Episode613

From Paul's Security Weekly
Jump to: navigation, search

Recorded July 25, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Stephen Smith and Jeff Braucher of LogRhythm by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

    • So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!

    • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!

    • We need your help in a survey we are running for research purposes for an upcoming webcast. How mature is your process automation for your various security capabilities? Please visit securityweekly.com/fivestagesofautomationmaturity to submit your responses to our 5 Stages of Automation Maturity Survey! We'll share the results in a webcast in November!



    Interview: Troels Oerting, WEforum - 6:00-6:30PM

    Troels Oertingis the Chairman of the C4C Board at WEforum
    Troels Oerting is the Head of the Global Centre for Cybersecurity established by World Economic Forum in 2018. He has been working in cyber/security ‘first line’ for the last 38 years and has held a number of significant posts both nationally and internationally, and has an extensive network covering both public and private institutions.

    Before joining World Economic Forum Troels Oerting worked as Group Chief Information Security Officer (CISO) and Group Chief Security Officer (CSO) with end to end responsibility of all security in Barclays Group, responsible for more than 3000 security experts World Wide protecting the banks 50 million customers and 140.000 employees.

    Previously Troels also held the position as Director of the European Cybercrime Centre (EC3), an EU wide centre located in EUROPOL with the task to assist Law Enforcement Agencies in protecting 500 million citizens in the 28 EU Member States from cybercrime or loss of privacy. As an expert in cyber security Troels has constantly been looking for new legislative, technical or cooperation opportunities to efficiently protect privacy and security for users of the Internet. He has been pioneering new methodologies to prevent crime in Cyberspace and protect innocent users from losing their digital identity, assets or privacy online. As Director of EC3 he also initiated the establishment of the International ‘Joint Cybercrime Action Task Force’ (J-CAT) including global leading law enforcement agencies, prosecutors and Interpol’s Global Centre of Innovation and the J-CAT has since been recognized as the leading international response to the increasing threat from Organized Cyber Criminal networks. He has been Cyber adviser for the EU Commission and Parliament and been a permanent delegate in many governance organisations i.e. INTERPOL, ICANN, ITU and The Council of Europe and used by several governments and organisations as adviser in cyber related questions. He also established a vast global Outreach program including law enforcement, NGO’s, key tech companies and industry who together with Academic Research Institutes established a multifaceted global coalition against cyber criminal syndicates and networks, with the aim to enhance online security without harming privacy and to invent new ways of protecting users of the Internet.

    Before joining Europol as Director for the European Cybercrime Centre (EC3) Troels Oerting held the position as Assistant Director for Europol Organized Crime department as well as the Counter Terrorist Department and he also held positions as Director of Operation in the Danish Security Intelligence Service and Director for the Danish Serious Organised Crime Agency (SOCA).

    Troels is also an extern lecturer in cybercrime at a number of Universities and Business Schools and has been Internationally awarded several times by global law enforcement agencies for his international leadership in fighting cyber- and organised crime. He is author of a political thriller published in Danish: Operation Gamma.

    Segment Description:
    Security, Privacy, Integrity through Prevention, Protection and Prosecution via

    People, Tech and Processes.


    Security News - 6:30PM-7:30PM

    Paul's Stories

    1. How to improve the hiring and retaining of infosec professionals? - Help Net Security
    2. Every minute, $2.9 million is lost to cybercrime - Help Net Security
    3. Answer These 9 Questions to Determine if Your Data Is Safe
    4. Fact vs Fiction: The Truth About Breach and Attack Simulation Tools | SecurityWeek.Com
    5. Crypto-Mining Botnet Implements BlueKeep Scanner | SecurityWeek.Com
    6. If youre struggling with Windows 10 migration, updates will be an even bigger challenge - Help Net Security
    7. Average data breach cost has risen to $3.92 million - Help Net Security
    8. InfoSec Handlers Diary Blog - May People Be Considered as IOC?
    9. How GDPR is Forcing the Tech Industry to Rethink Identity Management & Authentication
    10. When it comes to the IoT, Wi-Fi has the best security
    11. How IoT Opens the Door for Insider Attacks Against Industrial Infrastructure | SecurityWeek.Com
    12. Picture Perfect: How JPG EXIF Data Hides Malware - OpenDNS Umbrella Blog
    13. Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
    14. U.S. Warns of 5G Wireless Network Security Risks | SecurityWeek.Com
    15. PKWARE contributing to the development of PCI Security Standards - Help Net Security
    16. Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully
    17. Security or compliance? Stop choosing between them - Help Net Security
    18. Science Fiction Writers Helping Imagine Future Threats - Schneier on Security
    19. Rapper Who is Very Concerned with Password Security
    20. Security Considerations in a BYOD Culture
    21. Programmer from hell plants logic bombs to guarantee future work
    22. US Attorney General Says Encryption Creates Security Risk | SecurityWeek.Com

    Larry's Stories

    1. APT17 aka DeputyDog has been revealed as an operation of Chinese Ministry of State Security
    2. The list of laboratories and other healthcare clients affected by the data breach at American Medical Collection Agency continues to grow - as does the number of patients whose data may have been exposed
    3. And the Huawei plot thickens… - Huawei secretly helped North Korea build and maintain its 3G mobile network, potentially breaking US sanctions in the process, a new report has sensationally claimed. A former employee leaked sensitive internal documents to The Washington Post, allegedly revealing a number of projects related to building out 3G in the hermit state. The documents are said to refer to North Korea, and countries like Iran and Syria, by code.

    Lee's Stories

    1. Phishing Scheme Targets Amex Cardholders Bougus account update Email used. Malicious URL split in two to avoid filters.
    2. Analysis of Elusive MegaCortex Ransomware Attacks Domain Cotroller, installs Cobalt Strike, leverages PsExec to deliver ransomware as winnit.exe.
    3. Kazakhstan Government Requires Root Certificate install The Kazakhstan government is requiring all citizens to install their root certificates on system as a protection mechanism, it also allows interception of HTTPS traffic as their certificate will be trusted.
    4. Apple Releases multiple updates watchOS 5.3, macOS 10.14.6, Safari 12.1.2, tvOS 12.4, iOS 12.4 (and 10.3.4, 9.3.6 for older devices), iCloud and iTunes also updated.
    5. Scientists Find Key to Sending Data Trhough Music: Van Halen Audio Stenography works best with rock music. Encode message (e.g. URL) so human ear cannot decode, but any device with app can.
    6. 7.5TB Breach Reveals Secret Russian IT Projects Twitter account @0v1ruS seems to be tied to @D1G1R3V (DigitalRevolution) who is motivated by information freedom in Russia.
    7. Equifax, Regulators Close to signing $700M Settlement $700M to settle data breach lawsuits. Options include 6 more years credit monitoring, reimbursement up to $20K, and extended monitoring for affected minors.
    8. Silk Road Drug Dealer caught when converting bitcoin to cash Poor operational security choices exposed the blockchain to DHS who traced the Bitcoin origins to Silk Road rather than claimed successful Bitcoin Mining.
    9. New Phishing for O365 users Fake login page, which tests credentials immediately using IMAP, plus real error page, which isn't often done. Mitigation: MFA plus disable legacy protocols such as IMAP/POP.
    10. VPN Flaw in Global Connect allows authentication bypass. CVE-2019-1579 allows login to Palo Alto VPN bypassing username/password. While here is a fix, older code still online. 22 servers operated by Uber were identified.

    Jeff's Stories

    1. Facebook's 5 Billion FTC Fine is Just the Start of its Problems
    2. Two charged with terrorism over Bulgaria's biggest data breach
    3. Marriott Faces Massive $123 Million GDPR Fine For 2018 Security Breach
    4. Louisiana governor declares state emergency after local ransomware outbreak



    Interview: Murray Goldschmidt, Sense of Security - 7:30PM-8:15PM

    Murray Goldschmidt
    is the COO & Co-founder of Sense of Security.
    Murray has over 20 years’ experience in commercial information security. Prior to co-founding Sense of Security, he held senior consulting positions at Dimension Data and other leading information security management companies in South Africa.
    Murray defines the company’s business strategy, and is responsible for revenue forecasting. He also maintains key client relationships.
    A recognised industry expert, Murray holds ISC2 CISSP, ASCS IRAP, and PCI SSC QSA credentials, among others.

    Segment Topic:
    DDoS
    • Intro to Sense of Security
    • DDoS in 2019
    • New trends
    • How to address these issues