Zoom Reverses Course, Removes Local Web Server

Data Breach Today

Controversial Design Decision Could Allow for an Ambush Video Call Video conferencing vendor Zoom has opted to make major changes to its Mac application after a security researcher found several weaknesses in it.

IT 196

New Video Course for State Agencies

The Texas Record

We are pleased to announce a new online video course for state agency records management officers and records liaisons. we are currently revamping local government online courses as well!). Click here to access the video on the course page.

Linkedin Learning: Producing a Video

Adam Shostack

My Linkedin Learning course is getting really strong positive feedback. They even “let” you edit your own videos. From conceptualizing the course and the audience, through final production, it’s been a blast.

IT 83

Threat Modeling in 2018 (video release)

Adam Shostack

Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here. threat modeling


New Pluralsight Course: OWASP Top 10, 2017

Troy Hunt

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in the library even today by a long way. Because this is a "Play by Play" course, it's only an hour and 12 minutes of easy listening.

Android devices could be hacked by playing a video due to CVE-2019-2107 flaw

Security Affairs

Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 The PoC code, an HEVC encoded video, could allow an attacker to crash the media player. Watch out!

Three Decades On: RSA Labs Sets Course for Future

The Security Ledger

contributed Reports RSA Security Conversations Video Black Hat conferences Policy privacy software

IoT 52

EDPB Adopts Guidelines on Data Processing Through Video Devices

Hunton Privacy

The European Data Protection Board (the “EDPB”) recently adopted its Guidelines 3/2019 on processing of personal data through video devices (the “Guidelines”). Although the Guidelines provide examples of data processing for video surveillance, these examples are not exhaustive. The Guidelines aim to provide guidance on how to apply the EU General Data Protection Regulation (“GDPR”) in all potential areas of video device use.


Video: How Automation and Machine Learning Power Future of SIEM

The Security Ledger

» Related Stories Three Decades On: RSA Labs Sets Course for Future Secure Access as a Business Accelerator: a Conversation with Pulse Secure RSAs CTO is Bullish on Security. Interview RSA Security Conversations Video Black Hat conferences encryption privacy software trends

Amazon’s Ring Video Doorbell could open the door of your home to hackers

Security Affairs

Bitdefender discovered a high-severity security flaw in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal WiFi password. SecurityAffairs – IoT , Amazon’s Ring Video Doorbell).

New Pluralsight Course: The State of GDPR - Common Questions and Misperceptions

Troy Hunt

Which brings me to the new course and I put precisely this question to John Elliott whilst in London last month, only a couple of weeks after GDPR had hit. I've known John for a while via Pluralsight channels and we recorded 2 courses together that day, this one and another I'll announce after it goes live. Of course, we also talk about penalties too and what levels will likely apply in what cases, plus how they'll be enforced in jurisdictions outside the EU too.


New Pluralsight Course: The Role of Shadow IT and How to Bring it out of the Darkness

Troy Hunt

It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! This course looks at how shadow IT is changing, what it means in a cloud era and what practices we can apply to address it.

U.S. Court Allows Video Deposition Over EU Deponent’s Privacy Objections

HL Chronicle of Data Protection

litigant’s right to obtain discovery, including video-taped depositions. Still, to “ease [the deponent’s] privacy concerns,” the judge ordered that the video component of the deposition not be publicly disclosed or otherwise released outside of the current litigation. A U.S.


DLA Piper Privacy Matters

The European Data Protection Board ( “EDPB” ) has published guidelines on the processing of personal data through video devices (the “ Guidelines “) (currently subject to a public consultation process). Where relying on legitimate interest as the lawful ground for processing personal data using video devices: The legitimate interest needs to be tied to a demonstrably ‘real’ issue i.e. not fictional or speculative.


Recent Cases Focus Attention on the Video Privacy Protection Act

Hunton Privacy

In recent months, two high-profile cases involving Hulu and Netflix have raised questions regarding the scope and application of the Video Privacy Protection Act (“VPPA”), a federal privacy law that has been the focus of increasing attention over the past few years. In the Hulu case, Hulu users claimed that the subscription-based video streaming service disclosed their viewing history to third parties.

Sales 40

California Court Denies Hulu’s Motion to Dismiss in Video Privacy Protection Act Case

Hunton Privacy

On August 10, 2012, a federal district court in California denied Hulu’s motion to dismiss the remaining claim in a putative class action suit alleging that the online streaming video provider transmitted users’ personal information to third parties in violation of the Video Privacy Protection Act (“VPPA”). The VPPA prohibits a “video tape service provider” from transmitting personally identifiable information of “consumers,” except in certain, limited circumstances.

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

Cybersecurity vendors, of course, have been responding. For consumers For technologists Privacy Top Stories VideosCyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation.

