Tag Archives: Privacy

PODCAST: Giovanni Vigna

giovanni_vigna_square

Giovanni Vigna

Giovanni is a co-founder and CTO of Lastline, Inc., a company which develops solutions to detect and mitigate advanced malware and targeted threats. He is a Professor in the Department of Computer Science at the University of California in Santa Barbara and director of the Center for CyberSecurity at UCSB. He is co-director of the Security Lab, which is part of the iSeclab group and founder of the Shellphish hacker group which has annually competed in the DEFCON CTF (won in 2005) and also The DARPA Cyber Grand Challenge (3rd place). He also organizes the International Capture The Flag (iCTF), one of the world’s largest attack-defense hacking competitions.

Giovanni’s research focuses on vulnerability analysis, web security, malware analysis, and mobile security. We met in San Francisco at RSAC 2018 this year where he presented two talks, one entitled How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days and also The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem.

This episode we discuss all these things plus GDPR, Santa Barbara hot springs and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Check out Giovanni at RSAC 2018:

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

 

Tagged , , , , , , , , , , , , , , , , , , , , , ,

PODCAST: Ben & Spencer from Rhino Security Labs

Ben-Spencer-tiled

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs join me to discuss their research on Amazon Web Services privilege escalation vulnerabilities. Spencer recently revealed their AWS research on the Rhino Security Labs blog. Rhino is also rolling out a new open source AWS post-exploitation framework, designed for offensive security testing against AWS environments called Pacu. We also discuss how Ben and Spencer both found their way into the information security industry, pet peeves and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , , , , , , , , , , ,

BrightTALK webinar: Google Docs Phishing Scam

What-is-google-docs-phishing-slide-2

ICYMI: I moderated a BrightTALK webinar on the recent Google Docs phishing attack.

Join BrightTALK and check out this informative panel discussion featuring myself along with panelists Nathan Wenzler and Kowsik Guruswamy.

This slideshow requires JavaScript.

A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.

We discuss:
– What is the Google Docs email scam?
– How is this scam different from other phishing scams?
– What’s the deal with Eugene Pupov?
– Who’s at risk and how can you avoid being a victim?
– What can we expect in the future?

Moderator:
– Vince Tocce, Vince in the Bay Podcast

Speakers:
– Nathan Wenzler, Chief Security Strategist at AsTech Consulting
– Kowsik Guruswamy, CTO for Menlo Security

Follow me on Twitter!

Tagged , , , , , , , , , , , , , , , , ,

BrightTALK webinar on Cloudbleed

CloudBleed-Slide01

Last week I moderated a BrightTALK webinar on the infamous “Cloudbleed” bug.

Join BrightTALK and check out this informative panel discussion I moderated titled “CloudBleed: The Good, The Bad, and The Ugly for Users, Companies and Society.” Featuring myself along with panelists Kaushik Narayan (Skyhigh Networks), Lori MacVittie (F5 Networks), Bojan Simic (HYPR Corp), and Tom Gorup (Rook Security).

Next Wed at 10 am PDT/ 1pm EDT (March 22, 2017) I will be moderating a BrightTALK webinar on the recent “Vault 7” CIA document leaks titled WikiLeaks Vault 7: Facts, Fiction & Implications with distinguished panelists Jake Kouns, (Risk Based Security), Kenesa Ahmad (WISP) and more to be announced.

Follow me on Twitter!

Tagged , , , , , , ,