Difference between revisions of "Episode554"
|Line 13:||Line 13:|
=== Hosts ===
=== Hosts ===
= Announcements =
= Announcements =
Revision as of 12:40, 5 April 2018
Paul's Security Weekly #554
Recorded April 5, 2018 at G-Unit Studios in Rhode Island!
- Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
- Visit securityweekly.com/domaintools to register for our next webcast “Detecting Malicious Domains” hosted by myself and Keith Hoodlet. Tim Helming of DomainTools joins us to show you how to interpret each of the many data points related to a domain. @Wednesday, April 4th 3:00-4:00pm ET
Interview: - 6:00PM-6:45PM
Interview: Masha Sedova, Elevate Security - 6:45-7:45PM
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma and SANS.
Security News - 7:45PM-8:30PM
- Intel drops plans to develop Spectre microcode for ancient chips - Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microcode updates available already, others have had their update cancelled.
- Critical remote code execution vulnerabilities impact Natus medical devices - The firm's electroencephalogram (EEG) offerings are described as "leading-edge features you want in critical care." The systems include amplifier ports compatible with USB and TCP/IP cables, while the NeuroWorks software connects to monitoring equipment to record data in SQL databases.
- Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking - The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily.
- VirusTotal launches 'Droidy' sandbox to detect malicious Android apps - Android Sandbox performs both static and dynamic analysis to automatically detect suspicious applications by executing and monitoring applications in a simulated Android OS environment.
- Cloudflares 220.127.116.11 promises to make DNS more secure
- Facebook and Twitter may be forced to identify bots - according to California lawmakers. They’ve introduced a bill that would give online platforms such as Facebook and Twitter three days to investigate whether a given account is a bot, to disclose that it’s a bot if it is in fact auto-generated, or to remove the bot outright.
- Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
- How Security Can Bridge the Chasm with Development - I believe we need to move past the old way of thinking about this problem (for example, just go have some beers with your developers, etc...). Devops, at its core, blends development with IT and with security into value streams. Once more organizations implement this model, we'll stop seeing development, IT and security working in silos.
- A new Mirai-style botnet is targeting the financial sector
- Hooray! Facebook ditches searching for people by phone number or email
- Python Regex Cheat Sheet
- New Android Malware Secretly Records Phone Calls and Steals Private Data