Difference between revisions of "Episode546"

From Security Weekly Wiki
Jump to navigationJump to search
Line 59: Line 59:
  
 
== Jeff's Stories ==
 
== Jeff's Stories ==
 +
#[https://arstechnica.com/information-technology/2018/02/threat-or-menace-autosploit-tool-sparks-fears-of-empowered-script-kiddies/ Releasing Autosploit: Threat or Menace?]
 +
#[https://www.axios.com/white-house-response-strava-heat-map-exposing-armed-forces-abroad-3e168ca5-e55a-47d7-b0d4-9a10a9551404.html White House: Strava heat map is a "security risk" (Or is it?)]
  
 
== Larry's Stories ==
 
== Larry's Stories ==

Revision as of 15:27, 1 February 2018

Paul's Security Weekly #546

Recorded February 1, 2018 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
    • Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!


    Interview: Mark Arnold & Will Gragido, InfoSecWorld Speakers - 6:00PM-6:45PM

    Will Gragido
    is the Director of Advanced Threat Protection of Digital Guardian.

    Will Gragido is an internationally recognized information security specialist. He has more than twenty years of experience network and host security, protocol analysis, incident response, design, penetration & red teaming, vulnerability and malware analysis, protocol exploitation, threat intelligence and counterintelligence. He began his career in the United States Marine Corps data communications security and intelligence community. After concluding his military service, Will began applying his skills in national and international consultancies, most notably as a Principal Consultant with the internationally acclaimed International Network Services. His work and experience also led to a contributing role in the creation of the internationally recognized risk management and assessment tool, Trust Check.

    Will has worked with some of the industries most respected threat research organizations including the security practice at International Network Services (now BT INS), Internet Security Systems X-Force, McAfee, Damballa, Cassandra Security, HP TippingPoint DVLabs (now TrendMicro), and Digital Shadows. Most recently Will has returned to the world of product management taking on a strategic role with industry data protection luminaries, Digital Guardian.

    Will is a sought after international speaker, author, and subject matter expert with years of experience working with the media. Recently, Will has appeared as a subject matter expert on ShowTime’s Darknet series discussing ransomware and has co-authored a number of papers and three books for Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats (Syngress, 2011), Blackhatonomics: An Inside Look at The Economics of Cybercrime (Syngress, 2012), and Threat Forecasting: Leveraging BigData for Predicative Analysis (Syngress, 2016).

    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Tech Seg: Want to test the MITRE Attack technique matrix? Look no further than Caldera - 6:45-7:45PM

    This fantastic tool automates the checks for a large portion of MITREs awesome framework.

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. This smart vibrator can be "easily" hacked and remotely controlled by anyone
    2. CT, MRI machines face the greatest risk of cyberattack, researchers warn | ZDNet
    3. Threat or menace? Autosploit tool sparks fears of empowered script kiddies
    4. Bitcoin exchange robbed by real-life bank robbers with real-life guns
    5. Subway Elevators and Movie-Plot Threats
    6. Subway Elevators and Movie-Plot Threats
    7. Deepfakes AI celebrity porn channel shut down by Discord
    8. Multiple vulnerabilities in 7-Zip. Get it updated now!
    9. Millennials, careless with passwords, spur shift to biometrics study
    10. What is microsegmentation? How getting granular improves network security
    11. A real-life armed robbery of an online Bitcoin exchange
    12. California Senate defies FCC, approves net neutrality law
    13. NSA Exploit Use On Rise For Crypto Currency Mining
    14. Security Breaches Don't Affect Stock Price
    15. Dissecting the Latest Koobface Facebook Campaign
    16. Lies and More Lies
    17. First Jackpotting Attacks Hit U.S. ATMs
    18. Estimating the Cost of Internet Insecurity

    Jeff's Stories

    1. Releasing Autosploit: Threat or Menace?
    2. White House: Strava heat map is a "security risk" (Or is it?)

    Larry's Stories

    Jack's Stories

    Joff's Stories

    Keith's Stories

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+