START CONTENT



* New SSL attack called FREAK



* Has to do with falling RSA back to a deprecated and weak level

* Requires the client and server are both vulnerable

* The solution is to patch

* Many orgs will also want to note which servers were vulnerable

* The lesson is that you don’t reduce security to increase it

* Backdoors x time = regret


* Using Ruby’s Open-URI could be dangerous



* open-uri monkeypatches kernel.open

* open(params[:url]) can execute |ls


* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense



* This seems highly suspect

* First you’re putting that data at risk in a personal system

* Second you’re obviously trying to hide your conversations


* Facebook can access your account without your password

* Google no longer encrypting Lollipop by default



* Was one of the main selling points for 5, and now it’s gone

* They said it was simply a driver issue


* DLink routers have a remote command injection bug



* Could allow DNS hijacking and other attacks


* ISIS has threatened some members of the Twitter team for disabling their accounts



* This really puts a point on public presence for me

* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to

* This works for personal attacks, not for countries obviously


* There has been some major fraud happening with people connecting stolen cards to ApplePay



* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue


* Up to 18.8 non-Anthem customers exposed in the Anthem breach



* This is in addition to the 80 million actual anthem customers


* GoPro vulnerability on its website exposes customer Wi-fi passwords



* Expect more of this


* Uber took over 5 months to issue a breach notification



* There was a breach of driver names and license numbers that they just now disclosed


* Seagate NAS vulnerability allows unauthorized root access



* This raises the cloud storage issue I blogged about last week




END CONTENT


Play Podcast


Notes



* Sorry about my voice on this one. I’m a bit sick. :(

START CONTENT 
 
 
* New SSL attack called FREAK 
 
 
* Has to do with falling RSA back to a deprecated and weak level 
* Requires the client and server are both vulnerable 
* The solution is to patch 
* Many orgs will also want to note which servers were vulnerable 
* The lesson is that you don&#8217;t reduce security to increase it 
* Backdoors x time = regret 
 
* Using Ruby&#8217;s Open-URI could be dangerous 
 
 
* open-uri monkeypatches kernel.open 
* open(params[:url]) can execute |ls 
 
* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense 
 
 
* This seems highly suspect 
* First you&#8217;re putting that data at risk in a personal system 
* Second you&#8217;re obviously trying to hide your conversations 
 
* Facebook can access your account without your password 
* Google no longer encrypting Lollipop by default 
 
 
* Was one of the main selling points for 5, and now it&#8217;s gone 
* They said it was simply a driver issue 
 
* DLink routers have a remote command injection bug 
 
 
* Could allow DNS hijacking and other attacks 
 
* ISIS has threatened some members of the Twitter team for disabling their accounts 
 
 
* This really puts a point on public presence for me 
* I&#8217;m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to 
* This works for personal attacks, not for countries obviously 
 
* There has been some major fraud happening with people connecting stolen cards to ApplePay 
 
 
* The issue isn&#8217;t a security problem with ApplePay, but rather with standard bank / card security issue 
 
* Up to 18.8 non-Anthem customers exposed in the Anthem breach 
 
 
* This is in addition to the 80 million actual anthem customers 
 
* GoPro vulnerability on its website exposes customer Wi-fi passwords 
 
 
* Expect more of this 
 
* Uber took over 5 months to issue a breach notification 
 
 
* There was a breach of driver names and license numbers that they just now disclosed 
 
* Seagate NAS vulnerability allows unauthorized root access 
 
 
* This raises the cloud storage issue I blogged about last week 
 
 
 
END CONTENT 
 
Play Podcast 
 
Notes 
 
 
* Sorry about my voice on this one. I&#8217;m a bit sick. :(

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Exploring the fascinating intersection of security, technology, and humans.

Unsupervised Learning

START CONTENT New SSL attack called FREAK Has to do with falling RSA back to a deprecated and weak level Requires the client and server are both vulnerable The solution is to patch Many orgs will also want to note which servers were vulnerable The less...

Take 1 Security Podcast: Episode 8

In this conversation, I speak with Rob Allen, Chief Product Officer at ThreatLocker.

We talk about:

ThreatLocker’s Unique Zero Trust Approach to Cybersecurity:
How ThreatLocker’s "deny by default, permit by exception" methodology, along with automated application learning and built-in definitions for over 4,000 applications, simplifies allowlisting and enhances endpoint security.

Innovations in ThreatLocker’s Control Features:
How ThreatLocker’s ringfencing prevents unauthorized application interactions and data access, and dynamic firewalls mitigate risks like lateral movement and ransomware attacks through endpoint-level network segmentation.

