This week, how a politicians' kids accessed his laptop through facial recognition, critical flaws in WordPress and Qualcomm chips, how 2 million IoT security cameras and baby monitors are vulnerable to takeover, and how a new Emotet variant uses connected devices as proxy C2 servers! In the expert commentary, the return of Jason Wood from Paladin Security, joins us to talk about how Microsoft is telling IT admins to nix 'obsolete' password reset practices!
This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of thousands of stores, and how attackers are weaponizing more vulnerabilities than ever before! In the expert commentary, we welcome Itai Tevet, CEO of Intezer, to talk about Linux threats, recent Mirai variants, and general code reuse in the cyber space!
This week, the Apache Tomcat Patches Important Remote Code Execution Flaw, New variants of Mirai botnet detected, targeting more IoT devices, Hackers used credentials of a Microsoft Support worker to access users' webmail, TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids, Ecuador suffered 40 Million Cyber attacks after the Julian Assange arrest, Security weakness in popular VPN clients, and Open Source Tool From FireEye Automates Analysis of Flash Files! In the expert commentary, Jason Wood talks about The Impact of Cyber Warfare! All that and more, on this episode of Hack Naked News!
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode214
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code, Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution, Computer virus alters cancer scan images, A Serious Apache server bug gives root to baddies in shared host environments, Cybercrime Groups Are Still Rampant on Facebook, 90% of OT organizations are cyberattack victims, Tenable Discloses Verizon Fios Router Vulnerabilities, and Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print! Neil Butchart the SVP at Ekran, comes on the show to talk about "Is the industry broken?"
Asus pushes patch after hackers used updates to send malware, Microsoft Announces Windows Defender ATP Antivirus for Mac, Researchers find 36 new security flaws in LTE protocol, New Settings Let Hackers Easily Pentest Facebook and Instagram Mobile Apps, and how Researchers can get a free Tesla for spotting infotainment system bug! Sven Morgenroth from Netsparker joins us for expert commentary to discuss how Facebook stored hundreds of Millions of user passwords in plain text!
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode212
Visit http://hacknaked.tv to get all the latest episodes!
Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by 'severe' ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! Ralf Hund from VMRay joins us for expert commentary to discuss the Evolution of GandCrab!
Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an unprotected MongoDB instance exposes 800 million emails! Jason Wood from Paladin Security joins us for expert commentary on how a researcher claims an Iranian APT is behind a 6TB Data Heist at Citrix!
Google ditches passwords in latest Android devices, ICANN calls for wholesale DNSSEC deployment, Flaws in 4G and 5G allow snooping on calls, pinpointing device location, TurboTax Hit with credential stuffing attack, and much more!
To GET A FREE 14-DAY TRIAL of Acunetix, visit: https://securityweekly.com/acunetix
This week, Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018, Hackers Target WordPress Sites via WP Cost Estimation Plugin, Facebook paid $25,000 for CSRF exploit that leads to Account Takeover, and PoC Exploit Code for Recent Container Escape Flaw in runc Published Online! Jason Wood from Paladin Security joins us for expert commentary on ...!
This week, your Lenovo X is watching you & sharing information, a client-side DNS attack emerges from academic research, a macOS vulnerability leaks safari data, hackers hit VFEmail & wipe US servers and backups, and a check-in system flaw puts major airlines at risk! Jason Wood from Paladin Security joins us for expert commentary on how Fraudsters are scamming teenage 'money mules' on Instagram and Snapchat!
This week, RDP Servers Can Hack Client Devices, Roughly 500,000 Ubiquiti devices may be affected by a flaw already exploited in the wild, Crypto exchange in limbo after the founder dies with password, Home DNA kit company says its working with the FBI, Outlaw Shellbot infects Linux servers to mine for Monero, Apple's Siri Shortcuts feature vulnerable to abuse, researchers warn, Code Execution Flaw Found in LibreOffice and OpenOffice, Google's new Chrome extension warns you about stolen passwords, Mitigations against Mimikatz Style Attacks, and Google Patches Critical .PNG Image Bug. David Pearson from Awake Security joins us for the expert commentary on the recent news around Japan performing an IoT pentest on their public IPs!
To learn more about Awake Security, visit: https://securityweekly.com/awake
This week, a tool that finds vulnerable robots on the internet, a new exploit that threatens over 9,000 Cisco Routers, apple turns of group FaceTime after an eavesdropping bug, wordpress sites under attack via Zero-Day in abandoned plugin, and OpenBMC caught with 'pantsdown' over a new security flaw! Jason Wood from Paladin Security joins us for expert commentary on Abusing Exchange: One API call away from Domain Admin!
A flaw in MySQL could allow rogue servers to steal files, a state agency exposes 3TB of data including FBI info, how cybercriminals clean their dirty money, a critical RCE flaw in Linux APT allows remote attackers to hack systems, and how to protect against a new breed of cyber attack! Jason Wood from Paladin Security joins us for expert commentary on how Attackers used a LinkedIn job ad and Skype call to breach a bank's defense!
US Government Shutdown leaves dozens of .Gov sites vulnerable, Firefox 69 to disable Adobe Flash, an Unpatched vCard flaw could leave your PCs open to attackers, Tesla's contest Pwn2Own could win you a Model 3, and how building site cranes are easier to hack than garage door openers! Jason Wood from Paladin Security joins us for expert commentary on how the Boston Hospital Attacker was sentenced to 10 years in prison!
Etherium hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype Glitch allowed Android Authentication Bypass, Zerodium offers $2Million for remote iOS jailbreaks, and Tens of Thousands of Hot Tubs are exposed to hack! Our CEO Matt Alderman joins us for expert commentary on Container Security Lags Amidst DevOps Enthusiasm!