ashar

CyberWire Daily podcast - Imitation game: LastPass vs LassPass

A LastPass imitator sneaks its way past Apple’s app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports fans check your passwords.

The Cyberlaw Podcast Serious threats, unserious responses

It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China’s apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there’s a serious disconnect between the government’s hair-on-fire talk about Volt Typhoon and its business-as-usual response.

Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here.

While we’re covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems.

For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily.

BSides London 2023 Schedule

BSides London 2023 Playlists

• BSides London 2023 Clappy Monkey Track

• BSides London 2023 Track 2

• BSides London 2023 Track 3

• BSides London 2023 Track Rookie Track

Darknet Diaries 142: Axact Axact sells fake diplomas and degrees. What could go wrong with this business plan?

Global AppSec DC returns October 30 - November 3 2023. Designed for private and public sector infosec professionals, the two day OWASP conferences equip developers, defenders, and advocates to build a more secure web.

Global AppSec DC 2023 Schedule

Global AppSec DC 2023 Playlist

BsidesPhilly 2023 playlist

BsidesPhilly 2023 - website

Maturing Your Threat Modeling Skills with Adam Shostack and Tanya Jenka

Security Now podcast SN959

• OS to allow native Chromium and Firefox engines.
• An OS immune to ransomware?
• HP back in the doghouse over "anti-virus" printer bricking
• The mother of all breaches
• New "Thou shall not delete those chats" rules
• Fewer ransoms are being paid
• Verified Camera Images
• More on the $15/month flashlight app
• What happens when apps change publishers
• Microsoft hating on Firefox
• Credit Karma is storing 1GB of data on the iPhone
• Staying on Windows 7
• Sci-Fi recommendations
• Windows 7 and HSTS sites
• TOTP codes/secrets and Bitwarden
• SpinRite on Mac
• SpinRite v6.1 is done!
• LearnDMARC.com
• Alex Stamos on "Microsoft Security"

Show Notes - https://www.grc.com/sn/SN-959-Notes.pdf-

Zero Trust Summit 2023 playlist

Zero Trust Summit 2023 Agenda

BSides Bristol 2023 Schedule

BSides Bristol 2023 videos

Cryptologic History Symposium 2022 playlist

Schedule from the website

VirusTotal Academy - 9 video course

Welcome to our VirusTotal SOC & IR training.

In this first video we will discuss how to use VirusTotal to analyze malware, how to interpret the provided information and identify malicious files, and how to double-check your findings.

Our second chapter focuses on understanding what are the most relevant signals we get from VirusTotal and, specially, relationships between indicators.

Video 3 discusses the best practices to consider when analyzing AntiVirus and Crowdsourced rules verdicts for any suspicious activity, specially when exploits and actors are involved, in order to properly prioritize alerts.

In Video 4 of VirusTotal SOC & IR training series we analyze what is the potential impact of an attack, assets affected, attacker's dwell time, and the role played by different artefacts used in the attack.

The fifth video of VirusTotal SOC & IR training series provides several methods on how to identify and understand the threat infrastructure related to an attack, including finding any potential kill switches.

Video 6 of VirusTotal SOC & IR training series. Today we discuss what options we have to fully contextualize an attack, including any threat campaigns it belongs to or malware toolkits used. It also helps understanding what is the role of actors in any threat activity and how to use VT Graph to have all context in a single place

The seventh video of VirusTotal SOC & IR training series discusses what actions can be taken to proactively prevent security incidents by identifying and monitoring suspicious sets of activity, including pivoting to additional artefacts to uncover the full set of suspicious indicators, understanding attacker's TTPs and motivations, and building monitoring and defenses around this knowledge.

Video 8 of VirusTotal SOC & IR training. This session provides all options available for investigators when samples are not available in VirusTotal, or it is not possible to upload them to the platform for any reason. Even when we miss the IOcs, we can explore malware detection label searching, toolkit cards, similarity searches or Private scanning.

In the final video VirusTotal SOC & IR training we explore all the different options we have to use VirusTotal through third parties using multiple integrations, VirusTotal API, and additional ways to interact with VirusTotal other than the web GUI, including VT client, VT4Browsers and VT Augment.