Difference between revisions of "Episode598"

From Security Weekly Wiki
Jump to navigationJump to search
Line 16: Line 16:

Revision as of 17:19, 20 March 2019

Recorded March 21, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.

  • Announcements

    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!

    • SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting secureworldexpo.com and using the code 'SecurityWeekly'.

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Marcus Carey, Tribe of Hackers - 6:00-6:30PM

    Tech Segment: DomainTools - 6:30 - 7:30PM

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Algorithms can now find bugs in computer chips before they are made - Help Net Security
    2. Advanced Breach Protection Demystified Untold Truths On Security Beyond AV
    3. Quantum Computing and Code-Breaking
    4. Operation SaboTor Police arrested 61 vendors and buyers in the dark web
    5. Grindr Poses National Security Risk, U.S. Gov Says
    6. Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
    7. Microsoft Tackles IoT Security with New Azure Updates
    8. New Shodan Monitor service allows tracking Internet-Exposed devices

    Lee's Stories

    1. DMSniff POS Malware uses DGA to stay active DMSniff malware uses DGA techniques to avoide detection searches direct memory for card numbers and send them to the C2. Includes 11 variants of DGA.
    2. Android Q will come with improved privacy protections The next version of Android will no longer provide contact affinity information, use randomized MAC addresses making location analytics more difficult and only on screen, in focus apps will be able to access clipboard information.
    3. Scammers abusing Kiwis' Generosity Phishing, hacked web sites, and other scams are cropping up in the wake of the Christchurch tragedy, CERT NZ is collecting scam reports, raising awareness and providing real references.
    4. Hacked Tornado Sirens taken offline ahead of major storm 40 Hacked tornado sirens in North Texas taken offline one day prior to expected storms, remniscent of the Dallas hack in 2017. While not connected, the Dallas hack involved radio manipulation, and reminded us to verify communication paths were secure.