Securit13 Podcast

Первый украинский подкаст об информационной безопасности

Episode 109 - Last but one (11.12.2018) 12/31/2018

Episode 109 - Last but one (11.12.2018) Latest Google+ flaw leads Chocolate Factory to shut down site early Update now! Adobe issues emergency Flash update for a serious flaw Adobe Security Bulletin Australia passes new law to thwart strong encryption GOOGLE TRACKS YOU EVEN IF LOCATION HISTORY'S OFF. HERE'S HOW TO STOP IT Iranians indicted in Atlanta city government ransomware attack Hackers breach Quora.com and steal password data for 100 million users Microsoft is building its own Chrome browser to replace Edge New Report: Unknown Data Scraper Breach Exploit Code for the Kubernetes Flaw Is Now Available /episode/index/show/securit13/id/8089334

Episode 110 - 2018 12/29/2018

Episode 110 - 2018 Підвели підсумки 2018 року в інформаційній безпеці /episode/index/show/securit13/id/8072630

Episode 108 - Cybersecurity Framework (08.11.2018) 12/10/2018

Episode 108 - Cybersecurity Framework (08.11.2018) Framework for Improving Critical Infrastructure Cybersecurity Доповідь Тараса про критичну інфраструктуру /episode/index/show/securit13/id/7855469

Episode 107 - Slowpoke II (15.10.2018) 12/08/2018

Episode 107 - Slowpoke II (15.10.2018) На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story What Businessweek got wrong about Apple Facebook has been hacked and 50 million people's accounts have been exposed Google+ to shut down after coverup of data-exposing bug Here’s how Google is revamping Gmail and Android security Google's Project Zero thwarts another major bug in Facebook's WhatsApp Microsoft killing off the old Skype client… for real this time A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet How to Stop Google From Tracking Your Location U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations /episode/index/show/securit13/id/7845401

Эпизод 104 - Interview with Yanick Fratantonio [ENG] 10/05/2018

Эпизод 104 - Interview with Yanick Fratantonio [ENG] UISGCON14 SECURITY BSIDES KYIV AUTUMN 2018 Interview with Yanick Fratantonio Securit13 Patreon Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/7102980

Эпизод 106 - UISGCON14 & CTF 10/03/2018

Эпизод 106 - UISGCON14 & CTF UISGCON14 SECURITY BSIDES KYIV AUTUMN 2018 Interview with Serhii Korolenko about #UISGCON14 #CTF The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws Passing Security By - Serhii Korolenko Serhii Korolenko - XSS from zer0 to Hero (Workshop) Securit13 Patreon Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/7124109

Эпизод 105 - Interview with Alexander Færøy [ENG] 09/28/2018

Эпизод 105 - Interview with Alexander Færøy [ENG] UISGCON14 SECURITY BSIDES KYIV AUTUMN 2018 Interview with Alexander Færøy Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave Windows 10 to get disposable sandboxes for dodgy apps Mongo Lock Attack Ransoming Deleted MongoDB Databases Open .Git Directories Leave 390K Websites Vulnerable Tesla’s new bug bounty protects hackers — and your warranty How Bitcoin's hidden footprint is impacting water use Securit13 Patreon Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/7103003

Special episode - #DEFCON 26 08/22/2018

Special episode - #DEFCON 26 Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими /episode/index/show/securit13/id/6937820

Эпизод 103 - ...and has all patches 07/24/2018

Эпизод 103 - ...and has all patches UISGCON14 На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури Ukraine claims it blocked VPNFilter attack at chemical plant Speculative Buffer Overflows: Attacks and Defenses (pdf) New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s GitHub to Pythonistas: Let us save you from vulnerable code Microsoft seeks regulation of facial recognition technology Two-factor auth totally locks down Office 365? You may want to check all your services... The Tale of SettingContent-ms Files Facebook fined for data breaches in Cambridge Analytica scandal Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres 2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign Ammyy Admin compromised with malware again; World Cup used as cover US: Government Has Planted Spy Phones With Suspects The 111 Million Record Pemiblanc Credential Stuffing List June’s Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors Did CrowdStrike really miss the mark? Securit13 Patreon /episode/index/show/securit13/id/6845351