Recent Developments and Cloud Expansion:
How ThreatLocker Detect and Cloud Detect provide advanced detection capabilities for endpoint and cloud environments, including Office 365, enabling anomaly detection, centralized alerts, and proactive threat management.

And more.

Into (00:00:00)
ThreatLocker's Zero Trust Cybersecurity Approach (00:00:31)
Understanding Allow Listing in Cybersecurity (00:01:49)
Managing Software Updates with ThreatLocker (00:02:13)
Automated Application Updates for Over 4000 Programs (00:04:11)
Vendor Collaboration for Early Software Updates (00:05:40)
Challenges and Risks of Immediate Software Updates (00:06:53)
Assuming Breach: A Core Cybersecurity Principle (00:08:10)
Implementing Zero Trust Strategies with Ring Fencing (00:09:30)
Controlling Application Interactions to Prevent Threats (00:09:50)
Advanced Data Protection with Storage Control (00:13:17)
Dynamic ACLs for Smarter Network Control (00:15:48)
Ransomware Risks from Open Ports (00:16:50)
Using Shodan to Identify Open Port Vulnerabilities (00:17:19)
Building Application Allow Lists with Contextual Data (00:18:43)
Learning Mode for Application and Traffic Visibility (00:19:36)
Balancing User Behavior Control and Workflow (00:20:44)
Integrating Detection and Control with ThreatLocker Detect (00:21:44)
Why Detection is Critical in Cybersecurity Layers (00:22:41)
Response Mechanisms and Automated Remediation (00:24:02)
Lockdown Mode: Ultimate Isolation from Threats (00:25:38)
Streamlined Application Approvals with Cyber Hero (00:26:36)
Breaking Down Ransomware Attack Stages (00:27:46)
Introducing Cloud Detect for Cloud Security (00:29:39)
How to Learn More About ThreatLocker Solutions (00:30:47)

In this conversation, I speak with Rob Allen, Chief Product Officer at ThreatLocker.
We talk about:
ThreatLocker’s Unique Zero Trust Approach to Cybersecurity: How ThreatLocker’s "deny by default, permit by exception" methodology, along with automated application learning and built-in definitions for over 4,000 applications, simplifies allowlisting and enhances endpoint security.
Innovations in ThreatLocker’s Control Features: How ThreatLocker’s ringfencing prevents unauthorized application interactions and data access, and dynamic firewalls mitigate risks like lateral movement and ransomware attacks through endpoint-level network segmentation.
Recent Developments and Cloud Expansion: How ThreatLocker Detect and Cloud Detect provide advanced detection capabilities for endpoint and cloud environments, including Office 365, enabling anomaly detection, centralized alerts, and proactive threat management.
And more.
Into (00:00:00) ThreatLocker's Zero Trust Cybersecurity Approach (00:00:31) Understanding Allow Listing in Cybersecurity (00:01:49) Managing Software Updates with ThreatLocker (00:02:13) Automated Application Updates for Over 4000 Programs (00:04:11) Vendor Collaboration for Early Software Updates (00:05:40) Challenges and Risks of Immediate Software Updates (00:06:53) Assuming Breach: A Core Cybersecurity Principle (00:08:10) Implementing Zero Trust Strategies with Ring Fencing (00:09:30) Controlling Application Interactions to Prevent Threats (00:09:50) Advanced Data Protection with Storage Control (00:13:17) Dynamic ACLs for Smarter Network Control (00:15:48) Ransomware Risks from Open Ports (00:16:50) Using Shodan to Identify Open Port Vulnerabilities (00:17:19) Building Application Allow Lists with Contextual Data (00:18:43) Learning Mode for Application and Traffic Visibility (00:19:36) Balancing User Behavior Control and Workflow (00:20:44) Integrating Detection and Control with ThreatLocker Detect (00:21:44) Why Detection is Critical in Cybersecurity Layers (00:22:41) Response Mechanisms and Automated Remediation (00:24:02) Lockdown Mode: Ultimate Isolation from Threats (00:25:38) Streamlined Application Approvals with Cyber Hero (00:26:36) Breaking Down Ransomware Attack Stages (00:27:46) Introducing Cloud Detect for Cloud Security (00:29:39) How to Learn More About ThreatLocker Solutions (00:30:47)

A Conversation with Rob Allen from ThreatLocker

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/6584c3d5-d44d-4a37-82f7-b22c005a6109/transcript

My conversation with Jason Haddix from Flare, Google finds a Zero-Day with AI, Robot Dogs Protecting Mar-a-Lago, and more...

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

My conversation with Jason Haddix from Flare, Google finds a Zero-Day with AI, Robot Dogs Protecting Mar-a-Lago, and more...
Subscribe to the newsletter at:  <a href="https://danielmiessler.com/subscribe">https://danielmiessler.com/subscribe</a>
Join the UL community at: <a href="https://danielmiessler.com/upgrade">https://danielmiessler.com/upgrade</a>
Follow on X: <a href="https://twitter.com/danielmiessler">https://twitter.com/danielmiessler</a>
Follow on LinkedIn: <a href="https://www.linkedin.com/in/danielmiessler">https://www.linkedin.com/in/danielmiessler</a>
See you in the next one!

UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/094a744c-9e33-4175-957d-b22b013da1d7/transcript

Streamline Your Cybersecurity with Flare Here:
https://try.flare.io/unsupervised-learning/

In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare.

We talk about:

Flare's Unique Approach to Threat Intelligence:
How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements.

Challenges of Credential Theft and Advanced Malware Techniques:
How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management.

Jason's Journey To Founding Arcanum & Arcanum's Security Training Programs:
How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles. 

And more

Introduction to the Podcast (00:00:00)
Guest Excitement on Podcast (00:00:20)
Jason's New Business and Flare Role (00:00:24)
Career Shift from Ubisoft to Red Teaming (00:01:02)
Evolution of Adversary Tactics (00:02:04)
Flare's Credential Exposure Management (00:02:58)
Synergy Between Arcanum and Flare(00:03:55)
Dark Web Credential Compromise (00:04:45)
Challenges with Two-Factor Authentication (00:06:25)
Cookie Theft and Unauthorized Access (00:07:39)
Redline Malware and Its Impact (00:08:12)
Flare's Research Capabilities (00:09:50)
Potential for Advanced Malware Detection (00:11:40)
Expansion of Threat Intelligence Services (00:12:15)
Vision for a Unified Security Dashboard (00:13:25)
Integrating Threat Intelligence with Identity Management (00:14:00)
Credential Update Notifications via API (00:15:54)
Automated Credential Management Potential (00:17:28)
AI Features in Security Platforms (00:17:32)
Exploration of Automated Security Responses (00:18:38)
Introduction to Arcanum Security (00:19:25)
Overview of Arcanum Training Courses (00:20:25)
Necessity for Up-to-Date Training (00:22:15)
Guest Experts in Training Sessions (00:23:08)
Upcoming Features for Flare (00:25:11)
Integrating Vulnerability Management (00:28:08)
Accessing Flare's Free Trial (00:28:25)
Learning More About Arcanum (00:29:09)

Streamline Your Cybersecurity with Flare Here: <a href="https://try.flare.io/unsupervised-learning/">https://try.flare.io/unsupervised-learning/</a>
In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare.
We talk about:
Flare's Unique Approach to Threat Intelligence: How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements.
Challenges of Credential Theft and Advanced Malware Techniques: How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management.
Jason's Journey To Founding Arcanum &amp; Arcanum's Security Training Programs: How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles. 
And more
Introduction to the Podcast (00:00:00) Guest Excitement on Podcast (00:00:20) Jason's New Business and Flare Role (00:00:24) Career Shift from Ubisoft to Red Teaming (00:01:02) Evolution of Adversary Tactics (00:02:04) Flare's Credential Exposure Management (00:02:58) Synergy Between Arcanum and Flare(00:03:55) Dark Web Credential Compromise (00:04:45) Challenges with Two-Factor Authentication (00:06:25) Cookie Theft and Unauthorized Access (00:07:39) Redline Malware and Its Impact (00:08:12) Flare's Research Capabilities (00:09:50) Potential for Advanced Malware Detection (00:11:40) Expansion of Threat Intelligence Services (00:12:15) Vision for a Unified Security Dashboard (00:13:25) Integrating Threat Intelligence with Identity Management (00:14:00) Credential Update Notifications via API (00:15:54) Automated Credential Management Potential (00:17:28) AI Features in Security Platforms (00:17:32) Exploration of Automated Security Responses (00:18:38) Introduction to Arcanum Security (00:19:25) Overview of Arcanum Training Courses (00:20:25) Necessity for Up-to-Date Training (00:22:15) Guest Experts in Training Sessions (00:23:08) Upcoming Features for Flare (00:25:11) Integrating Vulnerability Management (00:28:08) Accessing Flare's Free Trial (00:28:25) Learning More About Arcanum (00:29:09)

A Conversation with Jason Haddix from Flare

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/7103eace-01f3-4545-a979-b225015b47c2/transcript

Take 1 Security Podcast: Episode 8

In 1 playlist(s)

Unsupervised Learning

Social links

Follow podcast

Recent clips