Episode576

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #576

Recorded September 20, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
    • Join us for our Webcast with LogRhythm about "Tips & Tricks for Defending the Enterprise Using Open Source Tools". The webcast will be held September 27 @3:00PM EST!

    Interview: Mike Ahmadi, DigiCert - 5:30-6:00PM

    Mike Ahmadi
    is the Global Director of IoT Security Solutions at DigiCert.
    Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare. Ahmadi currently serves in various capacities to advance industry standards for IoT security, including as a member of the technical steering committee for the ISA Security Compliance Institute (ISCI), and also the Chairman of the Cybersecurity Assurance Testing Task Force under the Society for Automotive Engineering (SAE). He also is an active member of the U.S. Department of Homeland Security Industrial Control Systems Joint Working Group, as part of the advisory board for the U.S. Secret Service Electronic Crimes Task Force. Ahmadi makes regular appearances as a speaker and subject matter expert at various cybersecurity events internationally. Previously, Ahmadi has served on the editorial board of ISSA Journal, and been a co-author for AAMI Journals as well as several other publications, including the American Bar Association Security and Privacy guide.


    Tech Segment: Threat Hunting in the Cloud, Apollo Clark - 6:00PM-6:30PM

    Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.

    Presentation Link: https://www.slideshare.net/ApolloClark/threat-hunting-in-the-cloud

    Project: https://github.com/apolloclark/tf-aws

    Commands: https://gist.github.com/apolloclark/35cb4a7501ac41df763bc45860fbd406

    Security News - 6:30-7:30PM

    Larry's Stories

    1. govpaynow leaks 14M records
    2. When It Comes To Cybersecurity Assessment Nothing Beats The Real Thing
    3. Microsoft managing your desktop...
    4. Education Department warns that students on financial aid are being targeted in phishing attacks
    5. emoji usage in the domain
    6. hunting mobile endpoints the hard way and the harder way

    Not Kevin's Stories

    1. Biz! Formerly! Known! As! Yahoo! Settles! Data! Breach! Cases! To! The! Tune! Of! $47m!"The company formerly known as Yahoo! is close to settling cases related to the mammoth data security breach it covered up almost four years ago at a cost of around $47m"
    2. US judge allows e-voting despite hack fears"A judge in the US state of Georgia has approved the use of electronic voting machines - despite being "gravely concerned" that they could be hacked"
    3. Magecart Strikes Again, Siphoning Payment Info from Newegg"The data breach, hard on the heels of the British Airways breach, shows that Magecart is quickly evolving and shows no signs of slowing down"
    4. Equifax fined by ICO over data breach that hit Britons "Credit rating agency Equifax is to be fined £500,000 by the Information Commissioner's Office (ICO) after it failed to protect the personal data of 15 million Britons"
    5. They Got 'Everything': Inside a Demo of NSO Group's Powerful iPhone Malware "A source managed to see Israeli surveillance vendor NSO Group’s powerful iPhone malware up close. Despite a wave of highly controversial customers, the company appears to be popular worldwide"

    Jason's Stories

    1. AmazonBasics Microwave, Works with Alexa - Now we can order more popcorn from our microwave?
    2. Senate can’t protect senators, staff from cyber attacks, Wyden warns
    3. Equifax fined by ICO over data breach that hit Britons
    4. US military given the power to hack back/defend forward
    5. FBI wants to keep “helpful” Mirai botnet authors around
    6. Your Business Should Be More Afraid of Phishing than Malware

    Jack's Stories

    1. Zero day in internet connected cameras? Say it ain't so.

    Apollo's Stories