PSWEpisode647

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode 647 - 2020-04-16

Episode Audio

Paul's Security Weekly Episode 647

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • TBD

News - Hospital Hackers, $500K Zoom 0day, & SFO Windows Hackers

Description:

This week in the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, Macs Are More Secure, and Other Jokes You Can Tell Yourself, and more!



Jeff Man's Content:

Jeff Man 2-0.jpg


  1. Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen
  2. MSC Data Center Closes Following Suspected Cyber-Attack
  3. Cyber Security 101: What Every Defense Lawyer Should Know
  4. Password security alert as half a million Zoom credentials up for sale
  5. San Francisco Airport Cyber Attack Confirmed: Windows Passwords Stolen
  6. Russian state hackers behind San Francisco airport hack
  7. Alight Solutions, Abbott Lab Sued for Cyber Breach
  8. Security lapse exposed Clearview AI source code

Joff Thyer's Content:

Joff Thyer-0.jpg


Template:PSW647NewsJoff Thyer

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Articles

  1. How to teach your iPhone to recognise you while wearing a mask - Huh? “Take a brand-new mask, fold it in left and right, fold the two ear hook ropes and hang them on one ear (both left and right ears),” the researchers state, according to a translation. Once you’ve finished placing the mask over one side of your face, you need to pull up Face ID on your phone, and can either choose to “Reset Face ID” or set up an “alternate appearance”. Anyhow, this is bad idea.
  2. Macs Are More Secure, and Other Jokes You Can Tell Yourself - Thanks for re-posting an article from 2006 (and putting it behind a pay wall). Also, thank you captain obvious: The short answer is: nothing is 100% secure. As long as humans are programming computers and trying to break into them, there will always be backdoors. - I mean a computer that is turned off and buried in the ground is pretty secure. There will not always be backdoors either, there will be vulnerabilities, exposures and opportunities to gain unauthorized access to computer systems, but not always backdoors.
  3. Shift to work-from-home: Most IT pros worried about cloud security - Help Net Security - Conducted by Fugure Fugue prevents cloud misconfiguration and ensures cloud infrastructure stays in continuous compliance with enterprise security policies. Hrm.
  4. The dangers of assumptions in security - Help Net Security
  5. Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic
  6. Podcast: How to secure and speed up your home Wi-Fi network
  7. Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks
  8. New Malware Family Assembles IoT Botnet
  9. Linksys force password reset to prevent Router hijacking
  10. Streaming TV Fraudsters Steal Millions of Ad Dollars in 'ICEBUCKET' Attack
  11. Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000
  12. Details Released for Flaw Allowing Full Control Over VMware Deployments | SecurityWeek.Com

Tyler Robinson's Content:

Tyler Robinson-0.png


News

  1. Hackers Selling critical Zoom zero-day exploits
  2. Intelligence officials say China's cyberspies have moved fastest and most aggressively during the pandemic
  3. Research team uncovered an unsecured database belonging to online marketing firm Maropost, with 95 million email records exposed.
  4. Former Tesla employees brought stolen documents to self-driving startup Zoox Tesla called it a "blatant and intentional act"
  5. The U.S. government is still trying to understand the origins of covid-19
  6. Workers at Hollywood Reporter and Billboard Vandalize Website After Getting Laid Off


Interview: Pen Testing to Validate Vulnerability Scanners - 6:00-6:45PM

Description:

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choose between the two. But that’s not the case. This segment will cover why and how pen testing can be used to validate vulnerability scanner results. To learn more about Core Security, visit: https://securityweekly.com/coresecurity

Guest: Bio:
Magno Gomes is Director, Sales Engineering at Core Security, a HelpSystems Company]
Magno Gomes is a security & network specialist with more than 15 years in the cybersecurity industry. As the Director of Sales Engineering for Core Security, he is passionate about helping organizations manage the ever-changing security risks they face. Pentester at the core, Magno enjoys the security & network spaces for the offensive and defensive security technologies and innovations being developed. He uses this knowledge to continuously enable and educate his peers and customers.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc

Fullaudio - None

Description:

This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself!

To learn more about Core Security, visit: https://securityweekly.com/coresecurity To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



Jeff Man's Content:

Jeff Man 2-0.jpg


Template:PSW647FullaudioJeff Man

Joff Thyer's Content:

Joff Thyer-0.jpg


Template:PSW647FullaudioJoff Thyer

Lee Neely's Content:

Lee Neely-0.jpg


Template:PSW647FullaudioLee Neely

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:PSW647FullaudioPaul Asadoorian

Tyler Robinson's Content:

Tyler Robinson-0.png


Template:PSW647FullaudioTyler Robinson


Interview: Threat Intel Program Strategies - 6:00-6:45PM

Description:

Defining key areas of investment that organizations need to consider in their programs. Within the areas of investment, we talk about functional areas and defining capabilities within each functional area. The end goal is to have a framework that folks can use to document their security program, measure evolution over time, share best practices, organize content and data, and be used as a reference architecture based on community input. To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7

Guest: Bio:
Wade Woolwine is Principal Threat Intelligence Research at Rapid7]
Wade's research focuses on threat intelligence and security program maturity and effectiveness.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Joff Thyer - Security Analyst at Black Hills Information Security
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc