From Paul's Security Weekly
Recorded September 26, 2019 at G-Unit Studios in Rhode Island!
- 1 Episode Audio
- 2 Announcements
- 3 Security News - 6:00-6:30PM
- 4 SE Village Interviews: Billy Boatright, Edward Miro, and Jayson Street - 6:30 - 7:30PM
- 5 SE Village Interviews: Perry Carpenter and Chris Pritchard - 7:30PM-8:30PM
- Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
- We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
- The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to firstname.lastname@example.org
- Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri
Security News - 6:00-6:30PM
- Top 5 Git Security Mistakes - Security Boulevard
- CrowdStrike-Ukraine Explained
- Security capabilities are lagging behind cloud adoption - Help Net Security
- Rise of RDP as a target vector - Help Net Security
- Google wins landmark case: Right to be forgotten only applies in EU
- Honeywell Launches New Industrial Cybersecurity Platform | SecurityWeek.Com
- Slideshows - Dark Reading
- What Is CrowdStrike and Why Is Donald Trump Blabbering About It to Ukraine
- Think You Don't Need a VPN? Use One Anyway
- Confused why Trump fingered CrowdStrike in that Ukraine call? You're not the only one...
- Magecart Targets Routers For Commercial Wi-Fi Networks
- Adopting DevOps practices leads to improved security posture - Help Net Security
- How can we thwart email-based social engineering attacks? - Help Net Security
- USBsamurai for Dummies: How To Make a Malicious USB Implant & Bypass Air-Gapped Environments for 10$. The Dumb-Proof Guide.
- Vimeo sued for storing faceprints of people without their say-so
- Cylance Founder Stuart McClure Leaves BlackBerry | SecurityWeek.Com
- There Is Life for the CISO After a Breach | SecurityWeek.Com
- Cisco Patches 13 High-Severity Router and Switch Bugs
- Most of Ecuadors Population gets hacked
- Botnet exploits recent vBulletin flaw to protect its bots
- Help! My AWS Server Has Been Hacked!
- Github Acquires Semmle - does that mean we now get free code audits?
- Snowden sued for his memoir - because he did not submit it to the publications office first…
- MITRE updates the top CWE 25
- 24 hours.150 speakers. FREE. Online. 150 practitioner-led sessions across 5 tracks, followed by live Q&A on Slack. not technically a story, but looks kinda cool...and it's FREE!
- Hacker Takes Over Couple's Smart Home, Plays Vulgar Music And Raises Temperature to 90 Degrees
- Security Warning For 23 Million YouTube Creators Following ‘Massive’ Hack Attack
- What kind of information do hackers get from hospital data breaches?
- How Trump’s Ukraine Mess Entangled CrowdStrike Trump? Ukraine? CrowdStrike? NSA? Hmmm....
- Here's what it's like being a hacker millionaire under the age of 25
- Cisco releases guides for incident responders handling hacked Cisco gear
- Selfie Android Apps Push Ads, Can Record Audio Two Android apps with 1.5 million installs aggressively push adware to targeted devices. Include "SYSTEM_ALERT_WINDOW" permission which can be used for clickjacking attacks and "RECORD_AUDIO" permission which allows audio recording without user permission.
- Mattress Company Leaks Data Records of 387K Customers Wis.-based Verlo Matteress Factory leaked PII, purportedly only from a single store, through non-password protected database. Users may lose sleep as it also included information about the victim's systems, IP, ports, pathways and storage.
- Edge Computing will become more important than Cloud Computing by 2025 Linux Foundations' Baetyl and Fledge projects designed to make edge computing ecosystem open and interoperable without ties to specific hardware, chip, cloud or OS.
- Google wins EU privacy case Ruling that right to be forgotten only applies for searches within the 28 country EU block.
- Thinkful resets passwords after breach exposes coders Company credentials used by developers were exposed. Most likely source was a phishing attack aginst sysetm administrator. Speculation is that acquisition by Chegg, increased the attack surface, and market position and provided opportunity.
- vBulletin Zero-Day Exploited in the Wild after Exploit Release CVE-2019-16759 allows RCE from remote unauthenticated user to via HTTP POST request. Sample Python code exploit released. No vendor fix. Mitigation: firewall or offline.
SE Village Interviews: Billy Boatright, Edward Miro, and Jayson Street - 6:30 - 7:30PM
We interview Billy Boatright, Edward Miro, and Jayson Street at DEF CON SE Village.
- Billy talks about Impostor Syndrome.
- Edward Miro talks about Rideshare OSINT – Car Based SE For Fun & Profit.
- Jayson Street talks about Hugs, SE Village, Security Awareness, and DEF CON itself.
SE Village Interviews: Perry Carpenter and Chris Pritchard - 7:30PM-8:30PM
We interview Perry Carpenter and Chris Pritchard at DEF CON SE Village.
- Perry Carpenter talks about how (as someone on the autism spectrum) has used various social-engineering related skills to become extremely successful in my career.
- Chris Pritchard talks about the basics of Social Engineering aKa how I break into Casinos, Airports and Critical National Infrastructure.