedSec team, Paul Sems and Mitch Parish, who were there to help and lead organizations through those transitions in their current and prior roles.

This episode is Part 2 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas.

Come along as we explore the history and future of InfoSec!

Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.8 - The Road Ahead: AppSec Sep 15, 2023

On this episode of Security Noise, Geoff and Skyler speak with members of the TrustedSec Software Security team to discuss the past, present, and future of AppSec. Security Consultants Joe Sullivan and Philip DuBois and Director of Software Security Scott White weigh in on the evolution of security tools, how engagements have changed, and where AppSec is heading.

This episode is Part 1 of 4 in a short series called "The Road Ahead." Each episode will highlight an area of Information Security and feature guests who are experts in those areas.

Come along as we explore the history and future of InfoSec!

Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.7 - DEF CON Debrief Aug 25, 2023

In this episode, nyxgeek joins us to change your mind about enumeration and federation, Producer Skyler Tuter tells us what happened at DEF CON in Vegas, and we hear from Security Consultant Whitney Phillips about her presentation and augmented reality. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.6 - Episode VI: Farewell Mr. Mitnick Aug 04, 2023

On this episode of Security Noise, we remember the man who changed InfoSec forever—Kevin Mitnick, who recently passed away after a battle with cancer. TrustedSec CEO Dave Kennedy joins in to share some of our favorite stories and memories of Kevin. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.5 - Episode V: GreyHats Strike Back Jul 21, 2023

This week on Security Noise, we discuss DOs and DON'Ts of Grey-hat work with the practice lead for research at TrustedSEc, Carlos Perez! Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

6.4 - Episode IV: More Scary Stories Jun 30, 2023

Are you afraid of the dark web? In this week's episode, several folks from TrustedSec's consulting team tell infosec campfire stories. Scott White, Kurt Mhul, Philip Dubois, Skyler Tuter, and Geoff Walton share tales of disaster, near disaster, spooky or straight-up funny stories, and discuss how those experiences changed their perspectives on infosec.

6.3 - Episode III: The Search For Terrestrial Artificial Intelligence Jun 02, 2023

Artificial intelligence is progressing at a quick (and some say alarming) rate. Security Noise returns with a look at Large Language Models (LLMs) as well as AI audio and image generation, exploring emerging possibilities commercial, curious, and malicious. Listen in on the conversation with TrustedSec team members Carlos Perez and Rob Simon as they discuss current topics with host Geoff Walton and Producer/Contributor Skyler Tuter.

6.2 - Episode II Attacks on the Mobile Clients May 12, 2023

How much of your life is tied up on your phone? This week, Security Noise looks at the client side of mobile security. In this episode, we explore some current topics surrounding mobiles and how you should treat them. Joining us are several folks from the Mobile Security team at TrustedSec: Drew Kirkpatrick, Rob Simon, and Whitney Phillips. Security Noise is hosted by Geoff Walton with Producer/Contributor Skyler Tuter.

6.1 - Head in the Clouds Apr 20, 2023

Security Noise kicks off its inaugural episode with host Geoff Walton and Producer/Contributor Skyler Tuter! This week, we discuss cloud transitioning topics with our expert guest panel: Paul Sems, Edwin David, and Phil Rowland. Our guests have a range of perspectives and backgrounds in design, defense, and offensive security. In this episode, we explore the changing roles of IT personnel, where identities live, hybrid environments, DOs and DONTs, and share some stories.

5.21 - Turn 21 Mar 24, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Elze, Justin Bollinger, and David Boyd.

Get ahead of the new PCI requirements

PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.

Penetration testing the cloud isn’t the same as your network

Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Two U.S. Men Charged in 2022 Hacking of DEA Portal

URL: https://krebsonsecurity.com/2023/03/two-us-men-charged-in-2022-hacking-of-dea-portal/

Author: Brian Krebs

Title: Cancer patient sues hospital after ransomware gang leaks her nude medical photos

URL: https://www.theregister.com/2023/03/15/cancer_lvhn_sues_hospital/?td=rt-3a

Author: Jessica Lyons Hardcastle

The Interview:

Link: https://www.trustedsec.com/blog/critical-outlook-vulnerability-in-depth-technical-analysis-and-recommendations-cve-2023-23397/

Justin Elze, CTO and Director of Research at TrustedSec, talks to us about CVE-2023-23397, covering how TrustedSec investigated and responded as well as where it will land in the penetration tester's toolbox.

5.20 - Chatting with Code in the Cloud Mar 17, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, Kelsey Segrue, and Alex Hamerstone.

Get ahead of the new PCI requirements

PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.

Penetration testing the cloud isn’t the same as your network

Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: You can now run a GPT-3-level AI model on your laptop, phone, and Raspberry Pi

URL: https://arstechnica.com/information-technology/2023/03/you-can-now-run-a-gpt-3-level-ai-model-on-your-laptop-phone-and-raspberry-pi/

Author: Benj Edwards

Title: OWASP Low-Code/No-Code Top 10

URL: https://owasp.org/www-project-top-10-low-code-no-code-security-risks/

Author: OWASP Project

Title: Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’

URL: https://www.politico.com/news/2023/03/10/white-house-cloud-overhaul-00086595

Authors: John Sakellariadis

5.19 - The Coffeemaker Needs a VLAN Mar 03, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin David, David Boyd and Skyler Tuter.

Get ahead of the new PCI requirements

PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.

Penetration testing the cloud isn’t the same as your network

Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Hackers Scored Data Center Logins for Some of the World's Biggest Companies

URL: https://www.bloomberg.com/news/features/2023-02-21/hackers-scored-corporate-giants-logins-for-asian-data-centers?leadSource=uverify%20wall

Author: Jordan Robertson

Title: Best Practices for Securing Your Home Network

URL: https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF

Author: NSA

Title: US military email server left exposed for 2 weeks, allowing internal emails to leak

URL: https://www.foxnews.com/politics/us-military-email-server-left-exposed-two-weeks-allowing-internal-emails-leak

Authors: Jennifer Griffin, Adam Sabes

5.18 - Looking Inside the Things Feb 10, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Skyler Tuter.

Get ahead of the new PCI requirements

PCI 4.0 is coming! Find out how the new requirements will affect your organization’s goals and prepare now, with a PCI DSS assessment from TrustedSec.

Penetration testing the cloud isn’t the same as your network

Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

URL: https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html?m=1

Author: Ravie Lakshmanan

Title: Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook

URL: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-extract-actionable-intelligence-from-text-based/ba-p/3729508

Author: Vani Asawa

Title: Dashlane publishes its source code to GitHub in transparency push

URL: https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/

Author: Paul Sawers

5.17 - C++ On the No-Fly List Jan 27, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Steven Erwin, and Mitch Parish.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: A call to action: Think seriously about “safety”; then do something sensible about it

URL: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf

Author: Bjarne Stroustrup

Title: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

URL: https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/

Authors: Mikael Thalen, David Covucci

5.16 - LastPass the Last Time Honest (Well Maybe) Jan 06, 2023

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Scott White, and Scott Nusbaum

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Lastpass: Hackers stole customer vault data in cloud storage breach

URL: https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/

Author: Sergiu Gatlan

Title: Android is adding support for updatable root certificates amidst TrustCor scare

URL: https://blog.esper.io/android-14-updatable-certificates/

Author: Mishaal Rahman

Interview

Guest: Scott White

Subject: Planning your Application Tests

5.15 - Quantum Malware and Your Passwords (again) Dec 09, 2022

Welcome to the TrustedSec Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Skyler Tuter.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: FBI, CISA say Cuba ransomware gang extorted $60M from victims this year

URL: https://techcrunch.com/2022/12/02/fbi-cisa-cuba-ransomware

Author: Carley Page

Title: A new analysis urges CISO’s to take strategic steps ahead of the advent of quantum computing.

URL: https://www.nextgov.com/emerging-tech/2021/11/report-china-may-steal-encrypted-government-data-now-decrypt-quantum-computers-later/187020/

Author: Brandi Vincent

Title: Lastpass says hackers accessed customer data in new breach

URL: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/?mibextid=Zxz2cZ

Author: Sergiu Gatlan

5.14 - Nothing to See Here, Move Along Nov 21, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kurt Muhl, Justin Bollinger, and David Boyd

Title: A simple Android lock screen bypass bug landed a researcher $70,000

URL: https://techcrunch.com/2022/11/14/android-lock-screen-bypass-google-pixel/

Author: Zack Whittaker

Title: NSA Releases Guidance on How to Protect Against Software Memory Safety Issues

URL: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/

Author: NSA

Title: Flight Radar Report Shows FTX Co-Founder's Private Jet Flew to Argentina, SBF Says He's Still in the Bahamas

URL: https://news.bitcoin.com/flight-radar-report-shows-ftx-co-founders-private-jet-flew-to-argentina-sbf-says-hes-still-in-the-bahamas/?fbclid=IwAR3iBvfrTl471Im9-OFdhuaoaBiJuG8PF8TFwcGtBO_8tf4SL_cWMAsO43g

Author: Jamie Redman

5.13 - A Dastardly End for Windows 7 Nov 07, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Joe Sullivan, and Whitney Phillips.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Security certification body (ISC)² defends ‘undemocratic’ bylaw changes

URL: https://portswigger.net/daily-swig/security-certification-body-isc-defends-undemocratic-bylaw-changes

Author: Emma Woollacott

Title: Chrome will finally force you to upgrade from Windows 7 in 2023

URL: https://www.androidpolice.com/chrome-windows-7-support/

Author: Stephen Schenck

Tool Time

Link: https://portswigger.net/burp/dastardly

Dastardly TL:DL

docker run --user $(id -u) --rm -v $(pwd):/dastardly -e \ DASTARDLY_TARGET_URL=https://ginandjuice.shop -e \ DASTARDLY_OUTPUT_FILE=/dastardly/dastardly-report.xml \ public.ecr.aws/portswigger/dastardly:latest

5.12 - BYO-Driver and GrrCon Oct 17, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Luke Bremer, and Whitney Phillips.

Stories

Title: No fix in sight for mile-wide loophole plaguing a key Windows defense for years

URL: https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/

Author: Dan Goodin

Title: Intel's Alder Lake BIOS Source Code Reportedly Leaked Online

URL: https://www.tomshardware.com/news/intels-alder-lake-bios-source-code-reportedly-leaked-online

Author: Paul Alcorn

Live-ish From GrrCon

Our panel discusses their experience at GrrCon 2022 so far. Luke mentions some research into recovering old botnets ("Botnets Don't Die") by Aamir Lakhani.

5.11 - Word Clouds, Password Clouds Sep 27, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Justin Bollinger, and Patrick Mayo.

Stories

URL: https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/?mibextid=d3iphx

Author: Sergiu Gatlan

Title: Microsoft Edge and Google Chrome enhanced spellcheck feature exposes passwords

URL: https://www.neowin.net/news/microsoft-edge-and-google-chrome-enhanced-spellcheck-feature-exposes-passwords/

Author: Steve Bennett

Title: AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

URL: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access

Author: Elad Gabay

5.10 - Uber Responsibility Sep 27, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Skyler Tuter, Alex Hamerstone, and David Boyd.

Stories

Title: Google Chrome Emergency Update Fixes New Zero-Day Used in Attacks

URL: https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-new-zero-day-used-in-attacks/

Author: Sergiu Gatlan

Title: IRS says it exposed some confidential taxpayer data on website

URL: https://www.marketwatch.com/story/irs-says-it-exposed-some-confidential-taxpayer-data-on-website-11662148381

Author: Richard Rubin

5.9 - Pre-Shared (Private) Keys Aug 29, 2022

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Steve Erwin, Alex Hamerstone, and Melvin Langvik.

Stories

Title: PayPal Phishing Scam Uses Invoices Sent Via Paypal

URL: https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/

Author: Brian Krebs

Title: Hyundai Uses Example Keys for Encryption System

URL: https://www.theregister.com/2022/08/17/software_developer_cracks_hyundai_encryption/

Author: Thomas Claburn

The Interview

Melvin Langvik talks TeamFiltration

URL: https://github.com/Flangvik/TeamFiltration

5.8 - Who is Reading Your Gmail? Aug 05, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Steve Erwin, Justin Bollinger, and Skyler Tuter.

