T1SP: Episode 32

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News


* [ ] Verizon Enterprise Solutions had a major data breach of their customer data. This is the group that handles breaches for their customers. “Virtually every attack in this data set (98 percent) was opportunistic in nature, all aimed at easy marks…”
* [ ] Iranians charged with attacks against US banks and a New York dam
* [ ] Hackers steal 81 billion from the Federal reserve bank of New York
* [ ] Uber launches bug bounty program, describes the surface area. Someone said it was really bad, though. Not sure what that’s about
* [ ] New ultra-fast SSD technology coming from Intel soon
* [ ] FBI backs off request for Apple backdoor. Says they have it handled. We find out it’s an Israeli company
* [ ] Water treatment plant hacked, chemical mix changed for tap supplies | http://www.theregister.co.uk/2016/03/24/water_utility_hacked/
* [ ] German steel mill compromised and wrecked a blast furnace
* [ ] This is after a string of attacks against power companies using spear phishing and office malware
* [ ] Microsoft’s AI Chatbot was a teenage girl, but it learned from the people who talked to it, so before long it was talking about loving incest, sex, and hitler
* [ ] Millions of Android devices vulnerable to root exploit due to Snapdragon chip flaw
* [ ] Kentucky-based Methodist Hospital declares state of emergency after it’s wrecked by Locky ransomware
* [ ] Credit Card Breaches Linked To Security Cameras
* [ ] Chinese national pleads guilty to stealing plans for Air Force aircraft
* [ ] Hackers offer Apple’s Ireland staff $23,000 for their login credentials
* [ ] Ransomware hitting major vulns: The Angler, Neutrino, Magnitude, RIG, and Nuclear exploit kits spread the Flash CVE 2015-7645 exploit; Angler spreads Flash 2015-8446; Angler and Neutrino spread Flash CVE 2015-8651; and Angler spreads Silverlight CVE-2016-0034, an exploit exposed in the Hacking Team breach.
* [ ] Microsoft Deploys Macro Blocking Feature in Office to Curb Malware


Ideas, updates, and discussion


* [ ] Innovation Sandbox | Innovative Security Products (2016 Edition)
* [ ] AI and messaging apps are the new mobile apps
* [ ] Human Attention as Attack Surface | https://danielmiessler.com/blog/human-attention-as-influence-attack-surface/
* [ ] Most can’t respond to breach: http://blogs.csc.com/2016/03/15/while-majority-of-orgs-fear-big-breach-theyre-not-prepared-to-respond/?utm_content=bufferc043c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
* [ ] How your data is collected and commoditized online by free online services | http://www.troyhunt.com/2016/03/how-your-data-is-collected-and.html


Tools, talks, and projects


* [ ] Innovation Sandbox | Innovative Security Products (2016 Edition)
* [ ] 2016 Data Breach Digest | https://danielmiessler.com/blog/analysis-verizons-2016-data-breach-digest/
* [ ] AI and messaging apps are the new mobile apps | https://danielmiessler.com/blog/ai-assistants-are-the-new-applications/
* [ ] Idea Expansion Format | https://danielmiessler.com/blog/idea-expansion-format-ief/
* [ ] BinDiff is a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code.
* [ ] IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.