Securit13 Podcast
Первый украинский подкаст об информационной безопасности

Framework for Improving Critical Infrastructure Cybersecurity https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf 
Доповідь Тараса про критичну інфраструктуру https://www.youtube.com/watch?v=vLy9i9OPcxU 

Direct download: 108.mp3
Category:Technology -- posted at: 8:04am CET
Comments[0]

На момент запису ми готувались до UISGCON14, та відео доповідей вже на нашому каналі https://www.youtube.com/playlist?list=PL0YHqSi934_5fPXaoNxqx42PI7PrCC2xI 
China Used a Tiny Chip in a Hack That Infiltrated U.S. Companies https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies 
New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom https://www.bloomberg.com/amp/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom 
Apple Insiders Say Nobody Internally Knows What’s Going On With Bloomberg’s China Hack Story https://www.buzzfeednews.com/amphtml/johnpaczkowski/apple-china-hacking-bloomberg-servers-spies-fbi 
What Businessweek got wrong about Apple https://www.apple.com/newsroom/2018/10/what-businessweek-got-wrong-about-apple/ 
https://www.documentcloud.org/documents/4995748-Letter-20-October-208th-20version.html 
Facebook has been hacked and 50 million people's accounts have been exposed https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-hack-view-as-issue-bug-data-profile-am-i-safe-security-privacy-a8560061.html 
Google+ to shut down after coverup of data-exposing bug https://techcrunch.com/2018/10/08/google-plus-hack/ 
Here’s how Google is revamping Gmail and Android security https://techcrunch.com/2018/10/08/heres-how-google-is-revamping-gmail-and-android-security/amp/ 
Google's Project Zero thwarts another major bug in Facebook's WhatsApp https://www.theinquirer.net/inquirer/news/3064393/googles-project-zero-thwarts-another-major-bug-in-facebooks-whatsapp 
Microsoft killing off the old Skype client… for real this time https://arstechnica.com/gadgets/2018/09/microsoft-killing-off-the-old-skype-client-for-real-this-time/ 
A mysterious grey-hat is patching people's outdated MikroTik routers | ZDNet https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ 
How to Stop Google From Tracking Your Location https://www.wired.com/story/google-location-tracking-turn-off/ 
U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and 

Direct download: 107.mp3
Category:Technology -- posted at: 1:35pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Yanick Fratantonio http://www.s3.eurecom.fr/~yanick/ 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 104.mp3
Category:Technology -- posted at: 12:20pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Serhii Korolenko about #UISGCON14 #CTF

https://www.hackthis.co.uk 
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 
Passing Security By - Serhii Korolenko https://www.youtube.com/watch?v=rDOYUCy9phA 
Serhii Korolenko - XSS from zer0 to Hero (Workshop) https://www.youtube.com/watch?v=mKqc9u_BRLM 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 106.mp3
Category:Technology -- posted at: 4:30pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
SECURITY BSIDES KYIV AUTUMN 2018 https://kyiv.securitybsides.org.ua/ 
Interview with Alexander Færøy

Tech billionaire Elon Musk smokes marijuana on podcast as shares fall and senior execs leave 

https://www.news.com.au/technology/innovation/motoring/tech-billionaire-elon-musk-smokes-marijuana-and-drinks-whiskey-on-podcast/news-story/b228f58547f797e012c26074b959435e 
Windows 10 to get disposable sandboxes for dodgy apps https://arstechnica.com/staff/2018/08/windows-10-to-get-disposable-sandboxes-for-dodgy-apps/ 
Mongo Lock Attack Ransoming Deleted MongoDB Databases https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/ 
Open .Git Directories Leave 390K Websites Vulnerable https://threatpost.com/open-git-directories-leave-390k-websites-vulnerable/137299/ 
Tesla’s new bug bounty protects hackers — and your warranty https://techcrunch.com/2018/09/06/teslas-new-bug-bounty-protects-hackers-and-your-warranty/ 
How Bitcoin's hidden footprint is impacting water use https://www.thesourcemagazine.org/how-bitcoins-footprint-is-impacting-water-use/ 

Securit13 Patreon https://www.patreon.com/securit13 
Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 105.mp3
Category:Technology -- posted at: 3:58pm CET
Comments[0]

