Zoom Reverses Course, Removes Local Web Server

Data Breach Today

Controversial Design Decision Could Allow for an Ambush Video Call Video conferencing vendor Zoom has opted to make major changes to its Mac application after a security researcher found several weaknesses in it.

Course 187

New Video Course for State Agencies

The Texas Record

We are pleased to announce a new online video course for state agency records management officers and records liaisons. we are currently revamping local government online courses as well!). Click here to access the video on the course page.

Linkedin Learning: Producing a Video

Adam Shostack

My Linkedin Learning course is getting really strong positive feedback. They even “let” you edit your own videos. From conceptualizing the course and the audience, through final production, it’s been a blast.

Video 83

Threat Modeling in 2018 (video release)

Adam Shostack

Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here. threat modeling

Video 65

Three Decades On: RSA Labs Sets Course for Future

The Security Ledger

contributed Reports RSA Security Conversations Video Black Hat conferences Policy privacy software

New Pluralsight Course: OWASP Top 10, 2017

Troy Hunt

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in the library even today by a long way. Because this is a "Play by Play" course, it's only an hour and 12 minutes of easy listening.

Video: How Automation and Machine Learning Power Future of SIEM

The Security Ledger

» Related Stories Three Decades On: RSA Labs Sets Course for Future Secure Access as a Business Accelerator: a Conversation with Pulse Secure RSAs CTO is Bullish on Security. Interview RSA Security Conversations Video Black Hat conferences encryption privacy software trends

Video 52

New Pluralsight Course: The State of GDPR - Common Questions and Misperceptions

Troy Hunt

Which brings me to the new course and I put precisely this question to John Elliott whilst in London last month, only a couple of weeks after GDPR had hit. I've known John for a while via Pluralsight channels and we recorded 2 courses together that day, this one and another I'll announce after it goes live. Of course, we also talk about penalties too and what levels will likely apply in what cases, plus how they'll be enforced in jurisdictions outside the EU too.

U.S. Court Allows Video Deposition Over EU Deponent’s Privacy Objections

HL Chronicle of Data Protection

litigant’s right to obtain discovery, including video-taped depositions. Still, to “ease [the deponent’s] privacy concerns,” the judge ordered that the video component of the deposition not be publicly disclosed or otherwise released outside of the current litigation. A U.S.

Video 52

New Pluralsight Course: The Role of Shadow IT and How to Bring it out of the Darkness

Troy Hunt

It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! This course looks at how shadow IT is changing, what it means in a cloud era and what practices we can apply to address it.

Recent Cases Focus Attention on the Video Privacy Protection Act

Hunton Privacy

In recent months, two high-profile cases involving Hulu and Netflix have raised questions regarding the scope and application of the Video Privacy Protection Act (“VPPA”), a federal privacy law that has been the focus of increasing attention over the past few years. In the Hulu case, Hulu users claimed that the subscription-based video streaming service disclosed their viewing history to third parties.

Video 40

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

Cybersecurity vendors, of course, have been responding. For consumers For technologists Privacy Top Stories VideosCyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation.

B2C 116

California Court Denies Hulu’s Motion to Dismiss in Video Privacy Protection Act Case

Hunton Privacy

On August 10, 2012, a federal district court in California denied Hulu’s motion to dismiss the remaining claim in a putative class action suit alleging that the online streaming video provider transmitted users’ personal information to third parties in violation of the Video Privacy Protection Act (“VPPA”). The VPPA prohibits a “video tape service provider” from transmitting personally identifiable information of “consumers,” except in certain, limited circumstances.

Video 40

Automation, Machine Learning Power Future of SIEM

The Security Ledger

» Related Stories Three Decades On: RSA Labs Sets Course for Future Secure Access as a Business Accelerator: a Conversation with Pulse Secure RSAs CTO is Bullish on Security. Interview RSA Security Conversations Video Black Hat conferences encryption privacy software trends

EDPB Releases Two-Year Work Program

Hunton Privacy

The Work Program, which was designed based on priority areas for stakeholders, outlines a list of planned guidelines, consistency opinions and EDPB activities, as well as additional possible topics that the EDPB may tackle over the course of the next two years. Guidance is planned on targeting social media users, video surveillance and connected vehicles.

GDPR 54

Forget C-I-A, Availability Is King

The Falcon's View

This example, of course, once again highlights how you can view things through a quantitative risk assessment perspective, too. infosec leadership-management risk-management availability cia confidentiality inforisk integrity videoIn the traditional parlance of infosec, we've been taught repeatedly that the C-I-A triad (confidentiality, integrity, availability) must be balanced in accordance with the needs of the business.

An exclusive interview with a CISO

IT Governance

Watch the video below to hear what Geraint had to say about educating employees, the ever-changing threat landscape, and the importance of information and cyber security awareness at all levels of an organisation. About our e-learning courses.

Is distance learning right for you?

IT Governance

Distance learning is often considered the backup option for those who can’t attend classroom-based courses, and although it certainly does fill that need for a lot of people, it doesn’t have to be your second choice. Distance learning courses often give you immediate access to online exams.

Weekly Update 83

Troy Hunt

As I say in the video, I need to fix this so at this stage, I'm saying "no" to pretty much everything in the second half of the year that involves international travel and I'll just do the exceptionally awesome stuff. I'm home! Home is good. My travel stats for this year - not so good.

Video 61

Scaling Threat Modeling Training

Adam Shostack

That’s why I’m super-excited to announce that Linkedin Learning (formerly Lynda.com) has launched my new course: Introduction to Threat Modeling for Security Professionals. I’m also pleased to say that the complete 42 minute course is free via that link.

Reasonably Clever Extortion E-mail Based on Password Theft

Schneier on Security

actually, I actually setup a malware on the adult video clips (pornographic material) web site and you know what, you visited this web site to have fun (you know what I mean). I created a double-screen video. Of course, it all fails because there isn't enough detail.

Weekly Update 136

Troy Hunt

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski ?? Varonis is sponsoring my blog this week and giving you access to their free "Enemy Within" course (written by me!)

Weekly Update 99

Troy Hunt

That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. The Bug Bounties for Researches course is now live! The JavaScript Keyloggers course is now live!

Weekly update 57

Troy Hunt

I'm hoping that explaining things via video (and podcast) medium makes it a little easier for a broader range of people to absorb. The South African "Master Deeds" breach is obviously the headline this week (I've also added some updates that came to hand after recording this video).

IoT 70

Here's Why Your Static Website Needs HTTPS

Troy Hunt

So that's precisely what I've done - intercepted my own traffic passed over an insecure connection and put together a string of demos in a 24-minute video explaining why HTTPS is necessary on a static website. I showed the de-obfuscated version in the video which you can find on Pastebin.

Demo 114

PayPal's Beautiful Demonstration of Extended Validation FUD

Troy Hunt

Here's the exact moment deep-linked in the recorded video: Well that was unexpected. Now, you may have actually spotted in the video that the cert was issued by "DigiCert SHA2 Extended Validation Server CA" which would imply EV. Of course they are!

MY TAKE: The back story on the convergence, continuing evolution of endpoint security

The Last Watchdog

Related video: New York holds companies accountable for data security. Through the course of the past two decades, threat actors and security vendors have engaged in a continuing contest of leapfrog. Of course, it’s important to have a mediation plan, if something does happen.” This is the natural course of things. No one in cybersecurity refers to “antivirus” protection any more.

Victims of Planetary Ransomware can decrypt their files for free

Security Affairs

The name is a fictitious planet name mentioned in the Xenoblade Chronicles X video game. txt , is created in each folder that contains files encrypted by the threat and on of course on the desktop.

Weekly Update 134

Troy Hunt

I also go on a bit of a rant about devices and services targeted at monitoring kids and as I say in the video, you'll see precisely why this is such a big issue for me probably next week or the week after. That's the second update in a row I've done on time!

French Data Protection Authority Unveils 2010 Annual Activity Report

Hunton Privacy

The CNIL inspected the implementation of 55 video surveillance cameras ( i.e. , CCTV cameras) and included in its Report recommendations for the implementation of such devices in workplaces. In addition, pursuant to a new security bill ( Loi d’orientation et de programmation pour la performance de la sécurité intérieure of March 14, 2011 ), the CNIL was granted additional authority to monitor the use of video surveillance cameras in both private and public areas.

Weekly Update 80

Troy Hunt

The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. 04:00 - Pluralsight course. It's a MASSIVE weekly update!

Video 70

Weekly Update 119

Troy Hunt

As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity which was really disappointing to see. I'm home! And it's a nice hot Christmas! And I've got a new car!

Weekly Update 85

Troy Hunt

You'll notice I've also changed the video thumbnail and removed the text in the opening frames, I hope that's an improvement. (Oh Here's the lighting gear I bought (there's also a link to a great video in there on getting your lights right). It's a new Pluralsight course!

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Schneier on Security

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. This video shows a demonstration of ExpressVote all-in-one touchscreens purchased by Johnson County, Kansas.

Convert Plus WordPress plugin flaw allows hackers to create Admin accounts

Security Affairs

New subscribers can use a specific form that allows them to define the role they want, of course, administrator accounts are not in the list of possible options og a drop-down menu. Defiant experts also published a video PoC for the exploitation of the issue.

Weekly Update 91

Troy Hunt

In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week. If you're happy they're happy and yes, of course you need the content to back it up, but enthusiasm carries you a very long way.

Video 68

Weekly Update 87

Troy Hunt

NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again. Also this week, 2 new Pluralsight courses! We're on a beach!

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

Related video: How DDoS attacks leverage the Internet’s DNA. Of course, we’ve not seen the last of these types of innovative, brute-force attacks. Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon.

IoT 195

Threat Modeling Thursday: 2018

Adam Shostack

And of course, because it’s 2018, there’s cat videos and emoji to augment logic. Since I wrote my book on the topic, people have been asking me “what’s new in threat modeling?”

Video 52

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

Related video: Why it’s high time to protect unstructured data. Most of the unstructured data generated in the course of conducting digital commerce doesn’t get stored in a database or any other formal management system. All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”.