Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Paul Sems, and David Boyd

Stories

Title: Trump signs law banning use of federal funds to purchase Huawei equipment

URL: https://thehill.com/policy/cybersecurity/487266-trump-signs-into-law-bill-banning-use-of-federal-funds-to-purchase

Author: Maggie Miller

Title: You can now take up to 12 ounces of hand sanitizer through airport security

URL: https://www.theverge.com/2020/3/13/21179120/tsa-hand-sanitizer-liquid-size-airport-screening-coronavirus-covid-19

Author: Andrew Hawkins

Title: Live Coronavirus Map Used to Spread Malware

URL: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/

Author: Brian Krebs

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Scott White, and David Boyd

Title: Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep

URL: https://www.zdnet.com/article/cybersecurity-warning-almost-half-of-connected-medical-devices-are-vulnerable-to-hackers-exploiting-bluekeep/

Author: Danny Palmer

Title: Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers

URL: https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/

Author: By Eclypsium

Title: Pay Up, Or We’ll Make Google Ban Your Ads

URL: https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/

Author: Brian Krebs

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Alex Hamerstone and Rob Simon.

Title: Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

URL: https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/

Author: David Kennedy

Title: Microsoft patches Windows 10 after the NSA quietly told it about a major vulnerability

URL: https://www.cnbc.com/2020/01/14/microsoft-to-patch-windows-10-after-nsa-finds-vulnerability.html

Author: Kate Fazzini

URL2: https://news.ycombinator.com/item?id=22048619

Author2: tptacek

URL3: https://curveballtest.com/index.html

Author3: SANS Internet Storm Center

Title: Seven Years Later, Scores of EAS Systems Still sit UN-Pached, Vulnerable

URL: https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/

Author: Paul Roberts

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and David Boyd.

Title: Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

URL: https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

Author: Brian Krebs

Title: Chrome now warns you when your password has been stolen

URL: https://www.theverge.com/2019/12/10/21004434/google-chrome-79-password-protections-security-stolen-password-data-features

Author: Tom Warren

Title: Breaking the Rules: A Tough Outlook for Home Page Attacks

URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html

Authors: Matthew McWhirt, Nick Carr, Douglas Bienstock

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Rob Simon, and Steve Maxwell!

Stories

Title: A bug in Microsoft’s login system put users at risk of account hijacks

URL: https://techcrunch.com/2019/12/02/microsoft-login-flaw-account-hijack/

Author: Zack Whittaker

Title: It’s Way Too Easy to Get a .gov Domain Name

URL: https://krebsonsecurity.com/2019/11/its-way-too-easy-to-get-a-gov-domain-name/

Author: Brian Krebs

Title: Two malicious Python libraries caught stealing SSH and GPG keys

URL: https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Author: Catalin Cimpanu

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rob Simon, and David Boyd!

 Stories

Title: NordVPN users’ passwords exposed in mass credential-stuffing attacks

 URL: https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/

Author: Dan Goodin

Title: ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says

 URL: https://arstechnica.com/tech-policy/2019/11/isps-lied-to-congress-to-spread-confusion-about-encrypted-dns-mozilla-says/

Author: Jon Brodkin

Title: Robinhood Traders Discovered a Glitch That Gave Them ‘Infinite Leverage’

 URL: https://www.bloomberg.com/news/articles/2019-11-05/robinhood-has-a-glitch-that-gives-traders-infinite-leverage

Author: Brandon Kochkodin

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Justin Bollinger, and Alex Hamerstone!

 Stories

Title: Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X

URL: https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html?m=1

Author: Mohit Kumar

Title: Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

URL: https://www.helpnetsecurity.com/2019/09/17/vulnerabilities-iot-devices/

Title: Mozilla Won't Turn on DoH as Default in the UK Like It's Planning to Do in the US

URL: https://www.gizmodo.co.uk/2019/09/mozilla-doh-not-default-in-uk/

Author: Shabana Arif

Letters

We have good success using the historical DNS data available at https://securitytrails.com to locate the origin servers. This facilitates bypassing filtering to attack web applications.

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos

This show features a little different format we look back on nine years of DerbyCon with two of the principle organizers!

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd

In this episode we share what happened in Vegas! Wait is that allowed?

Links from the show:

Proxmark3

API Induced SSRF

Gone to the Dogs - Constructing Kerberos Attacks with Delegation Primitives

HTTP Desync Attacks: Request Smuggling Reborn

Owning the Cloud Through Server-Side Request Forgery

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone.

Title: Kazakhstan's HTTPS Interception

URL: https://censoredplanet.org/kazakhstan

Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi

Title: DMARC's abysmal adoption explains why email spoofing is still a thing

URL: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/

Author: Catalin Cimpanu

Title: My browser, the spy: How extensions slurped up browsing histories from 4M users

URL: https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/

Author: Dan Goodin