Спеціальний епізод про відвідини 26ї конференції #DEFCON нашими співведучими

Direct download: special.mp3
Category:Technology -- posted at: 3:51pm CET
Comments[0]

UISGCON14 https://14.uisgcon.org/ 
На Дніпропетровщині СБУ попередила кібератаку російських спецслужб на об’єкт критичної інфраструктури https://ssu.gov.ua/ua/news/1/category/2/view/5037#.MkS7rpun.dpbs 
Ukraine claims it blocked VPNFilter attack at chemical plant https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/ 
Speculative Buffer Overflows: Attacks and Defenses (pdf) https://people.csail.mit.edu/vlk/spectre11.pdf 
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed https://www.bleepingcomputer.com/news/security/new-spectre-11-and-spectre-12-cpu-flaws-disclosed/ 
Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users https://thehackernews.com/2018/07/google-chrome-site-isolation.html 
Вийшов річний звіт CISCO з кібербезпеки і піврічний звіт чекпоінт, але ми поговоримо про них наступного разу https://www.cisco.com/c/dam/global/uk_ua/assets/pdfs/Final_Files_Cisco_2018_ACR_Web.pdf?dtid=oemzzz000186&ccid=cc000160&ecid=10432&oid=anrsc005679 
Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s https://www.theregister.co.uk/2018/07/13/hacker_extortion_scam/ 
GitHub to Pythonistas: Let us save you from vulnerable code https://www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from_vulnerable_code/ 
Microsoft seeks regulation of facial recognition technology https://www.reuters.com/article/us-microsoft-facial-recognition/microsoft-seeks-regulation-of-facial-recognition-technology-idUSKBN1K32F0 
Two-factor auth totally locks down Office 365? You may want to check all your services... https://www.theregister.co.uk/2018/07/13/2fa_o365_bypass_attacks/ 
The Tale of SettingContent-ms Files https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 
Facebook fined for data breaches in Cambridge Analytica scandal https://amp.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal 
Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres https://www.theregister.co.uk/2018/07/09/gas_station_hack/ 
2018-07 Security Bulletin: Junos OS: Junos OS: MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2), PTX3K-FPC3 and PTX1K: Line card may crash upon receipt of specific MPLS packet (CVE-2018-0030) https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10864&cat=SIRT_1&actp=LIST 
Revoked Certificate when viewing mydlink IP Cameras with-in web-browsers https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10089 
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ 
Ammyy Admin compromised with malware again; World Cup used as cover https://www.welivesecurity.com/2018/07/11/ammyy-admin-compromised-malware-world-cup-cover/ 
https://regmedia.co.uk/2018/07/13/burkdoll_affidavit.pdf 
US: Government Has Planted Spy Phones With Suspects https://www.hrw.org/news/2018/07/13/us-government-has-planted-spy-phones-suspects 
The 111 Million Record Pemiblanc Credential Stuffing List https://www.troyhunt.com/the-111-million-pemiblanc-credential-stuffing-list/ 
June’s Most Wanted Malware: Banking Trojans Up 50% Among Threat Actors https://blog.checkpoint.com/2018/07/05/junes-most-wanted-malware-banking-trojans-crypto-mining/ 
Did CrowdStrike really miss the mark? https://medium.com/@rsatter/did-crowdstrike-really-miss-the-mark-ecedf0e09dd7 

Securit13 Patreon https://www.patreon.com/securit13 

Direct download: 103.mp3
Category:Technology -- posted at: 12:05pm CET
Comments[0]

В этом эпизоде Алиса, Логин и Алексей поговорили про скандальный 6688, браузеры, уязвимости с лого и сайтами, и некоторые другие новости прошедших двух недель.