Stories

Title: New Gmail Attack Bypasses Passwords And 2FA To Read All Email

URL: https://www.forbes.com/sites/daveywinder/2022/08/02/gmail-warning-as-new-attack-bypasses-passwords--2fa-to-read-all-email/?sh=711642763a12

Author: Davey Winder

Title: Post-quantum encryption contender is taken out by single-core PC and 1 hour

URL: https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/

Author: Dan Goodin

The Interview

A talk with Steve Marchewitz on his visit to the Gartner Conference.

5.7 - Privacy Screen Jul 22, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Edwin David.

Stories

Title: Your Phone's Lock Screen Is Getting a Big Revamp

URL: https://www.cnet.com/tech/mobile/your-phone-lock-screen-is-getting-a-big-revamp/

Author: Lisa Eadicicco

Title: Facebook has started to encrypt links to counter privacy-improving URL Stripping

URL: https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/

Author: Martin Brinkmann

Tool Time

A burp plugin by Geoff Walton to locate relationships between UUID/GUID request parameters and appearances of the same identifiers in HTTP responses to other resources.

https://github.com/GeoffWalton/UUID-Watcher/blob/main/UUID.rb

5.6 - A Nice Relaxing Dip into Powershell Jul 05, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Skyler Tuter, and Costa Petros.

Stories

Title: Mega says it can’t decrypt your files. New POC exploit shows otherwise

URL: https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

Author: Dan Goodin

Title: NSA shares tips on securing Windows devices with PowerShell

URL: https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-securing-windows-devices-with-powershell/

Author: Ionut Ilascu

Link: https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF

Title: Security flaws in internet-connected hot tubs exposed owners’ personal data

URL: https://techcrunch.com/2022/06/22/jacuzzi-flaws-admin-exposed-users/

Author: Carly Page

5.5 - Outspending the Ransomware Gangs Jun 17, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Travis Kaun, and David Boyd.

Stories

Title: Most Security Product Byers Aren’t Getting Promised Results

URL: https://www.esecurityplanet.com/trends/most-security-product-buyers-arent-getting-promised-results/

Author: Paul Shread

Title: NSA: Ransomware Gangs Are Getting Rich Enough to Buy Zero-Day Exploits

URL: https://www.pcmag.com/news/nsa-ransomware-gangs-are-getting-rich-enough-to-buy-zero-day-exploits

Author: Michael Kan

Interview

Guest: Travis Kaun

Subject: PWNton Pack!

Links: https://www.trustedsec.com/blog/pwnton-pack-an-unlicensed-802-11-particle-accelerator/

5.4 - Free Sushi Jun 03, 2022

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bolinger, Alex Hamerstone, and David Boyd.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Enrollment is open

Enrollment is open for the next online training course, PowerShell for Offense and Defense, taking place on September 30th. Class participants learn how to attack and defend against Powershell attacks within simulated corporate environments and find out the tactics, techniques, and procedures (TTPs) commonly used by penetration testers.

Stories

Title: The Math Prodigy Whose Hack Upended DeFi Won’t Give Back His Millions

URL: https://www.bloomberg.com/news/features/2022-05-19/crypto-platform-hack-rocks-blockchain-community

Author: Christopher Beam

Title: Hackers can hack your online accounts before you even register them

URL: https://www.bleepingcomputer.com/news/security/hackers-can-hack-your-online-accounts-before-you-even-register-them/

Author: Bill Toulas

Title: Fake Windows exploits target infosec community with Cobalt Strike

URL: https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/

Author: Lawrence Abrams

5.3 - Intergalactic Security Outpost May 13, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Skyler Tuter, Edwin David, and Alex Hamerstone.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Your Phone May Soon Replace Many of Your Passwords

URL: https://krebsonsecurity.com/2022/05/your-phone-may-soon-replace-many-of-your-passwords/

Author: Brian Krebs

Title: Heroku Status – 2413 Updated

URL: https://status.heroku.com/incidents/2413?updated

Author: Heroku Security

Interview

Special Event Commentary – With David Kennedy, Chris Boesch, Martin Bos, Justin Elze, and Eric Girard!

5.2 - Hope I Never Lose My Crypto-Wallet Apr 25, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, David Boyd, and Alex Hamerstone.

Stories

Title: Cybercriminals do their homework for latest banking scam

URL: https://www.theregister.com/2022/04/15/the_latest_scam_pay_yourself/

Author: Brandon Vigliarolo

Title: Breach of Internal Tools at Mailchimp Used To Deliver Phishing Attacks Targeted at Crypto Wallets

URL: https://www.cpomagazine.com/cyber-security/breach-of-internal-tools-at-mailchimp-used-to-deliver-phishing-attacks-targeted-at-crypto-wallets/

Author: Scott Ikeda

Title: GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

URL: https://www.bleepingcomputer.com/news/security/github-attacker-breached-dozens-of-orgs-using-stolen-oauth-tokens/

Author: Sergui Gatlan

5.1 - Hi, I am Officer Friendly Apr 11, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Rob Simon, and David Boyd.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

URL: https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

Author: Brian Krebs

Title: Nestlé: Anonymous Didn't Hack Us, We Leaked Our Own Data

URL: https://gizmodo.com/nestle-denies-anonymous-hack-claims-says-it-leaked-dat-1848691484

Author: Lucas Ropek

Interview

Guest: Rob Simon

Subject: Hardware Hacking

Links: https://www.trustedsec.com/blog/hacking-the-my-arcade-contra-pocket-player-part-i/

5.0 - Report All The Things Mar 18, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Justin Bollinger, and Drew Kirkpatrick. Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Hacked US companies to face new reporting requirements

URL: https://apnews.com/article/russia-ukraine-technology-business-congress-gary-peters-c46e063220568b2beb56220ac60f6041

Author: Alan Suderman and Eric Tucker

Title: Russia creates its own TLS certificate authority to bypass sanctions

URL: https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/

Author: Bill Toulas

Interview

Guest: Drew Kirkpatrick

Subject: Service Workers

Links:

https://www.trustedsec.com/blog/persistence-through-service-workers-part-1-introduction-and-target-application-setup/

https://www.trustedsec.com/blog/persistence-through-service-workers-part-2-c2-setup-and-use/ https://www.trustedsec.com/blog/persistence-through-service-workers-part-3-easy-javascript-payload-deployment/

5.0preAlpha1 - Shocking Revelations Mar 04, 2022

SHOW NOTES

This episode features the following members: Adam Compton, David Boyd, and Justin Bollinger.

