Play Podcast


START CONTENT



* There was another SQL Injection bug found in SEO by Yoast



* It required admins to click a malicious link

* Was patched quickly

* It’s the plugins that make WordPress vulnerable


* Attackers are targeting gamers for ransomware



* Virlock is one version of ransomware that not only locks the screen, but infects files

* It’s also polymorphic, so it changes itself every time it runs

* TeslaCrypt goes after gamers, which seems super smart because they are often addicted


* The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition



* I get asked a lot about what to do about this kind of stuff

* Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them

* Assume the worst, even though it’s probably not that bad


* US industrial systems attacked 245 times between October 2013 and September 2014



* Most attacks were against Critical Manufacturing and Energy

* Biggest vectors were spear phishing and port scanning


* CloudFlare aims to defeat DDoS with Virtual DNS



* They want to proxy DNS before it hits customer name server


* The CIA supposedly tried to hack Apple hardware



* The article has come under extreme scrutiny


* Going to be on the Security Weekly podcast with Pau

* Hillary Clinton’s email account dram

* OpenSSL is getting an audit



* Bout time


* Wikimedia is suing the NSA over surveillance 

* Spoofing the boss is the best way to phish someone, evidently

* Had a great time at CactusCon in Phoenix



* Did a talk with Jason and saw Dave’s keynote

* Dave’s keynote was about struggling with the basics, not APT

* He asked when a major breach was NOT a dumb mistake


* Someone’s looking to make a Snowden Phone

* Looks like I’ll be on the Security Weekly podcast with Paul



* Going to talk about IoT security and my our OWASP project




END CONTENT


Play Podcast


Notes



* Comments welcome on content and format, as usual.

Play Podcast 
 
START CONTENT 
 
 
* There was another SQL Injection bug found in SEO by Yoast 
 
 
* It required admins to click a malicious link 
* Was patched quickly 
* It&#8217;s the plugins that make WordPress vulnerable 
 
* Attackers are targeting gamers for ransomware 
 
 
* Virlock is one version of ransomware that not only locks the screen, but infects files 
* It&#8217;s also polymorphic, so it changes itself every time it runs 
* TeslaCrypt goes after gamers, which seems super smart because they are often addicted 
 
* The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition 
 
 
* I get asked a lot about what to do about this kind of stuff 
* Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them 
* Assume the worst, even though it&#8217;s probably not that bad 
 
* US industrial systems attacked 245 times between October 2013 and September 2014 
 
 
* Most attacks were against Critical Manufacturing and Energy 
* Biggest vectors were spear phishing and port scanning 
 
* CloudFlare aims to defeat DDoS with Virtual DNS 
 
 
* They want to proxy DNS before it hits customer name server 
 
* The CIA supposedly tried to hack Apple hardware 
 
 
* The article has come under extreme scrutiny 
 
* Going to be on the Security Weekly podcast with Pau 
* Hillary Clinton’s email account dram 
* OpenSSL is getting an audit 
 
 
* Bout time 
 
* Wikimedia is suing the NSA over surveillance 
* Spoofing the boss is the best way to phish someone, evidently 
* Had a great time at CactusCon in Phoenix 
 
 
* Did a talk with Jason and saw Dave&#8217;s keynote 
* Dave&#8217;s keynote was about struggling with the basics, not APT 
* He asked when a major breach was NOT a dumb mistake 
 
* Someone&#8217;s looking to make a Snowden Phone 
* Looks like I&#8217;ll be on the Security Weekly podcast with Paul 
 
 
* Going to talk about IoT security and my our OWASP project 
 
 
 
END CONTENT 
 
Play Podcast 
 
Notes 
 
 
* Comments welcome on content and format, as usual.

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Exploring the fascinating intersection of security, technology, and humans.

Unsupervised Learning

Play Podcast START CONTENT There was another SQL Injection bug found in SEO by Yoast It required admins to click a malicious link Was patched quickly It’s the plugins that make WordPress vulnerable Attackers are targeting gamers for ransomware Virlock ...

Take 1 Security Podcast: Episode 10

In this sponsored conversation, I speak with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.

We talked about all things Maritime Security, and I learned a whole lot from the conversation.

Digital Hijacking at Sea: Unveiling a Cyber Attack Scenario in the Red Sea

BlackBerry Quarterly Global Threat Report — March 2024

00:00:00 Introduction and Guest Welcome
00:00:30 Maritime Security Overview
00:01:15 Baltimore Incident Discussion
00:02:00 Legacy Systems on Ships
00:03:20 Connectivity Challenges at Sea
00:04:10 Cyber Threats in Maritime Industry
00:05:00 Post-Accident Cyber Investigations
00:06:00 Potential Cyber Attacks on Ships
00:07:30 Threat Scenarios and Models
00:08:45 USB and External Media Threats
00:09:30 Evolution of Navigation System Connectivity
00:10:30 Crew Connectivity and Cyber Risks
00:11:30 Lessons from Other Industries
00:12:15 GPS Spoofing and Navigation Interference
00:13:30 Digital Hijacking of Ships
00:14:45 Economic Disruption via Cyber Attacks
00:16:00 Financial Motivation Behind Attacks
00:17:15 Ransomware in Maritime Context
00:18:30 Panama Canal and Economic Impact
00:19:30 Cyber Security Maturity in Maritime Industry
00:21:00 Legacy Systems and Geopolitical Interests
00:22:15 Challenges with Security Solutions at Sea
00:23:30 Historical Cyber Incidents in Maritime
00:24:30 GPS Spoofing Techniques
00:25:15 International Maritime Organization Standards
00:26:30 Criminal Trends and Cyber Attacks
00:27:45 Open Source Tools and Threat Actors
00:28:45 Information Sharing in Maritime Industry
00:29:30 Real-World Examples of Cyber Incidents
00:31:00 Cruise Ships and Large Yachts Security
00:32:15 Autonomous Vessels and Cyber Protection
00:33:30 Future of Autonomous Vessels
00:34:15 Learning and Improving Cyber Security in Maritime
00:35:30 Role of Threat Intelligence in Maritime Security
00:36:15 Optimism for the Future of Maritime Security
00:37:30 Industry Awareness and Education Efforts
00:38:30 AI Integration in Maritime Security Solutions
00:39:15 Conclusion and Final Thoughts

