T1SP: Episode 25
Unsupervised Learning19 Tammi 2016

T1SP: Episode 25



[ Subscribe to the Podcast: iTunes | Android | RSS ]

News


* [ ] TrendMicro node.js server listening on localhost can execute commands; exposed to the internet
* [ ] SSH backdoor found in Fortinet firewalls
* [ ] SSH client vulnerability
* [ ] Australia’s Cybercrime Online Reporting Network (ACORN) received over 39K reports of criminal activity in 2015
* [ ] Hyatt names 250 hotels hit by malware, includes the one for DerbyCon
* [ ] Web sense rebranding as Forepoint, acquires Intel’s firewall business
* [ ] Twitter might be ending its 140 character limit
* [ ] Major vulns still being found in Health and Fitness mobile apps
* [ ] Angler exploit kit continues to evade detection
* [ ] LostPass attack is a phishing email attack that works against LastPass (showed at Shmoocon this weekend)
* [ ] Virus just took down the Melbourne Health computer system
* [ ] Lastpass has found a workaround for the LostPass attack
* [ ] A bit match fixing problem has been found in Tennis
* [ ] Trustwave is being sued by Affinity for supposedly missing an second hack that was going on while they were there to fix an initial hack


Ideas, updates, and discussion


* [ ] IR is messy and dangerous; assume compromise; assume continued compromise; be extremely careful saying that things were contained; if you’re not Mandiant you’re probably not doing a great job
* [ ] Smartphone encryption and the gun debate: same coin? ISIS supposedly has its own encryption app. What next, make murder illegal?


Tools, talks, and projects


* [ ] FIR – Fast Incident Response Management Platform
* [ ] DIVA damn insecure and vulnerable Android app
* [ ] Kill Chain for Kali Linux 2.0 : recon, weaponization, delivery, exploit, installation, c2, actions
* [ ] EZ-Wave: exploiting Z-Wave networks using SDR
* [ ] GoPhish: open source phishing framework
* [ ] V3n0m SQLi scanner
* [ ] VScan : uses NSE scripts to find vulns
* [ ] SleepyPuppy Burp Extension
* [ ] DBDAT — Database Assessment Tool — https://github.com/foospidy/DbDat


Announcements


* [ ] Speaking at AppSec Cali next week (Tuesday) on ATM
* [ ] Shmoocon hiring list: http://www.room362.com/2016/01/2016-shmoocon-hiring-list.html


Miscellaneous


* [ ] Great security news source: https://security.didici.cc/news
* [ ] Thanks to Tripwire for giving a shoutout to the podcast on Twitter


[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes


* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(532)

UL NO. 408: OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries

UL NO. 408: OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries

My Theory Of What Happened At OpenAI, A New Ransomware Tactic, Analysis Of What The SEC Case Will Do To Cybersecurity, Live David Attenborough Narration, And More… Read the episode here. 📢Sponsored by: Panoptica.app - Simplify container deployment, monitoring, and securityBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Marras 202335min

UL NO. 407: OpenAI Prompt Injection, Leaky GPTs, AGI by 2028, Huberman Routine AI

UL NO. 407: OpenAI Prompt Injection, Leaky GPTs, AGI by 2028, Huberman Routine AI

Extremist groups using AI for propaganda, NYC restaurant bots, Wegovy and Cannabis studies, my favorite collections of GPTs… 📢Sponsored by Moonlock — cybersecurity wing of MacPaw. Developers of Moonlock Engine, the antimalware tech in CleanMyMac X. 📢Sponsored by Automox - AI-powered modern IT automation is here. Learn more at automox.com. Read the episode here.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Marras 202340min

OpenAI's New Releases Are a Watershed Moment for Human Creativity—and Prompt Injection

OpenAI's New Releases Are a Watershed Moment for Human Creativity—and Prompt Injection

Making it trivial to create and share AI Agents that connect to real-word APIs will have a drastic impact on Information Security.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Marras 20233min

Why I'm Not Getting the New Humane AI Pin

Why I'm Not Getting the New Humane AI Pin

Why I should be super excited by the Humane AI pin, but I'm not.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Marras 20233min

UL NO. 406: OpenAI Launches Custom AIs, Okta's New Breach, EFF's Browser Privacy Checker

UL NO. 406: OpenAI Launches Custom AIs, Okta's New Breach, EFF's Browser Privacy Checker

DOJ and Pentagon emails hacked by Russians, OpenAI's DevDay announcements, when DeepMind thinks we'll see AGI, and more… 📢Sponsored by: Panoptica.app - Simplify container deployment, monitoring, and securityBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Marras 202328min

UL NO. 404: ServiceNow Widget Flaws, North Korean Infiltrators, and the New Top-performing Prompt String…

UL NO. 404: ServiceNow Widget Flaws, North Korean Infiltrators, and the New Top-performing Prompt String…

In this edition we dive into North Korean IT Infiltration, the top performing prompt technique, Google's traffic optimization, American sick day increases, ServiceNow's Widget problem, the US murder rates, and more Read online here: https://danielmiessler.com/p/ul-no-404-servicenow-widget-flaws-north-korean-infiltrators-new-topperforming-prompt-stringBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Loka 202326min

UL NO. 403: Signal Investigates Rumored Zero-Day Bug, AI Predicts New COVID-19 Strains, Dwindling US-China Scientific Collaboration...

UL NO. 403: Signal Investigates Rumored Zero-Day Bug, AI Predicts New COVID-19 Strains, Dwindling US-China Scientific Collaboration...

In This Edition We Look Into Signal's Investigation Into A Rumored Zero-Day Bug, How Harvard And Oxford Researchers Are Using AI To Predict New COVID-19 Strains, The Dwindling Collaboration Between American And Chinese Scientists, And The European Commission's CSAM Detection Bypass View this week's podcast online at https://danielmiessler.com/p/403Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

16 Loka 202328min

UL NO. 402: Israeli Footage & Analysis, WSFTP + MOVEIT, AI Explainability, Andreessen vs. Perell on Writing, and more…

UL NO. 402: Israeli Footage & Analysis, WSFTP + MOVEIT, AI Explainability, Andreessen vs. Perell on Writing, and more…

Israel analysis, a genetic data breach, active exploits against critical vulnerabilities, and a brilliant conversation between two writers about creativity 📢 Sponsored by Kolide: Concerned about data breaches and hacks? 🔒 Discover Kolide, the device trust solution that secures your company's devices and credentials, making phishing attempts useless to hackers. See it in action at www.kolide.com/unsupervisedlearning View today's episode online here: https://danielmiessler.com/p/402Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Loka 202326min