Stories

Title: Vulnerable U.S. electric grid facing threats from Russia and domestic terrorists

URL: https://www.cbsnews.com/news/america-electric-grid-60-minutes-2022-02-27/

Author: Bill Whitaker

Title: BitConnect’s Indicted Founder Kumbhani Vanished, SEC Says

URL: https://www.bloomberg.com/news/articles/2022-03-01/bitconnect-s-indicted-founder-kumbhani-has-disappeared-sec-says

Author: David Voreacos

Tool Time

Title: bkcrack

Link: https://github.com/kimci86/bkcrack

About

The TrustedSec Security Podcast is a production of TrustedSec. To learn more about how TrustedSec can help your organization’s security program, visit TrustedSec.com.

The show is hosted and moderated by Geoff Walton

Our podcast music was composed by Steve Neme

4.27 - Macro Vision Feb 11, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Edwin, David, David Boyd, and Justin Elze.

Stories

Title: Website fined by German court for leaking visitor's IP address via Google Fonts

URL: https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr

Author: Thomas Claburn

Title: Helping users stay safe: Blocking internet macros by default in Office

URL: https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805

Author: Kellie Eickmeyer

Title: North Korea Hacked Him. So He Took Down Its Internet

URL: https://www.wired.com/story/north-korea-hacker-internet-outage/

Author: Andy Greenberg

4.26 - Calling all Malware Authors Jan 28, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Melvin Langvik.

Stories

Title: Linux malware is on the rise. Here are three top threats right now

URL: https://www.zdnet.com/article/linux-malware-is-on-the-rise-here-are-three-top-threats-right-now/

Author: Liam Tung

Title: Intel CEO Urges Lawmakers to ‘Not Waste This Crisis’ in Chip Push

URL: https://www.bloomberg.com/news/articles/2022-01-19/intel-urges-lawmakers-to-not-waste-this-crisis-with-chip-push

Author: Ian King

Tool Time

Link: https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/

Link: https://github.com/trustedsec/SeeYouCM-Thief

4.25 - Dependency Hell Jan 14, 2022

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd and Justin Bollinger.

Stories

Title: Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

URL: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Author: Ax Sharma

Title: FTC warns legal action against companies who fail to mitigate Log4Shell

URL: https://therecord.media/ftc-warns-legal-action-against-companies-who-fail-to-mitigate-log4shell/

Author: Catalin Cimpanu

Title: Threat actors can simulate iPhone reboots and keep iOS malware on a device

URL: https://therecord.media/threat-actors-can-simulate-iphone-reboots-and-keep-ios-malware-on-a-device/

Author: Catalin Cimpanu

4.24 - Sealing Wax and Other Fancy Stuff Dec 10, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, David Boyd, and Dave Kennedy!

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: FBI document shows what data can be obtained from encrypted messaging apps

URL: https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/

Author: Catalin Cimpanu

Title: New Windows zero-day with public exploit lets you become an admin

URL: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Author: Lawrence Abrams

4.23 - Don't Sideload This Podcast Nov 15, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Melvin Langvik, and Edwin David.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Microsoft to Kill OneDrive for Windows 7, 8, 8.1 in Early 2022

URL: https://www.thurrott.com/cloud/microsoft-consumer-services/onedrive/259004/microsoft-to-kill-onedrive-for-windows-7-8-8-1-in-early-2022

Author: Paul Thurrott

Title: Tim Cook: Users Who Want to Sideload Apps Can Use Android, While the iPhone Experience Maximizes 'Security and Privacy'

URL: https://www.macrumors.com/2021/11/09/tim-cook-users-sideloading-use-an-android/

Author: Sami Fathi

Title: Complexity is killing software developers

URL: https://www.infoworld.com/article/3639050/complexity-is-killing-software-developers.html

Author: Scott Carey

4.22 - That is a Lot Mobile Data You Have There Oct 29, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Stefano Ratto, and David Boyd.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories of Interest

Title: FBI Raids Chinese Point-of-Sale Giant PAX Technology

URL: https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/

Author: Brian Krebs

Title: Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon

URL: https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon

Author: Joseph Cox

4.21 - A Route to Failure Oct 08, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinnger, Carlos Perez, and David Boyd.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

PentesterLab Giveaway

To enter visit https://www.trustedsec.com/podcastgiveaway please submit on or before October 22, 2021 to be eligible.

Stories

Title: What Happened to Facebook, Instagram, & WhatsApp?

URL: https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/

Author: Brian Krebs

Title: Company That Routes Billions of Text Messages Quietly Says It Was Hacked

URL: https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked

Author: Lorenzo Franceschi-Bicchierai

Title: Apple Pay with VISA lets hackers force payments on locked iPhones

URL: https://www.bleepingcomputer.com/news/security/apple-pay-with-visa-lets-hackers-force-payments-on-locked-iphones/

Author: Ionut Ilascu

4.20 - How the Sausage is a Made Sep 24, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Alex Hamerstone, and David Boyd.

Announcements

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

PentesterLab Giveaway

To enter visit https://www.trustedsec.com/podcastgiveaway please submit on or before October 22, 2021 to be eligible.

Stories

Title: US Fine former NSA employees who provided hacker-for-hire services to UAE

URL: https://therecord.media/us-fines-former-nsa-employees-who-provided-hacker-for-hire-services-to-uae/

Author: Catalin Cimpanu

Title: Researchers compile list of vulnerabilities abused by ransomware gangs

URL: https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/

Author: Sergiu Gatlan

Title: Customer Care Giant TTEC Hit By Ransomware

URL: https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/

Author: Brian Krebs

4.19 - Where Do Want to Work Today? Sep 03, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Carlos Perez, and Justin Bollinger .

