From Paul's Security Weekly
Recorded July 18, 2019 at G-Unit Studios in Rhode Island!
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!
- Have you been trying your hardest to get a ticket to DerbyCon FinishLine?! We know that tickets sold out almost immediately, as they do almost every year, and we have an exciting announcement: Security Weekly is giving away 7 tickets to DerbyCon! Here's what you need to do - subscribe to the Security Weekly YouTube channel and send an email to firstname.lastname@example.org with either a written or video testimonial about what Security Weekly means to you! That's it, it's really that simple! First 7 people to complete this will receive a ticket to DerbyCon! You will also be invited to participate in our Security Weekly DerbyCon interview series that Sam and Mark will be running at the conference!
Interview: Katie Nickels, MITRE - 6:00-6:30PM
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Topic Segment: Security Roundtable 6:30 - 7:30PM
In this segment, we're going to talk about various security topics, such as:
- Vulnerability Management - Name three tips for a successful vulnerability management program. How has vulnerability management changed in recent years?
- Patching - How can we motivate IT operations to apply patches more timely and consistently? Do we even need to rely on patches for security today? Can we just patch the critical ones?
- Hunt Teaming - What can organizations do to discover breaches more quickly and consistently? What are the best and most effective ways to hunt?
- Asset Management - How can organizations build and maintain an accurate inventory of software and systems?
- System Hardening - How should organizations develop a standard for “secure” systems and how should the program be structured? How much do we rely on configuration standards and compliance versus developing our own standards?
Security News - 7:30PM-8:30PM
- Adoption rates of basic cloud security tools and practices still far too low - Help Net Security
- Is web crawling legal? - Towards Data Science
- Still not using HTTPS? Firefox is about to shame you
- Malicious Python packages found on PyPI - Help Net Security
- Hacked Bluetooth hair straighteners are too hot to handle
- Identity Theft on the Job Market - Schneier on Security
- 79% of US Consumers Fear Webcams Are Watching
- Over 800,000 Systems Still Vulnerable to BlueKeep Attacks | SecurityWeek.Com
- How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
- Slack resets passwords for 1% of its users because of 2015 hack | ZDNet
- No, You Dont Need a Burner Phone at a Hacking Conference
- 8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
- Open Source Hacking Tool Grows Up
- Best Practices for Branch Office Edge Security
- Alan Turing - the face of the new 50 note
- 18% of Enterprises Holding Back on Windows 10 Upgrade
- Mysterious hackers steal data of over 70% of Bulgarians
- Woman arrested at Apple store after inserting half-dozen stolen iPads inside her vagina
- John Paul Stevens and the U.S. Navy at War Remembering a fellow Cryppie who helped the U.S. turn the tide on the Japanese during World War II
- Slack Resets User Passwords After 2015 Data Breach
- Hacker Breached Sprint Customer Accounts Through Samsung Website
- Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink
- A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias.
- Lenovo Confirms 36TB Data Leak Security Vulnerability "These vulnerabilities, if exploited, could have impacted the integrity, availability, and confidentiality of the systems," - I've got a few problems with this statement...
- Apple Is Sending Out Another Silent Update To Fix RingCentral Webcam Flaw Does Apple have a problem with worms?
- Zoom vulnerability reveals privacy issues for users Wait, don't we use Zoom?
- Why BlueKeep Hasn't Wreaked Havoc Yet
- 800k Systems Still Vulnerable to BlueKeep
- Billy Rios and Jonathan Butts created a Device that can literally kill people
- YAAS - Yet Another App Store - Kali NetHunter