6688 http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=62236 
Github Gentoo organization hacked - resolved https://gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html
Apple corrects the record on reported iPhone vulnerability https://www.cyberscoop.com/iphone-brute-force-passcode-matthew-hickey/
Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature https://motherboard.vice.com/en_us/article/bj34wa/cops-unlock-iphones-without-a-warrant-apple-usb-restricted-mode
Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles https://www.theregister.co.uk/2018/06/28/facebook_data_abuse_bug_bounty/
Former NSA contractor Reality Winner accepts guilty plea for leaking classified report https://www.cyberscoop.com/former-nsa-contractor-reality-winner-accepts-guilty-plea-leaking-classified-report/
Firefox is adding 'Have I Been Pwned' alerts https://www.cyberscoop.com/firefox-is-adding-haveibeenpwned-alerts/
«Грязный секрет» Gmail: письма пользователей читают не только сотрудники Google https://thebell.io/gryaznyj-sekret-gmail-pisma-polzovatelej-chitayut-ne-tolko-sotrudniki-google/
"Stylish" browser extension steals all your internet history https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Brave browser adds private tabs with Tor for 'enhanced privacy protection' https://www.cyberscoop.com/brave-browser-adds-tor-tabs/
Fusion https://wiki.mozilla.org/Security/Fusion
Alter attack https://alter-attack.net/
ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/
A year after devastating NotPetya outbreak, what have we learnt? Er, not a lot, says BlackBerry bod https://www.theregister.co.uk/2018/06/27/notpetya_anniversary/
New RAMpage attack affects all Android phones released since 2012 [Update] https://www.androidcentral.com/rampage-attack-discovered
Thanatos Ransomware Decryptor Released by the Cisco Talos Group https://www.bleepingcomputer.com/news/security/thanatos-ransomware-decryptor-released-by-the-cisco-talos-group/ 
First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million https://www.justice.gov/opa/pr/first-nationwide-undercover-operation-targeting-darknet-vendors-results-arrests-more-35
The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age https://www.amazon.com/Perfect-Weapon-Sabotage-Fear-Cyber/dp/0451497899/
UISGCON14 https://14.uisgcon.org/ 
Securit13 Patreon https://www.patreon.com/securit13 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

 

Direct download: 102.mp3
Category:Technology -- posted at: 7:00am CET
Comments[0]

SecurityBsides Odessa CTF is open!
https://odessa.securitybsides.org.ua/#ctf 
All who wants to support BSides Odessa you can do it here 
https://bsidesodessa.ticketforevent.com/ 

SecurityBSides Kharkiv
https://kharkiv.securitybsides.org.ua 

The mysterious hacker who claimed responsibility for the hack on the DNC is likely a disinformation campaign by Russian spies.
https://motherboard.vice.com/en_us/article/wnxgwq/guccifer-20-is-likely-a-russian-government-attempt-to-cover-up-their-own-hack 

The security firm halted the work after questions were asked in the European Parliament about its software.
https://www.bbc.com/news/technology-44501506 

She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn't leave
http://montrealgazette.com/news/local-news/mcgill-music-student-awarded-350000-after-girlfriend-stalls-career 

Commentary: People can no longer tell when they're chatting with a robot. Google, what have you done?
https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ 
https://www.ieee-security.org/TC/SP2018/program.html 
https://www.cnet.com/news/google-duplex-assistant-bot-deception-scary-ethics-question/ 
https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ 
https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ 
https://fpcentral.tbb.torproject.org 

Apple is going after another way sites track you for ads.
https://www.engadget.com/2018/06/05/apple-safari-canvas-fingerprinting/ 
https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/ 

Phone scammers are spoofing numbers to make them look familiar to you. You're more likely to pick up and trust the person on the other end
https://www.cnbc.com/2018/06/12/you-think-its-your-friend-calling-but-its-actually-this-growing-phone-scam.html 


Support us on Patreon https://patreon.com/securit13 

Direct download: 101.mp3
Category:Technology -- posted at: 1:35pm CET
Comments[0]

Интервью с Александром Оленевым и Андреем Волошиным из Thea/Techmaker за жизнь, бизнес, обучение тренингам хардвер инженеров и немного про безопасность автомобилей.

https://www.youtube.com/watch?v=5QBOmr_ZyLo 
DEFCON 25 Nissan Leaf security

https://www.troyhunt.com/controlling-vehicle-features-of-nissan/ 
Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

https://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf 
Tpyota unintended acceleration bug

http://esd.cs.ucr.edu/webres/can20.pdf 
CAN bus specs (BOSCH)

https://www.bmw.co.uk/bmw-ownership/connecteddrive 
BMW ConnectedDrive

https://www.macworld.co.uk/news/apple/apple-car-release-date-3425394/ 
Apple iCar release date rumours, features & images

