PSWEpisode637

From Paul's Security Weekly
Jump to: navigation, search

Recorded January 30, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Gene Kim, IT Revolution - 6:00-6:45PM

    Gene Kimis the Author or Researcher of IT Revolution
    Gene Kim is a multiple award-winning CTO, researcher and author, and has been studying high-performing technology organizations since 1999. He was founder and CTO of Tripwire for 13 years. He has written six books, including The Unicorn Project (2019), The Phoenix Project (2013), The DevOps Handbook (2016), the Shingo Publication Award winning Accelerate (2018), and The Visible Ops Handbook (2004-2006) series. Since 2014, he has been the founder and organizer of DevOps Enterprise Summit, studying the technology transformations of large, complex organizations.

    Segment Topic:
    The Unicorn Project and The Five Ideals

    Segment Description:
    I’ll share with you my goals and aspirations for The Unicorn Project, describe in detail the Five Ideals, along with my favorite case studies of both ideal and non-ideal, and why I believe more than ever that DevOps will be one of the most potent economic forces for decades to come.


    1. What was "The Goal" when you set out to write this book?
    2. Who should read this book?
    3. Do you have to read the Pheonix Project first?
    4. Should you read The Pheonix Project first?
    5. Why is it called The Unicorn Project?
    6. What (and who) were your inspirations for the Maxine character?
    7. What are the 5 ideals?
    8. What are the 3 horizons?
    9. I got Lord of the Rings, Star Wars, and Star Trek references, did I miss any?

    SPOILERS!!!!!!!





    1. Was Eric behind Maxine's re-assignment to the Pheonix project as part of a plan to save the company?
    2. Is Eric even real or is he like a force ghost in Star Wars?
    3. Had you considered Maxine running over Sarah with her car rather than having lunch with her?
    4. In the next book can you have Brent, Maxine, Cranky Dave, Tom and Kurt leave to create their own startup?
    5. The concept of the rebellion was awesome, what advice do you have for others staging a rebellion?
    6. Why do the rebellion members stay, why not just leave and find another gig?
    7. Did Steve and Sarah have an affair?
    8. Is Kumquat an actual product?

    Tech Segment: Peter Smith, Edgewise - 6:45PM-7:30PM

    Peter Smithis the CEO & co-founder of Edgewise.
    Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike.

    Segment Topic:
    Stopping Python Backdoor Attacks

    Segment Description:
    The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments.

    Learn:
    • Why network address-based defenses alone cannot prevent attack propagation and lateral movement
    • Why protection based on software-identity verification (zero trust security) can stop such attacks
    • How Purple teams can collaborate more effectively with a shared visualization and understanding of application topology and attack pathways to targets


    Security News - 7:30-8:30PM

    Paul's Stories

    1. Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more! - Help Net Security
    2. How to better control access to your Windows network
    3. Coronavirus claims new victim: 'DEF CON cancelled' joke cancelled after DEF CON China actually cancelled
    4. Rings selling my email address to spammers? Thats the least of its problems
    5. Wawa card breach: 30 million card records for sale in the dark web
    6. 97% of airports showing signs of weak cybersecurity
    7. Enterprise Hardware Still Vulnerable to Memory Lane Attacks
    8. Check Point detailed two flaws in Microsoft Azure that could have allowed taking over cloud servers
    9. Securing Containers with Zero Trust

    Larry's Stories

    1. Technical report on how the Saudi’s hacked Bezos’ phone
    2. OpenSMTPD RCE
    3. Charges against Coalfire employees dropped

    Matt's Stories

    Jeff's Stories

    1. Wawa Breach May Have Compromised More Than 30 Million Payment Cards Nothing to see here...just PCI related
    2. United Nations Data Breach Started with Microsoft SharePoint Bug
    3. Mega Breach Exposes More Than 250 Million
    4. Data breaches soared by 17% in 2019: ‘We also saw the rise of a significant new threat’

    Lee's Stories

    1. NHS alerted to severe vulnerabilities in GE Health Equipment CISA and CyberMDX release notices called "MDHex" - include SSH and SMB abuse as well as Windows XP components.
    2. Cisco fixes Critical Flaw in network management platform Cisco releases fix for "Firepower Management Center" to resolve CVE-2019-16028 which allows attackers to achieve admin on affected devices.
    3. Russian pleads guilty to running "CardPLanet" to sell Stolen Credit Cards CardPlanet web site sold cards for $2.50-$10. ~150,000 cards sold for about $20,000,000 in fraudulent purchases.
    4. Ragnarok Ransomware targets Citrix ADC, disables Windows Defender New ransomware dubbed Ragnarok targets unpatched Cisco AVS servers vulnerable to CVE-2019-1978.
    5. OurMine hackers attack and takeover NFL twitter accounts OurMine group is hacking NFL twitter accounts to prove they're back and everything is hackable. Hacked accounts properly secured _AFTER_ notification of the hack...
    6. Critical Bug: OpenBSD OpenSMTP bug allows RCE In the default configuraiton, a technique inspired by the Morris worm executes sendmail body as script. Patch released.
    7. Suspected Magecart hackers arrested in Indonesia Magecart "web skimmer" techniques used to target card-not-present data. Multi-agency task force shuts down C&C servers as part of Operation Night Fury.
    8. Wawa breach data found for sale Wawa breach data, affecting as many as 30 million found for sale on the Joker's Stash dark web site.



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+