Stories

Title: You can post LinkedIn jobs as almost ANY employer

URL: https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/

Author: Ax Sharma

Title: ChaosDB: How we hacked thousands of Azure customers’ databases

URL: https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases

Authors: Nir Ohfeld and Sagi Tzadik

Tool Time

Subject: iHide

Link: https://www.trustedsec.com/blog/introducing-ihide-a-new-jailbreak-detection-bypass-tool/

4.18 - Hacker to Hacker - Petit Potam Aug 06, 2021

Welcome to the Trusted Security Podcast – In this hacker to hacker talk Justin gets Geoff up to speed on some newer ADS relay attacks. The episode features the following members: Geoff Walton and Justin Bollinger.

Links

https://github.com/sensepost/assless-chaps

https://us-cert.cisa.gov/ncas/current-activity/2021/07/27/microsoft-releases-guidance-mitigating-petitpotam-ntlm-relay

4.17 - It's Zero-day in the Mobile Phone World Jul 23, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone and David Boyd.

Stories

Title: New Law Will Help Chinese Government Stockpile Zero-Days

URL: https://www.securityweek.com/new-law-will-help-chinese-government-stockpile-zero-days

Author: Kevin Townsend

Title: Huge data leak shatters the lie that the innocent need not fear surveillance

URL: https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance

Author: Paul Lewis

Title: Kaseya Hack Floods Hundreds of Companies with Ransomware

URL: https://techcrunch.com/2021/07/05/kaseya-hack-flood-ransomware

Author: Zach Whittaker

4.16 - What Do Printer Techs Make These Days? Jul 02, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Alex Hamerstone, and David Boyd.

Announcements

Black Hat Training

Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug

URL: https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bug/

Author: Catalin Cimpanu

Title: LinkedIn breach reportedly exposes data of 92% of users, including inferred salaries

URL: https://9to5mac.com/2021/06/29/linkedin-breach/

Author: Ben Lovejoy

Title: MyBook Users Urged to Unplug Devices from Internet

URL: https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/

Author: Brian Krebs

4.15 - A Breach is a Breach No Matter How Small Jun 18, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Alex Hamerstone, and Rockie Brockway.

Announcements

Black Hat Training

Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.

Join the TrustedSec Discord Community

TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join.

Stories

Title: Largest US propane distributor discloses '8-second' data breach

URL: https://www.bleepingcomputer.com/news/security/largest-us-propane-distributor-discloses-8-second-data-breach/

Author: Ax Sharma

Title: McDonald’s Hit by Data Breach

URL: https://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800

Author: Heather Haddon

Title: Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug

URL: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Author: Kevin Backhouse

4.14 - Because 4.13 Could Never Have Brought Us Luck May 28, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott Nusbaum, and Paul Sems.

Announcements

Black Hat Training

Join the TrustedSec Black Hat virtual training course: Actionable Defense - Understanding Adversary Tactics, taking place virtually July 31st - August 3rd. Go to blackhat.com/us-21 for more information.

Carlos Mimikatz Training

Enroll in our next online training course: Mimikatz: Everything You Need to Know. Taking place on June 10- June 11 and led by TrustedSec Research Practice Lead, Carlos Perez. Visit TrustedSec.com to learn more and enroll.

Stories

Title: The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms

URL: https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/amp/

Authors: Renee Dudley and Daniel Golden

Title: PowerShell Is Source of More Than a Third of Critical Security Threats

URL: https://www.esecurityplanet.com/threats/powershell-source-of-third-of-critical-security-threats/

Author: Paul Shread

4.12 - Got Gas? May 14, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kelsey Segrue, Alex Hamerstone and David Boyd .

Stories

Title: Absolute stupidity': Cybersecurity experts condemn White House for breaking with FBI and suggesting private companies could pay ransomware demands

URL: https://www.dailymail.co.uk/news/article-9566489/Cybersecurity-experts-condemn-White-House-suggesting-companies-canpay-ransomware-demands.html

Author: Rob Crilly

Title: Thousands of Tor exit nodes attacked cryptocurrency users over the past year

URL: https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year/

Author: Catalin Cimpanu

Title: Malicious Office 365 Apps Are the Ultimate Insiders

URL: https://krebsonsecurity.com/2021/05/malicious-office-365-apps-are-the-ultimate-insiders/

Author: Brian Krebs

4.11 - A Bountiful Harvest of Exploits Apr 30, 2021

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Kelsey Segrue, Justin Bollinger, and David Boyd.

Stories

Title: Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

URL: https://securityledger.com/2021/04/deere-john-researcher-warns-ag-giants-site-provides-a-map-to-customers-equipment/

Author: Paul Roberts

Title: D.C. Police Department Victim Of Apparent Ransomware Attack

URL: https://www.npr.org/2021/04/27/991116344/d-c-police-department-victim-of-apparent-ransomware-attack

Author: Jaclyn Diaz

Title: Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops

URL: https://www.vice.com/en/article/k78q5y/signal-ceo-hacks-cellebrite-iphone-hacking-device-used-by-cops

Author: Lorenzo Franceschi-Bicchierai

4.10.1998 - You Have Only Yourself to Blame Apr 16, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon and David Boyd .

Stories

Title: NAME:WRECK vulnerabilities impact millions of smart and industrial devices

URL: https://therecord.media/namewreck-vulnerabilities-impact-millions-of-smart-and-industrial-devices/

Author: Catalin Cimpanu

Original Research Link: https://www.forescout.com/company/resources/namewreck-breaking-and-fixing-dns-implementations/

Title: PHP's Git server hacked to add backdoors to PHP source code

URL: https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/

Author: Ax Sgarna

Title: Facebook Says It’s Your Fault That Hackers Got Half a Billion User Phone Numbers

URL: https://www.vice.com/en/article/88awzp/facebook-says-its-your-fault-that-hackers-got-half-a-billion-user-phone-numbers

Author: David Gilbert

4.9 - Message Me that Review Mar 26, 2021

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger and David Boyd .