https://www.nvidia.com/en-us/self-driving-cars/ 
NVIDIA Self-driving cars

https://hackaday.com/2017/06/19/intel-discontinues-joule-galileo-and-edison-product-lines/ 
Intel Discontinues Joule, Galileo, And Edison Product Lines

https://techmaker.ua 
TWIC who wants to participate as an AppSec mentor on Techmaker email to info@techmaker.ua

https://mobiliuz.com/ 
Connected cars

Books
Thinking, Fast and Slow, Daniel Kahneman ISBN 9785170800537 https://www.amazon.co.uk/Thinking-medlenno-reshay-bystro-Russian/dp/5170800533/ref=sr_1_1 
Franchesca, Dorje Batuu ISBN 978-617-679-485-1 https://www.yakaboo.ua/ua/francheska-povelitel-ka-traektorij.html 

 

Securit13 Patreon https://www.patreon.com/securit13

Direct download: 100.mp3
Category:Technology -- posted at: 12:44pm CET
Comments[0]

16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/
07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/
07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/
Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957
EFAIL https://efail.de/
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf
ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496
Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/
Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/
Memcached https://memcached.org/
7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/
Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/
Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/
Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/
DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151

Securit13 Patreon https://www.patreon.com/securit13

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I

Direct download: 99.mp3
Category:Technology -- posted at: 8:30am CET
Comments[0]

Мы немного поговорили про конференции, организованные, будущие и посещенные.

#BSidesKyiv 2018 https://www.facebook.com/pg/BSidesUkraine/
Video https://www.youtube.com/channel/UCOSf0249iC28paeqYY5nRSQ
22.05.2018 WWCode Security event https://www.facebook.com/events/243552549527834/
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/
07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/
Jack Daniel https://twitter.com/jack_daniel/status/992135632616124416
GiSec https://www.gisec.ae/

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 98.mp3
Category:Technology -- posted at: 11:30am CET
Comments[0]

Наши ведущие обсуждали эту страшную абревиатуру GDPR еще до того как это стало мейнстримом, но до публикации дошло с опозданием... И все же несколько слов о регуляции и как ее понимают наши ведущие.

General Data Protection Regulation https://www.eugdpr.org/
How Europe's New Privacy Law Will Change the Web, and More https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/amp
Some more information:
GDPR - A Practical Guide For Developers - Bozho's tech blog https://techblog.bozho.net/gdpr-practical-guide-developers/
America should borrow from Europe’s data-privacy law https://www.economist.com/news/leaders/21739961-gdprs-premise-consumers-should-be-charge-their-own-personal-data-right
Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
Iran hit by global cyber attack that left U.S. flag on screens https://flipboard.com/@flipboard/-iran-hit-by-global-cyber-attack-that-le/f-9fa77d2247%2Freuters.com
FIDO Alliance and W3C have a plan to kill the password https://techcrunch.com/2018/04/10/fido-alliance-and-w3c-have-a-plan-to-kill-the-password/amp/
Okay, Let’s Talk About John McAfee’s Paid Cryptocurrency Promotions https://motherboard.vice.com/en_us/article/3kjpyn/john-mcafee-100k-twitter-promote-cryptocurrency-paid

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 97.mp3
Category:Technology -- posted at: 9:13am CET
Comments[0]

Мы обсуждали новости, их все забыли и вот мы решили вам напомнить! Да, мы немножко слоупоки)))

Everything You Need to Know About Facebook and Cambridge Analytica https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/amp
Cambridge Analytica whistleblower Christopher Wylie appears before MPs https://www.youtube.com/watch?v=X5g6IJm7YJQ
Fact Check: Your Call and SMS History http://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history/
https://www.facebook.com/settings?tab=applications (FB removed "Apps others use")
Total Meltdown? https://blog.frizk.net/2018/03/total-meltdown.html?m=1
It's baaack – WannaCry nasty soars through Boeing's computers http://www.theregister.co.uk/2018/03/28/wannacry_boeing/
Egg on Cisco's face: Three critical software bugs to fix over Easter http://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/
Guccifer 2.0 Was Always Sloppy https://motherboard.vice.com/amp/en_us/article/a3ygmp/guccifer-2-russian-military-intelligence-gru-vpn
Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale https://www.bleepingcomputer.com/news/security/rapid-20-ransomware-released-will-not-encrypt-data-on-pcs-with-russian-locale/
Academics Discover New CPU Side-Channel Attack Named BranchScope https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-side-channel-attack-named-branchscope/
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems https://arxiv.org/pdf/1510.07563.pdf
Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 https://krebsonsecurity.com/2018/03/adrian-lamo-homeless-hacker-who-turned-in-chelsea-manning-dead-at-37/
https://github.com/fulldecent/system-bus-radio
Microsoft May Ban Users For Offensive Language Starting In May https://www.bleepingcomputer.com/news/microsoft/microsoft-may-ban-users-for-offensive-language-starting-in-may/
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 https://www.drupal.org/sa-core-2018-002
NOTICE OF DATA BREACH https://content.myfitnesspal.com/security-information/notice.html
Durov refuses to hand over Telegram encryption keys to FSB http://searchsecurity.techtarget.com/news/252437323/Dorov-refuses-to-hand-over-Telegram-encryption-keys-to-FSB
Signalling Security in Telecom SS7/Diameter/5G — ENISA https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g

