Category Archives: Podcast

Smashing Security podcast #202: The Wu-Tang Clan are Among Us

Voting machines are under the microscope, scammers are posing as rap stars, and American politician AOC isn't the only one who's been getting into the Among Us game. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by James Thomson. Plus don't miss the first part of our featured interview with LastPass's Dalia Hamzeh.

Smashing Security podcast #201: Robin Hood, Flippy, and the web ad bubble

The Darkside ransomware gang thinks it's a modern-day Robin Hood when it donates extorted Bitcoins to charity, the micro-targeted ad industry could pop like a bubble, and would you trust a burger-flipping robot? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Tim Hwang.

Celebrating 200 episodes of the “Smashing Security” podcast

Carole and I have been producing a light-hearted look at the world of cybersecurity and privacy just about every week since December 2016. And this week, after millions of downloads, we released our 200th episode! We wanted to celebrate reaching that milestone, and thank the many many people who listen each week, by doing something special... and so last night we met up on YouTube for a livestream party.

Smashing Security podcast #200: Two flipping hundred

We're in celebratory mood as we celebrate our 200th episode, but there's still time to discuss Fatima the ballerina who the UK government wants to become a cybersecurity expert, why women are quitting the tech industry, and a smartwatch which might be putting your kids at risk. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Podcast Episode 10 – Face off: Debating Facial Recognition with Thom Langford & Paul Edon

Recovering CISO and Director of (TL)2 Security Thom Langford joins the show to debate Tripwire’s Paul Edon on facial recognition vs. security. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast RSS: https://tripwire.libsyn.com/rss YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3 The following is an edited excerpt from a recent episode of Tripwire’s Cybersecurity Podcast. Tim Erlin: Welcome everyone to the Tripwire Cybersecurity Podcast. I’m Tim […]… Read More

The post Podcast Episode 10 – Face off: Debating Facial Recognition with Thom Langford & Paul Edon appeared first on The State of Security.

ST24: Proaktive Absicherung zur Minimierung von Endgeräterisiken (German)

Vor dem Hintergrund des IT-Fachkräftemangels gestaltet es sich für Unternehmen immer schwieriger, mit der wachsenden Zahl sowie Raffinesse von Cyber-Angriffen Schritt zu halten und drängt Sicherheitsteams dazu, oft nur noch reaktiv agieren zu können. Wie Sie mithilfe einer umfassenden Bedrohungsdatenbank sowie proaktiver Reaktionsmaßnahmen Ihre Endgerätesicherheit verbessern und Reaktionszeiten von Monaten auf Stunden verkürzen können, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Heiko Brückle, McAfee Senior Security Engineer, sowie Chris Trynoga, McAfee Regional Solution Architect.

 

 

The post ST24: Proaktive Absicherung zur Minimierung von Endgeräterisiken (German) appeared first on McAfee Blogs.

Smashing Security podcast #199: A few tech cock-ups, and one cock lock-up

An internet-connected adult toy could leave its users encaged, the official NHS COVID-19 contact-tracing app alarms users, and would you be happy if a robot interviewed you for a job? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by BBC technology correspondent Zoe Kleinman.

ST23: Moderner Datenschutz für Microsoft Teams (German)

Für viele ist das Arbeiten im Home Office zur Normalität geworden. Microsoft Teams stellt dabei den Ankerpunkt der effektiven Zusammenarbeit und dem Austausch von Inhalten in Microsoft 365 dar. Welche Auswirkung das jedoch auf die Sicherheit hat, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Alexander Haug, unser Security Engineer mit Fokus auf Data Protection, sowie Chris Trynoga, unser Solution Architect und Experte für ganzheitliche Sicherheitsansätze.

The post ST23: Moderner Datenschutz für Microsoft Teams (German) appeared first on McAfee Blogs.

Unique Threats to Operational Technology and Cyber Physical Systems

In this latest episode of our Eye on Security podcast, I talk all about the world of operational technology (OT) and cyber physical systems with one of our foremost experts on the topic: Nathan Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.

Nathan kicked off our chat by explaining what exactly we mean when we use the term ‘cyber physical.’ We then turned our attention to related threats. As it turns out, there are far less attempts by attackers to target these systems than one might believe. Nathan went on to discuss some of the fundamental differences between OT and information technology (IT) systems, and then explained how OT is becoming more similar to IT, which makes OT systems more vulnerable to compromise. Fortunately, even though OT security typically lags behind that of IT systems, it’s definitely moving in the right direction.

Listen to the podcast today, and check out the following blog posts referenced by Nathan during the episode:

Entertainment #FromHome: How to start your own podcast

Making Media #FromHome

How to start your own podcast

Start your own podcast? Why not? Instead of streaming someone else’s show, maybe it’s time to create one of your own. And a fine time to start a podcast it is. Podcasting once took a bit of effort to get into. The recording software, the hosting, and the equipment could end up costing a reasonable amount of money and took a certain degree of technical savvy to use. Yet like so many things on today’s internet, those barriers have dropped, particularly for folks who simply want to dive in and give it a try. With a pair of headsets, a built-in microphone, and some free software, you can start podcasting now with your computer or even your phone. So, if you’re ready to give it shot, let’s take a look at some of the resources available to you.

Coming up with an idea for your podcast

More so than choosing this software or that, the process really starts with a basic concept for your podcast. You’ll have a topic that you want to cover, a format such as a one-person show or a talk format where you have multiple hosts or guests, and a target length for your show. 

For example, let’s assume that you’re trying out podcasting as part of a little family project. Maybe you and your daughter want to talk about going on adventures like hiking, canoeing on lakes, and fishing. A great concept for you could be a 20-minute show about adventures kids and parents can take together. You can talk about how you decide on your adventures, plan for them, and tell some stories about your triumphs and pitfalls along the way. What does it feel like to catch your first bass, or how does it feel to set up your tent in a sudden downpour? People love hearing stories that’ll inspire them or make them laugh or, better yet, both. 

Another idea is to approach it like as a learning opportunity for your kids. Recently, I posted an article on project-based learning for kids at home. One of the suggestions was for kids to make a short podcast of their own to show what they’ve learned about after researching a that they’re interested in. What you learn here in this article could point the way for them to create their own show, whether with your help or independently. 

That’s just a few examples. And really, coming up with an idea for a podcast is a topic in and of itself. For more on that, check out this article on creating a podcast from National Public Radio. While written for students, it’s packed with plenty of solid advice for anyone who wants to get started in podcasting, plus several pro tips for making your show sound great.

What about podcasting equipment?

Chances are you already have the basics. If you have a set of headphones with a built-in microphone and a computer or phone you can attach them to, that’s a great start. Of course, people who invest more time and money into their podcasting pursuit will have things like a podcasting microphone mounted on a miniature boom arm, a “pop filter” that prevents you from popping your “P’s” in the microphone, and maybe even a small mixing board. But, for just getting started or just having some fun as a family, you really don’t need those things. 

Free podcasting software and hosting

What you will need is some software that lets you record your show and even do some basic editing too. Here are a few free options that’ll cover your recording and editing while giving you a place to post your shows too:

Anchor FM

Anchor gives you standard recording features, plus extra bells and whistles like importing voice messages from your phone, group chat, and transitions. As Anchor is part of streaming music provider Spotify, you can also import music into your podcast from there. And when you’re done recording, Anchor offers free hosting for creators. If you’re creating a multiple-host podcast, your co-host or guests can use the Anchor app on their phone and join in.

Spreaker

It may look like a typo, yet Spreaker is the name for this offering. Much akin to Anchor, it offers a combination of recording software and hosting capabilities so that you can add things like music and sound effects to your podcast. The app also supports Google Hangouts and Skype so that you can bring on a co-host or guest.

Podbean

A third popular option is Podbean. It also allows you to record and publish your podcast for free as part of a basic plan that offers 500 MB of storage space and 100GB of bandwidth per month (meaning, a 500 MB could be downloaded 200 times at no cost—where 500 MB is approximately 5 hours of showtime).

Free options for editing your podcast

If you already have a way of recording your podcast, such as with a simple audio recorder on your phone, computer, or laptop, you can drop those audio files into free audio editing software to edit your show together. 

