Very high level of confidence’ Russia used Kaspersky software for devastating NSA leaks, Featuring David Kennedy – Yahoo Finance

January 15, 2018 | By:

Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. “That’s a Russian intelligence operation,” a former senior intelligence official,…


Local cybersecurity company warns of flaws in the phone, tablet, computer you’re using right now, Featuring Alex Hamerstone -News 5 Cleveland

January 08, 2018 | By:

There’s a good chance the phone, tablet or computer you use has a computer chip flaw that’s opening you up to hackers. The recent announcement of more than a billion devices being susceptible sent 5 On Your Side Investigators into action. We tracked down a company in our backyard designed to help stop the bad…


Linus Torvalds Is Not Happy About Intel’s Meltdown and Spectre Mess, Featuring Alex Hamerstone – Gizmodo.com

January 08, 2018 | By:

Famed Linux developer Linus Torvalds has some pretty harsh words for Intel on the fiasco over Meltdown and Spectre, the massive security flaws in modern processors that predominantly affect Intel products. Meltdown and Spectre exploit an architectural flaw with the way processors handle speculative execution, a technique that most modern CPUs use to increase speed. Both classes of vulnerability…


Meltdown & Spectre Fixes Arrive—But Don’t Solve Everything, Featuring Alex Hamerstone – Wired.com

January 06, 2018 | By:

This week, a pair of vulnerabilities broke basic security for practically all computers. That’s not an overstatement. Revelations about Meltdown and Spectre have wreaked digital havoc and left a critical mass of confusion in their wake. Not only are they terrifically complex vulnerabilities, the fixes that do exist have come in patchwork fashion. With most computing devices…


Welcome to 2018! A Meltdown and Spectre Run-Through

January 06, 2018 | By:

Welcome to 2018! It’s only been a few days into the new year and we already have newly named bugs, thanks to the Google Project Zero, Cyberus Technology, and the Graz University of Technology. Jann Horn, Werner Haas, Thomas Prescher, Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz…


More Complex Intruder Attacks with Burp!

December 21, 2017 | By:

Recently I was performing an external penetration test, and there was not a lot of attack surface but there was a firewall device present with one of those browser based SSL VPN services. Without a lot to go on other than some usernames gathered from LinkedIn, this seemed like a door worth trying to force….


Episode 2.10 Is your keyboard listening? A different type of jailbreak, Grinch Bots Stealing Christmas? Chrome, and Red Team Architecture!

December 07, 2017 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Ben Tenjamin, Geoff Walton, Chris Prewitt, Justin Bollinger


The NSA Agent Who Inexplicably Exposed Critical Secrets, Featuring David Kennedy – Wired.com

December 04, 2017 | By:

A SERIES OF leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to carry out, often by contractors like the whistleblower Edward Snowden, who employed just a…


Episode 2.9 OWASP Top 10 2017, OSX Root login bypass, Uber Hacked, who are the shadow brokers, ROCA!

December 04, 2017 | By:

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Ben Tenjamin, Geoff Walton, Chris Prewitt, Justin Bollinger


DerbyTV

November 28, 2017 | By:

This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this year, there was a fair amount of interest in…