- 1 Paul's Security Weekly #566
- 2 Announcements
- 3 Interview: Tom Brennan, Proactive Risk & Gary Berman, Cyberman Security - 6:00PM-6:45PM
- 4 Technical Segment: Joff Thyer: Fun with Android APK's - 6:45-7:45PM
- 5 Security News - 7:45PM-8:30PM
Paul's Security Weekly #566
Recorded June 28, 2018 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
Interview: Tom Brennan, Proactive Risk & Gary Berman, Cyberman Security - 6:00PM-6:45PM
Today Tom is associated with CREST International as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.
Gary is the CEO of Cyberman Security and refers to himself as, “the most reluctant cyber security person in the world” given that his 25-year career has been as a thought leader in marketing communications in general and in market segmentation in particular. Until recently, he knew very little about technology and even less about cyber security, but everything about the devastating effects of being the CEO of a company that was victimized by a persistent series of insider attacks.
Technical Segment: Joff Thyer: Fun with Android APK's - 6:45-7:45PM
Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platform.
Security News - 7:45PM-8:30PM
- Terrible passwords outlawed in Microsofts new Azure tool
- OMG! I just received someone elses security camera footage!
- Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site
- Hilarious! Paid Jailbreak for Nintendo Switches Includes Anti-Piracy Code
- Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles
- There's No Automating Your Way Out of Security Hiring Woes
- Ticketmaster Suffers Security Breach Personal and Payment Data Stolen
- Stop Wiping Your Butt So Hard
- Toronto Cops in Big Trouble for Eating Weed Edibles, Calling Backup on Themselves
- New Windows 10 vulnerability bypasses OS defenses, says security researcher
- WiFi's tougher WPA3 security is ready
- Plant Your Flag, Mark Your Territory
- Windows 10 security can be bypassed by Settings page weakness
- Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data
- Exactis said to have exposed 340 million records, more than Equifax breach "We hadn't heard of the firm either, but it had data on hundreds of millions of Americans and businesses and leaked it, according to Wired"
- Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers "In a novel investigative strategy, rather than just following the money, investigators went undercover as someone converting Bitcoin into cash, exploiting a financial bottleneck faced by dark web criminals."
- Victory! Supreme Court Says Fourth Amendment Applies to Cell Phone Tracking "The Supreme Court handed down a landmark opinion today in Carpenter v. United States, ruling 5-4 that the Fourth Amendment protects cell phone location information."
- Use of Hard-coded Password, (Remote) Exposed Dangerous Method or Function in Medtronic MyCareLink Patient Monitor "The affected product contains a hard-coded operating system password...This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
- Subject: [gentoo-announce Gentoo Github Organization hacked.] "Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories...All Gentoo code hosted on github should for the moment be considered compromised."