 

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 96.mp3
Category:Technology -- posted at: 7:05am CET
Comments[0]

Adam Doupé http://www.adamdoupe.com/
Adam on twitter https://twitter.com/adamdoupe
Adam on youtube https://www.youtube.com/channel/UCWA6pfcx4Ok4xsIA7Mkr39w
Series of live hacking of CTF challenges on YouTube https://www.youtube.com/playlist?list=PLK06XT3hFPziMAZj8QuoqC8iVaEbrlZWh
Book
    The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787

Direct download: 95.mp3
Category:Technology -- posted at: 8:01pm CET
Comments[0]

Мы тут пытались обговорить ход подготовки к BSidesKyiv 2018. Как это получилось - судите сами.

Intro / Outro Extraction de la pierre de folie by Cuicuitte http://freemusicarchive.org/music/Cuicuitte/LAntville/Cuicuitte_-_LAntville_-_09_Extraction_de_la_pierre_de_folie 

#BsidesKyiv 2018 https://securitybsides.org.ua/ 
Shedule https://securitybsides.org.ua/#schedule 
Tickets https://securitybsides.ticketforevent.com/ 
Radar2 http://www.radare.org/r/ 
Vero - True Social https://www.vero.co/ 
How To Get Started With Vero - True Social https://www.forbes.com/sites/anthonykarcz/2018/02/23/how-to-get-started-with-vero-true-social/#2b54ae3d2889 
Here's how to delete your Vero account https://mashable.com/2018/02/27/how-to-delete-vero-account/#J8IkV29ZoOqy 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 94_2.mp3
Category:Technology -- posted at: 3:36pm CET
Comments[0]

White House blasts Russia for NotPetya cyberattack https://edition.cnn.com/2018/02/15/politics/white-house-russia-notpetya/index.html 
Memcached servers can be hijacked for massive DDoS attacks https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html 
Memcrashed - Major amplification attacks from UDP port 11211 https://blog.cloudflare.com/memcr ashed-major-amplification-attacks-from-port-11211/
GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED https://www.wired.com/story/github-ddos-memcached/amp 
NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/ 
У Харкові засуджено підозрюваного за продаж клієнтської бази поштового перевізника https://cyberpolice.gov.ua/news/u-xarkovi-zasudzheno-pidozryuvanogo-za-prodazh-kliyentskoyi-bazy-poshtovogo-pereviznyka-6604/ 
Speculative Execution Bounty Launch https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/ 
Frequently Asked Questions about Microsoft Bug Bounty Programs https://technet.microsoft.com/en-us/security/dn425055.aspx 
AMD allegedly has its own Spectre-like security flaws https://www.cnet.com/google-amp/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/ 
​Linus Torvalds slams CTS Labs over AMD vulnerability report http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/ 
Intel: Our next chips won't have data leak flaws we told you totally not to worry about https://www.theregister.co.uk/2018/03/15/intel_spectre_mitigation/ 
Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake https://arstechnica.com/gadgets/2018/02/intel-ships-hopefully-stable-microcode-for-skylake-kaby-lake-coffee-lake/ 
Samba settings SNAFU lets any user change admin passwords https://www.theregister.co.uk/2018/03/14/samba_password_bug/ 
Zero-day vulnerability in Telegram https://securelist.com/zero-day-vulnerability-in-telegram/83800/ 
Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges https://thehackernews.com/2018/03/text-editors-extensibility.html 
В Исландии похитили 600 серверов для добычи Bitcoin https://www.ixbt.com/news/2018/03/06/v-islandii-pohitili-600-serverov-dlja-dobychi-bitcoin.html 
CBM - Car Backdoor Maker https://www.kitploit.com/2018/03/cbm-car-backdoor-maker.html 
Let's Encrypt updates certificate automation, adds splats https://www.theregister.co.uk/2018/03/14/lets_encrypt_updates_certificate_automation_adds_splats/ 
CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS http://www.theregister.co.uk/2018/03/13/phantom_secure_ceo_arrested/ 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 94_1.mp3
Category:Technology -- posted at: 10:00am CET
Comments[0]

