Changes

From Paul's Security Weekly
Jump to: navigation, search

Episode604

3,002 bytes added, 18:32, 10 July 2019
no edit summary
==Episode Audio==
<!-- <div align="center">
{{#widget:SoundCloud
|id=496965687622542081
|width=75%
|height=100
|visual=false
}}
</div> -->
=== Hosts ===
{{Template:Paul}}
{{Template:Matt}}
{{Template:Larry}}
{{Template:LeeNeely}}
{{Template:Jeff}}
<br><br>
= Interview: Julian Zottl, Raytheon - 6:00-6:30PM =
[[File:JulianZottl.jpg|right|250px|thumb|<center>'''[https://twitter.com/sabreofsd Julian Zottl]'''is the Cyber and Information Operations SME at [https://raytheon.com Raytheon]</center>]] Julian Zottl is a Cyber and Information Operations Subject Matter Expert (SME) for Raytheon Intelligence, Information and Services (IIS) business. IIS is a leader in intelligence, surveillance reconnaissance; advanced cyber solutions; weather and environmental solutions and information-based solutions for homeland security. It also provides training, logistics, engineering, product support, and operational support services and solutions for the mission support, homeland security, space, civil aviation, counter-proliferation and counterterrorism markets.<!--br><center>{{#ev:youtube|WJAiTXAvtRQCYo74WzDTlM}}</center>-->
<br>
= Tech Segment: How To Fix Identity & Access Management, Federico Simonetti - 6:30 - 7:30PM =
[[File:FedericoSimonetti.jpg|right|250px|thumb|<center>'''[https://www.linkedin.com/in/backdream Federico Simonetti]'''is the CTO of [https://www.xiid.com/ Xiid Corporation]</center>]] - Former ethical hacker (DDT)<br>- Former professor of operating systems security at the University of Milan<br>- Developed software for the Italian anti-terrorism and anti-pedophile police<br>- Serial entrepreneur with several successful exits in his past<br>- Hardcore software designer, with award-winning software titles on his resume<br><br>Topic: How to fix Identity and Access Management<br> All IAM solutions are logically flawed from a security standpoint, they either ask for a synchronized copy of the identity database or for open inbound ports on the firewall. But there is a design that fixes all those issues, making IAM much safer.<center>{{#ev:youtube|LVLfl9LLlxs}}</center>
<br>
= Security News - 7:30PM-8:30PM =
 <!-- <center>{{#ev:youtube|iPHM80z9D9krmaiXWFKw6U}}</center>-->
== Paul's Stories ==
== Larry's Stories ==
#[https://thrangrycat.com/ thrangrycat, Cisco 0-day, and the first exploit named with only emoticon….]
#[https://mdsattacks.com/ MDS attacks, Rogue In-flight Data Load, and intel CPU hardware attacks.]
#[https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ 0-day in Microsoft Remote Desktop Services, pre-authentication]
#[https://arstechnica.com/information-technology/2019/05/the-radio-navigation-planes-use-to-land-safely-is-insecure-and-can-be-hacked/ Plane radio navigation can be hacked with a $600 SDR…easily thwarted, but this article puts all of the parts together.]
#[https://arstechnica.com/information-technology/2019/05/google-warns-bluetooth-titan-security-keys-can-be-hijacked-by-nearby-hackers/ Google’s BLE titan security keys are easily hijacked]
#[https://www-01.ibm.com/support/docview.wss?uid=ibm10883628 …and because IBM felt left 0ut RCE in WebLogic]
== Lee's Stories ==
#[http://thehill.com/policy/cybersecurity/443152-lawmakers-offer-measure-requiring-cyber-it-training-for-house US House of Representatives requires Information Security trainng] The US House of Representatives is just requiring itself to complete annual cyber training. In today's threat environment, quarterly and monthly training is more the norm, and NIST SP 800-53 already requires it for federal information system users.
#[http://www.fedscoop.com/supply-chain-threats-prompt-senate-legislation-training-acquisition-officials/ Supply Chain Security training legislated] Training proposed for acquisition officials on the heals of ASUS and other similar hardware issues. Supply chain defects bypasses traditional perimeter protections, and has to apply to anyone processing your dats.
#[https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/ Cisco Router bug in boot Trust Anchor] While not being actively exploited, update your cisco routers NOW, check the [http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot Cisco Advisory] for specific products and updates
#[https://www.computing.co.uk/ctg/news/3075802/zombieload-intel-security-flaw-speculative-execution New Zombieland Intel Security flaw using speculative execution] There are more and more flaws that exploit the speculative execution in Intel chips. They are getting media attention with sexy names and logos. Most are low-risk due to the level of direct intervention to exploit.
#[https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/ Hackers add Magcart skimmer to Forbes online shopping cart] Hackers insert skimmer that collected card numbers, CCV, Expiration, home addresses, etc.
== Jeff's Stories ==
<br><br>Let's pause to remember one of the great Cryptologic Successes of World War II#[https://www.npr.org/2019/05/12/722629025/world-war-ii-veteran-and-navajo-code-talker-fleming-begaye-sr-dies-at-97 WWII Veteran and Navajo Code Talker Fleming Begaye Sr. Dies at 97] It's been a banner week for vulnerability disclosures...#[https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry Microsoft Issues Urgent Fix for Windows in First XP Patch since Wannacry] Wait, what? Nobody is still using XP are they???#[https://www.techradar.com/news/major-security-issues-found-in-cisco-routers Major Security Issues Found in Cisco Routers] #[https://arstechnica.com/information-technology/2019/05/whatsapp-vulnerability-exploited-to-infect-phones-with-israeli-spyware/ WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware]#[https://www.engadget.com/2019/05/15/intel-mds-exploit/ Install updates now to address a vulnerability in most Intel CPUs]

Navigation menu