From Paul's Security Weekly
- 1 Paul's Security Weekly #568
- 2 Announcements
- 3 Interview: Davi Ottenheimer, flyingpenguin- 6:00PM-6:45PM
- 4 Technical Segment: Chris Spehn, Mandiant's red team - 6:45-7:45PM
- 5 Security News - 7:45PM-8:30PM
Paul's Security Weekly #568
Recorded July 19, 2018 at G-Unit Studios in Rhode Island!
- We just released our 2018 Listener Survey; Please go to securityweekly.com/survey to help us continue to provide you with quality content that doesn't break the build.
- Mike Thompson joins us to show you how the threat intelligence space is transforming and what techniques security professionals can apply to stay a step ahead of threat actors by mapping their infrastructure. Register now @ securityweekly.com/domaintools
- Come to our Pool Cabana @ Black Hat and Def Con to pick up a free copy of "Cyber Hero Adventures". Here you will be able to get the comic book signed by Gary Berman.
Interview: Davi Ottenheimer, flyingpenguin- 6:00PM-6:45PM
Davi Ottenheimer is a strategist and author focused on cultural disruptions and defense ethics in emerging data platforms and intelligent machines; for more than twenty years’ he has led global teams developing and managing secure systems.
Technical Segment: Chris Spehn, Mandiant's red team - 6:45-7:45PM
Chris is one of the creators of GreatSCT, a tool designed to generate metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions.
Security News - 7:45PM-8:30PM
- The evolutionary waves of the penetration-testing / vulnerability assessment market - As we see, each new wave doesn't necessarily replace the last -- it's additive. I think this also indicates that the market for assessments has grown considerably, despite those that poo-poo pen tests as an example.
- The Fundamental Flaw in Security Awareness Programs - I frequently use the example that employees know that they should not watch pornography at work. While compliance requires that this be stressed, employees know that they can be fired without the training. People know and accept the fact that there are practices that they have to adhere to as part of their job responsibility, as a condition of continued employment. Security managers need to utilize this fact and stop abdicating their responsibility to implement security practices into business processes. This is the core function of any person overseeing a critical responsibility.
- The SIM Hijackers - But why? Oh: They were now asking Rachel and Adam to give up her @Rainbow Twitter account. In the buzzing underground market for stolen social media and gaming handles, a short, unique username can go for between $500 and $5,000, according to people involved in the trade and a review of listings on a popular marketplace. Several hackers involved in the market claimed that the Instagram account @t, for example, recently sold for around $40,000 worth of Bitcoin.
- Roblox blames virtual 'gang rape' on hack - But how? "The incident involved one bad actor that was able to subvert our protective systems and exploit one instance of a game running on a single server. "We have zero tolerance for this behaviour and we took immediate action to identify how this individual created the offending action and put safeguards in place to prevent it from happening again."
- Thousands of Mega logins dumped online, exposing user files | ZDNet - We sent the data to Troy Hunt, who runs data breach notification site Have I Been Pwned, to analyze. His analysis pointed to credential stuffing -- where usernames and passwords are stolen from other sites and ran against other sites -- rather than a direct breach of Mega's systems. He said that 98 percent of the email addresses in the file had already been in a previous breach collected in his database.
- Facebook refuses to remove fake news, but will demote it
- The Russians Who Allegedly Hacked the DNC Mined Bitcoin to Fund Their Operation
WTF Story Of The Week
- Florida man, 33, posed as housewife to lure men into home where he'd secretly film sex acts for web, cops say - Social engineering gone wrong
- Hackers automate the laundering of money via Clash of Clans
- 6 Ways to Tell an Insider Has Gone Rogue