30-Day InfoSec podcast

Player FM - Internet Radio Done Right

Vor fünf Jahren hinzugefügt

Inhalt bereitgestellt von TJ Nel and Ryan Hays. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von TJ Nel and Ryan Hays oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.

Tinfoil Swans

1
Tristen Epps and the Scrambled Egg Revelation 56:04

vor 8 Tagen56:04

Später Spielen

Listen

Gefällt mir

Geliked

56:04

Growing up in a military family, Tristen Epps moved around a lot. But no matter where he was living, Friday nights were sacred. He got to dress up, go to a restaurant, not order from a kids menu, and feel like he was getting to know the place he was living — for now. At home, when his mom taught him to scramble an egg, he was mesmerized by the alchemy; one simple ingredient could transform into so many things. It's that wonder and curiosity that transformed him into the leader, visionary, and Top Chef winner he is today. He joined Tinfoil Swans at the Food & Wine Classic in Aspen to talk about his mission to “un-colonize colonized food,” the freedom he feels cooking in Air Jordans, why it's important to him to celebrate oxtails with Michelin-level finesse, and his belief that cooking has power to correct history. Sponsor: Old Fitzgerald® Kentucky Straight Bourbon Whiskey. Bardstown, KY. 50% Alc./Vol. Think Wisely. Drink Wisely. Learn more about your ad choices. Visit podcastchoices.com/adchoices…

30-Day InfoSec explicit

Serie-Home•Feed

30-Day InfoSec, a monthly information security recap show for the latest news, stories, and happenings from around the cybersecurity community.

5 Episoden

#Tech #TJ Nel #Ryan Hays #Computer #Security #Information Security

30-Day InfoSec explicit

updated vor 5 Jahren

Serie-Home•Feed

30-Day InfoSec, a monthly information security recap show for the latest news, stories, and happenings from around the cybersecurity community.

5 Episoden

#Tech #TJ Nel #Ryan Hays #Computer #Security #Information Security

Alle Folgen

1
Episode 05: Insecure IoT, Trickbot Takedown, Nation-state Hacking and Charitable Hackers 50:54

vor 5 years50:54

50:54

IoT is Vulnerable IoT Homefootage on sale in the deep and dark web and an intimate IoT device is found to have an exploit. https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/ https://gizmodo.com/a-security-flaw-could-send-your-dick-to-jail-forever-1845286359 Trickbot Takedown via Private and Public Sector Both Microsoft and USCybercom both try to disrupt the Trickbot gang using different approaches https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/ https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/ Government Sponsored Cyber Attacks The UK reveals it carried out cyberattacks against Russia, Iran and Russia found to be interfering with US elections. The NSA releases a list of the 25 most used exploits in attack from China. https://www.cnn.com/2020/10/21/politics/fbi-election-security/index.html https://www.ibtimes.sg/uk-carried-out-secret-cyberattacks-russia-retaliation-says-former-national-security-adviser-52806 https://www.zdnet.com/article/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers/ Bug Bounty crew spends 3 months hacking Apple A bug bounty crew cashes in big hacking apple infrastructure. https://samcurry.net/hacking-apple/ Ransomware actor gives to charity Darkside ransomware actors show proof of their philanthropy by press releasing a receipt of their donation. https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/ Upcoming Events: Blackhat EU 2020 - Nov. 9 OSDF Con - Nov 18 Cyber Security & Data Protection Summit - Nov 19 Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/…

1
Episode 04: Emotet, Twitter Hack, Sev10 CVEs, and the Tesla Ransomware Scandal 20:29

vor 5 years20:29

20:29

Emotet Is back and then not The group behind the Emotet malware has popped back up but shortly after that it appears the C2 infrastructure was compromised and started sharing out memes. https://www.bleepingcomputer.com/news/security/emotet-malware-operation-hacked-to-show-memes-to-victims/ https://www.bleepingcomputer.com/news/security/emotet-spam-trojan-surges-back-to-life-after-5-months-of-silence/ Garmin HACKED!!! Garmin was hacked recently and the intrusion was used to spread ransomware on the network. The attackers also ended up being paid out $10M by Garmin. https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ Twitter Admin Panel Exposed Recently a teenager was able to get access to a twitter management panel which allowed them to take over high profile accounts to include Barack Obama, Beyonce as well as Elon Musk. The take over was being used a scam to attempt to get bitcoin from people. https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html High Profile Exploits Recently Released Recently there were several high profile exploits released that were all remote code execution exploits. Vendors such as F5, SAP and Microsoft were all among the vendors affected by these exploits. https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/ https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/ https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/ Tesla Attempted Hack A Tesla employee was approached by a supposed Russian sponsored individual in an attempt to compromise the entire organization and spread ransomware. https://www.databreachtoday.com/russian-indicted-in-tesla-ransom-scheme-a-14960 Upcoming Events: https://ekoparty.org/en_US/ https://www.bsidesclt.org/ https://shellcon.io/ Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated ) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/…

