Difference between revisions of "Episode549"

From Security Weekly Wiki
Jump to navigationJump to search
Line 51: Line 51:
== Larry's Stories ==
== Larry's Stories ==
#[https://gizmodo.com/new-report-on-ai-risks-paints-a-grim-future-1823191087 Bad AI is still AI]
#[http://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf Detecting Lateral movement]
#[https://www.theverge.com/2018/2/27/17054740/palantir-predictive-policing-tool-new-orleans-nopd combine this with even better FB facial recognition...]
#[https://www.evilsocket.net/2018/02/27/All-hail-bettercap-2-0-one-tool-to-rule-them-all/ Bettercap 2.0!]
#[https://www.digicert.com/blog/digicert-statement-trustico-certificate-revocation/ Cert compromises and a bit WTF moment]
#[https://www.secureworldexpo.com/industry-news/north-korea-capable-of-jumping-air-gap FUD or REAL: N. Korean malware can jump air gaps]

Revision as of 16:45, 1 March 2018

Paul's Security Weekly #549

Recorded February 22, 2018 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Announcements

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW89AEE2 to get a $100 discount!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!
    • Security Weekly listeners save $100 off their registration for a full Conference Pass. Go to www.secureworldexpo.com and use the discount code SecurityWeekly, and join us at SecureWorld Boston!

    Interview: Mary Beth Borgwing, Mach37 (Women in Cyber Con.) - 6:00PM-6:45PM

    Mary Beth Borgwing
    is an Advisor to MACH 37.

    Mary Beth Borgwing, Executive Entrepreneur, Standish Cyber Corp Mary Beth Borgwing is an Advisor to MACH 37 and Center for Innovation (CIT) as the Cyber Executive Entrepreneur and serves as an advisor to many startups with Standish Cyber Corp. Borgwing is bridging the leadership gap and providing cybersecurity SME for new cyber products for private equity and venture investment as well as Fortune 1000 clients. Borgwing has served as executive leadership, CEO and board member of several technology and security companies: • President & CEO, board member for LemonFish, data breach discovery, AI and analytics proprietary product for finding your crown jewels, (IP) that are exposed on the open, deep and dark web. Company was acquired March 2017, private equity investors, LLR Partners and Egis Capital. • President of Cyber Risk Practice, Advisen, Ltd, cyber data analytics and technology company that focuses on data and risk analytics in the insurance industry. • Board Advisor, Chief Financial Officer at Vigilant (sold to Deloitte), a SEIM security company. Vigilant provides perimeter security for money-center financial institution, Federal Reserve Bank of New York, Global banks and hedge fund companies. • Board member, CFO of Sentillion (sold to Microsoft), a single sign-on security technology company. Raised $50+M, C round with Merrill Lynch Private Equity, Polaris Partners, InterSouth Partners, Dresdner Klein Worth. Mary Beth has extensive experience in equity funding, financing for technology companies, Enterprise Risk Management(ERM) and executive leadership in the cybersecurity sector. She brings decades of expertise to start-ups in strategy, operations, product development from building many technology companies in Boston, New York and Virginia. She is the Co-Chair Cyber Advisory Board, CompTIA, Advisor to ICMCP, International Minority Cyber Group and Eleven Canterbury, a technology international consultancy in NYC. Borgwing is a frequent speaker on cyber risk at global cyber conferences and contributing author to many national cyber publications.

    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Tech Seg: - 6:45-7:45PM

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Quickjack Advanced Clickjacking & Frame Slicing Attack Tool
    2. How to Fight Mobile Number Port-out Scams
    3. Russians Hacked the Olympics
    4. Top Five Ways Security Vulnerabilities Hide in Your IT Systems
    5. Attackers Using Memcached Servers to Amplify DDoS Attacks
    6. GitHub Hit By Largest DDoS Attack Ever Recorded at 1.35 Tbps
    7. Two Thirds Of Organizations Not Prepared For GDPR Right To Be Forgotten
    8. 23,000 HTTPS Certs Will Be Axed In Next 24 Hours Amid Bitter Turf War

    Larry's Stories

    1. Bad AI is still AI
    2. Detecting Lateral movement
    3. combine this with even better FB facial recognition...
    4. Bettercap 2.0!
    5. Cert compromises and a bit WTF moment
    6. FUD or REAL: N. Korean malware can jump air gaps

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+