К нам пришел наш друг Сергей Смитиенко и мы поговорили про архитектуру х86. Получилось немного меланхолично и безысходно, но познаветельно.

Intro / Outro Ninja by Indikings http://freemusicarchive.org/music/Indikings/Back_In_Space/indikings_ninja 

Breaking the x86 Instruction Set https://www.youtube.com/watch?v=KrksBdWcZgQ 
DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set https://www.youtube.com/watch?v=ajccZ7LdvoQ 
17 BHB ASIA 013 Hello From the Other Side SSH Over Robust Cache Covert Channels in the Cloud https://www.youtube.com/watch?v=a9sGk7FtnYk 
Clémentine Maurice https://cmaurice.fr/ 
PinMe: Tracking a Smartphone User around the World https://arxiv.org/pdf/1802.01468.pdf 
Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle 
Books:
Intel® 64 and IA-32 Architectures Software Developer’s Manual https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf 
Intel® 64 and IA-32 Architectures Optimization Reference Manual https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf 

Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I 

Direct download: 93.mp3
Category:Technology -- posted at: 12:04am CET
Comments[0]

Нашумевшие дебаты Марка и Илона, множество исследований, еще больше художественных произведений... Но что же такое AI? А с точки зрения информационной безопасности? Именно об этом решили поговорить наши ведущие. А что думаете вы?

Intro / Outro The Yellow Flying Cog by Flying Species http://freemusicarchive.org/music/Flying_Species/Cogs/4_-_The_Yellow_Flying_Cog

Google's AI Built Its Own AI That Outperforms Any Made by Humans https://www.sciencealert.com/google-s-ai-built-it-s-own-ai-that-outperforms-any-made-by-humans
On the security, privacy, and safety challenges of AI http://www.ml4aad.org/automl/
Why Zuckerberg and Musk Are Fighting About the Robot Future https://www.theatlantic.com/technology/archive/2017/07/musk-vs-zuck/535077/
Elon Musk says we need to regulate AI before it becomes a danger to humanity https://www.theverge.com/2017/7/17/15980954/elon-musk-ai-regulation-existential-threat
Live grilling in Mark's backyard https://www.facebook.com/zuck/videos/10103911836230631/
OpenSOC: An Open Commitment to Security https://blogs.cisco.com/security/opensoc-an-open-commitment-to-security
http://opensoc.github.io/
https://ru.wikipedia.org/wiki/Гордиевский,_Олег_Антонович
https://en.wikipedia.org/wiki/Stanislav_Petrov
Banned In Germany: Kids' Doll Is Labeled An Espionage Device https://www.npr.org/sections/thetwo-way/2017/02/17/515775874/banned-in-germany-kids-doll-is-labeled-an-espionage-device
CCS 2017 http://ieeexplore.ieee.org/document/8055659/
GDPR (General Data Protection Regulation) https://www.eugdpr.org/
Вредоносные боты уже в сети - как их обнаруживают? можно ли эффективно детектить Sybil attacks? Как отличать человека от бота? А как мы делаем вердикт, что существо перед нами, это человек?
И наоборот, может ли AI определять "плохое" поведение людей https://snap.stanford.edu/www2017tutorial/
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-fredrikson-privacy.pdf
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures https://www.semanticscholar.org/paper/Model-Inversion-Attacks-that-Exploit-Confidence-In-Fredrikson-Jha/02bc27c39eaaa6b85d336be81b15ca19f112a950
David Wagner keynote https://ccs2017.sigsac.org/keynote.html
AI может "to hack back": https://www.rescam.org