Stories

Title: A Security App’s Fake Reviews Give Us a Window Into ‘App Store Optimization’

URL: https://www.vice.com/en/article/n7vxgd/a-security-apps-fake-reviews-give-us-a-window-into-app-store-optimization

Author: Lorenzo Franceschi-Bicchierai

Title: Can We Stop Pretending SMS is Secure Now

URL: https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/

Author: Brian Krebs

Tool Time

Title: Response Tinker

Link: https://www.trustedsec.com/?p=23828&preview=1&_ppp=ffd12e7902

4.8 - Go Watch Exchange Mar 12, 2021

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Logan Sampson, and David Boyd .

Stories

Title: Finding Evil Go Packages

URL: https://michenriksen.com/blog/finding-evil-go-packages/

Author: Michael Henriksen

Title: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

URL: https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams

Author: William Turton

Title: A Basic Timeline of the Exchange Mass-Hack

URL: https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack Author: Brian Krebs

4.7 - Flash and Malware Sharing One Last Headline? Feb 26, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Adam Compton, and David Boyd.

Title: New Windows 10 update permanently removes Adobe Flash

URL: https://www.zdnet.com/article/new-windows-10-update-permanently-removes-adobe-flash

Author: Liam Tung

Title: M1 Malware Has Arrived

URL: https://gizmodo.com/m1-malware-has-arrived-1846286255

Author: Victoria Song

Title: The Long Hack: How China Exploited a U.S. Tech Supplier

URL: https://www.bloomberg.com/features/2021-supermicro/

Author: Jordan Robertson and Michael Riley

4.6 - Let’s Pour Cold Water on Your F A V I C O N S! Feb 12, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger.

Stories of Interest

Title: Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers

URL: https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf

ALT URL: https://www.vice.com/en/article/n7v5y7/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online

Authors: Konstantinos Solomos, John Kristoff, Chris Kanich, Jason Polakis

Title: Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

URL: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Author: Alex Birsan

Title: Florida city attacked by a hacker trying to poison its drinking water

URL: https://www.engadget.com/oldsmar-florida-water-treatment-hack-225713558.html

Author: I. Bonifacic

4.5 - Hello Fellow 0-day Researchers! Jan 29, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Alex Hamerstone, and Justin Bollinger.

Title: New campaign targeting security researchers URL: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Author: Adam Weidemann

Title: After disabling Adobe Flash trains in Dalian, China could hardly open URL: https://verietyinfo.com/taiwaneng/after-disabling-adobe-flash-trains-in-dalian-china-could-hardly-open-technews-%E7%A7%91%E6%8A%80-%E6%96%B0-%E6%8A%A5/ ALT URL: https://arstechnica.com/tech-policy/2021/01/deactivation-of-flash-cripples-chinese-railroad-for-a-day/

Title: SolarWinds: What Hit Us Could Hit Others URL: https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/ Author: Brian Krebs

4.4 - Opsec is Hard Jan 15, 2021

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Carlos Perez, Adam Compton, Kelsey Segrue.

[Stories of Interest]

Title: All Aboard the Pequod!

URL: https://krebsonsecurity.com/2021/01/all-aboard-the-pequod/

Author: Brian Krebs

Title: Kazuar: Multiplatform Espionage Backdoor with API Access

URL: https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/

Author: Brandon Levene, Robert Falcone and Tyler Halfpop

Title: Security researchers claims downloading 70TB of sensitive Parler data

URL: https://www.hackread.com/security-researchers-leak-70tb-parler-data/

Author: Waqas

[Tool Time]

https://github.com/trustedsec/SysmonCommunityGuide

4.3 - Security Dumpster Fire Dec 14, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Alex, and David Boyd.

Title: GE puts default password in radiology devices, leaving healthcare networks exposed

URL: https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/

Author: Dan Goodin

Title: FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

URL: https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html

Author: David E. Sanger and Nicole Perlroth

Title: What you need to know about Amazon Sidewalk

URL: https://appleinsider.com/articles/20/11/24/what-you-need-to-know-about-amazon-sidewalk

Author: Mike Peterson

4.2 - Can you Trust Criminal Types with your IPs? Nov 16, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Justin Bollinger, and Rob Simon.

[Stories]

Title: Apple search bot leaked internal IPs via proxy configuration

URL: https://www.bleepingcomputer.com/news/security/apple-search-bot-leaked-internal-ips-via-proxy-configuration/

Author: Ax Sharma

Title: Woman accused of impersonating prosecutor, dropping criminal charges against herself

URL: https://www.unionleader.com/news/courts/woman-accused-of-impersonating-prosecutor-dropping-criminal-charges-against-herself/article_1fdb1551-147d-53dd-ad45-6680bfc556fa.html?fbclid=IwAR2ovZ_mr_uVcIXJIcW3j_bEji7eLjE1yw_s90IPUKzsSxZ94-cDE-7YDys

Author: Mark Hayward

Title: Why Paying to Delete Stolen Data is Bonkers

URL: https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/

Author: Brian Krebs

4.1 - A Preview of Things to Come Oct 30, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, and David Boyd.

Stories

Title: Link Previews: How a Simple Feature Can Have Privacy and Security Risks

URL: https://www.mysk.blog/2020/10/25/link-previews/

Author: Talal Haj Bakry and Tommy Mysk

Title: Hackers behind life-threatening attack on chemical-maker are sanctioned

URL: https://arstechnica.com/information-technology/2020/10/us-sanctions-russian-hackers-who-hit-chemical-maker-with-dangerous-malware/

Author: Dan Goodin

Title: Three npm packages found opening shells on Linux, Windows systems

URL: https://www.zdnet.com/article/three-npm-packages-found-opening-shells-on-linux-windows-systems/ Author: Catalin Cimpanu

4.0 - Shameless Version Bump! Oct 02, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Costa Petros, and David Boyd.

