From Paul's Security Weekly
Recorded July 25, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
Interview: Troels Oerting, WEforum - 6:00-6:30PM
Before joining World Economic Forum Troels Oerting worked as Group Chief Information Security Officer (CISO) and Group Chief Security Officer (CSO) with end to end responsibility of all security in Barclays Group, responsible for more than 3000 security experts World Wide protecting the banks 50 million customers and 140.000 employees.
Previously Troels also held the position as Director of the European Cybercrime Centre (EC3), an EU wide centre located in EUROPOL with the task to assist Law Enforcement Agencies in protecting 500 million citizens in the 28 EU Member States from cybercrime or loss of privacy. As an expert in cyber security Troels has constantly been looking for new legislative, technical or cooperation opportunities to efficiently protect privacy and security for users of the Internet. He has been pioneering new methodologies to prevent crime in Cyberspace and protect innocent users from losing their digital identity, assets or privacy online. As Director of EC3 he also initiated the establishment of the International ‘Joint Cybercrime Action Task Force’ (J-CAT) including global leading law enforcement agencies, prosecutors and Interpol’s Global Centre of Innovation and the J-CAT has since been recognized as the leading international response to the increasing threat from Organized Cyber Criminal networks. He has been Cyber adviser for the EU Commission and Parliament and been a permanent delegate in many governance organisations i.e. INTERPOL, ICANN, ITU and The Council of Europe and used by several governments and organisations as adviser in cyber related questions. He also established a vast global Outreach program including law enforcement, NGO’s, key tech companies and industry who together with Academic Research Institutes established a multifaceted global coalition against cyber criminal syndicates and networks, with the aim to enhance online security without harming privacy and to invent new ways of protecting users of the Internet.
Before joining Europol as Director for the European Cybercrime Centre (EC3) Troels Oerting held the position as Assistant Director for Europol Organized Crime department as well as the Counter Terrorist Department and he also held positions as Director of Operation in the Danish Security Intelligence Service and Director for the Danish Serious Organised Crime Agency (SOCA).
Troels is also an extern lecturer in cybercrime at a number of Universities and Business Schools and has been Internationally awarded several times by global law enforcement agencies for his international leadership in fighting cyber- and organised crime. He is author of a political thriller published in Danish: Operation Gamma.
Security, Privacy, Integrity through Prevention, Protection and Prosecution via
People, Tech and Processes.
Security News - 6:30PM-7:30PM
- How to improve the hiring and retaining of infosec professionals? - Help Net Security
- Every minute, $2.9 million is lost to cybercrime - Help Net Security
- Answer These 9 Questions to Determine if Your Data Is Safe
- Fact vs Fiction: The Truth About Breach and Attack Simulation Tools | SecurityWeek.Com
- Crypto-Mining Botnet Implements BlueKeep Scanner | SecurityWeek.Com
- If youre struggling with Windows 10 migration, updates will be an even bigger challenge - Help Net Security
- Average data breach cost has risen to $3.92 million - Help Net Security
- InfoSec Handlers Diary Blog - May People Be Considered as IOC?
- How GDPR is Forcing the Tech Industry to Rethink Identity Management & Authentication
- When it comes to the IoT, Wi-Fi has the best security
- How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure | SecurityWeek.Com
- Picture Perfect: How JPG EXIF Data Hides Malware - OpenDNS Umbrella Blog
- Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
- U.S. Warns of 5G Wireless Network Security Risks | SecurityWeek.Com
- PKWARE contributing to the development of PCI Security Standards - Help Net Security
- Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully
- Security or compliance? Stop choosing between them - Help Net Security
- Science Fiction Writers Helping Imagine Future Threats - Schneier on Security
- Rapper Who is Very Concerned with Password Security
- Security Considerations in a BYOD Culture
- Programmer from hell plants logic bombs to guarantee future work
- US Attorney General Says Encryption Creates Security Risk | SecurityWeek.Com
- APT17 aka DeputyDog has been revealed as an operation of Chinese Ministry of State Security
- The list of laboratories and other healthcare clients affected by the data breach at American Medical Collection Agency continues to grow - as does the number of patients whose data may have been exposed
- And the Huawei plot thickens… - Huawei secretly helped North Korea build and maintain its 3G mobile network, potentially breaking US sanctions in the process, a new report has sensationally claimed. A former employee leaked sensitive internal documents to The Washington Post, allegedly revealing a number of projects related to building out 3G in the hermit state. The documents are said to refer to North Korea, and countries like Iran and Syria, by code.
- Phishing Scheme Targets Amex Cardholders Bougus account update Email used. Malicious URL split in two to avoid filters.
- Analysis of Elusive MegaCortex Ransomware Attacks Domain Cotroller, installs Cobalt Strike, leverages PsExec to deliver ransomware as winnit.exe.
- Kazakhstan Government Requires Root Certificate install The Kazakhstan government is requiring all citizens to install their root certificates on system as a protection mechanism, it also allows interception of HTTPS traffic as their certificate will be trusted.
- Apple Releases multiple updates watchOS 5.3, macOS 10.14.6, Safari 12.1.2, tvOS 12.4, iOS 12.4 (and 10.3.4, 9.3.6 for older devices), iCloud and iTunes also updated.
- Scientists Find Key to Sending Data Trhough Music: Van Halen Audio Stenography works best with rock music. Encode message (e.g. URL) so human ear cannot decode, but any device with app can.
- 7.5TB Breach Reveals Secret Russian IT Projects Twitter account @0v1ruS seems to be tied to @D1G1R3V (DigitalRevolution) who is motivated by information freedom in Russia.
- Equifax, Regulators Close to signing $700M Settlement $700M to settle data breach lawsuits. Options include 6 more years credit monitoring, reimbursement up to $20K, and extended monitoring for affected minors.
- Silk Road Drug Dealer caught when converting bitcoin to cash Poor operational security choices exposed the blockchain to DHS who traced the Bitcoin origins to Silk Road rather than claimed successful Bitcoin Mining.
- New Phishing for O365 users Fake login page, which tests credentials immediately using IMAP, plus real error page, which isn't often done. Mitigation: MFA plus disable legacy protocols such as IMAP/POP.
- VPN Flaw in Global Connect allows authentication bypass. CVE-2019-1579 allows login to Palo Alto VPN bypassing username/password. While here is a fix, older code still online. 22 servers operated by Uber were identified.
- Facebook's 5 Billion FTC Fine is Just the Start of its Problems
- Two charged with terrorism over Bulgaria's biggest data breach
- Marriott Faces Massive $123 Million GDPR Fine For 2018 Security Breach
- Louisiana governor declares state emergency after local ransomware outbreak
Interview: Murray Goldschmidt, Sense of Security - 7:30PM-8:15PM
Murray defines the company’s business strategy, and is responsible for revenue forecasting. He also maintains key client relationships.
A recognised industry expert, Murray holds ISC2 CISSP, ASCS IRAP, and PCI SSC QSA credentials, among others.
- Intro to Sense of Security
- DDoS in 2019
- New trends
- How to address these issues