From Security Weekly Wiki
Jump to navigationJump to search
4,871 bytes added ,  22:32, 3 October 2019
#[ "Bulletproof" Dark Web data center seized by German Police] While the takedown is significant, services will likely move to alternate hosting sites.
#[ Ex-Yahoo Engineer Hacked accounts seeking Porn] Ex-Yahoo Engineer cracked passwords, seeking credentials to access other services, porn, gaming, iTunes, etc.
#[ Microsoft blocks 38 more attachment types in Email] These can be enabled by Exchange Admin. Include Python, PowerShell, Java and Certificate file typical extensions.
#[ O.MG Lightning Cable hits Prime Time] The O.MG cable is hitting the shelves at [ Hak5] for $49.
#[ Fake browser Updates Infect Enterprises with Ransomware, Banking Trojans] JavaScript popup indicating old browser, linked update is fake version. Payloads include Dridex, NetSupporter Manager RAT, AZOrult and Chthonic.
#[ Tax and PII records of 20 Million Russians stored without encryption, leaked online] Records from 2009-2016 exposed online via exposed AWS instance. Ukrainian owner of AWS instance determined, unknown if hackers have leveraged the data.
<!-- = Interview: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM =
[[File:PeterKruse.jpg|right|250px|thumb|<center>'''[ Peter Kruse]'''is the Founder of [ CSIS Security Group & Cybercrime Investigator].</center>]] Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.<br><br>Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.<br><br>'''Segment Topic:'''<br>Cybercrime, threat hunting, APT, spear phishing and tactics etc<br><br>'''Segment Resources:'''<br>"Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more." -->
= Tech SegmentInterview: Stewart Room, PwC - 6:30 - 7:30PM =<!-- [[File:PeterSmithStewartRoom.jpg|right|250px|thumb|<center>'''[ Peter SmithStewartRoom Stewart Room]'''is the Founder & CEO a Partner of [ EdgewisePwC].</center>]] Stewart Room, CIPP/E, is a partner at PwC UK. He is the global leader of the cyber security and data protection legal services practice, the joint global leader of the multidisciplinary data protection practice, and the UK data protection practice leader. He has more than 25 years of experience as a Barrister and Solicitor, focusing for the majority of this time on data, technology and communications.<br><br>Room specialises in the field of data protection. information management and cyber security, including programme design and delivery, the commercial exploitation of data, the security of data, regulatory investigations and litigation arising from the misuse of data. He is rated as a leading individual in data protection by legal directory Chambers UK, who says he "is the kind of lawyer who inspires confidence" and "he is an excellent, first--rate, tactical lawyer."<br><br>He is one of the founding directors of Cyber Security Challenge UK (which forms part of the UK National Strategy for Cyber Security), the President of the National Association of Data Protection Officers and the editor of the Cyber Security Practitioner journal. Room has written a number of textbooks on information law and is regularly quoted in the press. He is a past winner of the Financial Times Innovative Lawyer of the Year award.<br><br>'''Segment Topic:'''<br>Data Privacy and The Journey to Code<br><br>'''Segment Description:'''<br>Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimisation and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy.<br><br>'''Segment Resources:'''<br> = - 7* =6550420449854058497
= Security & Compliance Introduction - 7:30PM-8:30PM =
It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.
This show is hosted by: Jeff Man, Josh Marpet, and Scott Lyons


Navigation menu