Эпизод 102 - Закон и беспорядок (3.7.2018) 07/11/2018

Эпизод 102 - Закон и беспорядок (3.7.2018) В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель. 6688 Github Gentoo organization hacked - resolved Apple corrects the record on reported iPhone vulnerability Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles Former NSA contractor Reality Winner accepts guilty plea for leaking classified report Firefox is adding 'Have I Been Pwned' alerts «Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google "Stylish" browser extension steals all your internet history Brave browser adds private tabs with Tor for 'enhanced privacy protection' Fusion Alter attack ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod New RAMpage attack affects all Android phones released since 2012 [Update] Thanatos Ransomware Decryptor Released by the Cisco Talos Group First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age UISGCON14 Securit13 Patreon Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/6796548

Episode 101 - News and moar!%$#... (18.6.2018) 06/25/2018

Episode 101 - News and moar!%$#... (18.6.2018) SecurityBsides Odessa CTF is open! All who wants to support BSides Odessa you can do it here SecurityBSides Kharkiv The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies. The security firm halted the work after questions were asked in the European Parliament about its software. She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done? Apple is going after another way sites track you for ads. Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end Support us on Patreon /episode/index/show/securit13/id/6741064

Эпизод 100 - Cars→p0wn interview (2.6.2018) 06/04/2018

Эпизод 100 - Cars→p0wn interview (2.6.2018) Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей. DEFCON 25 Nissan Leaf security Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs Tpyota unintended acceleration bug CAN bus specs (BOSCH) BMW ConnectedDrive Apple iCar release date rumours, features & images NVIDIA Self-driving cars Intel Discontinues Joule, Galileo, And Edison Product Lines TWIC who wants to participate as an AppSec mentor on Techmaker email to [email protected] Connected cars Books Thinking, Fast and Slow, Daniel Kahneman ISBN 9785170800537 Franchesca, Dorje Batuu ISBN 978-617-679-485-1 Securit13 Patreon /episode/index/show/securit13/id/6665756

Эпизод 99 (19.05.2018) 06/01/2018

Эпизод 99 (19.05.2018) 16.06.2018 BSidesKharkiv 07.06.2018 OWASP Odesa 07.07.2018 BSidesOdessa Kostiantyn Korsun про NoNameCon EFAIL Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) ProtonMail is safe against the efail PGP vulnerability. Efail or OpenPGP is safer than S/MIME Digital Photocopiers Loaded With Secrets Throwhammer: Rowhammer Attacks over the Network and Defenses Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more Memcached 7-Zip: From Uninitialized Memory to Remote Code Execution IBM bans all removable storage, for all staff, everywhere Second wave of Spectre-like CPU security flaws won't be fixed for a while Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 Securit13 Patreon Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/6656326

Эпизод 98 - About something (04.05.2018) 05/17/2018

Эпизод 98 - About something (04.05.2018) Мы немного поговорили про конференции, организованные, будущие и посещенные. #BSidesKyiv 2018 Video 22.05.2018 WWCode Security event 16.06.2018 BSidesKharkiv 07.07.2018 BSidesOdessa Jack Daniel GiSec Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6601489

Эпизод 97 - GDPR (12.04.2018) 05/17/2018

Эпизод 97 - GDPR (12.04.2018) Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие. General Data Protection Regulation How Europe's New Privacy Law Will Change the Web, and More Some more information: GDPR - A Practical Guide For Developers - Bozho's tech blog America should borrow from Europe’s data-privacy law Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature Iran hit by global cyber attack that left U.S. flag on screens FIDO Alliance and W3C have a plan to kill the password Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6593223

