Recovering CISO and Director of (TL)2 Security Thom Langford joins the show to debate Tripwire’s Paul Edon on facial recognition vs. security. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast RSS: https://tripwire.libsyn.com/rss YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3 The following is an edited excerpt from a recent episode of Tripwire’s Cybersecurity Podcast. Tim Erlin: Welcome everyone to the Tripwire Cybersecurity Podcast. I’m Tim […]… Read More
The post Podcast Episode 10 – Face off: Debating Facial Recognition with Thom Langford & Paul Edon appeared first on The State of Security.
Vor dem Hintergrund des IT-Fachkräftemangels gestaltet es sich für Unternehmen immer schwieriger, mit der wachsenden Zahl sowie Raffinesse von Cyber-Angriffen Schritt zu halten und drängt Sicherheitsteams dazu, oft nur noch reaktiv agieren zu können. Wie Sie mithilfe einer umfassenden Bedrohungsdatenbank sowie proaktiver Reaktionsmaßnahmen Ihre Endgerätesicherheit verbessern und Reaktionszeiten von Monaten auf Stunden verkürzen können, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Heiko Brückle, McAfee Senior Security Engineer, sowie Chris Trynoga, McAfee Regional Solution Architect.
The post ST24: Proaktive Absicherung zur Minimierung von Endgeräterisiken (German) appeared first on McAfee Blogs.
Für viele ist das Arbeiten im Home Office zur Normalität geworden. Microsoft Teams stellt dabei den Ankerpunkt der effektiven Zusammenarbeit und dem Austausch von Inhalten in Microsoft 365 dar. Welche Auswirkung das jedoch auf die Sicherheit hat, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Alexander Haug, unser Security Engineer mit Fokus auf Data Protection, sowie Chris Trynoga, unser Solution Architect und Experte für ganzheitliche Sicherheitsansätze.
The post ST23: Moderner Datenschutz für Microsoft Teams (German) appeared first on McAfee Blogs.
McAfee’s Global Business Development Manager, Greg Vinson and CEO of Attivo Networks, Tushar Kothari discuss the solutions to Threat Deception.
The post ST22: Attivo Networks with Greg Vinson & Tushar Kothari appeared first on McAfee Blogs.
McAfee’s Senior Manager of Business Development, Tranel Hawkins and DB Cybertech’s Chief Data Scientist & Product Manager Ben Farber discuss the Security Innovation Alliance.
The post ST21: DB Cybertech with Tranel Hawkins & Ben Farber appeared first on McAfee Blogs.
In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.
Nathan kicked off our chat by explaining what exactly we mean when we use the term ‘cyber physical.’ We then turned our attention to related threats. As it turns out, there are far less attempts by attackers to target these systems than one might believe. Nathan went on to discuss some of the fundamental differences between OT and information technology (IT) systems, and then explained how OT is becoming more similar to IT, which makes OT systems more vulnerable to compromise. Fortunately, even though OT security typically lags behind that of IT systems, it’s definitely moving in the right direction.
Listen to the podcast today, and check out the following blog posts referenced by Nathan during the episode:
- Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
- Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats
- Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
- The FireEye Approach to Operational Technology Security
- TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
McAfee’s Chief Technology Officer Steve Grobman and Fellow Jon King discuss quantum computing and potential impacts to security as this technology continues to develop.
The post ST20: Quantum Computing with Steve Grobman & Jon King appeared first on McAfee Blogs.
How to start your own podcast
Start your own podcast? Why not? Instead of streaming someone else’s show, maybe it’s time to create one of your own. And a fine time to start a podcast it is. Podcasting once took a bit of effort to get into. The recording software, the hosting, and the equipment could end up costing a reasonable amount of money and took a certain degree of technical savvy to use. Yet like so many things on today’s internet, those barriers have dropped, particularly for folks who simply want to dive in and give it a try. With a pair of headsets, a built-in microphone, and some free software, you can start podcasting now with your computer or even your phone. So, if you’re ready to give it shot, let’s take a look at some of the resources available to you.
