From Paul's Security Weekly
Recorded June 13, 2019 at G-Unit Studios in Rhode Island!
- We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.
Interview: Peter Smith, Edgewise - 6:00-6:30PM
Tech Segment: Corey Thuen, Gravwell - 6:30 - 7:30PM
Security News - 7:30PM-8:30PM
- VMware addressed flaws in its Workstation and Tools
- Streaming Video Fans Open to TV Hijacking
- When Security Goes Off the Rails - Perhaps most interesting are the training findings: "Amtrak did not provide sufficient training on all characteristics of the Charger locomotive," and "Engineers could better master the characteristics of a new locomotive with the use of simulators." How many of us have gotten "sufficient training" on "all characteristics" of the software we use to get our jobs done? What would that even mean for a systems administrator? How long is sufficient RedHat system administration training? What does it mean to get sufficient training on an Amazon Web Services component, which is subject to change at any time? How many of us have ever used a simulator or range?
- Experts Call For IoT Security Regulation
- YouTube bans kids live-streaming without an adult present
- 0patch experts released unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day
- 440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups - Attackers are getting more sneaky and patient: For instance, it takes a little sleep before swinging into action. “These ads do not immediately bombard the user once the offending application is installed, but become visible at least 24 hours after the application is launched,” the researchers said. “For example, obtrusive ads did not present themselves until two weeks after the application ‘Smart Scan’ had been launched on a Lookout test device.”
- PLATINUM APT Found Using Text-based Steganography to Hide Backdoor - The Steganographic Nature of Whitespace or SNOW for short, is a steganographic covert messaging technique that involves “…concealing messages in ASCII text by appending whitespace to the end of [sentence] lines” (Kwan, 2013). The technique exploits the fact that most text viewer applications do not show spaces and tabs which hide encrypted messages that are unreadable even if detected without the correct decryption key.
- Exclusive: Cisco SVP Jeff Reed Talks Firewall of the Future - SDx
- Apple's Find My feature requires two devices, boasts extreme security safeguards
- It's Time To Pay Attention To Zorin OS 15, The Best Desktop Linux Distro You've Never Heard Of
- Switching to Windows? These Are the Best Mac Alternatives
- How to Bypass UAC & Escalate Privileges on Windows Using Metasploit
- Firm Tech Data Leaks 264gb of data Security settings are now fixed, another store of unsecured data in the cloud. Studies are emerging showing cloud data leak root causes are customer configuration.
- GoldBrute botnet targets RDP GoldBrute Botnet brute-forces exposed RDP services. 1.5M nodes compromised, not necessarily using Bluekeep. This underscores risks of exposed RDP services.
- Mystery signal was shutting down keyless fobs in an Ohio Neighborhood Home-brew security device was transmitting on 315Mhz, covered by FCC Part 15 rules, disrupting keyless entry devices.
- HSM Vulnerabilities disclosed, allows remote exploit Researchers publish paper on exploiting weakness in unnamed HSM vendor's product to allow remote takeover of HSM. Unnamed vendor has released a patch.
- Gaming site Emuparadise breach of 1.1M accounts Emuparadise used to host gaming ROMs for emulators. Suffered breach in April 2018, database of accounts was distributed June 9th.