Paul's Security Weekly #543
Interview: Diana Kelley & Ed Moyle - Security Curve - 6:00PM-6:45PM
Diana Kelley is the Cybersecurity Field CTO at Microsoft and a cybersecurity thought leader, practitioner, executive advisor, speaker, author and co-founder of SecurityCurve. She was the Global Executive Security Advisor at IBM Security and built and managed the IBM Security Research Community Newsroom. She leverages 25+ years of cyber risk and security experience to provide advice and guidance to CSOs, CIOs, and CISOs at some of the world’s largest companies. At IBM, she was a regular contributor to X-Force Research, lead author of IBM’s “5 Indisputable Facts about IoT Security” and co-author of the “Securing the C-Suite” and “Cybersecurity in the Cognitive Era” studies.
Ed Moyle is currently Director of Thought Leadership and Research for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 15+ years in information security, Ed has held numerous positions including Senior Manager with CTG’s global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is a co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as an author, public speaker, and analyst.
- How did you get your start in information security?
- With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
- What are the weaknesses ransomware preys upon?
- What is a tabletop exercise?
- Why are they so useful for ransomware?
- For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
- How do you execute on the lessons learned in tabletop exercises?
Tech Segment: Jake Williams, SANS - 6:45-7:45PM
Jake Williams is the founder of Rendition Infosec and is a Senior Instructor at the SANS Institute. He currently performs smatterings of incident response, computer forensics, exploit development, and penetration testing. In a previous life, Jake worked for various three letter agencies doing all sorts of offensive and defensive cyber stuff (way before cyber was cool).
Security News - 7:45PM-8:30PM
- Daniel Miessler on My Writings about IoT Security
- Prosecutors Say Mac Spyware Stole Millions Of User Images Over 13 Years - Disgusting The indictment, filed in US District Court for the Northern District of Ohio's Eastern Division, went on to say that Durachinsky developed a control panel that allowed him to manipulate infected computers and view live images from several machines simultaneously. The indictment also said he produced visual depictions of one or more minors engaging in sexually explicit conduct and that the depiction was transported across state lines. He allegedly developed a version of Fruitfly that was capable of infecting Windows computers as well. Prosecutors are asking the court for an order requiring Durachinsky to forfeit any property he derived from his 13-year campaign, an indication that he may have sold the images and data he acquired to others.
- Fingerprinting Digital Documents
- Skype finally getting end-to-end encryption
- Apple Set To Patch Yet Another macOS Password Security Flaw
- Wi-Fi Alliance launches WPA3 protocol with new security features
- FTC Fines IoT Toy Vendor VTech for Privacy Breach
- 147 Security Vulnerabilities Reported in ICS Mobile Applications
Correction of last weeks story: According to Daniel Miessler’s blog post, it looks like I mismatched the Intel vulnerabilities for the architectures they effect