In this episode I bid a fond farewell to Windows XP; Microsoft patches that RTF 0-day vulnerability, Some Ransomware authors get a lesson in crypto, A new do-nothing security app that literally did nothing, and the vulnerability giving everyone heartburn, Heartbleed.

In this episode I talk about GMail making HTTPS mandatory, a move some people don't like; Microsoft announces a 0-day exploit targeting the RTF parser in Word and Outlook; and Ploutus, ATM malware that's making the news. I also interview Trustwave SpiderLabs own Mike Park about ATM hacking techniques and in-the-wild exploitation.

In this episode we talk about the Windigo malware campaign, how a well-intentioned hacker brought down the Google Play Store twice, Trustwave acquires Cenzic, vulnerability disclosure mailing list Full Disclosure shuts down, the final results of the Pwn2Own competition and is there really a Samsung backdoor?

In this episode we talk about Microsoft Patch Tuesday providing patches for an Internet Explorer 0-day as well as the sunset of Windows XP. We'll talk about the newest iOS update from Apple, a DDoS attack utilizing a feature in WordPress, an attacker channels Dr. Evil from Austin Powers and we have more information about Uroburos (or Snake or Turla or whatever the cool kids are calling it today)

In this episode we talk about a new Russian rootkit called Uroburos, another bitcoin exchange closes doors due to hacking, a serious vulnerability is discovered in a common open source encryption library, The Russia/Ukraine conflict spills over to the Internet and Trustwave Spiderlab's own Neal Hindocha develops a new attack vector affecting touchscreen mobile devices.

In this episode we talk about the Apple "gotofail" SSL vulnerability, SEA is still around and hasn't stopped hacking, the source code from some Android malware gets leaked publicly, a student gets caught mining Dogecoins on university computers, Bitcoin exchange Mt Gox goes offline after hacking allegations, Trustwave SpiderLabs researchers discover a new Pony botnet and a proof of concept is developed for a new wireless worm.

In this episode we look at the new Linksys worm dubbed TheMoon, two new exploits target a 0 day vulnerability in Internet Explorer, a new Zeus variant hides using stegonagraphy, and I talk to Trustwave Spiderlabs' Ziv Mador and Ryan Barnett in a preview of their RSA talk about turning attackers tricks against themselves.

In this episode we look at Facebook's open-sourcing of the Android crypto API "Conceal", more POS malware in JackPOS, Microsoft retires MD5, hacking cars, the biggest DDoS to date, mobile security and APT campaign "the Mask" is revealed.

links from the show:

JackPOS: http://blog.spiderlabs.com/2014/02/jackpos-the-house-always-wins.html
CERT advisory: UDP-based Amplification Attacks: http://www.us-cert.gov/ncas/alerts/TA14-017A

In this episode I talk about a new Adobe zero day in Flash Player, the Chewbacca POS malware, a new Zeus delivery mechanism, a new iFrame injection technique using PNG image files and a new tool for learning mobile security called Damn Vulnerable iOS App.

In this episode we look at a rash of gas pump credit card skimmers, the Syrian Electronic Army keeps itself in the headlines, Guccifer has been arrested, the FBI issues a warning about POS Malware.

I also continue my POS malware interview series with expert Josh Grunzweig, Malware Analyst for TrustWave SpiderLabs.