This week, Doug White brings the Security Weekly News update for the week of January 20, 2020, to discuss the top news stories of the week, across all of the Security Weekly Network shows! Show Notes: https://wiki.securityweekly.com/SWNEpisode6 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly...
Jan 27, 2020•27 min
This week, Clearview app lets strangers find your information through Facial Recognition, Travelex begins reboot as VPN bug persists, ADP users hit by Phishing Scam, Exposed Telnet ports lead to over 500,000 IoT devices credentials stolen, and over 1000 local governments reported they were hit by ransomware in 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how the FBI is to inform election officials about hacking attempts! Show Notes: https://wiki.securi...
Jan 21, 2020•29 min
Highlights from the Security Weekly shows this week, including dealing with personalities and compliance, Windows 10 exploits, alert fatigue in your SoC, security for startups, Windows 10 exploits, Tik Tok backdoors, lottery hack, 5G (in)security and more! Show Notes: https://wiki.securityweekly.com/SWNEpisode4 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly...
Jan 20, 2020•24 min
This week, Tesla goes Pwn2Own again this year, GRU "hacks" a Ukranian gas company at the heart of scandals in DC, Microsoft has officially ended support for Windows 7 and Server 2008, and a nasty bug in Firefox, Citrix exploits are being well...exploited, and the return of Emotet! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about The State of 5G Security! Show Notes: https://wiki.securityweekly.com/SWNEpisode3 Visit https://www.securityweekly.com/swn for all the ...
Jan 14, 2020•31 min
Welcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week, and Doug White is here to try and sum it all up for you, so you can just hit the high points for the week. So, stick around, and we'll cover all the shows and all the top stories of the week! Show Notes: https://wiki.securityweekly.com/SWNEpisode2 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter...
Jan 10, 2020•28 min
Happy New Year and welcome to the first episode ever of Security Weekly News! It's another year of malware, exploits, and fun here on the Security Weekly Network, with your host, Doug White! Ransomware, TikTok, and in the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about Iranian Cyber Threats: Practical Advice for Security Professionals! Show Notes: https://wiki.securityweekly.com/SWNEpisode1 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow u...
Jan 08, 2020•36 min
This week, Montana TV stations hit by cyber attack, Ransomware crisis in US schools, a deep dive into Phobos Ransomware, Cybersecurity salary survey reveals variance across industries and geolocations in 2020, and Ring smart camera claims they were not hacked!! In the expert commentary, we welcome Paul Asadoorian, CTO and Founder of Security Weekly, to discuss why you should be careful who you do business with! Show Notes: https://wiki.securityweekly.com/HNNEpisode246 Visit https://www.securityw...
Dec 18, 2019•27 min
This week, How Panasonic is using internet honeypots to improve IoT device security, A new Windows 10 ransomware threat?, 'Hackable' karaoke and walkie talkie toys found by Which?, Linux Bug Opens Most VPNs to Hijacking, New Office 365 Feature Provides Detailed Information on Email Attack Campaigns, and Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat! In the expert commentary, we welcome Tyler Robinson, Managing Director of Network Operations at Nisos, Inc, to dis...
Dec 10, 2019•23 min
This week, Microsoft OAuth Flaw Opens Azure Accounts to Takeover, Vulnerabilities Disclosed in Kaspersky, Trend Micro Products, Critical Code Execution Vulnerability Found in GoAhead Web Server, and StrandHogg Vulnerability Allows Malware to Pose as Legitimate Android Apps! In the expert commentary, we welcome back Adam Gordon from ITPro.TV, to discuss DevSecOps and the Culture Clash in Organizations! Show Notes: https://wiki.securityweekly.com/HNNEpisode244 To learn more about ITPro.TV, visit: ...
Dec 03, 2019•33 min
This week, PoC exploit code for Apache Solr RCE flaw is available online, Some Fortinet products used hardcoded keys and weak encryption for communications, Critical Flaws in VNC Threaten Industrial Environments, Twitter allows users to use 2FA without a phone number, and Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets! In the expert commentary, we welcome back Jason Wood from Paladin Security, to discuss an Iranian hacking crew that is targeting Industrial Contro...
Nov 26, 2019•21 min
This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns! Show Notes: ...
