T1SP: Episode 25
Unsupervised Learning19 Tammi 2016

T1SP: Episode 25



[ Subscribe to the Podcast: iTunes | Android | RSS ]

News


* [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet
* [ ] SSH backdoor found in Fortinet firewalls
* [ ] SSH client vulnerability
* [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015
* [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon
* [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business
* [ ] Twitter might be ending its 140 character limit
* [ ] Major vulns still being found in Health and Fitness mobile apps
* [ ] Angler exploit kit continues to evade detection
* [ ] LostPass attack is a phishing email attack that works against LastPass (showed at Shmoocon this weekend)
* [ ] Virus just took down the Melbourne Health computer system
* [ ] Lastpass has found a workaround for the LostPass attack
* [ ] A bit match fixing problem has been found in Tennis
* [ ] Trustwave is being sued by Affinity for supposedly missing an second hack that was going on while they were there to fix an initial hack


Ideas, updates, and discussion


* [ ] IR is messy and dangerous; assume compromise; assume continued compromise; be extremely careful saying that things were contained; if you’re not Mandiant you’re probably not doing a great job
* [ ] Smartphone encryption and the gun debate: same coin? ISIS supposedly has its own encryption app. What next, make murder illegal?


Tools, talks, and projects


* [ ] FIR – Fast Incident Response Management Platform
* [ ] DIVA damn insecure and vulnerable Android app
* [ ] Kill Chain for Kali Linux 2.0 : recon, weaponization, delivery, exploit, installation, c2, actions
* [ ] EZ-Wave: exploiting Z-Wave networks using SDR
* [ ] GoPhish: open source phishing framework
* [ ] V3n0m SQLi scanner
* [ ] VScan : uses NSE scripts to find vulns
* [ ] SleepyPuppy Burp Extension
* [ ] DBDAT — Database Assessment Tool — https://github.com/foospidy/DbDat


Announcements


* [ ] Speaking at AppSec Cali next week (Tuesday) on ATM
* [ ] Shmoocon hiring list: http://www.room362.com/2016/01/2016-shmoocon-hiring-list.html


Miscellaneous


* [ ] Great security news source: https://security.didici.cc/news
* [ ] Thanks to Tripwire for giving a shoutout to the podcast on Twitter


[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes


* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(532)

A Conversation with Jason Kikta from Automox

A Conversation with Jason Kikta from Automox

In this sponsored episode of Unsupervised Learning, we talked to Jason Kikta. Jason is the CISO and Senior VP of Product at Automox, and our conversation covered: - Endpoint Management- IT and Security Overlap- Patching Strategies- Cloud-Based Solutions- Configuration Drift- Policy Articulation- Automation and AI- IT Operations Challenges- Future Product Features- and other topics. You can check out Automox at: https://automox.com.  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Tammi 202445min

UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…

UL NO. 415: It's Raining 9+ CVEs, 40% Job Loss from AI, Invisible Prompt Injection…

[updated: apologies, we had the wrong audio file initially] Taiwan chooses democracy, 10,000 hours debunked, Data/Display/AI/AR, and much more… 📢Sponsored by Automox: Brace yourself for any IT calamity with Automox! 🛡️ Tune into the Autonomous IT podcast and join experts discussing Patch Tuesday insights, mitigation strategies, and CVE remedies. Connect with IT pros and stay ahead of the game. 🎧 Listen now on Spotify, Apple, or your favorite podcast platform! Read today's episode hereBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Tammi 202421min

UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

UL NO. 414: LastPass Settings Upgrade, Boosting ChatGPT Output, AI Adding Societal Transparency

ChatGPT prompting upgrades, CrewAI agent framework, people down on Democracy… 📢 Sponsored by Kolide: Concerned about data breaches and hacks? 🔒 Discover Kolide, the device trust solution that secures your company's devices and credentials, making phishing attempts useless to hackers. See it in action at www.kolide.com/unsupervisedlearning View today's episode online here: https://danielmiessler.com/p/ul-414Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Tammi 202425min

UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…

UL NO. 413: 7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH's Terrapin…

Xi purges detractors, my thoughts on chaos and 2024, my predictions for what we'll build with AI in 2024, macro D, and much more… Read online here.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Tammi 202424min

A Conversation with Gabe Bernadett-Shapiro on AI

A Conversation with Gabe Bernadett-Shapiro on AI

👥 This conversation is between Daniel Miessler, founder of Unsupervised Learning, and Gabriel Bernadett-Shapiro, an expert on AI Safety and Threat Intelligence.  🧠 TOPICS 00:00:00 Intros 00:04:50 Acels vs. Decels/Boomers 00:08:10 Accelerationists' Optimism for AGI 00:11:02 AGI vs. ASI Discussion 00:14:22 AI Development Debate 00:18:45 Data Retrieval with LLMs 00:27:21 Bottom-Up Automation Strategy 00:34:56 Data Availability Problem Solving 00:42:07 Threat Intel Task Automation 00:49:32 Auto Analyst Tool Demo 01:02:14 Applying AI to Threat Intelligence   🔎 Gabe: X:   / gabeincognito   LinkedIn:   / gabebs     🔎 Daniel: Web: danielmiessler.com X:   / danielmiessler.com   LinkedIn: www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Joulu 202337min

UL NO. 412: OpenAI's Prompt Guide, My Neovim Overhaul, The UL Character Sheet, And…

UL NO. 412: OpenAI's Prompt Guide, My Neovim Overhaul, The UL Character Sheet, And…

Also: Ubiquity Cross-Pollination, Passcode Laws, China's AI Influence Network, Bodycam Shenanigans, And One Year Independent!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

20 Joulu 202329min

UL NO. 411: ChatGPT Repeat Vuln, A UL AI Course!, Revenge Code Deletion

UL NO. 411: ChatGPT Repeat Vuln, A UL AI Course!, Revenge Code Deletion

Sneaky ChatGPT Data Leaks, A New Ground-Based Telescope, Companies Leaving Austin, More… 📢Sponsored by Automox: Brace yourself for any IT calamity with Automox! 🛡️ Tune into the Autonomous IT podcast and join experts discussing Patch Tuesday insights, mitigation strategies, and CVE remedies. Connect with IT pros and stay ahead of the game. 🎧 Listen now on Spotify, Apple, or your favorite podcast platform! Read today's episode hereBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Joulu 202319min

UL NO. 410: The Immigration/Identity Security Risk, Super Soldier Pentagon Talk, Okta&Me Updates, Teachable Agents

UL NO. 410: The Immigration/Identity Security Risk, Super Soldier Pentagon Talk, Okta&Me Updates, Teachable Agents

Meta bans AI-generated Political Ads, Google's new RETVec Anti-spam tool, a casual convo on Super Soldiers, and more… 📢Sponsored by Kolide🔒 Secure your world with device trust – manage all OS, empower employees to fix their own security issues. Say goodbye to vulnerable credentials. 📢Sponsored by: Panoptica.app - Simplify container deployment, monitoring, and securityBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Joulu 202325min