This page will include show notes/links, etc from the podcast.
If you find the podcast useful/interesting you are welcome to send me a donation, as I don’t want to have to resort to sponsorship as this will not let me be as frank and honest as I want to be, and also I’m fed up of the sponsor ads on almost every podcast I listen too, as I think it detracts from the rest of the material being covered.
So this will be a FREE podcast, in the sense of not having any sponsors, but to make it viable (in the long run) I need it to be self-supporting via the community of listeners. If you want to say thanks, you can use the Donate button on this page
Do you have a story to share, either via email, or would you like to tell the story yourself and be a guest?
Got a burning cyber security related question that you would like me to cover/explain on the show?
You can submit these via the Anchor.fm app (Android or iOS) to leave a voice message, call me to discuss, or whatever works for you.
Want to say thank you for the podcast or blog?You can say thanks with a donation |
Anchor https://anchor.fm/omgcybersecurity
Apple Podcasts https://itunes.apple.com/us/podcast/omg-cyber-security/id1457506391?mt=2&uo=4
Google Podcasts https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy85ZmE4NTZjL3BvZGNhc3QvcnNz
Spotify https://open.spotify.com/show/2vRbNy9Pwn21J92cmEeOVh
Breaker https://www.breaker.audio/omg-cyber-security
Overcast https://overcast.fm/itunes1457506391/omg-cyber
Pocket Casts https://pca.st/l8Y5
PodBean https://www.podbean.com/podcast-detail/2hqis-8ad7e/OMG-Cyber%21-Podcast
RadioPublic https://radiopublic.com/omg-cyber-security-Gqw19p
Episode 5 – The one about The Curious Case of Conficker (aka Downadup) – Interview with Ken Bechtel
Show Notes:
- Conficker, aka Downadup (Wikipedia) (SANS), my Virus Bulletin article on Conficker and my Worm Charming paper can be found in the Publications section of this site.
- Guest: Ken Bechtel LinkedIn, Twitter, Team Anti-Virus,
- AVIEN (Anti-Virus Information Exchange Network) https://avien.wordpress.com
- OpaServ (F-Secure)
- The Storm Worm (Wikipedia) (Wired)
- Loveletter (aka the Love Bug or ILOVEYOU worm) (Wikipedia) (F-Secure)
- Morris Worm (Wikipedia) (FBI) (ESET)
- SNORT(snort.org) you can also find articles on creating SNORT signatures in the Publications section of this site.
Episode 4 – The one about End User Education and Testing, What it takes to work in Cyber Security, and what BYOD means, and more!
Show Notes:
- May 8th, 2019: ITPS FREE Briefing at the Durham County Cricket Ground, Chester-le-Street (Just outside of Newcastle) – How would you cope against a cyber attack? https://www.itps.co.uk/2019/04/16/cyber-security-workshop/
- Marcus Hutchins (MalwareTech) Pleads Guilty https://krebsonsecurity.com/2019/04/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware/
- NCSC’s 100K most frequently used password list https://www.forbes.com/sites/kateoflahertyuk/2019/04/21/these-are-the-worlds-most-hacked-passwords-is-yours-on-the-list/
- Docker Breach https://motherboard.vice.com/en_us/article/7xgbzb/docker-hub-breach-hackers-stole-private-keys-tokens
- Microsoft email breach https://motherboard.vice.com/en_us/article/xwndwn/microsoft-outlook-msn-hotmail-breach-cryptocurrency-bitcoin
- Wipro breach https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/comment-page-1/
- Blog posting on “Cyber Catalyst” Cyber Catalyst; Dead Cert or Rank Outsider?
- Cyberwire, Hacking Humans Podcast (Episode 46) 2019 -Let’s play, “Covered by cyber insurance — true or false?”
- Effective End-User Training, Compliance and Testing blog posting
- Question of the Day: How do I become a security specialist (ethical hacker, malware researcher, digital forensics, etc.)
- Only Fools and Horses (Del Boy Trotter) https://en.wikipedia.org/wiki/Only_Fools_and_Horses you can also watch the series on Netflix and Amazon Prime Video
Episode 3 – The one about Sextortion, Social Engineering, SIEM and SOAR
Show Notes:
- Blog about Sextortion Sextortion – Your Money, or Your Pride!
- Jenny Radcliffe’s Youtube channel (About Social Engineering) https://www.youtube.com/channel/UCKI6KPxYgrF-Hg9ichVOPXA
- What is SIEM and SOAR https://swimlane.com/blog/siem-soar/
- Insurers Collaborate on Cyber Security Ratings https://www.darkreading.com/risk/insurers-collaborate-on-cybersecurity-ratings/d/d-id/1334258
- Blog posting on “Cyber Catalyst” Cyber Catalyst; Dead Cert or Rank Outsider?
- Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018 https://www.darkreading.com/threat-intelligence/credential-stuffing-attacks-behind-30-billion-login-attempts-in-2018/
- FIN6 Group Diversifies Activity, Uses LockerGoga and Ryuk Ransomware https://www.bleepingcomputer.com/news/security/fin6-group-diversifies-activity-uses-lockergoga-and-ryuk-ransomware/
If there is anything I missed, or you want links to (that I discussed in an episode), please let me know…
Episode 2 – The one about Passwords, 2FA/MFA, Password Managers, and APTs
Show Notes:
- Blog about password re-use. Helping the Hackers: Password Re-Use is Widespread!
- Blog about passwords being the new exploit. Question of the Day: Are Passwords the New Exploit?
- Sam Harris, Making Sense podcast: https://samharris.org/podcasts/152-trouble-facebook/
- Have I Been Pwned web site https://haveibeenpwned.com/
- Talos blog about Facebook being used by cyber criminals https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html
- Trusted Reviews article about the other Facebook data breaches https://www.trustedreviews.com/news/new-facebook-data-breach-might-be-the-scariest-yet-3690921
- Password managers and 2FA/MFA Question of the Day: Password Managers
- Cyber Security and Cloud Expo, 2019 London. https://www.cybersecuritycloudexpo.com/global/
- F-Secure article about password re-use https://blog.f-secure.com/how-to-keep-your-passwords-from-being-an-attackers-key-to-your-account/
If there is anything I missed, or you want links to (that I discussed in an episode), please let me know…
Episode 1 – The one about Insurance, Breaches, and Lazy Reporting, Oh My!
Show Notes:
- Latest news about the Norsk Hydro incident, and expected costs.
- Statement from Hiscox regarding the DLA Piper claim.
- My blog post on CryptoJacking, what is it, and why you should be worried?
- The PRA letter and more on Silent Cyber risks.
- My blog posting on Silent Cyber and Insurance (the importance of having the right policy for the risk).
- My blog postings about password re-use, passwords managers and two/multi-factor authentication.
- 2.2 Billion credentials dumped!
- Latest LockerGoga details, here and here.
If there is anything I missed, or you want links to (that I discussed in an episode), please let me know…
Episode 0.5 – (Pilot) The one about Ransomware…
Show Notes:
- The AIDS Trojan (https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomware-bb480a652b4b)
- Norsk Hydro Ransomware attack and analysis of LockerGoga (https://www.zdnet.com/article/norsk-hydro-will-not-pay-ransom-demand-and-will-restore-from-backups/) and (https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880)
- Hexion and Momentive Ransomware attacks (https://motherboard.vice.com/en_us/article/8xyj7g/ransomware-forces-two-chemical-companies-to-order-hundreds-of-new-computers)
- Smashing Security Podcast (Episode 117) 2019 – me interviewed about the Mondelez/Zurich insurance spat.
- Carbon Black Live Broadcast: Be Empowered to Threat Hunt in 2019 (Live Stream Webinar).
- My blog posting on Ransomware
- My blog posting on CryptoJacking
- Why OMG Cyber Security?
If there is anything I missed, or you want links to (that I discussed in an episode), please let me know…