Latest Hacking News

Interview with Karl Sigler, Security Research Manager for Trustwave SpiderLabs, on the recently disclosed vulnerability impacting Lifesize video products. Today's Agenda is as follows: About Trustwave SpiderLabs Overview of Lifesize products and the organizations that use them. Details on the Lifesize vulnerability and discovery. Implications of the vulnerability. Disclosing the flaw to the company. Walkthrough of Trustwave's Proof-of-Concept exploit and POC release date. You can read Trustwave's blog post on the vulnerability here: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/lifesize-team-room-passport-networker-remote-os-command-injection/ If you would like to add the podcast to your Alexa flash briefings you can do so here.

Australian Parliament computer network compromised, new phishing attack using Google Translate, and Apple patches FaceTime bug as well as two zero-days Google says were exploited in the wild on episode 216 of our daily cybersecurity podcast.

MacOS zero-day flaw discovered but researcher won't share with Apple, Google cautions Nest users against poor password practices, and Mozilla Firefox to get site isolation feature on episode 215 of our daily cybersecurity podcast.

RDP vulnerabilities make new reverse RDP attacks possible, new Google Chrome extension warns users of leaked passwords, and OpenOffice and LibreOffice vulnerabilities on episode 214 of our daily cybersecurity podcast.

A new Linux backdoor trojan discovered, Jack'd app exposes private user images, and Huddle House POS system breach on episode 213 of our daily cybersecurity podcast.

A new sextortion scam claims to infect users through popular adult website, Chrome to warn of lookalike URLs, and Houzz suffers user data breach on episode 212 of our daily cybersecurity podcast.

FaceTime bug allows users to spy on each other, authorities shut down hacked server marketplace, and data of over 14,000 diagnosed with HIV leaks online on episode 211 of our daily cybersecurity podcast. Today's Agenda is as follows: FaceTime Bug Discovered Authorities Shut Down Hacked Server Marketplace Data of over 14,000 Diagnosed with HIV Leaks Online If you would like to add the podcast to your Alexa flash briefings you can do so here.

New exploit code leads to active attacks on Cisco routers, abandoned Wordpress plug-in leads to active attacks on websites, and DailyMotion suffers a credential stuffing attack on episode 210 of our daily cybersecurity podcast. Today's Agenda is as follows: Cisco Routers Actively Targeted With New Exploits Abandoned Wordpress Plug-in Leaving Sites Open to Attack DailyMotion Discloses Credential Stuffing Attack If you would like to add the podcast to your Alexa flash briefings you can do so here.

New Microsoft Exchange Zero-Day and iPhoneX jailbreak attacks based on known vulnerabilities and a wave of attacks using App Engine Google Cloud Platform to deliver malware on episode 209 of our daily cybersecurity podcast.

Image based malware targeting Mac users through ads, phishing campaign using fake voicemail messages to steal passwords, and banking trojan rotating tactics to evade detection on episode 208 of our daily cybersecurity podcast.

Possible Google Chrome change may block Ad-Blockers, DHS issues alert regarding DNS hijacking campaign, and WhatsApp limites message forwards to five on episode 207 of our daily cybersecurity podcast. Today's Agenda is as follows: Google Chrome to Block Ad-Blockers DHS Issues Security Alert About DNS Hijacking Attacks WhatsApp Limits Message Forward to Combat Fake News If you would like to add the podcast to your Alexa flash briefings you can do so here.

Google fined $57 million by France for GDPR violations, WPML Wordpress Plug-in developer's site hacked by ex-employee, and a Windows Zero-Day gets a micropodcast on episode 206 of our daily cybersecurity podcast.

Noam Kehati, Cyber Intelligence Analyst at Sixgill, talks about interesting conversations she's had with cybercriminals on the dark web as well as Sixgills research into dark web criminal activity.

Twitter bug exposed protected tweets of some Android users, ES File Explorer potentially exposes data of 100 million users, and Microsoft launched Azure DevOps bug bounty program on episode 204 of our daily cybersecurity podcast.

Massive leak of 773 million records found, Fortnite account compromise via Epic Games flaw, and new Magecart group compromise sites via advertising partner on episode 203 of our daily cybersecurity podcast.

Ukrainian hackers charged in connection to SEC hack, multiple zero-day vulnerabilities found in ID badge security systems, and airline reservation system vulnerable after partial patch on episode 202 of our daily cybersecurity podcast.

Love Letter malspam campaign, US Judge rules against compelled use of biometrics in search warrant, and Massachusetts passes new data breach law on episode 201 of our daily cybersecurity podcast.

Ryuk ransomware operators using TrickBot to gain access to networks, fake pirated movie file tampers with search results, and Microsoft fixes Windows 7 remote shares issue on episode 200 of our daily cybersecurity podcast. Today's Agenda is as follows: Ryuk Ransomware Attackers Using TrickBot to Gain Access Fake Movie File Steals Crypto and Tampers with Search Results Microsoft Stand-Alone Update to Fix Windows 7 Remote Shares If you would like to add the podcast to your Alexa flash briefings you can do so here.

Malware found preinstalled on some Alcatel phones, hacker gets 10 years for Children's Hospital DDoS attack, and US Govt shutdown leaves .GOV TLS certificates to expire on episode 199 of our daily cybersecurity podcast.

Qualys discloses new Linux vulnerabilities, critical flaw in Cisco's email security platform could enable permanent DoS, Hyatt Hotels announces bug bounty program, and Wordpress vulnerabilities tripled in 2018 on episode 198 of our daily cybersecurity podcast.