Stories

Title: POLICE departments across the country Monday night reported their 911 systems nonoperational

URL: https://www.the-sun.com/news/1548945/911-lines-go-down-across-us/

Author: Catherina Gioino

Title: Looks Like the Windows XP Source Code Just Leaked on 4chan

URL: https://www.gizmodo.com.au/2020/09/looks-like-the-windows-xp-source-code-just-leaked-on-4chan/

Author: Cam Wilson

Title: Microsoft: Some ransomware attacks take less than 45 minutes

URL: https://www.zdnet.com/article/microsoft-some-ransomware-attacks-take-less-than-45-minutes/ Author: Catalin Cimpanu

3.36 - Download My Tesla Theme Sep 11, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Aaron James, Alex Hamerstone, and David Boyd.

Stories

Title: Windows 10 themes can be abused to steal Windows passwords

URL: https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/

Author: Lawrence Abrams

Title: The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy

URL: https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

Author: Fred Lambert

Tool Time

SPAnalyzer -

https://www.trustedsec.com/blog/fuzzing-the-front-end/

3.35 - Pub Aug 28, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, Logan Sampson, and Justin Bollinger.

Stories

Title: Former Uber Executive Charged With Paying 'Hush Money' To Conceal Massive Breach

URL: https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach

Author: Shannon Bond

Title: Report: AI Company Leaks Over 2.5M Medical Records

URL: https://www.pcmag.com/news/report-ai-company-leaks-over-25m-medical-records

Author: Matthew Humphries

Title: Picking Locks with Audio Technology

URL: https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext

Author: Paul Marks

3.34 - Taken your Pulse Lately? Aug 07, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, David Boyd, and Aaron James.

Stories:

Title: Hacker leaks passwords for 900+ enterprise VPN servers

URL: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

Author Catalin Cimpanu

Title: Three Charged in July 15 Twitter Compromise

URL: https://krebsonsecurity.com/2020/07/three-charged-in-july-15-twitter-compromise/

Author: Brian Krebs

Title: Web Cache Entanglement: Novel Pathways to Poisoning

URL: https://portswigger.net/research/web-cache-entanglement

Author: James Kettle

3.33 - Too Many, Too Old, or Too Familiar Jul 17, 2020

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Rob Simon, and Alex Hamerstone.

Title: The more cybersecurity tools an enterprise deploys, the less effective their defense is URL: https://www.zdnet.com/article/the-more-cybersecurity-tools-an-enterprise-deploys-the-

less-effective-their-defense-is/

Author: Charlie Osborne

Title: Home Router Security Report 2020

URL:https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouter

Security_2020_Bericht.pdf

Author: Peter Weidenbach Johannes vom Dorp

Title: SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in

Windows DNS Servers

URL: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-

a-17-year-old-bug-in-windows-dns-servers/

Author: Sagi Tzadik

And…Talking Twitter

3.32 - Happy Fourth! Jul 02, 2020

SHOW NOTES

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rick Yocum, David Boyd, and Scott Nusbaum

Stories

Title: A hacker gang is wiping Lenovo NAS devices and asking for ransoms

URL: https://www.zdnet.com/article/a-hacker-gang-is-wiping-lenovo-nas-devices-and-asking-for-ransoms/

Author: Catalin Cimpanu

Title: FCC formally declare Huawei, ZTE ‘national security threats’

URL: https://techcrunch.com/2020/06/30/fcc-huawei-zte-national-security/

Author: Zack Whittaker, Devin Coldewey

Tool Time

Link: https://www.trustedsec.com/blog/access-locked-files-with-tscopy/

3.31 - See the World They Said Jun 19, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Drew Kirkpatrick, and David Boyd.

Title: Career Choice Tip: Cybercrime is Mostly Boring URL: https://krebsonsecurity.com/2020/05/career-choice-tip-cybercrime-is-mostly-boring/ Author: Brian Krebs

Title: Ripple 20 URL: https://www.jsof-tech.com/ripple20/\ Authors: Moshe Kol, Ariel Schon, Shlomi Oberman, Andrey Zagrebin, Yuli Shapiro

Title: Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More URL: https://www.wired.com/story/dating-apps-leak-explicit-photos-screenshots/ Authors: Lily Hay Newman

3.30 - Print Me Some Monero Tendies May 22, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Paul Sems, and David Boyd

[Stories]

Title: PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)

URL: https://windows-internals.com/printdemon-cve-2020-1048/

Author: Yarden Shafir & Alex Ionescu

Title: Supercomputers hacked across Europe to mine cryptocurrency

URL: https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/

Author: Catalin Cimpanu

[Tool Time]

Pop open your Windows 10 Terminal and run:

pktmon help

3.29 - The Past Is Our Future May 08, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Logan Sampson, and David Boyd

Stories of Interest

Title: Cisco spotlights new IT roles you've never heard of

URL: https://www.networkworld.com/article/3541363/cisco-spotlights-new-it-roles-youve-never-heard-of.html

Author: Michael Cooney

Title: The three early, maddening viruses that shook the world—and Microsoft

URL: https://www.fastcompany.com/90500378/iloveyou-virus-microsoft-steven-sinofsky-book Author: Steveen Sinofsky

3.28 - Enterprise Grade Apr 24, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rick Yocum, and David Boyd

Stories of Interest

Title: Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

URL: https://www.theregister.co.uk/2020/04/10/lockheed_martin_spacex_ransomware_leak/

Author: Shaun Nichols and Gareth Corfield

Title: DHS CISA: Companies are getting hacked even after patching Pulse Secure VPNs

URL: https://www.zdnet.com/article/dhs-cisa-companies-are-getting-hacked-even-after-patching-pulse-secure-vpns/

Author: Catalin Cimpanu

Title: Researchers Say They Caught an iPhone Zero-Day Hack in the Wild

URL: https://www.vice.com/en_us/article/pken5n/iphone-email-zero-day-hack-in-the-wild/

Author: Lorenzo Franceschi-Bicchierai

3.27 - Security Outlook Cloudy Apr 03, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rick Yocum, and Rockie Brockway

Feature: Discussion with TrustedSec Advisory Services on migrating to remote work

Stories

Title: Beware—This Open Database On Google Cloud ‘Exposes 200 Million Americans’: Are You At Risk?

