From Paul's Security Weekly
Recorded May 30, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Eric Butash & Mike Klein, Highlander Institute - 6:00 - 6:30PM
Tech Segment: Paul Asadoorian - 6:30-7:00PM
Security News - 7:30PM-8:30PM
- Redditor can stay anonymous, court rules
- The industrys best-kept secret: why mobile ad fraud prevention is just too good to be true
- Spies with that? Police can snoop on McDonald's and Westfield wifi customers
- 8 Ways to Authenticate Without Passwords
- Flipboard Resets User Passwords in Response to Data Breach | SecurityWeek.Com
- Eternally Blue: Baltimore City leaders blame NSA for ransomware attack
- Docker Vulnerability Gives Arbitrary File Access to Host | SecurityWeek.Com
- Trends in Cybersecurity to Watch
- Majority of CISOs plan to ask for an increase in cybersecurity investment - Help Net Security
- Hackers actively exploit WordPress plugin flaw to send visitors to bad sites
- Virus-packed laptop sells as artwork for over RM5.5mil
- Technology is Not Our Problem | SecurityWeek.Com
- What a teen grade hackers confession can teach us
- The cryptominer that kept coming back
- InfoSec Handlers Diary Blog - Analyzing First Stage Shellcode
- Malware Found on PoS Systems at Checkers and Rally's Restaurants | SecurityWeek.Com
- High-Risk Flaws Found in Process Control Systems From B&R Automation | SecurityWeek.Com
- macOS Gatekeeper Bypass Exploits Trust on Network Shares | SecurityWeek.Com
- InfoSec Handlers Diary Blog - nmap Service Fingerprint
- Killer SecOps Skills: Soft Is the New Hard
- Old Threats Are New Again
- Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack
- Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0)
- Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries
- [https://www.cnet.com/news/apple-google-microsoft-blast-uks-ghost-proposal-to-spy-on-encrypted-chats/ Apple, Google, WhatsApp, Microsoft, along with 43 security experts and privacy advocates, have signed an open letter to the GCHQ calling out the UK spy agency's "ghost proposal.”
If they back down from one country, where will they draw the line?]
- Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach)