Episode582

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #582

Recorded November 8, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Announcements

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

    Interview: Corin Imai, DomainTools - 6:00-6:30PM

    Corin Imai
    is the Senior Security Advisor at DomainTools.
    Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security.


    Tech Segment: Eyal Neemany, Javelin Networks - 6:30PM-7:00PM

    Eyal Neemany
    Sr. Cyber Security Researcher at Javelin-Networks
    Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks.


    Security News - 7:30 - 8:30PM

    Paul's Stories

    1. These Vibrating Apps Turn Your Phone Into A Sex Toy
    2. Cisco Accidentally Released Dirty Cow Exploit Code in Software
    3. Drone Vulnerability Could Compromise Enterprise Data
    4. Several Vulnerabilities Patched in nginx
    5. Top 5 New Open Source Security Vulnerabilities in October 2018
    6. Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
    7. IoT Botnet Infects 100,000 Routers To Send Spam
    8. Apache Struts Vulnerability Would Allow System Takeover
    9. Flaws In Self-Encrypting SSDs Let Attackers Bypass Encryption
    10. Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
    11. On eve of US elections, Facebook blocked 115 accounts engaged in coordinated inauthentic behavior
    12. U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
    13. XSS flaw in Evernote allows attackers to execute commands and steal files
    14. Users Stop Engaging With Brands After Data Breaches, Report Finds
    15. U.S. Secret Service Warns ID Thieves are Abusing USPSs Mail Scanning Service
    16. Busting SIM Swappers and SIM Swap Myths

    Larry's Stories

    1. Public Virtualbox 0-day VM escape - Technical details here
    2. Security flaws in encrypted SSDs
    3. SSD flaw leads to Bitlocker compromise
    4. upcoming Edge 0-day
    5. US Cyber command uploading unclassified ATP to VirusTotal - from @k8em0, "I wonder how much intel sharing is needed to ensure the US Cyber Command doesn't inadvertently blow an ally's operation when uploading malware samples to @virustotal? Someone should ask the 5 eyes at the #AspenCyber conference. Because friends don't burn friends' ops.”
    6. Hacking Microsoft Live accounts via subdomain hijacking - poor DNS hygiene...

    Jeff's Stories

    1. Cyber security relics: 4 older technologies still plaguing the infosec world
    2. Feature Article on my "Does DoD Level Security Work in the Real World?"
    3. HSBC Suffers Data Breach

    Joff's Stories