From Paul's Security Weekly
Recorded October 17, 2019 at G-Unit Studios in Rhode Island!
- Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
- We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
- The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to firstname.lastname@example.org
- Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri
Interview: Daniel DeCloss, PlexTrac - 6:00-6:30PM
Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.
What makes a good pentest report?
The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.
Security News - 7:30PM-8:30PM
- Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
- Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
- Vulnerability found and fixed in HP bloatware | ZDNet
- 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
- Cybercrime Tool Prices Bump Up in Dark Web Markets
- Pen testers find mystery black box connected to ships engines
- Using Machine Learning to Detect IP Hijacking - Schneier on Security
- Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
- Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
- Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
- Critical and high-severity flaws addressed in Cisco Aironet APs
- ISC Releases Security Advisories for BIND | CISA
- Older Amazon Devices Subject to Old Wi-Fi Vulnerability
- D-Link routers remote exploit to remain unmatched
- FBI Warns of MFA bypass with SIM porting
- Android Privesc in the wild.
- Father of Unix Ken Thompson’s password finally cracked
- USB device security still lacking
- Free WiFi tracks your location even when you are not connected
- 36 pieces of consequential code
- An IRS employee stole identities and went on a 2-year spending spree An IRS employee stole multiple people's identities, and used them to open illicit credit cards to fund vacations and shop for shoes and other goods, according to a complaint unsealed last week in federal court. The complaint accuses the 35-year-old federal worker of racking up almost $70,000 in charges over the course of two years
- D-Link router models affected by RCE issue Older D-Link DIR-655, DIR-866L, DIR-652 & DHP-1565 families of routers will not be patched.
- HildaCrypt Ransomware developer releases Decryption Keys When variant discovered, developer decided to relesae master private key.
- White-hat hacks Mushtick ransomware gang and released Decryption Keys Targets QNAP NAS devices. German developer Tobias Frömel paid ransom, analyzed the code, then hacked the gang's server.
- UNIX Co-Founder Ken Thompson's BSE Password has finally been Cracked 39 year old BSD password finally cracked. BSD 3 passwords protected by DES-based crypt(3) finally cracked.
- Crypto “sextortionists” turn to Litecoin to avoid detection As non-obfuscated Bitcoin links are triggers to block potential Ransomware, other less known option such as Litecoin are starting to crop up.
- China’s “Great Nation” app Enable Spying on mobile devices This required (for diplomats, etc.) app uses excessive privileges to provide access to device information. Apple states iOS security will not allow this level of access.
- Any fingerprint unlocks Galaxy S10 Once a fingerprint is registered, any fingerprint will unlock. Don't enable function for now, or physically protect device. Software update will fix.
- Major Carding Forum BrainsClub Suffers Data Breach Forum with 26 million stolen credit cards are themselves compromised. Valid card data estimated at $500 each.
Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM
Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.
Cybercrime, threat hunting, APT, spear phishing and tactics etc
"Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."