Эпизод 96 - Забытый (30.03.2018) 05/17/2018

Эпизод 96 - Забытый (30.03.2018) Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки))) Everything You Need to Know About Facebook and Cambridge Analytica Cambridge Analytica whistleblower Christopher Wylie appears before MPs Fact Check: Your Call and SMS History (FB removed "Apps others use") Total Meltdown? It's baaack – WannaCry nasty soars through Boeing's computers Egg on Cisco's face: Three critical software bugs to fix over Easter Guccifer 2.0 Was Always Sloppy Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale Academics Discover New CPU Side-Channel Attack Named BranchScope Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 Microsoft May Ban Users For Offensive Language Starting In May Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 NOTICE OF DATA BREACH Durov refuses to hand over Telegram encryption keys to FSB Signalling Security in Telecom SS7/Diameter/5G — ENISA Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6593208

Episode 95 - Interview with A.Doupé ENG (27.03.2018) 04/06/2018

Episode 95 - Interview with A.Doupé ENG (27.03.2018) Adam Doupé Adam on twitter Adam on youtube Series of live hacking of CTF challenges on YouTube Book The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage /episode/index/show/securit13/id/6453069

Эпизод 94.2 - BSidesKyiv 2018 (28.02.2018) 04/01/2018

Эпизод 94.2 - BSidesKyiv 2018 (28.02.2018) Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами. Intro / Outro Extraction de la pierre de folie by Cuicuitte #BsidesKyiv 2018 Shedule Tickets Radar2 Vero - True Social How To Get Started With Vero - True Social Here's how to delete your Vero account Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/6430749

Эпизод 94.1 - Slowly but surely (18.03.2018) 03/28/2018

Эпизод 94.1 - Slowly but surely (18.03.2018) White House blasts Russia for NotPetya cyberattack Memcached servers can be hijacked for massive DDoS attacks Memcrashed - Major amplification attacks from UDP port 11211 ashed-major-amplification-attacks-from-port-11211/ GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника Speculative Execution Bounty Launch Frequently Asked Questions about Microsoft Bug Bounty Programs AMD allegedly has its own Spectre-like security flaws Linus Torvalds slams CTS Labs over AMD vulnerability report Intel: Our next chips won't have data leak flaws we told you totally not to worry about Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake Samba settings SNAFU lets any user change admin passwords Zero-day vulnerability in Telegram Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges В Исландии похитили 600 серверов для добычи Bitcoin CBM - Car Backdoor Maker Let's Encrypt updates certificate automation, adds splats CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/6415898

Эпизод 93 - Интервью с С.Смитиенко (7.2.2018) 03/23/2018

Эпизод 93 - Интервью с С.Смитиенко (7.2.2018) К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно. Intro / Outro Ninja by Indikings Breaking the x86 Instruction Set DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set 17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud Clémentine Maurice PinMe: Tracking a Smartphone User around the World Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle Books: Intel® 64 and IA-32 Architectures Software Developer’s Manual Intel® 64 and IA-32 Architectures Optimization Reference Manual Keygen Music [2+ hour Mix] /episode/index/show/securit13/id/6402508

Эпизод 92.2 - AI and Security (15.1.2018) 03/11/2018

Эпизод 92.2 - AI and Security (15.1.2018) Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы? Intro / Outro The Yellow Flying Cog by Flying Species Google's AI Built Its Own AI That Outperforms Any Made by Humans On the security, privacy, and safety challenges of AI Why Zuckerberg and Musk Are Fighting About the Robot Future Elon Musk says we need to regulate AI before it becomes a danger to humanity Live grilling in Mark's backyard OpenSOC: An Open Commitment to Security Banned In Germany: Kids' Doll Is Labeled An Espionage Device CCS 2017 GDPR (General Data Protection Regulation) Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек? И наоборот, может ли AI определять "плохое" поведение людей Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures David Wagner keynote AI может "to hack back": Blindsight by Peter Watts Далекая Радуга by Братья Стругацкие WarGames (1983) Introduction to Artificial Intelligence for Security Professionals Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6353529

