From Paul's Security Weekly
Recorded March 21, 2019 at G-Unit Studios in Rhode Island!
- Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting secureworldexpo.com and using the code 'SecurityWeekly'.
- We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
Interview: Marcus Carey, Tribe of Hackers - 6:00-6:30PM
Tech Segment: DomainTools - 6:30 - 7:30PM
Paul Asadoorian unloads the Technical Segment, presented by our amazing sponsor DomainTools, to show us about Domain Investigation w/ DomainTools Iris!
Security News - 7:30PM-8:30PM
- Algorithms can now find bugs in computer chips before they are made - Help Net Security
- Advanced Breach Protection Demystified Untold Truths On Security Beyond AV
- Quantum Computing and Code-Breaking
- Operation SaboTor Police arrested 61 vendors and buyers in the dark web
- Grindr Poses National Security Risk, U.S. Gov Says
- Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
- Microsoft Tackles IoT Security with New Azure Updates
- New Shodan Monitor service allows tracking Internet-Exposed devices
- DMSniff POS Malware uses DGA to stay active DMSniff malware uses DGA techniques to avoide detection searches direct memory for card numbers and send them to the C2. Includes 11 variants of DGA.
- Android Q will come with improved privacy protections The next version of Android will no longer provide contact affinity information, use randomized MAC addresses making location analytics more difficult and only on screen, in focus apps will be able to access clipboard information.
- Scammers abusing Kiwis' Generosity Phishing, hacked web sites, and other scams are cropping up in the wake of the Christchurch tragedy, CERT NZ is collecting scam reports, raising awareness and providing real references.
- Hacked Tornado Sirens taken offline ahead of major storm 40 Hacked tornado sirens in North Texas taken offline one day prior to expected storms, remniscent of the Dallas hack in 2017. While not connected, the Dallas hack involved radio manipulation, and reminded us to verify communication paths were secure.
- Putty releases update that fixes 8 security flaws Fixes buffer overflow, cryptographic number reuse flaws as well as three terminal DOS attacks.
- MyPillow and Amerisleep Websites hit with credit card stealing attacks Attackers injected a script into the mypillow.com site and skimmed credit card data to mypitlow.com site, which is now offline, there are inconsistent reports about how much data was captured.