From Paul's Security Weekly
Recorded October 24, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
Interview: Tom Williams, Veterans MHH - 6:00-6:30PM
How Mental Health Hackers is going to help veterans in infosec in 2020 and beyond
Speaking about the challenges that veterans face and how MHH is looking to address those
Security News - 6:30-7:30PM
- Marijuana found at North Dakota nuclear launch facility
- Pot smokers, take note: THC breathalyzers are coming
- Top 5 ways organizations can secure their IoT devices
- Microsoft: Packet loss involving Apple Push Notification Service was latest MFA outage culprit | ZDNet
- Deepfakes creep from porn to politics could upend election, experts warn
- Ransomware and data breaches linked to uptick in fatal heart attacks
- Woman ordered to type in iPhone passcode so police can search device
- Vatican launches smart rosary complete with brute-force flaw
- Cracking: The Chinese Python Way
- UBoat - Proof Of Concept PoC HTTP Botnet Project
- IoTopia Framework Aims to Bring Security to Device Manufacturers
- Top five tips for building smarter enterprise security - Help Net Security
- How to Avoid the Top Three Causes of Data Breaches in 2019
- Blue Team Cyber Anxiety
- Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey | SecurityWeek.Com
- Vulnerability in content distribution networks found by researchers
- 5 tips for better cybersecurity
- Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities | SecurityWeek.Com
- White House kicks infosec team to curb in IT office shakeup
- Cozy Bear Didn't Hybernate as Previously Thought APT29 deploying CobaltStrike BEACON backdoor using a legitimate Department of State document.
- Critical Flaw in Cisco Aironet APs CVE-2019-15260 flaw allows in Aironet 1540, 1560, 1800, 2800, 3800 & 4800 can be exploited to achieve remote access to the devices. Patches issued.
- Amazon Echo and Kindle Devices Affected by WiFi Bug 1st Generation Echo Devices and eighth generation Kindle devices are vulnerable to KRACK attack (CVE-2017-13077 & CVE-1027-13078) Fixes released earlier this year, verify devices updated.
- Most Critical Vulnerabilities Discovered in 2019 so far NetCAT, URGENT/11, SWAPGS, BlueKeep, Thangrycat, SACK Panic, SPOILER, SockPuppe, RAMBleed, Loadash Prototype Pollution, ZOMBIEPOODLE & GOLDENDOODLE, DIRTY SOCK, Thunderclap and Pantsdown.
- Bluetooth Hacking Techniques you should know about Bluebugging, Bluejacking, Bluesnarfing and Btlejacking - know what they are and how they are leveraged to steal your data.
- Eager iOS Jailbreakrs Tricked into Click Fraud Fake web site offers "Checkrain" (Based on Checkm8) jailbreak, has users install MDM profile, play provided "Pop! Slots" to complete level 8.
- Mission Heath Store Hijack undetected for years Asheville, N.C. Mission health website infected with card skimming malware from March 2016 through June 2019. Site completely rebuilt.
- Researcher publishes POC Exploit for Android Zero-Day Exploit published for CVE-2019-2215, affecting Pixel 2 and providing kernel level access with an easy step to root. Google purportedly fixed in the October 2019 patch release.
- Avast Hacked: Intruder Gained Domain Admin Apparently single-factor VPN credentials stolen, and access mistaken as a false positive. Avast has engaged a third-party forensic company. Apparently was an attempt to further compromise CCleaner users.
- US Military Personnel Data Exposed Unsecured Elasticsearch databases in AWS with 179G data from "Autoclerk" exfiltrated. Travel sites impacted - OpenTravel, HAPI Cloud, Synxis impacted.
Interview: Mark Dufresne, Endgame - 7:30PM-8:30PM
As the leader of a diverse range of cyber operations, Mark spearheaded efforts to defend against the global range of cyber adversaries, with a focus on disrupting and mitigating targeted nation state cyber activities. Mark was also a major advocate and coordinator for a variety of intelligence sharing and collaboration efforts across the US Government to improve cyber defense and prevention capabilities across the community.
Mark earned his BS in Computer Science from the University of Minnesota and his MS in Security Informatics from Johns Hopkins University
Endgame is now Elastic Endpoint Security
Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic’s free and open SIEM with Endgame's endpoint security product to give users an integrated solution that offers greater visibility across their environment. This is a step toward realizing Elastic’s vision for applying search to multiple use cases, like threat hunting, fraud detection, and security monitoring. Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss. And, to make Elastic Endpoint available to everyone, the company announced that they are eliminating per-endpoint pricing. No more counting endpoints or days of threat intelligence data retained. Elastic customers pay for resource capacity with a consistent and transparent pricing framework that ensures organizations can capture maximum value from their data. If we have time, we can also discuss the results of the newest AV Comparatives test report, and independent testing more broadly.
- To watch Dan Beavin's talk on evaluating security vendors, click here: http://www.irongeek.com/i.php?page=videos/circlecitycon2019/track-1-01-endpoint-security-swimming-through-the-snake-oil-dan-beavin