Эпизод 92.1 - После праздников (31.01.2018) 02/04/2018

Эпизод 92.1 - После праздников (31.01.2018) BSides Kyiv 21.04.2018 , cfp Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs Security hole in AMD CPUs' hidden secure processor revealed ahead of patches Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield Intel Releases New Technology Specifications to Protect Against ROP attacks A Simple Explanation of the Differences Between Meltdown and Spectre blizzard: agent rpc auth mechanism vulnerable to dns rebinding I’m harvesting credit card numbers and passwords from your site. Here’s how. Part 2: How to stop me harvesting credit card numbers and passwords from your site Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability Australia probes sale of secret papers in filing cabinets Strava's heatmap revealed military bases, but it also showed nothing is anonymous online Now even YouTube serves ads with CPU-draining cryptocurrency miners Uber ignores security bug that makes its two-factor authentication useless British hacker arrested for cyberattacks against Pokemon, Google, and Skype. Ay MaMi Hospital Pays $55K Ransomware Demand Despite Having Backups СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення - Satellite derived time and position blackett review Dutch agencies provide crucial intel about Russia's interference in US-elections Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6222645

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017) 01/30/2018

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017) Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017) К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить? Intro / Outro Clouds of Tenderness by Lobo Loco Russian-controlled telecom hijacks financial services’ Internet traffic Resource Certification (RPKI) The Resource Public Key Infrastructure (RPKI) to Router Protocol BGPsec Protocol Specification [ipv6-wg] Belgian limits on CGN/NAT? Доклад по интернет-блокировкам на Генассамблее ООН: , туда же заодно и Доклад на ENOG, расшифровка в составе сессии: , презентация: , https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.pdf, запись выступления: Москва — Пєтушкі by Венедикт Єрофєєв Связаться с Алексеем можно по адресу [email protected] или https://www.facebook.com/alex.semenyaka /episode/index/show/securit13/id/6204535

Эпизод 89.2 - Malvertising (8.11.2017) 01/30/2018

Эпизод 89.2 - Malvertising (8.11.2017) Intro / Outro Sleepy in the Garden by Lobo Loco Malvertising https://en.wikipedia.org/wiki/Malvertising Malvertising: When Online Ads Attack (2015) Juniper Acquires Cyphort (2015) Malvertising and crypto threats have rocketed in 2017 Malvertising Campaign Redirects Browsers To Terror Exploit Kit Malvertising on Equifax, TransUnion tied to third party script (updated) New Malvertising Campaign Exploits Home Routers, Changes DNS Servers Expired domain names and malvertising Russian Influence Reached 126 Million Through Facebook Alone Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference Ad network takes steps to reduce fraud Will Crypto Browser Mining Replace The Ad Industry For $1000, anyone can purchase online ads to track your location and app use I never signed up for this! Privacy implications of email tracking The Future of Ad Blocking: An Analytical Framework and New Techniques /episode/index/show/securit13/id/6203929

Эпизод 88.2 - Интервью с В.Илибманом (26.10.2017) 01/18/2018

Эпизод 88.2 - Интервью с В.Илибманом (26.10.2017) Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально. Intro / Outro State of Mind by Audiobinger BadRabbit Technical Analysis Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року 2016 Data Breach Investigations Report (pdf) The Black Swan by Nassim Nicholas Taleb Связаться с Владимиром можно по адресу [email protected] или /episode/index/show/securit13/id/6164811

Эпизод 91 - Total Recall (30.12.2017) 12/31/2017

Эпизод 91 - Total Recall (30.12.2017) Ми тут вирішили згадати найголосніші події року, що вже майже минув. Приєднуйтесь! Incident report on memory leak caused by Cloudflare parser bug Vault 7: CIA Hacking Tools Revealed NSA-leaking Shadow Brokers just dumped its most damaging release yet Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware New ransomware, old techniques: Petya adds worm capabilities The MeDoc Connection Threat Spotlight: Follow the Bad Rabbit Equifax website hack exposes data for ~143 million US consumers We have broken SHA-1 in practice ROCA: Vulnerable RSA Key Generation KRACK Attacks: Breaking WPA2 Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. Why 'blank' Gets You Root Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' Блокування веб-русурсів в Україні МОН доручило вишам не користуватися сайтами з доменами “.ru” і “.ру” Мінінформ оприлюднить доповнення до списку заборонених сайтів #FuckResponsibleDisclosure Sean Brian Townsend Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/6103163

Эпизод 90.1 - Bug or feature? (09.12.2017) 12/10/2017

Эпизод 90.1 - Bug or feature? (09.12.2017) Самые громкие новости последних недель. Удивительное яблоко, #FuckResponsibleDisclosure, обновленно обещание от Джона и еще что-то. Не пропустите! 00:00:58 #FuckResponsibleDisclosure Sean Brian Townsend 00:07:26 Apple и все все все Why 'blank' Gets You Root As Apple fixes macOS root password hole, here's what went wrong Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1 MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask' Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out 00:12:50 John McAfee Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin Сайт блокчейн-проекта Confido недоступен: все профили команды проекта оказались поддельными 00:15:17 CVE-2017-11937 | Microsoft releases an emergency update to fix a flaw in Malware Protection Engine 00:17:49 Uber Paid Hackers to Delete Stolen Data on 57 Million People 00:18:28 Intel Management Engine pwned by buffer overflow 00:18:52 Thousands of WordPress sites infected with a Keylogger and cryptocurrency miner scripts Websites use your CPU to mine cryptocurrency even when you close your browser 00:19:09 Android flaw lets attack code slip into signed apps 00:19:24 Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE /episode/index/show/securit13/id/6028686

Эпизод 89.1 - В погоне за кроликом (06.11.2017) 11/13/2017

Эпизод 89.1 - В погоне за кроликом (06.11.2017) Немного самых громких новостей последних недель вам в ленту. Тут и кролик, и Алиса, и сладкие истории на ночь. ROCA: Vulnerable RSA Key Generation Certificate expiry monitoring, KeyChest for HTTPS, TLS, Letsencrypt expiry and server status Estonia government locks down ID smartcards: Refresh or else Threat Spotlight: Follow the Bad Rabbit BadRabbit Technical Analysis Bad Rabbit: Not-Petya is back with improved ransomware The Shadow Internet – Comae Technologies Fake WhatsApp app in official Google Play Store downloaded by over a million Android users Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address Oracle Security Alert CVE-2017-10151 Dangerous liaisons Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/5940912

Эпизод 88.1 - WPA2 и его друзья (22.10.2017) 11/02/2017

Эпизод 88.1 - WPA2 и его друзья (22.10.2017) И снова вместо 300 секунд наши неугомонные ведущие обсуждают новости и события. Присоединяйтесь! A new Mirai-Like IoT Botnet is growing in a new mysterious campaign Google launched Google Play Security Reward bug bounty program to protect apps in Play Store Equifax website borked again, this time to redirect to fake Flash update New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock PUBLIC SECURITY ALERT: New Facebook attack - watch out for phishy messages that say you’re a “Trusted Contact” - Access Now KRACK Attacks: Breaking WPA2 YouTube sin-bins account of KRACK WPA2 researcher Malware hidden in vid app is so nasty, victims should wipe their Macs Music - KEYGEN MUSIC ~ One hour mix /episode/index/show/securit13/id/5902787

Эпизод 87.2 - Атаки на supply chain (01.10.2017) 10/23/2017

Эпизод 87.2 - Атаки на supply chain (01.10.2017) Intro / Outro Art Of Escapism - The Sands of Windhoek В связи с повышением количества атак на цепь поставок (Supply chain), в том числе и обновления, программного обеспечения, наши ведушие Андрей, Алиса, Алексей и Тарас решили разобраться что же это такое и с чем его едят, рассмотреть примеры и варианты, а так же возможные пути защиты и предотвращения. Supply chain https://en.wikipedia.org/wiki/Supply_chain What Is a 'Supply Chain Attack?' CCleanup: A Vast Number of Machines at Risk Java security plagued by crappy docs, complex APIs, bad advice Apple Mac fans told: Something smells EFI in your firmware Reflections on Trusting Trust /episode/index/show/securit13/id/5867464

Securit13 Podcast

TOPICS