PSWEpisode624

From Security Weekly Wiki
Jump to navigationJump to search

Recorded October 24, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Tom Williams, Veterans MHH - 6:00-6:30PM

    Tom Williamsis the Director of Veterans Operations of Veterans MHH

    Tom is a US Marine Corps veteran who works for a Fortune 500 company in security incident response. He is leading the Veterans Operations division of Mental Health Hackers, addressing the unique challenges that veterans in information security face.

    Segment Topic:
    How Mental Health Hackers is going to help veterans in infosec in 2020 and beyond

    Segment Description:
    Speaking about the challenges that veterans face and how MHH is looking to address those


    Security News - 6:30-7:30PM

    Paul's Stories

    1. Marijuana found at North Dakota nuclear launch facility
    2. Pot smokers, take note: THC breathalyzers are coming
    3. Top 5 ways organizations can secure their IoT devices
    4. Microsoft: Packet loss involving Apple Push Notification Service was latest MFA outage culprit | ZDNet
    5. Deepfakes creep from porn to politics could upend election, experts warn
    6. Ransomware and data breaches linked to uptick in fatal heart attacks
    7. Woman ordered to type in iPhone passcode so police can search device
    8. Vatican launches smart rosary complete with brute-force flaw
    9. Cracking: The Chinese Python Way
    10. UBoat - Proof Of Concept PoC HTTP Botnet Project
    11. IoTopia Framework Aims to Bring Security to Device Manufacturers
    12. Top five tips for building smarter enterprise security - Help Net Security
    13. How to Avoid the Top Three Causes of Data Breaches in 2019
    14. Blue Team Cyber Anxiety
    15. Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey | SecurityWeek.Com
    16. Vulnerability in content distribution networks found by researchers
    17. 5 tips for better cybersecurity
    18. Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities | SecurityWeek.Com
    19. White House kicks infosec team to curb in IT office shakeup

    Larry's Stories

    Lee's Stories

    1. Cozy Bear Didn't Hybernate as Previously Thought APT29 deploying CobaltStrike BEACON backdoor using a legitimate Department of State document.
    2. Critical Flaw in Cisco Aironet APs CVE-2019-15260 flaw allows in Aironet 1540, 1560, 1800, 2800, 3800 & 4800 can be exploited to achieve remote access to the devices. Patches issued.
    3. Amazon Echo and Kindle Devices Affected by WiFi Bug 1st Generation Echo Devices and eighth generation Kindle devices are vulnerable to KRACK attack (CVE-2017-13077 & CVE-1027-13078) Fixes released earlier this year, verify devices updated.
    4. Most Critical Vulnerabilities Discovered in 2019 so far NetCAT, URGENT/11, SWAPGS, BlueKeep, Thangrycat, SACK Panic, SPOILER, SockPuppe, RAMBleed, Loadash Prototype Pollution, ZOMBIEPOODLE & GOLDENDOODLE, DIRTY SOCK, Thunderclap and Pantsdown.
    5. Bluetooth Hacking Techniques you should know about Bluebugging, Bluejacking, Bluesnarfing and Btlejacking - know what they are and how they are leveraged to steal your data.
    6. Eager iOS Jailbreakrs Tricked into Click Fraud Fake web site offers "Checkrain" (Based on Checkm8) jailbreak, has users install MDM profile, play provided "Pop! Slots" to complete level 8.
    7. Mission Heath Store Hijack undetected for years Asheville, N.C. Mission health website infected with card skimming malware from March 2016 through June 2019. Site completely rebuilt.
    8. Researcher publishes POC Exploit for Android Zero-Day Exploit published for CVE-2019-2215, affecting Pixel 2 and providing kernel level access with an easy step to root. Google purportedly fixed in the October 2019 patch release.
    9. Avast Hacked: Intruder Gained Domain Admin Apparently single-factor VPN credentials stolen, and access mistaken as a false positive. Avast has engaged a third-party forensic company. Apparently was an attempt to further compromise CCleaner users.
    10. US Military Personnel Data Exposed Unsecured Elasticsearch databases in AWS with 179G data from "Autoclerk" exfiltrated. Travel sites impacted - OpenTravel, HAPI Cloud, Synxis impacted.


    Interview: Mark Dufresne, Endgame - 7:30PM-8:30PM

    Mark Dufresneis the Protections Lead, Elastic Security.

    Mark is responsible for Elastic Endpoint Security's efforts to understand cyber threats and develop innovative capabilities to detect and prevent malicious adversary techniques. Mark has over 12 years of experience in offensive and defensive cyber security as an Operations Chief and Manager at the National Security Agency.

    As the leader of a diverse range of cyber operations, Mark spearheaded efforts to defend against the global range of cyber adversaries, with a focus on disrupting and mitigating targeted nation state cyber activities. Mark was also a major advocate and coordinator for a variety of intelligence sharing and collaboration efforts across the US Government to improve cyber defense and prevention capabilities across the community.

    Mark earned his BS in Computer Science from the University of Minnesota and his MS in Security Informatics from Johns Hopkins University

    Segment Topic:
    Endgame is now Elastic Endpoint Security

    Segment Description:
    Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic’s free and open SIEM with Endgame's endpoint security product to give users an integrated solution that offers greater visibility across their environment. This is a step toward realizing Elastic’s vision for applying search to multiple use cases, like threat hunting, fraud detection, and security monitoring. Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss. And, to make Elastic Endpoint available to everyone, the company announced that they are eliminating per-endpoint pricing. No more counting endpoints or days of threat intelligence data retained. Elastic customers pay for resource capacity with a consistent and transparent pricing framework that ensures organizations can capture maximum value from their data. If we have time, we can also discuss the results of the newest AV Comparatives test report, and independent testing more broadly.

    Segment Resources:



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+