Nov 19, 2019•31 min
This week, BlueKeep freakout had little impact on patching, Experts warn of spike in TCP DDoS reflection attacks targeting Amazon and others, Nvidia patches graphics products and GeForce Experience update tool, hackers breach ZoneAlarm's forum site, and how Apple is to fix Siri bug that exposed parts of encrypted emails! In the expert commentary, we welcome Dan DeCloss, Founder and CEO of PlexTrac, to talk about Communicating Vulnerabilities! To learn more about PlexTrac, visit: https://security...
Nov 12, 2019•24 min
This week, aggressive IoT malware that's forcing Wi-Fi routers to join its botnet army, Google discloses Chrome Zero-Day exploited in the wild on Halloween, the first Bluekeep exploit found in the wild, and oC Exploits Published for Unpatched RCE Bugs in rConfig! In the expert commentary, we welcome Sean O'Brien, Founder, and CEO of PrivacySafe, to talk about Siri, Alexa, and Google Assistant hacked via Laser Beam! Show Notes: https://wiki.securityweekly.com/HNNEpisode240 To learn more about Pri...
Nov 05, 2019•23 min
This week, Adobe database exposes 7.5 million Creative Cloud users, PHP team fixes nasty site-owning remote execution bug, Trend Micro's antivirus tools will run malware if the filename is cmd.exe, and how the country of Georgia was hit by a massive cyber attack! In the expert commentary, we welcome Jason Wood, to discuss how Fancy Bear targets Sporting and Anti-Doping Orgs as the 2020 Olympics Loom! Show Notes: https://wiki.securityweekly.com/HNNEpisode239 Visit https://www.securityweekly.com/h...
Oct 29, 2019•23 min
This week, researchers turn Alexa and Google Home into credential thieves, Microsoft aims to block firmware attacks with new secured-core PCs, the popular VPN service NordVPN confirms data center breach, a 4-year-old critical Linux Wi-Fi bug allows system compromise, and US nuclear weapons command finally ditches 8-inch floppies! In the expert commentary, we welcome Jason Wood, to discuss the Evolution of False Flag Operations! Show Notes: https://wiki.securityweekly.com/HNNEpisode238 Visit http...
Oct 22, 2019•23 min
This week, Signal App rushes to patch serious eavesdropping vulnerability, Wi-Fi signal let researchers ID people through walls from their gait, the FBI warns about attacks that bypass MFA, Vulnerable Twitter API leaves tens of thousands of iOS apps open to attacks, and D-Link home routers open to remote takeover will remain unpatched! In the expert commentary, we welcome Justin Elze from TrustedSec, to talk about Red Teaming and Adversary Emulation! Show Notes: https://wiki.securityweekly.com/H...
Oct 08, 2019•26 min
This week, 335 Million Malicious apps were installed on Google Play in September, a new bug found in NSAs Ghidra tool, a Medical Practice closed permanently after a Ransomware attack, researchers find a new hack to read content of password-protected PDF files, and a billboard in Michigan was hacked to play Pornography for drivers along I-75! In the expert commentary, we welcome Sean O'Brien, Founder and CEO of PrivacySafe, to talk about PrivacySafe - The Anti Cloud Appliance! To learn more about...
Oct 01, 2019•26 min
This week, Facebook suspends tens of thousands of apps from hundreds of developers, a Privilege Escalation flaw found in Forcepoint VPN Client for Windows, WannaCry and why it never went away, 0patch promises support for Windows 7 beyond January 2020, and how the FBI arrests more than 200 hackers in different countries! In the expert commentary, we welcome Grant Sewell, Director of IT Security at Safelite Autoglass, to talk about Risk-based security and identity controls, and the Use of Preempt ...
Sep 24, 2019•23 min
This week, experts disclosed passcode bypass bug in iOS 13 a week before release, drone attacks hit two Saudi Arabia Aramco oil plants, Google fixes 2FA flaw in built-in security key, LastPass fixes bug that leaks credentials, AMD Radeon Driver flaw lead to VM escape, and how the Air Force will let hackers try to hijack an orbiting satellite! In the expert commentary, we welcome George Avetisov, CEO and Co-Founder at HYPR Corp., to talk about True Passwordless Security! To learn more about Hypr,...