Coming up with an idea for your podcast
More so than choosing this software or that, the process really starts with a basic concept for your podcast. You’ll have a topic that you want to cover, a format such as a one-person show or a talk format where you have multiple hosts or guests, and a target length for your show.
For example, let’s assume that you’re trying out podcasting as part of a little family project. Maybe you and your daughter want to talk about going on adventures like hiking, canoeing on lakes, and fishing. A great concept for you could be a 20-minute show about adventures kids and parents can take together. You can talk about how you decide on your adventures, plan for them, and tell some stories about your triumphs and pitfalls along the way. What does it feel like to catch your first bass, or how does it feel to set up your tent in a sudden downpour? People love hearing stories that’ll inspire them or make them laugh or, better yet, both.
Another idea is to approach it like as a learning opportunity for your kids. Recently, I posted an article on project-based learning for kids at home. One of the suggestions was for kids to make a short podcast of their own to show what they’ve learned about after researching a that they’re interested in. What you learn here in this article could point the way for them to create their own show, whether with your help or independently.
That’s just a few examples. And really, coming up with an idea for a podcast is a topic in and of itself. For more on that, check out this article on creating a podcast from National Public Radio. While written for students, it’s packed with plenty of solid advice for anyone who wants to get started in podcasting, plus several pro tips for making your show sound great.
What about podcasting equipment?
Chances are you already have the basics. If you have a set of headphones with a built-in microphone and a computer or phone you can attach them to, that’s a great start. Of course, people who invest more time and money into their podcasting pursuit will have things like a podcasting microphone mounted on a miniature boom arm, a “pop filter” that prevents you from popping your “P’s” in the microphone, and maybe even a small mixing board. But, for just getting started or just having some fun as a family, you really don’t need those things.
Free podcasting software and hosting
What you will need is some software that lets you record your show and even do some basic editing too. Here are a few free options that’ll cover your recording and editing while giving you a place to post your shows too:
Anchor gives you standard recording features, plus extra bells and whistles like importing voice messages from your phone, group chat, and transitions. As Anchor is part of streaming music provider Spotify, you can also import music into your podcast from there. And when you’re done recording, Anchor offers free hosting for creators. If you’re creating a multiple-host podcast, your co-host or guests can use the Anchor app on their phone and join in.
It may look like a typo, yet Spreaker is the name for this offering. Much akin to Anchor, it offers a combination of recording software and hosting capabilities so that you can add things like music and sound effects to your podcast. The app also supports Google Hangouts and Skype so that you can bring on a co-host or guest.
A third popular option is Podbean. It also allows you to record and publish your podcast for free as part of a basic plan that offers 500 MB of storage space and 100GB of bandwidth per month (meaning, a 500 MB could be downloaded 200 times at no cost—where 500 MB is approximately 5 hours of showtime).
Free options for editing your podcast
If you already have a way of recording your podcast, such as with a simple audio recorder on your phone, computer, or laptop, you can drop those audio files into free audio editing software to edit your show together.
These are more formally known as Digital Audio Workstations (DAWs). Depending on which one you select, these apps offer functionality similar to what the pros use to record and edit their audio. You’ll see things like multiple tracks where you can place people, music, and sound effects on their own timeline that you can mix together, different options for exporting your show to different file types, settings to sweeten sound quality, and much more. As you might imagine, audio editing and mixing is a pursuit unto itself, and you can really dive deep here if the podcasting bug bites you. Here’s a rundown of what’s out there:
Apple users will probably know this app. Garageband is available only on Mac and iOS devices (iPad and iPhone). It has all the watermarks of an Apple application, where it’s an app that looks good and simplifies an otherwise complicated process. Above, we mentioned multi-track recording. If you’re new to that, it can feel a little overwhelming at first, yet GarageBand color-codes its tracks and leans heavily on drag-and-drop editing. That lends itself to ease of use, exploration, and even a fair share of trial-and-error as you get comfortable with it. Plus, as its name would imply, GarageBand features a library of musical instruments. So when you get tired of podcasting, you can play around with it and drop some beats.