In this sponsored conversation, I speak with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.
We talked about all things Maritime Security, and I learned a whole lot from the conversation.
<a href="https://event.on24.com/wcc/r/4530009/DF690F9C60A307C572ED2AFC9EB232D3">Digital Hijacking at Sea: Unveiling a Cyber Attack Scenario in the Red Sea</a>
<a href="https://www.blackberry.com/us/en/solutions/threat-intelligence/threat-report">BlackBerry Quarterly Global Threat Report — March 2024</a>
00:00:00 Introduction and Guest Welcome 00:00:30 Maritime Security Overview 00:01:15 Baltimore Incident Discussion 00:02:00 Legacy Systems on Ships 00:03:20 Connectivity Challenges at Sea 00:04:10 Cyber Threats in Maritime Industry 00:05:00 Post-Accident Cyber Investigations 00:06:00 Potential Cyber Attacks on Ships 00:07:30 Threat Scenarios and Models 00:08:45 USB and External Media Threats 00:09:30 Evolution of Navigation System Connectivity 00:10:30 Crew Connectivity and Cyber Risks 00:11:30 Lessons from Other Industries 00:12:15 GPS Spoofing and Navigation Interference 00:13:30 Digital Hijacking of Ships 00:14:45 Economic Disruption via Cyber Attacks 00:16:00 Financial Motivation Behind Attacks 00:17:15 Ransomware in Maritime Context 00:18:30 Panama Canal and Economic Impact 00:19:30 Cyber Security Maturity in Maritime Industry 00:21:00 Legacy Systems and Geopolitical Interests 00:22:15 Challenges with Security Solutions at Sea 00:23:30 Historical Cyber Incidents in Maritime 00:24:30 GPS Spoofing Techniques 00:25:15 International Maritime Organization Standards 00:26:30 Criminal Trends and Cyber Attacks 00:27:45 Open Source Tools and Threat Actors 00:28:45 Information Sharing in Maritime Industry 00:29:30 Real-World Examples of Cyber Incidents 00:31:00 Cruise Ships and Large Yachts Security 00:32:15 Autonomous Vessels and Cyber Protection 00:33:30 Future of Autonomous Vessels 00:34:15 Learning and Improving Cyber Security in Maritime 00:35:30 Role of Threat Intelligence in Maritime Security 00:36:15 Optimism for the Future of Maritime Security 00:37:30 Industry Awareness and Education Efforts 00:38:30 AI Integration in Maritime Security Solutions 00:39:15 Conclusion and Final Thoughts

A Conversation on Maritime Security with BlackBerry Threat Intelligence

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/3b4c84ee-2bb3-4b83-a9ba-b1720003721d/transcript

The US goes skills-based, AI is mostly prompting, simulation -> reality, 30 useful concepts, and more……

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

The US goes skills-based, AI is mostly prompting, simulation -&gt; reality, 30 useful concepts, and more……
Subscribe to the newsletter at:  <a href="https://danielmiessler.com/subscribe">https://danielmiessler.com/subscribe</a>
Join the UL community at: <a href="https://danielmiessler.com/upgrade">https://danielmiessler.com/upgrade</a>
Follow on X: <a href="https://twitter.com/danielmiessler">https://twitter.com/danielmiessler</a>
Follow on LinkedIn: <a href="https://www.linkedin.com/in/danielmiessler">https://www.linkedin.com/in/danielmiessler</a>
See you in the next one!

UL NO. 431: Companies are Graphs of Algorithms

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/d98ef94c-1fdb-4ec7-99cf-b16b01115225/transcript

How I use local AI models, MI5 vetting research students, the first AI deepfake racism attack, and more…

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

How I use local AI models, MI5 vetting research students, the first AI deepfake racism attack, and more…
Subscribe to the newsletter at:  <a href="https://danielmiessler.com/subscribe">https://danielmiessler.com/subscribe</a>
Join the UL community at: <a href="https://danielmiessler.com/upgrade">https://danielmiessler.com/upgrade</a>
Follow on X: <a href="https://twitter.com/danielmiessler">https://twitter.com/danielmiessler</a>
Follow on LinkedIn: <a href="https://www.linkedin.com/in/danielmiessler">https://www.linkedin.com/in/danielmiessler</a>
See you in the next one!

UL NO. 430: The Courage to be Disliked

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/600d13eb-b0f4-4230-adc6-b165017057cd/transcript

Take 1 Security Podcast: Episode 10

In 1 playlist(s)

Unsupervised Learning

Social links

Follow podcast

Recent clips