From Paul's Security Weekly
Recorded January 3, 2019 at G-Unit Studios in Rhode Island!
- RSA Conference 2019 is the place to be for the latest in cybersecurity data, innovation and thought leadership. From March 4 – 8, San Francisco will come alive with cybersecurity’s brightest minds as they gather together to discuss the industry’s newest developments. Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
Interview: Dameon Welch-Abernathy, Check Point Software Technologies - 6:00-6:30PM
Tech Segment: Breaches, Privacy, Compliance and More! - 6:30 - 7:30PM
The Security Weekly crew has a lively topic discussion on the following:
- What is the most common trait among organizations that have suffered a security breach?
- How does security impact privacy?
- What is the best way to disclose a vulnerability?
- What is the best way to determine which security solutions you need and the best ways to evaluate them?
- Where should more effort be placed in a security program: protection, detection or reaction?
- Does compliance hinder or enhance security and why?
- What can we do to make certain security is a consideration when implementing a new product? A new IT project? New software?
Security News - 7:30PM-8:30PM
- The Worst Hacks of 2018 - Uhm, dear Wired, you made an error in the title. These are the "best" hacks of 2018, or maybe even "the most successful" hacks of 2018. I was really hoping for a list of hacks that totally failed, hard. That would be an article I would actually read, rather than this regurgitated crap.
- Apple Keeps Malware Info from Antivirus Firms: Researcher - Patrick Wardle, about whose discoveries we've written many times on Tom's Guide, last month analyzed a new strain of Mac malware called Windshift. He noticed that Apple had revoked the digital certificate that let the malware install on Macs. That's good. But when Wardle checked VirusTotal, an online repository of known malware, only two of some 60-odd antivirus malware-detection engines could spot Windshift.
- Hackers Hijack Smart TVs to Promote PewDiePie - According to a website for the latest campaign, the duo targeted a router setting called Universal Plug and Play (UPnP), which is used to help smart devices easily connect to other devices on a private network – however, the feature can also publicly expose the devices’ internet ports if configured that way. Also, do not expose the ADB service to the Internet. This is happening exactly as I predicted years ago, you now have pop-ups on your TV.
- Hackers Attempt to Sell Stolen 9/11 Documents - The demands are EPIC, they are going after all parties involved, exposing information with a series of decryption keys. But, is the information really worth protecting? We may never know, or will we?
- Hope you're over that New Year's hangover there's an Adobe PDF app patch to install - Okay, there is always a patch to install. So everytime you have a hangover, you can install a patch. When you don't have a hangover, install a patch. When you are drunk, install a patch. If you use Adobe PDF reader, you must be drunk.
- Over 19,000 Orange modems are leaking WiFi credentials | ZDNet
- Turn Your House into a DOOM Level with a Roomba - I LOVE this: The DOOMba, created by game engineer and programmer Rich Whitehouse, is designed to turn the sensors on one of the newer Roomba models, the Roomba 980, into real-life map-making tools that can inject some demon-slaying into your home.. Also, a great way to create a map of a place that you are going to rob, stealing is wrong kids, but a cool idea.
- Hackers Make a Fake Hand to Beat Vein Authentication - Cool stuff, however the fake hands look like cookies, or cake. Yum? Jeffery Dommer ate my fake hand again?
- wget utility potential leaked password via extended filesystem attributes
- Cloud Hosting Provider DataResolution.net hit by the Ryuk ransomware - Oh, same Ransomeware that is responsible for stopping newspaper production for the 2 people that still read newspapers.
- Cyberattack Halts Publication for US Newspapers
- Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs
- Equifax congressional report and some great [https://www.sans.org/security-awareness-training/blog/just-released-congressional-report-equifax-hack commentary Great timelines and lots of notes about more than one point of failure]
- Windows internal sandbox. So cool. Now we wait for an escape…
- IE scripting engine RCE…it's been a while!
- US ballistic missile systems have crappy security
- Hackers making attacks look like they come from the Chinese government….no shit. Attribution is hard.
- Fighting deepfakes, the next technological frontier.
- LA times (and others) distribution delayed because hax.
Lee Neely's Stories
- Nova Entertainment suffers data breach What can happen when you don't decommission legacy systems?
- LA Times and other papers impacted by Ransomware Ransomware encrypted files used by typesetting and was spread over interconnections
- Wannacry still lurking on infected computers What happens if the killswitch site ever goes offline?