From Paul's Security Weekly
Jump to: navigation, search

Recorded January 24, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Lee Neely
    is the Sr Cyber Analyst at LLNL,SANS Analyst
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.

  • Announcements

    • RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

    Interview: Chris Morales, Vectra - 6:00-6:30PM

    Chris Moralesis the Head of Security Analytics at Vectra
    Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

    Topics - 6:30 - 7:30PM

    1. How did you get your start in information security?
    2. What is the most challenging part of your security career today? In the past?
    3. What devices and software make common appearances in your lab?
    4. If you built a brand new Raspberry PI, what would you do with it?
    5. What is the number one thing you would do, or exploit, to compromise the security of an organization?
    6. What is your most favorite piece of technology in your home? What are the security ramifications of using it?
    7. What qualities would you look for if you had to hire 1 security person for an organization?
    8. What is the most influential software developed for the security industry?
    9. Who is the most influential person in security today?
    10. What would you say to today’s youth about hacking and security?
    11. What is your favorite hacking movie? TV show?

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. The 51 Things Most Homeowners Arent Doing But Need To
    2. Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
    3. Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert
    4. PHP PEAR official site hacked, tainted package manager distributed for 6 months
    5. Twitter warns that private tweets were public for years
    6. Researchers discover state actors mobile malware efforts because of YOLO OPSEC
    7. Two more Windows zero-days get temporary patches | ZDNet
    8. SD-WAN admin? Your number came up in Cisco's latest bug list
    9. AWS Provides Secure Access to Internal Assets With Amazon WorkLink | SecurityWeek.Com
    10. Database of 24 Million Mortgage, Loan Records Left Exposed Online

    Lee's Stories

    1. If someone is calling from Scam Likely... Cellular carriers are implementing services to identify cell scam leveraging STIR, SHAKEN standards and other techniques to identify these callers.
    2. New Android Malware uses motion sensor to avoid detection. The malware assumes a real device if motion sensor input is detected, to then download a fake android update which includes the Anubis banking trojan.
    3. Linux Malware disables security software to mine cryptocurrency Discovered by Palo Alto Unit 42 finds malware uses flaws in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion.