PSWEpisode624

From Paul's Security Weekly
Jump to: navigation, search

Recorded October 24, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.


    Interview: Tom Williams, Veterans MHH - 6:00-6:30PM

    Tom Williamsis the Director of Veterans Operations of Veterans MHH
    Tom is a US Marine Corps veteran who works for a Fortune 500 company in security incident response. He is leading the Veterans Operations division of Mental Health Hackers, addressing the unique challenges that veterans in information security face.

    Segment Topic:
    How Mental Health Hackers is going to help veterans in infosec in 2020 and beyond

    Segment Description:
    Speaking about the challenges that veterans face and how MHH is looking to address those


    Security News - 6:30-7:30PM

    Paul's Stories

    1. Marijuana found at North Dakota nuclear launch facility
    2. Pot smokers, take note: THC breathalyzers are coming
    3. Top 5 ways organizations can secure their IoT devices
    4. Microsoft: Packet loss involving Apple Push Notification Service was latest MFA outage culprit | ZDNet
    5. Deepfakes creep from porn to politics could upend election, experts warn
    6. Ransomware and data breaches linked to uptick in fatal heart attacks
    7. Woman ordered to type in iPhone passcode so police can search device
    8. Vatican launches smart rosary complete with brute-force flaw
    9. Cracking: The Chinese Python Way
    10. UBoat - Proof Of Concept PoC HTTP Botnet Project
    11. IoTopia Framework Aims to Bring Security to Device Manufacturers
    12. Top five tips for building smarter enterprise security - Help Net Security
    13. How to Avoid the Top Three Causes of Data Breaches in 2019
    14. Blue Team Cyber Anxiety
    15. Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey | SecurityWeek.Com
    16. Vulnerability in content distribution networks found by researchers
    17. 5 tips for better cybersecurity
    18. Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities | SecurityWeek.Com
    19. White House kicks infosec team to curb in IT office shakeup

    Larry's Stories

    Lee's Stories

    1. Cozy Bear Didn't Hybernate as Previously Thought APT29 deploying CobaltStrike BEACON backdoor using a legitimate Department of State document.
    2. Critical Flaw in Cisco Aironet APs CVE-2019-15260 flaw allows in Aironet 1540, 1560, 1800, 2800, 3800 & 4800 can be exploited to achieve remote access to the devices. Patches issued.
    3. Amazon Echo and Kindle Devices Affected by WiFi Bug 1st Generation Echo Devices and eighth generation Kindle devices are vulnerable to KRACK attack (CVE-2017-13077 & CVE-1027-13078) Fixes released earlier this year, verify devices updated.
    4. Most Critical Vulnerabilities Discovered in 2019 so far NetCAT, URGENT/11, SWAPGS, BlueKeep, Thangrycat, SACK Panic, SPOILER, SockPuppe, RAMBleed, Loadash Prototype Pollution, ZOMBIEPOODLE & GOLDENDOODLE, DIRTY SOCK, Thunderclap and Pantsdown.
    5. Bluetooth Hacking Techniques you should know about Bluebugging, Bluejacking, Bluesnarfing and Btlejacking - know what they are and how they are leveraged to steal your data.
    6. Eager iOS Jailbreakrs Tricked into Click Fraud Fake web site offers "Checkrain" (Based on Checkm8) jailbreak, has users install MDM profile, play provided "Pop! Slots" to complete level 8.
    7. Mission Heath Store Hijack undetected for years Asheville, N.C. Mission health website infected with card skimming malware from March 2016 through June 2019. Site completely rebuilt.
    8. Researcher publishes POC Exploit for Android Zero-Day Exploit published for CVE-2019-2215, affecting Pixel 2 and providing kernel level access with an easy step to root. Google purportedly fixed in the October 2019 patch release.
    9. Avast Hacked: Intruder Gained Domain Admin Apparently single-factor VPN credentials stolen, and access mistaken as a false positive. Avast has engaged a third-party forensic company. Apparently was an attempt to further compromise CCleaner users.
    10. US Military Personnel Data Exposed Unsecured Elasticsearch databases in AWS with 179G data from "Autoclerk" exfiltrated. Travel sites impacted - OpenTravel, HAPI Cloud, Synxis impacted.


    Interview: Mark Dufresne, Endgame - 7:30PM-8:30PM

    Mark Dufresneis the Protections Lead, Elastic Security.
    Mark is responsible for Elastic Endpoint Security's efforts to understand cyber threats and develop innovative capabilities to detect and prevent malicious adversary techniques. Mark has over 12 years of experience in offensive and defensive cyber security as an Operations Chief and Manager at the National Security Agency.

    As the leader of a diverse range of cyber operations, Mark spearheaded efforts to defend against the global range of cyber adversaries, with a focus on disrupting and mitigating targeted nation state cyber activities. Mark was also a major advocate and coordinator for a variety of intelligence sharing and collaboration efforts across the US Government to improve cyber defense and prevention capabilities across the community.

    Mark earned his BS in Computer Science from the University of Minnesota and his MS in Security Informatics from Johns Hopkins University

    Segment Topic:
    Endgame is now Elastic Endpoint Security

    Segment Description:
    Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic’s free and open SIEM with Endgame's endpoint security product to give users an integrated solution that offers greater visibility across their environment. This is a step toward realizing Elastic’s vision for applying search to multiple use cases, like threat hunting, fraud detection, and security monitoring. Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss. And, to make Elastic Endpoint available to everyone, the company announced that they are eliminating per-endpoint pricing. No more counting endpoints or days of threat intelligence data retained. Elastic customers pay for resource capacity with a consistent and transparent pricing framework that ensures organizations can capture maximum value from their data. If we have time, we can also discuss the results of the newest AV Comparatives test report, and independent testing more broadly.

    Segment Resources:



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+