URL: https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/#cd6889985879

Author: Zak Doffman

Title: Marriott says new data breach affects 5.2 million guests

URL: https://abcnews.go.com/Technology/wireStory/marriott-data-breach-affects-52-million-guests-69895558

Author: Dee-Ann Durbin

3.26 - Cyber Contagions Mar 20, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Paul Sems, and David Boyd

Stories

Title: Trump signs law banning use of federal funds to purchase Huawei equipment

URL: https://thehill.com/policy/cybersecurity/487266-trump-signs-into-law-bill-banning-use-of-federal-funds-to-purchase

Author: Maggie Miller

Title: You can now take up to 12 ounces of hand sanitizer through airport security

URL: https://www.theverge.com/2020/3/13/21179120/tsa-hand-sanitizer-liquid-size-airport-screening-coronavirus-covid-19

Author: Andrew Hawkins

Title: Live Coronavirus Map Used to Spread Malware

URL: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/

Author: Brian Krebs

3.25 - The Things On The Internet Feb 21, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, and David Boyd

Title: Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep

URL: https://www.zdnet.com/article/cybersecurity-warning-almost-half-of-connected-medical-devices-are-vulnerable-to-hackers-exploiting-bluekeep/

Author: Danny Palmer

Title: Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers

URL: https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/

Author: By Eclypsium

Title: Pay Up, Or We’ll Make Google Ban Your Ads

URL: https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/

Author: Brian Krebs

3.24 - Citrix Mayhem Jan 31, 2020

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Alex Hamerstone and Rob Simon.

Title: Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

URL: https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/

Author: David Kennedy

Title: Microsoft patches Windows 10 after the NSA quietly told it about a major vulnerability

URL: https://www.cnbc.com/2020/01/14/microsoft-to-patch-windows-10-after-nsa-finds-vulnerability.html

Author: Kate Fazzini

URL2: https://news.ycombinator.com/item?id=22048619

Author2: tptacek

URL3: https://curveballtest.com/index.html

Author3: SANS Internet Storm Center

Title: Seven Years Later, Scores of EAS Systems Still sit UN-Pached, Vulnerable

URL: https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/

Author: Paul Roberts

3.23 - Merry Christmas Dec 20, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and David Boyd.

Title: Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

URL: https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

Author: Brian Krebs

Title: Chrome now warns you when your password has been stolen

URL: https://www.theverge.com/2019/12/10/21004434/google-chrome-79-password-protections-security-stolen-password-data-features

Author: Tom Warren

Title: Breaking the Rules: A Tough Outlook for Home Page Attacks

URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html

Authors: Matthew McWhirt, Nick Carr, Douglas Bienstock

3.22 - Process, Process, Process Dec 06, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Rob Simon, and Steve Maxwell!

Stories

Title: A bug in Microsoft’s login system put users at risk of account hijacks

URL: https://techcrunch.com/2019/12/02/microsoft-login-flaw-account-hijack/

Author: Zack Whittaker

Title: It’s Way Too Easy to Get a .gov Domain Name

URL: https://krebsonsecurity.com/2019/11/its-way-too-easy-to-get-a-gov-domain-name/

Author: Brian Krebs

Title: Two malicious Python libraries caught stealing SSH and GPG keys

URL: https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Author: Catalin Cimpanu

3.21 - DoH! Robinhood Strikes Again, Nord Nov 08, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rob Simon, and David Boyd!

Stories

Title: NordVPN users’ passwords exposed in mass credential-stuffing attacks

URL: https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/

Author: Dan Goodin

Title: ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says

URL: https://arstechnica.com/tech-policy/2019/11/isps-lied-to-congress-to-spread-confusion-about-encrypted-dns-mozilla-says/

Author: Jon Brodkin

Title: Robinhood Traders Discovered a Glitch That Gave Them ‘Infinite Leverage’

URL: https://www.bloomberg.com/news/articles/2019-11-05/robinhood-has-a-glitch-that-gives-traders-infinite-leverage

Author: Brandon Kochkodin

3.20 - So Much is Broken Oct 04, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Justin Bollinger, and Alex Hamerstone!

Stories

Title: Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X

URL: https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html?m=1

Author: Mohit Kumar

Title: Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

URL: https://www.helpnetsecurity.com/2019/09/17/vulnerabilities-iot-devices/

Title: Mozilla Won't Turn on DoH as Default in the UK Like It's Planning to Do in the US

URL: https://www.gizmodo.co.uk/2019/09/mozilla-doh-not-default-in-uk/

Author: Shabana Arif

Letters

We have good success using the historical DNS data available at https://securitytrails.com to locate the origin servers. This facilitates bypassing filtering to attack web applications.

3.19 - DerbyCon Victory Lap! Sep 13, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos

This show features a little different format we look back on nine years of DerbyCon with two of the principle organizers!

3.18 - Live From Vegas! Aug 16, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd

In this episode we share what happened in Vegas! Wait is that allowed?

Links from the show:

Proxmark3

API Induced SSRF

Gone to the Dogs - Constructing Kerberos Attacks with Delegation Primitives

HTTP Desync Attacks: Request Smuggling Reborn

Owning the Cloud Through Server-Side Request Forgery

3.17 - The End of End to End Aug 02, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone.

Title: Kazakhstan's HTTPS Interception

URL: https://censoredplanet.org/kazakhstan

Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi

Title: DMARC's abysmal adoption explains why email spoofing is still a thing

URL: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/

Author: Catalin Cimpanu

Title: My browser, the spy: How extensions slurped up browsing histories from 4M users

URL: https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/

Author: Dan Goodin

3.16 - Pay the Ransoms Jul 05, 2019

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, Alex Hamerstone and David Boyd

Title: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Author: Renee Dudley and Jeff Kao

Title: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

URL: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

Author: Alex Perekalin

Title: Track This is a new kind of incognito, says Mozilla

URL: https://www.hackread.com/mozillas-track-this-choose-fake-identity-to-deceive-advertisers/

Author: Waqas

Letters Home:

Try busting that CAPTCHA