Episode593

From Paul's Security Weekly
Jump to: navigation, search

Recorded February 7, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Lee Neely
    is the Sr Cyber Analyst at LLNL,SANS Analyst
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.


  • Announcements

    • RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to https://securityweekly.com/webcasts.



    Tech Segment: Chris Long, Palantir - 6:00-6:30PM

    Chris Long
    is the Security Engineer for Palantir.
    Chris Long is a Security Engineer at Palantir who has been specializing in Detection Engineering for the last decade. Although he's primary focused on detection, he is an OSCP and OSCE certification holder and does his best to stay up to date with attacker tactics. When he's not securing and laying tripwire around networks, he's usually testing or contributing to open source security projects like osquery and DetectionLab.


    Topic: DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant.

    The goal of the project is ultimately to save people time from having to create lab environments by hand and to provide them with a solid baseline of logging and security tooling. Defenders can use it as a way to see what types of artifacts are generated by specific malicious tools or techniques and red teamers can use it to ensure their TTPs aren't generating unwanted logs/signals that defenders would be able to spot. It would also be a great environment for evaluating endpoint security software, especially if ActiveDirectory is a prerequisite.

    Links/References:


    Security News - 6:30 - 7:30PM

    Paul's Stories

    1. 5G networks must be secured from hackers, bad actors, US senator says
    2. Unlimited crypotocurrency? Zcash fixes counterfeiting flaw
    3. National pen test execution standard would improve network security
    4. Security expert Marco Ramilli released for free the Malware Hunter tool
    5. Zero-day Vulnerability Highlights the Responsible Disclosure Dilemma | SecurityWeek.Com
    6. What do successful pentesting attacks have in common? - Help Net Security
    7. Lookalike domains: Artificial intelligence may come to the rescue - Help Net Security
    8. 8 months of GDPR: 59,000+ reported breaches, 91 fines - Help Net Security
    9. Flaw in Multiple Airline Systems Exposes Passenger Data
    10. When 911 Goes Down: Why Voice Network Security Must Be a Priority
    11. Micro-segmentation Security Firm Illumio Raises $65 Million | SecurityWeek.Com
    12. Security Bugs in Video Chat Tools Enable Remote Attackers
    13. Half of IoT devices let down by vulnerable apps
    14. Original WWII German message decrypts to go on display at National Museum of Computing

    Jeff's Stories

    1. Today is Shine a Light on Slavery Day Born out of the belief that even one person trapped in slavery is too many, #ENDITMOVEMENT is a coalition of the leading organizations in the world in the fight for freedom.
    2. Fewer Breaches in 2018, But More Sensitive Data Spilled
    3. What Can We Learn from the Healthcare Data Breach 'Wall of Shame'?
    4. Tribe of Hackers FREE PDF Cybersecurity advice from the best hackers in the world
    5. Does HIPAA Apply to Medical Marijuana Facilities?

    Lee's Stories

    1. Authentication and Key Management flaws in 5G Authentication and Security issues are being revealed in 5G which allow MITM and collection of other mobile user information. May also impact 4G & 3G protocols. Expect fixes by end of 2019 with second phase deployment.
    2. Phone number porting scam Scenario where you're being asked to call someone who says you must provide a PIN first, this is the PIN for completing a phone port to Google Voice of your number.
    3. Discarded smart lightbulbs can reveal your passwords Discarded Lifx lightbulbs were found to store WiFi passwords and RSA private keys in the clear.
    4. LibreOffice and OpenOffice RCE flaw disclosed. Exploits the Python file parsing code to call functions and pass parameters. LibreOffice has a patch. Workaround: disable python support by renaming or removing pythonscrypt.py
    5. Vaporworms - a new variant of fileless malware threat. Preditcted to be the scourge of 2019 - vaporware is a new twist on fileless malware which is harder to track and find, e.g. payload in one registry key, and execution command in another.
    6. Apple Releases Multiple Security Updates iOS 12.1.4 and OS X 10.14.3 Supplimental Update to address Group FaceTime issue. Group FaceTime still appears disabled even with those updates applied as of the broadcast.


    Interview: Connie Mastovich, InfoSec World '19 - 7:30PM-8:30PM

    Connie Mastovichis the Sr. Security Compliance Analyst at Reclamere
    Connie Mastovich, CISSP, Senior Security Compliance Analyst: Connie’s career has spanned both healthcare and government sectors, and approximately the past 12 years have focused on various aspects of Security and Privacy. As a federal government contractor, she ensured stringent government security standards were met while supporting a critical Air Force contract. Connie’s background is also strongly linked to the healthcare field, as she began her career working in the Information Services Department of a regional hospital. Additionally, she performed Privacy Assessments and HIPAA compliance evaluations for a worldwide provider of health care equipment and processes. Connie brings this experience and diverse skill set, along with a strong focus on superior customer service, to Reclamere. She is an integral part of the Security Staff, filling the role of both internal and external Subject Matter Expert (SME) in a wide variety of security duties.