Blindsight by Peter Watts https://en.wikipedia.org/wiki/Blindsight_(Watts_novel)
Далекая Радуга by Братья Стругацкие http://strugacki.ru/book_12.html
WarGames (1983) https://www.imdb.com/title/tt0086567/
Introduction to Artificial Intelligence for Security Professionals https://www.amazon.com/Introduction-Artificial-Intelligence-Security-Professionals-ebook/dp/B07654CFFQ
http://defense.ballastsecurity.net/static/IntroductionToArtificialIntelligenceForSecurityProfessionals_Cylance.pdf

Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_2.mp3
Category:Technology -- posted at: 10:49pm CET
Comments[0]

BSides Kyiv 21.04.2018 https://securitybsides.org.ua/, cfp https://securitybsides.org.ua/#cfp
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Security hole in AMD CPUs' hidden secure processor revealed ahead of patches https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
Attacking a co-hosted VM: A hacker, a hammer and two memory modules - This is Security :: by Stormshield https://www.theverge.com/platform/amp/2018/1/3/16844630/intel-processor-security-flaw-bug-kernel-windows-linux?__twitter_impression=true
Intel Releases New Technology Specifications to Protect Against ROP attacks https://software.intel.com/en-us/blogs/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks
A Simple Explanation of the Differences Between Meltdown and Spectre https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
blizzard: agent rpc auth mechanism vulnerable to dns rebinding https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=2
https://twitter.com/secwrks/status/955554405364981761
I’m harvesting credit card numbers and passwords from your site. Here’s how. https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Part 2: How to stop me harvesting credit card numbers and passwords from your site https://hackernoon.com/part-2-how-to-stop-me-harvesting-credit-card-numbers-and-passwords-from-your-site-844f739659b9
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Australia probes sale of secret papers in filing cabinets https://apnews.com/2897f5d8449c413796efe03b9202a1ca
Strava's heatmap revealed military bases, but it also showed nothing is anonymous online http://www.abc.net.au/news/science/2018-02-04/strava-heatmap-online-anonymity-is-almost-impossible/9380326
Now even YouTube serves ads with CPU-draining cryptocurrency miners https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/
Uber ignores security bug that makes its two-factor authentication useless http://www.zdnet.com/google-amp/article/uber-security-flaw-two-factor-login-bypass/
British hacker arrested for cyberattacks against Pokemon, Google, and Skype. https://www.scmagazine.com/british-hacker-arrested-for-selling-malware-and-launching-cyberattacks-against-pokemon-google-and-skype/article/738288/
Ay MaMi https://objective-see.com/blog/blog_0x26.html
Hospital Pays $55K Ransomware Demand Despite Having Backups https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/
СБУ заблокувала розповсюдження в Україні шпигунського програмного забезпечення - https://ssu.gov.ua/ua/news/1/category/2/view/4273#.T1a7701Q.dpbs
Satellite derived time and position blackett review https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/676675/satellite-derived-time-and-position-blackett-review.pdf
Dutch agencies provide crucial intel about Russia's interference in US-elections https://www.volkskrant.nl/media/dutch-agencies-provide-crucial-intel-about-russia-s-interference-in-us-elections~a4561913/


Music - KEYGEN MUSIC ~ One hour mix https://www.youtube.com/watch?v=c17k4LfLkaE

Direct download: 92_1.mp3
Category:Technology -- posted at: 6:51pm CET
Comments[0]

Эпизод 90.2 - Интервью с А.Семенякой (10.12.2017)

К нам пришел Алекс и рассказал о критической инфраструктуре интернетов. Что это вообще такое и как с ней жить?

