Recorded June 13, 2019 at G-Unit Studios in Rhode Island!
- We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
Interview: Peter Smith, Edgewise - 6:00-6:30PM
Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike. Most recently, Peter was on the founding team at Infinio Systems where he led product and technology strategy.
Tech Segment: Corey Thuen, Gravwell - 6:30 - 7:30PM
Corey Thuen co-founded Gravwell to enable log management of every data type an organization might need for success -- analyzing binary packets alongside syslog with a dash of business KPIs enables analytics that improve the entire organization, not just reduce security risk. Prior to founding Gravwell, Corey conducted security assessments on anything from power equipment to vehicle computers to over-engineered juicers while working for companies such as IOActive, Digital Bond, and Southfork Security. Before that Corey did cybersecurity work for the US Department of Energy at Idaho National Laboratory and the FBI.
Topic: Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.
- This week Mark Russinovich released an update to sysmon that adds DNS logging to the popular (and free) endpoint monitoring tool. In this segment, Corey will talk about sysmon use cases and deployment, crack open the new DNS events, conduct some endpoint DNS analytics, and then incorporate threat feeds to stand up DNS monitoring (time permitting).
- Obviously this all hinges on the tool actually going out. As of June 8, that's still the plan: https://twitter.com/markrussinovich/status/1137466538322042880
Security News - 7:30PM-8:30PM
- VMware addressed flaws in its Workstation and Tools
- Streaming Video Fans Open to TV Hijacking
- When Security Goes Off the Rails - Perhaps most interesting are the training findings: "Amtrak did not provide sufficient training on all characteristics of the Charger locomotive," and "Engineers could better master the characteristics of a new locomotive with the use of simulators." How many of us have gotten "sufficient training" on "all characteristics" of the software we use to get our jobs done? What would that even mean for a systems administrator? How long is sufficient RedHat system administration training? What does it mean to get sufficient training on an Amazon Web Services component, which is subject to change at any time? How many of us have ever used a simulator or range?
- Experts Call For IoT Security Regulation
- YouTube bans kids live-streaming without an adult present
- 0patch experts released unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day
- 440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups - Attackers are getting more sneaky and patient: For instance, it takes a little sleep before swinging into action. “These ads do not immediately bombard the user once the offending application is installed, but become visible at least 24 hours after the application is launched,” the researchers said. “For example, obtrusive ads did not present themselves until two weeks after the application ‘Smart Scan’ had been launched on a Lookout test device.”
- PLATINUM APT Found Using Text-based Steganography to Hide Backdoor - The Steganographic Nature of Whitespace or SNOW for short, is a steganographic covert messaging technique that involves “…concealing messages in ASCII text by appending whitespace to the end of [sentence] lines” (Kwan, 2013). The technique exploits the fact that most text viewer applications do not show spaces and tabs which hide encrypted messages that are unreadable even if detected without the correct decryption key.
- Exclusive: Cisco SVP Jeff Reed Talks Firewall of the Future - SDx
- Apple's Find My feature requires two devices, boasts extreme security safeguards
- It's Time To Pay Attention To Zorin OS 15, The Best Desktop Linux Distro You've Never Heard Of
- Switching to Windows? These Are the Best Mac Alternatives
- How to Bypass UAC & Escalate Privileges on Windows Using Metasploit
- Firm Tech Data Leaks 264gb of data Security settings are now fixed, another store of unsecured data in the cloud. Studies are emerging showing cloud data leak root causes are customer configuration.
- GoldBrute botnet targets RDP GoldBrute Botnet brute-forces exposed RDP services. 1.5M nodes compromised, not necessarily using Bluekeep. This underscores risks of exposed RDP services.
- Mystery signal was shutting down keyless fobs in an Ohio Neighborhood Home-brew security device was transmitting on 315Mhz, covered by FCC Part 15 rules, disrupting keyless entry devices.
- HSM Vulnerabilities disclosed, allows remote exploit Researchers publish paper on exploiting weakness in unnamed HSM vendor's product to allow remote takeover of HSM. Unnamed vendor has released a patch.
- Gaming site Emuparadise breach of 1.1M accounts Emuparadise used to host gaming ROMs for emulators. Suffered breach in April 2018, database of accounts was distributed June 9th.