Sep 17, 2019•31 min
This week, 60,000 GPS trackers for people and pets are using the same password, YouTube fined $170m for covertly tracking kids online, a free working exploit for BlueKeep, WordPress 5.2.3 fixes new clutch of security vulnerabilities, critical Exim flaw opens millions of servers to Takeover, cyberattack Disrupted Firewalls at U.S. Power Utility, a Million-plus IoT Radios Open to Hijack via Telnet Backdoor, Vulnerabilities in D-Link, Comba Routers Can Leak Credentials, and vulnerabilities exposed ...
Sep 10, 2019•21 min
This week, hackers indiscriminately infected iPhones for two years, Google throws bug bounty bucks at mega-popular third-party apps, how Jack Dorsey's Twitter account got hacked, and how attackers are exploiting vulnerable WordPress plugins to backdoor sites! In the Expert Commentary, Larry Alston of Tufin joins us to discuss Developing and Enforcing Security Policies in the Cloud! To learn more about Tufin, visit: https://securityweekly.com/tufin Full Show Notes: https://wiki.securityweekly.com...
Sep 03, 2019•25 min
This week, a hacker finds Instagram Account Takeover Flaw worth $10,000, a U.S. Judge orders Capital One hacker Paige Thompson to remain in prison, a vast majority of newly registered domains are malicious, and why half of all Social Media logins are fraud! In the expert commentary, Jason Wood joins us to discuss Building Your First Incident Response Policy: A Practical Guide for Beginners! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode231 Visit https://www.securityweekly.com/hnn fo...
Aug 27, 2019•23 min
This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and a reward up to $30,000 for find vulns in Microsoft Edge dev and beta channels! In the expert commentary, we welcome Jason Wood, to discuss Ransomware and City Governments! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode230 Roman...
Aug 20, 2019•26 min
This week, a rare steganography hack can compromise fully patched websites, the Louisiana governor declares state of emergency after a local ransomware outbreak, Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage, and 100 million users data stolen in the Capital One breach! In the expert commentary, we welcome Jason Wood, to discuss how the U.S. issues a hacking security alert for small planes! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode229...
Jul 30, 2019•22 min
This week, a bug in NVIDIAs Tegra Chipset opens doors to Malicious Code Execution, hackers publish a list of phished Discord creds, Equifax to pay up to $700 Million in 2017 data breach settlement, several vulnerabilities found in Comodo Antivirus, and VLC player has a critical RCE flaw with no patch available! In the expert commentary, we welcome Jason Wood, to discuss why Corporate Mobile Security just isn't cutting it! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode228 Visit https...
Jul 23, 2019•24 min
This week, the Zoom RCE flaw is affecting RingCentral and Zhumu, a researcher releases PoC code for critical Atlassian Crowd RCE flaw, thousands of legacy Lenovo storage devices exposed millions of files, unusual Linux ransomware targets NAS servers, and how hacked hair straighteners can threaten your home! In the expert commentary, we welcome our CEO Matt Alderman, to discuss Facebook's $5 Billion dollar FTC fine! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode227 Visit https://www....
Jul 16, 2019•19 min
This week, US Cyber Command warns of Iran-linked hackers exploiting Outlook, New "WannaHydra" malware a triple threat to Android, British Airways slapped with record $230M fine, Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software, and more! Jason Wood joins us for expert commentary on Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode226 Visit https://www.securityweekly.com/hnn fo...
Jul 09, 2019•20 min
This week, A Crypto Flaw in Yubico Security Keys, Facebook's Lawyers say You Have No Right to Privacy, Two Cloud Services, PCM and Attunity, Have Breaches, and Two Florida Cities Pay Over $1M in Ransomware Attacks in Less Than a Week! Jason Wood joins us for expert commentary on Trump Officials Weighing a Crackdown on End-to-End Encryption! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode225 Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: ht...
Jul 02, 2019•20 min
This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot malware! Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show ...
Jun 25, 2019•22 min
This week, prevent the impact of a Linux worm, Yubico recalls FIPS Yubikey tokens after flaw discovered, how fraudulent domains hide in plain site, Samsung reminds rabble to scan smart TV's for viruses and makes them forget, and the scraping of millions of Venmo transactions in a privacy warning to consumers! In the expert commentary, we welcome Sagi Bar-Zva, Strategic Pre-Sales Manager from Tufin to talk about Using Automation to Improve Your Overall Security Posture! Full Show Notes: https://w...
Jun 19, 2019•30 min