Slightly further along the audio editing learning curve is Audacity, which is a free download for multiple platforms. Visually, it’s a contrast to GarageBand yet its functionality goes much deeper. One appealing aspect of Audacity is that it’s celebrating a 20-year run as open source software—meaning that it’s a community-supported effort. So if you’re dedicated to learning audio editing, there are numerous resources out there that can help you learn the Audacity interface and feel confident that you’re learning an audio app that’ll be around for some time.
Reaper Digital Audio Workstation
And of our three free options, Reaper is the most full-functioned editor, which you can download for a free 60-day trial. If you’re completely new to audio editing, you may want to start with one of the other options just to get familiar with the basics. Otherwise, if you’ve used some other simpler platforms before and feel ready to move up, Reaper is a fine choice.
Your podcast and your privacy
Here’s the thing with dipping your toe into the world of podcasting: you don’t have to post your podcast for others to hear. As we talked about at the start of this article, this could just be an entertaining project or exploration for you and your family. You can hang on to your podcast and just share it with family at home, or you could send it to some friends and family for them to listen to it too. Regardless of what you decide to do with your podcast once you’ve recorded it, you’ll want to think about your privacy.
Online privacy isn’t a topic that’s discussed much in many “how-to start your own podcast” articles. Yet it’s a vital topic. (In fact, we discuss privacy all the time on our own Hackable? podcast.) Keep privacy in mind when you podcast. Just like anything else you post online, a picture, a status update, a blog, or what have you, you’re exposing yourself to the entire online world. When it comes to anything digital, what you say and what you share is forever. It can be copied, shared, disseminated, and even reconstructed in umpteen different ways.
So the general rule with podcasting is much the same as everything else you do online: think before you post.
Before you post, consider …
Just as you go back and look at what you’ve typed in that email or that status update, go back and review your show before you post or share it with others. Listen for things like:
- Have you overtly or inadvertently shared some information about yourself and your family—like birthdays, when you typically go on vacation, or other information that uniquely identifies you in a way? Hackers and crooks could find this useful when it comes to online identity theft or physical theft on your property.
- Are you keeping your family business and friendships private? “Sharenting” details about your children, good or bad, or talking about your relationships with others could lead to embarrassment or hurt feelings amongst family and friends.
- Can anything you’ve said be construed as hurtful, casting someone in a bad light, or simply mocking? Remove it from your podcast or simply don’t post it. You could be held legally responsible. Laws will vary across countries and locales, so make a point of understanding what they are with regards to defamation, libel, and slander in your area.
Again, stop and think before you post. Could this compromise you, your family, your friends, or someone else now or in the future? If so, and even if you’re uncertain of the answer, don’t post.
Start your podcast!
These are just a few of the numerous, and often free, options that allow practically anyone to get started in podcasting, and there are plenty more. Just be sure as you’re surfing around for software, tutorials, and resources, use comprehensive security software to protect you from threats—particularly a browser advisor app that will steer you clear of malware, bad downloads, and suspicious links. Also, caveat emptor, buyer beware. When researching apps, always look at the reviews so that you can spot any issues before you download or use an app.
With that, I hope this inspires an interesting side project, or even a new pastime for you and your family. Get out there and have some fun!
The post Entertainment #FromHome: How to start your own podcast appeared first on McAfee Blogs.
The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the gov.uk domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.
I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams. It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.
March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way. There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution.
International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guests. Tony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”
March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants. Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.
Stay safe, safe home and watch for the scams.
- How Safe are Video Messaging Apps?
