Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.

https://defensivesecurity.org

Technology
News Tech News
News Business News
subscribe
share






claim!
report

Defensive Security Podcast Episode 7

  • defensive security episode 7Please rate the podcast on iTunes!
  • Follow me on twitter @defensivesec
  • Send comments to info@defensivesecurity.org

News:

Zombie attack

  • EAS at a Montana TV station was hacked
  • Mad rush to point fingers at systemic weaknesses in EAS gear
  • Security is too hard for smaller TV stations

PDF exploit

  • Enable protected view.

Spear phishing using recent flash vulnerability outlined by Alien Vault and FireEye

  • Word doc containing a flash object
  • Attachments claim to be an IEEE conference schedule and an ADP notice.

Mcafee portal defaced

Presidential policy directive 21 issued

  • Charges the government to identify the scope of critical infrastructure organizations
  • A key piece of the executive order is requires federal agencies overseeing critical infrastructure areas to identify organizations “where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”
  • The order doesn’t compel designated companies to comply with new standards, but it’s expected that a lot of pressure will be applied to those who don’t.

Lockheed Martin describes its response to an attempted attack after the RSA breach.

  • LM has a sophisticated strategy for detecting improper activity, particularly data access and exfiltration attempts.
  • You are probably not LM, neither am I

Facebook announces it was hacked

  • Facebook’s monitoring of DNS queries on its network showed lookups of a ‘suspicious’ domain
  • That lookup prompted the pc which made the request to be inspected
  • The pc was found to be infected with malware
  • A forensic analysis of the system showed the infection came via a zero day java exploit on a mobile developer web site
  • What they did right:
    • Have proactive monitoring in place
    • Pay attention to the proactive monitoring
    • We’re able to track down the offending system
    • Took the infection seriously and thoroughly investigated the infection
    • Had previously performed fire drills that let this activity happen more easily

13 Security Myths Debunked

fyyd: Podcast Search Engine
share








 February 18, 2013  27m