Psw670

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode #670 - October 15, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Prioritize This, Prioritize That, Prioritize With Context! - 06:00 PM-06:45 PM


Visit https://securityweekly.com/vicarius for more information!


Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Description

Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren’t doing much to save them, either. A new advancement in threat prioritization offers relief, integrating the vulnerabilities’ surrounding characteristics to identify the most severe risks. This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!



Guest(s)

Roi Cohen

Cybersecurity expert with over 15 years of experience. Former research team leader at CyberArk, Penetration tester, and graduate of and elite technology unit @IDF

Shani Reiner (Dodge)

Shani has 10 years of experience working as a cyber security researcher and a data scientist. Her malware research has led to the development of the industry’s most advanced analysis tools. Shani holds a B.Sc. in Computer Science and a M.B.A specializing in finance, strategy and entrepreneurship, both from the Hebrew University of Jerusalem.


Hosts

2. Democratizing & Saasifying Security Operations - 07:00 PM-07:45 PM


Announcements

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Visit securityweekly.com/unlocked to submit your presentation & register for free!

Description

Threats are no longer only a concern of large sophisticated organizations and there is a continued need to democratize security operations and controls so they are accessible to organizations of any size or skill level. Security services and tools need to be plug-in play for anyone with IT skills without requiring security expertise.


Logmira: https://www.blumira.com/logmira-windows-logging-policies

SIEM Detection Tests: https://www.blumira.com/how-to-test-your-siems-detections

Guide to Microsoft Security: https://www.blumira.com/now-available-guide-to-microsoft-security


Guest(s)

Patrick Garrity

Patrick has years of experience in the security industry building and scaling usable security products. He currently leads Blumira’s product, sales and marketing teams. Prior to joining Blumira, he led sales engineering, product marketing and international expansion for Duo Security.


Hosts

3. 'BleedingTooth' Vulnerability, Zoom Rolls Out E2EE, & 50,000 Cameras Compromised - 08:00 PM-09:30 PM


Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, 5 Signs That Point to a Schism in Cybersecurity, and Using nginx to Customize Control of Your Hosted App!


Hosts

Jeff Man's Content:

Articles

  1. Barnes & Noble confirms cyberattack, suspected customer data breach
  2. Carnival ransomware attack affected three brands (never mind it's South Africa -not that there's anything wrong with South Africa!)
  3. Chief justice’s office hit by cyber security breach
  4. Breach at Dickey’s BBQ Smokes 3M Cards
  5. "Why Attack When You Can Defend" I've been invited to present at CERIAS Security Seminar - open to the public
  6. Boise ISSA Information Security Conference also speaking here, also free!

Larry Pesce's Content:

Articles

  1. CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability - with some additional info from the ISC
  2. Supply chain security automation?

Lee Neely's Content:

Articles

  1. A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy. When a hacking organization’s secret tools are stolen and dumped.
  2. Hackers chain Windows, VPN bugs to access government systems The FBI’s Cyber Division leads the nation’s efforts to investigate and prosecute internet crimes. (Source: FBI) Threat actors have gained access to government
  3. Leading Law firm Seyfarth Shaw discloses ransomware attack Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack.
  4. Enterprise Solutions Provider 'Software AG' Hit by Clop Ransomware German enterprise solutions giant Software AG revealed last week that it had been targeted by cybercriminals with the Clop ransomware.
  5. Children and parent info exposed in Georgia DHS data breach Information for children and parents was accessed by hackers over the summer, the Georgia Department of Human Services (DHS) said on Friday.
  6. Spotless hit by ransomware attack Spotless Group, the Downer-owned facilities services provider, is the latest high-profile Australian company to fall victim to ransomware attackers.
  7. Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities. Bluetooth Flaw in Linux Kernel Exploitation consequences include the ability for an unauthenticated attacker to achieve code execution with kernel privileges, obtain potentially sensitive information, and/or cause a denial-of-service (DoS) condition. The severity of these vulnerabilities is offset by the adjacent access required and the attack complexity.
  8. US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP Bug Now High-risk due to the possibility of remote code execution with little to no user interaction required. While remote code execution is possible, sources report that it is difficult to achieve and the Blue Screen of Death (BSoD) is the more likely exploitation consequence.
  9. Hackers Claim to Have Access to 50,000 Home Security Cameras A hacking group is reportedly selling access to home security camera footage on the "Discord" platform that was stolen from more than 50,000 home security cameras and includes footage of children in different states of undress for a one-off subscription fee of $150. Secure your home video cameras! Recommend users change factory settings and employing multi-factor authentication where possible

Paul Asadoorian's Content:

Articles

  1. Osquery: Using D-Bus to query systemd data
  2. Announcing HashiCorp Boundary
  3. Firebase: Google Clouds Evil Twin
  4. Security Analysis of CHERI ISA - Microsoft Security Response Center %
  5. Hacker who helped the ISIS will remain in US prison
  6. Yes, we can validate leaked emails
  7. 'Five Eyes' Alliance Demands Ways to Access Encrypted Apps
  8. Prison video visitation system exposed calls between inmates and lawyers
  9. Microsoft Uses Trademark Law to Disrupt Trickbot Botnet
  10. Kubernetes AWS IAM Integration Issues - Exploitalert
  11. Using nginx to Customize Control of Your Hosted App
  12. 5 Signs That Point to a Schism in Cybersecurity
  13. Shift Happens: Three Hard Truths for Transforming Your Cybersecurity Program
  14. Iran Acknowledges Cyberattacks on Government Departments
  15. Barnes & Noble cyber incident could expose customer shipping addresses, order history
  16. Zoom Rolls Out End-to-End Encryption After Setbacks
  17. Linux: Heap-Based Type Confusion in L2CAP (BleedingTooth)

Tyler Robinson's Content:

Articles