These are more formally known as Digital Audio Workstations (DAWs). Depending on which one you select, these apps offer functionality similar to what the pros use to record and edit their audio. You’ll see things like multiple tracks where you can place people, music, and sound effects on their own timeline that you can mix together, different options for exporting your show to different file types, settings to sweeten sound quality, and much more. As you might imagine, audio editing and mixing is a pursuit unto itself, and you can really dive deep here if the podcasting bug bites you. Here’s a rundown of what’s out there:

GarageBand

Apple users will probably know this app. Garageband is available only on Mac and iOS devices (iPad and iPhone). It has all the watermarks of an Apple application, where it’s an app that looks good and simplifies an otherwise complicated process. Above, we mentioned multi-track recording. If you’re new to that, it can feel a little overwhelming at first, yet GarageBand color-codes its tracks and leans heavily on drag-and-drop editing. That lends itself to ease of use, exploration, and even a fair share of trial-and-error as you get comfortable with it. Plus, as its name would imply, GarageBand features a library of musical instruments. So when you get tired of podcasting, you can play around with it and drop some beats.

Audacity

Slightly further along the audio editing learning curve is Audacity, which is a free download for multiple platforms. Visually, it’s a contrast to GarageBand yet its functionality goes much deeper. One appealing aspect of Audacity is that it’s celebrating a 20-year run as open source software—meaning that it’s a community-supported effort. So if you’re dedicated to learning audio editing, there are numerous resources out there that can help you learn the Audacity interface and feel confident that you’re learning an audio app that’ll be around for some time.

Reaper Digital Audio Workstation

And of our three free options, Reaper is the most full-functioned editor, which you can download for a free 60-day trial. If you’re completely new to audio editing, you may want to start with one of the other options just to get familiar with the basics. Otherwise, if you’ve used some other simpler platforms before and feel ready to move up, Reaper is a fine choice. 

Your podcast and your privacy

Here’s the thing with dipping your toe into the world of podcasting: you don’t have to post your podcast for others to hear. As we talked about at the start of this article, this could just be an entertaining project or exploration for you and your family. You can hang on to your podcast and just share it with family at home, or you could send it to some friends and family for them to listen to it too. Regardless of what you decide to do with your podcast once you’ve recorded it, you’ll want to think about your privacy.

Online privacy isn’t a topic that’s discussed much in many “how-to start your own podcast” articles. Yet it’s a vital topic. (In fact, we discuss privacy all the time on our own Hackable? podcast.) Keep privacy in mind when you podcast. Just like anything else you post online, a picture, a status update, a blog, or what have you, you’re exposing yourself to the entire online world. When it comes to anything digital, what you say and what you share is forever. It can be copied, shared, disseminated, and even reconstructed in umpteen different ways. 

So the general rule with podcasting is much the same as everything else you do online: think before you post. 

Before you post, consider …

Just as you go back and look at what you’ve typed in that email or that status update, go back and review your show before you post or share it with others. Listen for things like:

  1. Have you overtly or inadvertently shared some information about yourself and your family—like birthdays, when you typically go on vacation, or other information that uniquely identifies you in a way? Hackers and crooks could find this useful when it comes to online identity theft or physical theft on your property.
  2. Are you keeping your family business and friendships private? “Sharenting” details about your children, good or bad, or talking about your relationships with others could lead to embarrassment or hurt feelings amongst family and friends.
  3. Can anything you’ve said be construed as hurtful, casting someone in a bad light, or simply mocking? Remove it from your podcast or simply don’t post it. You could be held legally responsible. Laws will vary across countries and locales, so make a point of understanding what they are with regards to defamation, libel, and slander in your area.

Again, stop and think before you post. Could this compromise you, your family, your friends, or someone else now or in the future? If so, and even if you’re uncertain of the answer, don’t post. 

Start your podcast!

These are just a few of the numerous, and often free, options that allow practically anyone to get started in podcasting, and there are plenty more. Just be sure as you’re surfing around for software, tutorials, and resources, use comprehensive security software to protect you from threats—particularly a browser advisor app that will steer you clear of malware, bad downloads, and suspicious links. Also, caveat emptor, buyer beware. When researching apps, always look at the reviews so that you can spot any issues before you download or use an app.

With that, I hope this inspires an interesting side project, or even a new pastime for you and your family. Get out there and have some fun!

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

 

The post Entertainment #FromHome: How to start your own podcast appeared first on McAfee Blogs.

Cyber Security Roundup for April 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2020.

The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and 
businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
Convincing COVID-19 Scam Text Message (Smishing)

I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the gov.uk domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.

I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams.  It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.

March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way.  There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution

Away from the deluge of coronavirus cybersecurity news and threats, Virgin Media were found to have left a database open, which held thousands of customer records exposed, and T-Mobile's email vendor was hacked, resulting in the breach of their customers and employees personal data.  

International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guestsTony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”

Five billion records were found to be exposed by UK security company Elasticsearch.  Researchers also found an Amazon Web Services open MongoDB database of eight million European Union citizen retail sales records was left exposed, which included personal and financial information.  And Let’s Encrypt revoked over 3 million TLS certificates due to a bug which certification rechecking

March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants.  Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.

Stay safe, safe home and watch for the scams.

BLOG
NEWS
    VULNERABILITIES AND SECURITY UPDATES
      AWARENESS, EDUCATION AND THREAT INTELLIGENCE

      How Safe are Video Messaging Apps such as Zoom?

      I was privileged to be part of The Telegraph Coronavirus Podcast today, where I was asked about the security of video messaging apps.



      'How safe are video messaging apps such as Zoom, and what should users bear in mind when using them?'

      My reply...
      Video messaging apps are an essential communication tool for at home and within businesses, especially during the COVID-19 lockdown period. They are generally safe to use but there are a few security risks which users should be aware of.

      Our increased use of video messaging apps has not gone unnoticed by cybercriminals, who are seeking to exploit the increase of use by sending phishing emails, social media scam messages and even scam text messages, with fake invitations to video messaging app meetings.

      Typically, these scam messages will entice you into either opening a malicious attachment or click a web link which directs to a malicious website. The ultimate aim of these cyberattacks is to deliver malicious software, such as ransomware which locks your PC and demands a ransom payment to unlock, scam a payment, or steal your personal information which can be resold to other cybercriminals on the dark web.

      So, never open an attachment or click on any links within any unexpected or suspicious emails, social media messages and text messages.

      The next piece of advice is to ensure your video messaging app is always kept up-to-date. Luckily most modern smartphones and computer operating systems will automatically update your apps, but it is always worth double-checking and not to suppress any app updates from occurring, as often the app updates are fixing security flaws.

      And finally, on home computers and laptops, when not using video messaging apps, either cover your webcam with a piece of tape or face your webcam towards a wall or ceiling, just in case your computer is covertly compromised and a malicious actor gains access to your computer's webcam.


      Additional
      One tip I didn't have time to say on the podcast, is always ensure your video chats are set to private, using a strong password to prevent ZoomBombingRecent reportshave shown a series of “Zoombombing” incidents lately, where unwanted guests have joined in on open calls. 

      Bharat Mistry, Principal Security Strategist at Trend Micro on Zoom advises “Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.

      It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs). With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature.

      Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far.

      Risk mitigation:
      The good news is that there are several things you can do to mitigate the security risks associated with Zoom. The most basic are: 
      • Ensure Zoom is always on the latest software version
      • Build awareness of Zoom phishing scams into user training programmes. Users should only download the Zoom client from a trusted site and check for anything suspicious in the meeting URL when joining a meeting
      • Ensure all home workers have anti-malware including phishing detection installed from a reputable vendor
      Organisational preparedness:
      Next, it’s important to revisit those administrative settings in the app, to reduce the opportunities for hackers and Zoombombers. Fortunately, automatically generated passwords are now switched on by default, and the use of personal meeting IDs are switched off, meaning Zoom will create a random, one-off ID for each meeting. These setting should be kept as is. But organisations can do more, including:
      • Ensure you also generate a meeting ID automatically for recurring meetings
      • Set screen-sharing to “host only” to prevent uninvited guests from sharing disruptive content
      • Don’t share any meeting IDs online
      • Disable “file transfers” to mitigate risk of malware
      • Make sure that only authenticated users can join meetings
      • Lock the meeting once it’s started to prevent anyone new joining
      • Use waiting room feature, so the host can only allow attendees from a pre-assigned register
      • Play a sound when someone enters or leaves the room
      • Allow host to put attendees on hold, temporarily removing them from a meeting if necessary”