From Paul's Security Weekly
Recorded July 18, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Katie Nickels, MITRE - 6:00-6:30PM
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Topic Segment: Security Roundtable 6:30 - 7:30PM
In this segment, we're going to talk about various security topics, such as:
- Vulnerability Management - Name three tips for a successful vulnerability management program. How has vulnerability management changed in recent years?
- Patching - How can we motivate IT operations to apply patches more timely and consistently? Do we even need to rely on patches for security today? Can we just patch the critical ones?
- Hunt Teaming - What can organizations do to discover breaches more quickly and consistently? What are the best and most effective ways to hunt?
- Asset Management - How can organizations build and maintain an accurate inventory of software and systems?
- System Hardening - How should organizations develop a standard for “secure” systems and how should the program be structured? How much do we rely on configuration standards and compliance versus developing our own standards?
Security News - 7:30PM-8:30PM
- Adoption rates of basic cloud security tools and practices still far too low - Help Net Security
- Is web crawling legal? - Towards Data Science
- Still not using HTTPS? Firefox is about to shame you
- Malicious Python packages found on PyPI - Help Net Security
- Hacked Bluetooth hair straighteners are too hot to handle
- Identity Theft on the Job Market - Schneier on Security
- 79% of US Consumers Fear Webcams Are Watching
- Over 800,000 Systems Still Vulnerable to BlueKeep Attacks | SecurityWeek.Com
- How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
- Slack resets passwords for 1% of its users because of 2015 hack | ZDNet
- No, You Dont Need a Burner Phone at a Hacking Conference
- 8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
- Open Source Hacking Tool Grows Up
- Best Practices for Branch Office Edge Security
- Alan Turing - the face of the new 50 note
- 18% of Enterprises Holding Back on Windows 10 Upgrade
- Mysterious hackers steal data of over 70% of Bulgarians
- Woman arrested at Apple store after inserting half-dozen stolen iPads inside her vagina
- John Paul Stevens and the U.S. Navy at War Remembering a fellow Cryppie who helped the U.S. turn the tide on the Japanese during World War II
- Slack Resets User Passwords After 2015 Data Breach
- Hacker Breached Sprint Customer Accounts Through Samsung Website
- Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink
- A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias.
- Lenovo Confirms 36TB Data Leak Security Vulnerability "These vulnerabilities, if exploited, could have impacted the integrity, availability, and confidentiality of the systems," - I've got a few problems with this statement...
- Apple Is Sending Out Another Silent Update To Fix RingCentral Webcam Flaw Does Apple have a problem with worms?
- Zoom vulnerability reveals privacy issues for users Wait, don't we use Zoom?
- Why BlueKeep Hasn't Wreaked Havoc Yet
- 800k Systems Still Vulnerable to BlueKeep
- Billy Rios and Jonathan Butts created a Device that can literally kill people
- YAAS - Yet Another App Store - Kali NetHunter