- Working from Home Cybersecurity Guidance
- Coronavirus Cybersecurity: Scams To Watch Out For
- Payment Card Transactions in the UK will be increased from £30 to £45 due to Coronavirus
- Cyber Security Roundup for March 2020
- UK Banks warn on Wave of COVID-19 Themed Text Message ‘Smishing’ Scams
- UK Government Cracks Down on Fake Coronavirus Advice on Social Media and WhatsApp
- Virgin Media leaves Database Open, Thousands of Records Exposed
- T-Mobile Email Vendor Breach Exposes Info on Customers and Employees
- Five Billion Records Exposed in Open ‘Data Breach Database’ by UK-based Security Company’
- New Marriott Data Breach Impacts 5.2 Million Guests
- 8 Million EU Retail Sales Records Exposed on AWS MongoDB
- Blisk Browser left open, 2.9 Million Records Exposed
- Boots halts Advantage Card Payments after Credentials Stuffing Cyber-Attack
- Huawei: Government wins vote after Backbench Rebellion
- Unpatched Windows Zero-Day Flaws exploited according to Microsoft
- Drupal, Google and Cisco Post Security Advisories
- Adobe Patches 41 Vulnerabilities, 22 in Photoshop
- Adobe Patches Critical Flaw in Creative Cloud
- Cisco Fixes Three High-Level bugs, but a Fourth Remains Unpatched
- Apple Releases more than 30 Security Patches
- Zero-day vulnerabilities used against DrayTek Routers and Switches
- VMware Fixed Critical Code Execution Bug in Hypervisors
- MicrosoftIssues Out-of-Band Fix for Leaked ‘EternalDarkness’ Bug
- Hijacked Routers and attempted WHO hacks highlight latest COVID-19 attacks
- Thousands of New Coronavirus-Themed Domains Registered, more than 50% likely to be Malicious
- APT41 Activity Down during China COVID-19 Quarantines; Massive Campaign Undeterred
- Coronavirus Tracking App Locks up Android Phones for Ransom
- Russian Cybercrime Forums have seen selling Malware-Sabotaged COVID-19 map
- TrickBot Banking Trojan introduces RDP Brute Forcing Module
- Necurs Botnet Operation Dismantled; Millions of Malicious Domains Disabled
- Foreign APT groups use Coronavirus Phishing Lures to drop RAT Malware
Our increased use of video messaging apps has not gone unnoticed by cybercriminals, who are seeking to exploit the increase of use by sending phishing emails, social media scam messages and even scam text messages, with fake invitations to video messaging app meetings.
Typically, these scam messages will entice you into either opening a malicious attachment or click a web link which directs to a malicious website. The ultimate aim of these cyberattacks is to deliver malicious software, such as ransomware which locks your PC and demands a ransom payment to unlock, scam a payment, or steal your personal information which can be resold to other cybercriminals on the dark web.
So, never open an attachment or click on any links within any unexpected or suspicious emails, social media messages and text messages.
The next piece of advice is to ensure your video messaging app is always kept up-to-date. Luckily most modern smartphones and computer operating systems will automatically update your apps, but it is always worth double-checking and not to suppress any app updates from occurring, as often the app updates are fixing security flaws.
And finally, on home computers and laptops, when not using video messaging apps, either cover your webcam with a piece of tape or face your webcam towards a wall or ceiling, just in case your computer is covertly compromised and a malicious actor gains access to your computer's webcam.
One tip I didn't have time to say on the podcast, is always ensure your video chats are set to private, using a strong password to prevent ZoomBombing. Recent reportshave shown a series of “Zoombombing” incidents lately, where unwanted guests have joined in on open calls.
Bharat Mistry, Principal Security Strategist at Trend Micro on Zoom advises “Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.
It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs). With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature.
Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far.
- Ensure Zoom is always on the latest software version
- Build awareness of Zoom phishing scams into user training programmes. Users should only download the Zoom client from a trusted site and check for anything suspicious in the meeting URL when joining a meeting
- Ensure all home workers have anti-malware including phishing detection installed from a reputable vendor
- Ensure you also generate a meeting ID automatically for recurring meetings
- Set screen-sharing to “host only” to prevent uninvited guests from sharing disruptive content
- Don’t share any meeting IDs online
- Disable “file transfers” to mitigate risk of malware
- Make sure that only authenticated users can join meetings
- Lock the meeting once it’s started to prevent anyone new joining
- Use waiting room feature, so the host can only allow attendees from a pre-assigned register
- Play a sound when someone enters or leaves the room
- Allow host to put attendees on hold, temporarily removing them from a meeting if necessary”