Episode614

From Paul's Security Weekly
Jump to: navigation, search

Recorded August 1, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Mark your calendars for our Security Weekly Holiday Extravaganza! On December 19th, Security Weekly will be live-streaming 5 one hour panel discussions with some of the most knowledgable professionals in the industry! To round out the evening, Ed Skoudis will be joining the Security Weekly hosts to give his annual announcement about the CounterHack Holiday Hack Challenge! You can view the live stream on our Youtube channel or by visiting securityweekly.com/live. We hope to see you there!

    Interview: Sam Straka, LogRhythm- 6:00-6:30PM

    Sam Strakais the Technical Product Manager at LogRhythm
    As Technical Product Manager, I am responsible for the LogRhythm NextGen SIEM Platform orchestration. I work with a variety of teams across engineering to continuously improve the LogRhythm installation, administration, and on-boarding experience.

    Segment Title/Topic:
    Open to discussion, I’m happy to discuss anything! It might be cool to talk about the movement of our market to the Cloud, how LogRhythm is innovating in that area, and why total cost of ownership is important when looking at a SIEM platform. We will also discuss:
    • Where to deploy security infrastructure - data compliance requirements, risks of cloud vs. on-prem
    • Configuration Management – We’re building our deployment tools on SaltStack which is super powerful and has some interesting security applications
    • Elastic’s (and others) new moves in the SIEM space


    Tech Segment: Doug Coburn, Signal Sciences - 6:30 - 7:30PM

    Doug Coburn
    is the Director, Professional Services at Signal Sciences.
    Doug Coburn serves as Signal Sciences Director of Professional Services, where he leads the team that installs Signal Sciences in customers’ environments. Prior to Signal Sciences Doug entered the IaaS/PaaS/FaaS world with Iron.io doing Serverless Functions as a Service leading the Sales Engineering team. With Iron.io he got introduced to many of the cloud and PaaS platforms that make up the Serverless landscape. Before the Security and Serverless spaces Doug also worked with companies like Okta, Moka5, and IBM/BigFix that had elements of security, endpoint management, and identity management.

    Segment Topic:
    Great to talk to you today. I've included the link to my github and demo video of Signal Sciences in kubernetes.
    • https://github.com/dacoburn/sigsci-ingress-micro-reverse-proxy
    • vimeo.com/343764112

      Segment Description:
      Talk about the way Signal Sciences is implemented, especially in the container world. Where we sit in the stack for protection of the web apps in those containers and common first things identified after install (Attack Scanners, Injection Attacks, actionable anomalies like 404 or 500 errors). Finally do a short demo walking through installing Signal Sciences in a Kubernetes environment and the Signal Sciences dashboard.


    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Black Hat USA 2019 Preview
    2. Remote code execution is possible by exploiting flaws in Vxworks
    3. Researchers Are Sounding the Alarm on a Little-Known Risk of Connected Cars
    4. Alleged Capital One Hacker Barely Bothered to Hide | SecurityWeek.Com
    5. A Realistic Path Forward for Security Orchestration and Automation
    6. Until airbags are fitted to email apps to stop staff opening bad messages, what else can a small biz do to protect itself?
    7. SecOps Success Through Employee Retention
    8. Microsoft Seriously Beefs Up Security in Windows Server 2019
    9. Google Releases Beta of Anomaly Detection for G Suite Customers | SecurityWeek.Com
    10. New Mirai botnet lurks in the Tor network to stay under the radar | ZDNet
    11. Cisco pays $8.6M to settle security-software whistleblower lawsuit
    12. Researcher Find Open 'Road Map' to Honda Computers

    Lee's Stories

    1. Scientists Find Key to Sending Data Trhough Music: Van Halen Audio Stenography works best with rock music. Encode message (e.g. URL) so human ear cannot decode, but any device with app can.
    2. 7.5TB Breach Reveals Secret Russian IT Projects Twitter account @0v1ruS seems to be tied to @D1G1R3V (DigitalRevolution) who is motivated by information freedom in Russia.
    3. Silk Road Drug Dealer caught when converting bitcoin to cash Poor operational security choices exposed the blockchain to DHS who traced the Bitcoin origins to Silk Road rather than claimed successful Bitcoin Mining.
    4. Former Cloud Worker Hacks into Capital One, takes data for 106 million people Hacker was outed after complaining on social media. OPSEC matters. If you applied for a Cap One card between 2006 and 2019 you're in this group.
    5. 200 million Devices Have VxWorks Vulnerabilities 11 Vulnerabilities discovered, 6 critical in VxWorks OS, while patches are out or available soon, as many as 2 billion discoverable impacted devices are online.
    6. Thieves Steal Laptops with 30 Years of Data from UWA Growing trend of Australian universities reporting compromises. Laptops belong to students at the University of Western Australia (UWA) containing 30 years of of PII data were stolen. Universities collect a lot of PII and financial data and are challenged to secure it.
    7. Linus Torvalds prepares to wave goodbye to Linux floppy drives Lack of working hardware and someone to actively take over maintaining the driver will see floppy disk support depricated.
    8. Hack Breaks Visa Card's Contactless Payment Limit Researchers in the UK found they could take more than the limit (30 pounds/$38 USD) without fraud detection. The limit in US is $100.
    9. North Carolina County lost $1.7M in BEC Scam $2.5M fraudulently deposited after Phishing scam. $.7M recovered through bank. Insurance paid $75,000.
    10. US Government issues Light Aircraft Cyber Alert Vulnerabilities in avionic equipment exploited over CAN bus. Mitigation: Physical Access controls. Most devices lack encryption or authentication.
    11. Verizon 5G Goes Live in more major US Cities Washington DC, Indianapolis IN, Atlanta GA & Detroit MI join Denver, Chicago, Minneapolis, St. Paul and Providence RI.

    Larry's Stories

    1. Armis found 11 critical vulnerabilities in the VxWorks OS - a platform found in 2 billion devices, including medical equipment and IoT devices; officials say patching will be long and difficult.
    2. Filecoder.C is targeting Android devices - through malicious links in online forums and then spreading via contact lists through SMS messages that attempt to entice others to install an app, according to research published Monday by the security firm ESET. And this is why I find the Android ecosystem to be a shitshow.
    3. BEC scam hits NC, losing 1.7 million - Security is just not an IT problem. Other areas of the organizations can put protective controls in process in place to prevent issues as well.
    4. What’s in your S3 buckets?
    5. defrauding contactless cards over the predefined limits without "authentication" - It requires MiTM, which tells the terminal and the card, 'no, no, it is ok, no authorization is required, or it is already complete. These are not the droids you're looking for."

    Joff's Stories

    Doug's Stories