Intro / Outro Clouds of Tenderness by Lobo Loco http://freemusicarchive.org/music/Lobo_Loco/BOB/Clouds_of_Tenderness_ID_792

Russian-controlled telecom hijacks financial services’ Internet traffic https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
Resource Certification (RPKI) https://www.ripe.net/manage-ips-and-asns/resource-management/certification
The Resource Public Key Infrastructure (RPKI) to Router Protocol https://tools.ietf.org/html/rfc6810
BGPsec Protocol Specification https://tools.ietf.org/html/rfc8205
[ipv6-wg] Belgian limits on CGN/NAT? https://www.ripe.net/ripe/mail/archives/ipv6-wg/2016-November/003004.html
Доклад по интернет-блокировкам на Генассамблее ООН: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf, туда же заодно и http://www.ohchr.org/Documents/Issues/Opinion/A.66.290.pdf
Доклад на ENOG, расшифровка в составе сессии: https://habrahabr.ru/company/qrator/blog/342846/ , презентация: https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.key, https://www.enog.org/wp-content/uploads/presentations/enog-14/21-171010-Content-blocking-intro.pdf, запись выступления: https://youtu.be/4MhCXbjSox8
Москва — Пєтушкі by Венедикт Єрофєєв https://uk.wikipedia.org/wiki/Москва_—_Пєтушкі  http://www.moskva-petushki.ru/

Связаться с Алексеем можно по адресу alex.semenyaka@gmail.com или https://www.facebook.com/alex.semenyaka

Direct download: 90_2.mp3
Category:Technology -- posted at: 3:20pm CET
Comments[0]

Intro / Outro Sleepy in the Garden by Lobo Loco https://freemusicarchive.org/music/download/7b5af5facd7ab75f565ca518647fb28f56f1dc08


Malvertising https://en.wikipedia.org/wiki/Malvertising
Malvertising: When Online Ads Attack (2015) https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malvertising-when-online-ads-attack
Juniper Acquires Cyphort (2015) https://www.cyphort.com/press-release/cyphort-labs-issues-special-report-on-the-rise-in-malvertising-cyber-attacks/
Malvertising and crypto threats have rocketed in 2017 https://www.htbridge.com/blog/malvertising-and-crypto-threats-have-rocketed-in-2017.html
Malvertising Campaign Redirects Browsers To Terror Exploit Kit https://threatpost.com/malvertising-campaign-redirects-browsers-to-terror-exploit-kit/128596/
Malvertising on Equifax, TransUnion tied to third party script (updated) https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
New Malvertising Campaign Exploits Home Routers, Changes DNS Servers https://www.pindrop.com/blog/new-malvertising-campaign-exploits-home-routers-changes-dns-entries/
Expired domain names and malvertising https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/
Russian Influence Reached 126 Million Through Facebook Alone https://www.nytimes.com/2017/10/30/technology/facebook-google-russia.html
Facebook's Advertising Tools Complicate Efforts To Stop Russian Interference https://www.npr.org/sections/alltechconsidered/2017/10/30/560836775/facebooks-advertising-tools-complicate-efforts-to-stop-russian-interference
Ad network takes steps to reduce fraud https://www.csoonline.com/article/3195998/security/ad-network-takes-steps-to-reduce-fraud.html
Will Crypto Browser Mining Replace The Ad Industry https://www.cryptoglue.com/2017/09/22/will-crypto-browser-mining-replace-the-ad-industry/
For $1000, anyone can purchase online ads to track your location and app use http://www.washington.edu/news/2017/10/18/for-1000-anyone-can-purchase-online-ads-to-track-your-location-and-app-use/
I never signed up for this! Privacy implications of email tracking https://senglehardt.com/papers/pets18_email_tracking.pdf
The Future of Ad Blocking: An Analytical Framework and New Techniques https://arxiv.org/pdf/1705.08568.pdf

https://brave.com
https://cliqz.com/en/
https://play.google.com/store/apps/details?id=edu.berkeley.icsi.haystack&hl=en
https://recon.meddle.mobi
https://play.google.com/store/apps/details?id=edu.cmu.mcom.ppa&hl=en
https://fdvt.org

Direct download: 89_2.mp3
Category:Technology -- posted at: 8:48am CET
Comments[0]

Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально.

Intro / Outro State of Mind by Audiobinger http://freemusicarchive.org/music/Audiobinger/~/State_of_Mind

BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року https://engage2demand.cisco.com/LP=7258
2016 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
The Black Swan by Nassim Nicholas Taleb https://www.amazon.com/Black-Swan-Improbable-Robustness-Fragility/dp/081297381X
Связаться с Владимиром можно по адресу voilibma@cisco.com или https://www.facebook.com/vladimir.ilibman

Direct download: 88_2.mp3
Category:Technology -- posted at: 10:31pm CET
Comments[0]

1