1
Episode 03: Honda Cyberattack, Chinese App Banning and MongoDB Leaks 48:54

vor 5 years48:54

48:54

Honda hit by Cyberattack Honda was hit by a cyber attack shutting down its manufacturing plant for several days. It appears to be the Ekans variant of ransomware. The company has insisted no data has been breached and added that "at this point, we see minimal business impact". https://www.bbc.com/news/technology-52982427 59 Chinese Apps Banned Apps such as TikTok are starting to be banned within the Indian government. Many other countries and businesses are now also considering banning the applications from there networks. These applications were exposed to collecting too much detailed information about their users. https://twitter.com/ShivAroor/status/1277619905269989378 MongoDB Exposed Millions of Medical Insurance Records Millions of records containing personal information and medical insurance data were exposed by a database belonging to the insurance marketing website MedicareSupplement.com. https://www.cybersecurity-review.com/news-june-2019/mongodb-leak-exposed-millions-of-medical-insurance-records/ Upcoming Events: https://conference.hitb.org/hitb-lockdown002/ https://www.opcde.com/ Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated ) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/…

1
Episode 02: Ransomware Leaks, Contact Tracing and Verizon DBIR 38:24

vor 5 years38:24

38:24

US President target of hackers In a press conference in May The White House Press Secretary held up the check being donated from the president's salary which held his account number and the routing number of an account within Citibank. This has placed a large target on the bank as they now have ties with the administration and government accounts. Hackers will be targeting them similar to how the REvil group is targeting Trump with the release of information collected during the hack of a law firm said to contain information about the president. https://thehill.com/homenews/administration/499268-trump-routing-number-bank-revealed-coronavirus-response https://twitter.com/ransomleaks/status/1261105634159800321 Contact Tracing Apps and Jailbroken Phones Governments around the world have started encouraging citizens to install tracking application to hopefully get an idea of the spread of the virus. It’s gone as far as Apple and Google baking this into the operating system of the devices. Tracking applications present huge security concerns and risks to everyone. We should all be looking at these to ensure personal safety is being maintained while using them. https://www.unc0ver.dev Increased Unemployment Fraud With the world under its current situation, Brian Krebs has been reporting on increased unemployment fraud along with Microsoft report huge upticks of malicious documents related to COVID-19. With the world in crisis and working from home everyone's guard is down so scammers and malicious attackers will be taking advantage of this. https://krebsonsecurity.com/2020/05/riding-the-state-unemployment-fraud-wave/ https://www.infosecurity-magazine.com/news/microsoft-warns-of-massive-covid19/ Verizon DBIR The Verizon Databreach Investigation Report was released and covers the current attack surfaces being exploited at least during 2019 but a majority of these will continue on into 2020. https://enterprise.verizon.com/resources/reports/dbir/ Upcoming Events https://www.sans.org/event/hackfest-ranges-summit-2020 SANs Hackfest https://www.securitysummits.com/event/enterprise-lockdown/ Enterprise Lockdown 6/25 https://securecon.streameventlive.com/login SecureCon 6/16-18 https://www.eventbrite.com/e/bsides-greenville-2020-tickets-84602497347 BSides Greenville 6/13 https://www.womenhackerz.com/whackzcon-2020 WomenHackerz Con 6/6-7 https://2020.pass-the-salt.org Pass the Salt 6/29 Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated ) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/…

1
Episode 01: COVID, IoT Botnets, Ransomware and Online Events 37:36

vor 5 years37:36

37:36

COVID-19 Related Attacks COVID-19 has hit the entire world extremely hard. We have seen an uptick in COVID-19 related attacks targeting businesses and consumers around the world. Recently we have witnessed spear phishing attacks related to streaming platforms as well as an uptick in malicious mobile applications related to COVID-19. References https://research.checkpoint.com/2020/covid-19-goes-mobile-coronavirus-malicious-applications-discovered/ https://www.infosecurity-magazine.com/news/hackers-target-netflix-disney/ Dark Nexus IOT Botnet IoT attacks have seen an uptick in IoT related attacks over the past few years. One of the largest currently operating in the Dark Nexus botnet. References https://labs.bitdefender.com/2020/04/new-dark_nexus-iot-botnet-puts-others-to-shame/ Ransomware Attacks (Travelx and Cognizant) Ransomware attacks have always been an issue, but with employees in work from home mode and using VPNs, it increases the risk to the corporate network for attack. Two companies that we have seen hit recently Travelex were hit with Sodinokibi ransomware causing them to pay out $2.3M in ransom to unlock the systems. Cognizant is an MSP for some large organizations, and they were hit with MAZE ransomware. The difference here is attackers are exporting this data so the victims can no longer just restore from backups they are forced to pay out the ransom. References https://threatpost.com/travelex-pays-2-3m-in-bitcoin-to-hackers-who-hijacked-network-in-january/154666/ https://www.infosecurity-magazine.com/news/maze-wage-ransomware-attack-on/ Online Training/Events It seems with the world in its current state all of the infosec conferences have quickly adapted to still providing training within the virtual space. TJ and I collected several upcoming events and listed them for everyone to enjoy hopefully. References https://wildwesthackinfest.com/deadwood/tickets-and-training-info/ https://www.sans.org/blog/and-now-for-something-awesome-sans-launches-new-series-of-worldwide-capture-the-flag-cyber-events/ Intro/Outro Music Credits Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated ) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/…

Willkommen auf Player FM!

Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.