B2C 120

Automation, Machine Learning Power Future of SIEM

The Security Ledger

» Related Stories Three Decades On: RSA Labs Sets Course for Future Secure Access as a Business Accelerator: a Conversation with Pulse Secure RSAs CTO is Bullish on Security. Interview RSA Security Conversations Video Black Hat conferences encryption privacy software trends

Top 10 Cybersecurity Writing Mistakes

Lenny Zeltser

Watch the video I recorded to help you avoid the top 10 writing mistakes I’ve encountered when working as a cybersecurity professional. This video will not only help you write better but also preview the techniques I cover in my online course Cybersecurity Writing: Hack the Reader.

EDPB Releases Two-Year Work Program

Hunton Privacy

The Work Program, which was designed based on priority areas for stakeholders, outlines a list of planned guidelines, consistency opinions and EDPB activities, as well as additional possible topics that the EDPB may tackle over the course of the next two years. Guidance is planned on targeting social media users, video surveillance and connected vehicles.


An exclusive interview with a CISO

IT Governance

Watch the video below to hear what Geraint had to say about educating employees, the ever-changing threat landscape, and the importance of information and cyber security awareness at all levels of an organisation. About our e-learning courses.

Forget C-I-A, Availability Is King

The Falcon's View

This example, of course, once again highlights how you can view things through a quantitative risk assessment perspective, too. infosec leadership-management risk-management availability cia confidentiality inforisk integrity videoIn the traditional parlance of infosec, we've been taught repeatedly that the C-I-A triad (confidentiality, integrity, availability) must be balanced in accordance with the needs of the business.

Weekly Update 163

Troy Hunt

Good news is that even just a few hours after recording this video I'm felling much better, but I desperately need to take a longer period of rest if I don't want a repeat of this any time soon. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell.

Is distance learning right for you?

IT Governance

Distance learning is often considered the backup option for those who can’t attend classroom-based courses, and although it certainly does fill that need for a lot of people, it doesn’t have to be your second choice. Distance learning courses often give you immediate access to online exams.

Risk 74

Weekly Update 149

Troy Hunt

I try and give a bit of insight into that in this week's video, keeping in mind of course that I'm a bit limited by how much detail I can go into right now. What. I've been in San Fran meeting with a whole bunch of potential purchasers for HIBP and it's been. intense. Daunting.

Weekly Udpate 164

Troy Hunt

Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell. It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week.

IT 52

Weekly Update 83

Troy Hunt

As I say in the video, I need to fix this so at this stage, I'm saying "no" to pretty much everything in the second half of the year that involves international travel and I'll just do the exceptionally awesome stuff. I'm home! Home is good. My travel stats for this year - not so good.

IT 64

Reasonably Clever Extortion E-mail Based on Password Theft

Schneier on Security

actually, I actually setup a malware on the adult video clips (pornographic material) web site and you know what, you visited this web site to have fun (you know what I mean). I created a double-screen video. Of course, it all fails because there isn't enough detail.

Weekly Update 99

Troy Hunt

That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. The Bug Bounties for Researches course is now live! The JavaScript Keyloggers course is now live!

Scaling Threat Modeling Training

Adam Shostack

That’s why I’m super-excited to announce that Linkedin Learning (formerly Lynda.com) has launched my new course: Introduction to Threat Modeling for Security Professionals. I’m also pleased to say that the complete 42 minute course is free via that link.

Weekly Update 161

Troy Hunt

Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell. It's my first conference back in Australia since probably about May and I'm experiencing a rare luxury - not flying!

Weekly Update 136

Troy Hunt

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski ?? Varonis is sponsoring my blog this week and giving you access to their free "Enemy Within" course (written by me!)

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

The Last Watchdog

New life for botnets Of course botnets continue to be the engine that drives all manner of online criminal activity. Another popular all-in-one tool, called SNIPR, makes it child’s play to aim a credential stuffing campaign against gaming networks and video-streaming services. French video hosting company DailyMotion had to shut down its website temporarily due to a massive credential stuffing attack.

Weekly update 57

Troy Hunt

I'm hoping that explaining things via video (and podcast) medium makes it a little easier for a broader range of people to absorb. The South African "Master Deeds" breach is obviously the headline this week (I've also added some updates that came to hand after recording this video).

IoT 74

Weekly Update 162

Troy Hunt

Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell. Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means.

Here's Why Your Static Website Needs HTTPS

Troy Hunt

So that's precisely what I've done - intercepted my own traffic passed over an insecure connection and put together a string of demos in a 24-minute video explaining why HTTPS is necessary on a static website. I showed the de-obfuscated version in the video which you can find on Pastebin.

Another Case Where Intent to Deprive is Put in the Hands of the Jury: eDiscovery Case Law

eDiscovery Daily

Several officers arrived on the scene during the course of the arrest. In Woods v. Scissons, No. CV-17-08038-PCT-GMS (D. 14, 2019) , Arizona Chief District Judge G.