Paul's Security Weekly #582
Recorded November 8, 2018 at G-Unit Studios in Rhode Island!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
Interview: Corin Imai, DomainTools - 6:00-6:30PM
Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security.
Tech Segment: Eyal Neemany, Javelin Networks - 6:30PM-7:00PM
Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks.
Security News - 7:30 - 8:30PM
- These Vibrating Apps Turn Your Phone Into A Sex Toy
- Cisco Accidentally Released Dirty Cow Exploit Code in Software
- Drone Vulnerability Could Compromise Enterprise Data
- Several Vulnerabilities Patched in nginx
- Top 5 New Open Source Security Vulnerabilities in October 2018
- Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
- IoT Botnet Infects 100,000 Routers To Send Spam
- Apache Struts Vulnerability Would Allow System Takeover
- Flaws In Self-Encrypting SSDs Let Attackers Bypass Encryption
- Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
- On eve of US elections, Facebook blocked 115 accounts engaged in coordinated inauthentic behavior
- U.S. Cyber Command CNMF Shares unclassified malware samples via VirusTotal
- XSS flaw in Evernote allows attackers to execute commands and steal files
- Users Stop Engaging With Brands After Data Breaches, Report Finds
- U.S. Secret Service Warns ID Thieves are Abusing USPSs Mail Scanning Service
- Busting SIM Swappers and SIM Swap Myths
- Public Virtualbox 0-day VM escape - Technical details here
- Security flaws in encrypted SSDs
- SSD flaw leads to Bitlocker compromise
- upcoming Edge 0-day
- US Cyber command uploading unclassified ATP to VirusTotal - from @k8em0, "I wonder how much intel sharing is needed to ensure the US Cyber Command doesn't inadvertently blow an ally's operation when uploading malware samples to @virustotal? Someone should ask the 5 eyes at the #AspenCyber conference. Because friends don't burn friends' ops.”
- Hacking Microsoft Live accounts via subdomain hijacking - poor DNS hygiene...
- Cyber security relics: 4 older technologies still plaguing the infosec world
- Feature Article on my "Does DoD Level Security Work in the Real World?"