Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and David Boyd.

Title: Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

URL: https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

Author: Brian Krebs

Title: Chrome now warns you when your password has been stolen

URL: https://www.theverge.com/2019/12/10/21004434/google-chrome-79-password-protections-security-stolen-password-data-features

Author: Tom Warren

Title: Breaking the Rules: A Tough Outlook for Home Page Attacks

URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html

Authors: Matthew McWhirt, Nick Carr, Douglas Bienstock

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Rob Simon, and Steve Maxwell!

Stories

Title: A bug in Microsoft’s login system put users at risk of account hijacks

URL: https://techcrunch.com/2019/12/02/microsoft-login-flaw-account-hijack/

Author: Zack Whittaker

Title: It’s Way Too Easy to Get a .gov Domain Name

URL: https://krebsonsecurity.com/2019/11/its-way-too-easy-to-get-a-gov-domain-name/

Author: Brian Krebs

Title: Two malicious Python libraries caught stealing SSH and GPG keys

URL: https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Author: Catalin Cimpanu

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Rob Simon, and David Boyd!

 Stories

Title: NordVPN users’ passwords exposed in mass credential-stuffing attacks

 URL: https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/

Author: Dan Goodin

Title: ISPs lied to Congress to spread confusion about encrypted DNS, Mozilla says

 URL: https://arstechnica.com/tech-policy/2019/11/isps-lied-to-congress-to-spread-confusion-about-encrypted-dns-mozilla-says/

Author: Jon Brodkin

Title: Robinhood Traders Discovered a Glitch That Gave Them ‘Infinite Leverage’

 URL: https://www.bloomberg.com/news/articles/2019-11-05/robinhood-has-a-glitch-that-gives-traders-infinite-leverage

Author: Brandon Kochkodin

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Boyd, Justin Bollinger, and Alex Hamerstone!

 Stories

Title: Hacker Releases 'Unpatchable' Jailbreak For All iOS Devices, iPhone 4s to iPhone X

URL: https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html?m=1

Author: Mohit Kumar

Title: Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

URL: https://www.helpnetsecurity.com/2019/09/17/vulnerabilities-iot-devices/

Title: Mozilla Won't Turn on DoH as Default in the UK Like It's Planning to Do in the US

URL: https://www.gizmodo.co.uk/2019/09/mozilla-doh-not-default-in-uk/

Author: Shabana Arif

Letters

We have good success using the historical DNS data available at https://securitytrails.com to locate the origin servers. This facilitates bypassing filtering to attack web applications.

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos

This show features a little different format we look back on nine years of DerbyCon with two of the principle organizers!

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, and David Boyd

In this episode we share what happened in Vegas! Wait is that allowed?

Links from the show:

Proxmark3

API Induced SSRF

Gone to the Dogs - Constructing Kerberos Attacks with Delegation Primitives

HTTP Desync Attacks: Request Smuggling Reborn

Owning the Cloud Through Server-Side Request Forgery

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, David Boyd, and Alex Hamerstone.

Title: Kazakhstan's HTTPS Interception

URL: https://censoredplanet.org/kazakhstan

Author: Ram Sundara Raman1, Leonid Evdokimov, Eric Wustrow2, Alex Halderman1, Roya Ensafi

Title: DMARC's abysmal adoption explains why email spoofing is still a thing

URL: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/

Author: Catalin Cimpanu

Title: My browser, the spy: How extensions slurped up browsing histories from 4M users

URL: https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/

Author: Dan Goodin

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, Alex Hamerstone and David Boyd

Title: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

 URL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Author: Renee Dudley and Jeff Kao

Title: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

 URL: https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/

Author: Alex Perekalin

Title: Track This is a new kind of incognito, says Mozilla

 URL: https://www.hackread.com/mozillas-track-this-choose-fake-identity-to-deceive-advertisers/

Author: Waqas

Letters Home:

Try busting that CAPTCHA

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing

the latest news on information security and the industry. This episode

features the following members: Geoff Walton, Justin Bollinger, and Steve Maxwell!

Stories

Title: Quest Diagnostics Says Up to 12 Million Patients May Have Had Financial, Medical, Personal Information Breached

 URL: https://www.nbcnewyork.com/news/local/Quest-Diagnostics-12-Million-People-Data-Breach-510754611.html

Author: NBC New York

Title: Google disables Baltimore's Gmail accounts used during ransomware recovery

 URL: https://www.baltimoresun.com/maryland/baltimore-city/bs-md-ci-gmail-accounts-20190523-story.html

Author: Ian Duncan

Title: Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches

 URL: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

Author: Tom Warren

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Scott White, Justin Bollinger, and David Boyd!

Stories  

Title: Exposing lockbox rental scam

URL: https://www.cbs46.com/investigations/better_call_harry/better-call-harry-exposing-lockbox-rental-scam/article_d9a7242a-6ae4-11e9-bad4-b3ba30648147.html

Author: Harry Samler (CBS46 Atlanta)

Title: In a first, Israel responds to Hamas hackers with an air strike

URL: https://www.zdnet.com/article/in-a-first-israel-responds-to-hamas-hackers-with-an-air-strike/#ftag=RSSbaffb68

Author: Catalin Cimpanu

Title: Uber apologizes after racist tweet

URL: https://mashable.com/article/uber-racist-tweet

Author: Jake Morse