Difference between revisions of "Episode610"

From Paul's Security Weekly
Jump to: navigation, search
Line 25: Line 25:
  
 
= Interview: Don Pezet, [https://securityweekly.com/itprotv ITProTV] -  6:00-6:30PM =
 
= Interview: Don Pezet, [https://securityweekly.com/itprotv ITProTV] -  6:00-6:30PM =
[[File:DonPezet.jpg|right|250px|thumb|<center>'''[https://twitter.com/DonPezet Don Pezet]'''is the Co-Founder & Edutainer of [https://securityweekly.com/itprotv ITProTV]</center>]] Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.<br><br>Topic: Discussing the new CySA+ and PenTest+ certs
+
[[File:DonPezet.jpg|right|250px|thumb|<center>'''[https://twitter.com/DonPezet Don Pezet]'''is the Co-Founder & Edutainer of [https://securityweekly.com/itprotv ITProTV]</center>]] Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.<br><br>Topic: Discussing the new CySA+ and PenTest+ certs<br><center>{{#ev:youtube|Ug1wsF37AC0}}</center>
<!--<center>{{#ev:youtube|WJAiTXAvtRQ}}</center>-->
 
  
 
<br>
 
<br>
Line 34: Line 33:
 
*Tools to Hack Your Career<br><br>'''Segment Description:'''<br>We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them.<br><br>'''Segment Resources:'''<br>
 
*Tools to Hack Your Career<br><br>'''Segment Description:'''<br>We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them.<br><br>'''Segment Resources:'''<br>
 
*[https://www.slideshare.net/CyberSecJobs/cyber-security-job-search-and-recruiting Cyber Security Job Search And Recruiting - Slides]
 
*[https://www.slideshare.net/CyberSecJobs/cyber-security-job-search-and-recruiting Cyber Security Job Search And Recruiting - Slides]
*[https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018 Cyber Security/Community Volunteering Survey Results in 2018 - Slides]
+
*[https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018 Cyber Security/Community Volunteering Survey Results in 2018 - Slides]<br><center>{{#ev:youtube|exLj_A_6owY}}</center>
  
 
= Security News - 7:30PM-8:30PM =
 
= Security News - 7:30PM-8:30PM =
 
+
<center>{{#ev:youtube|Os_vxrevgl8}}</center>
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
  
 
== Paul's Stories ==
 
== Paul's Stories ==

Revision as of 18:40, 10 July 2019

Recorded June 27, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to website@securityweekly.net
    • Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri

    Interview: Don Pezet, ITProTV - 6:00-6:30PM

    Don Pezetis the Co-Founder & Edutainer of ITProTV
    Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.

    Topic: Discussing the new CySA+ and PenTest+ certs


    Tech Segment: Kathleen Smith, CyberSecJobs - 6:30 - 7:30PM

    As Chief Marketing Officer for ClearedJobs.Net/CyberSecJobs.Com, both veteran owned companies, Kathleen Smith spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates and military personnel as well as cleared facilities and cyber security employers. Kathleen has built key relationships with recruiting industry leaders as well as community insiders over the last 18 years in the community.

    Kathleen has presented at several security conferences on recruiting and job search within the cyber security world to include BSidesLV, DerbyCon, and FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s two day career track; Women in Cybersecurity, National Conference Planning Committee, and Women in Cybersecurity Celebration Planning Committee. Kathleen is a frequent contributor to The CyberWire on recruiting and job search within the cybersecurity community and was featured in a two part Federal Game Changers podcast. Finally, Kathleen is co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area.

    Segment Title/Topic:

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Cisco addressed critical flaws in Cisco Data Center Network Manager - “The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.” So, this describes just about every vulnerability from Cisco in the past 10 years. The development, and specifically, the QA and testing process is broken. By now, with the resources available to Cisco, you should have developed code that can find these coding mistakes and fix them.
    2. Huawei security: Half its kit has 'at least one potential backdoor' | ZDNet - Researchers from IoT security firm Finite State have given a scathing assessment of the state of security in Huawei's networking device firmware, arguing "there is substantial evidence that zero-day vulnerabilities based on memory corruptions are abundant in Huawei firmware". "In summary, if you include known, remote-access vulnerabilities along with possible backdoors, Huawei devices appear to be at high risk of potential compromise," the firm wrote in a new report. Yea, but vulnerabilities are not a backdoor. Backdoors are put there on purpose, how would you know if a vulnerability was there on purposes? Guess it depends on who exploits it, but attribution is hard.
    3. The fake French minister in a silicone mask who stole millions
    4. YouTubes antics with kids data prompts call for FTC to force change - For years, Google has abdicated its responsibility to kids and families by disingenuously claiming YouTube – a site rife with popular cartoons, nursery rhymes, and toy ads – is not for children under 13. Google profits immensely by delivering ads to kids and must comply with COPPA. It’s time for the FTC to hold Google accountable for its illegal data collection and advertising practices. Interesting: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
    5. Google Makes DNS Over HTTPS Generally Available | SecurityWeek.Com
    6. Thousands of IoT Devices Bricked By Silex Malware
    7. Secrets Management Stinks, Use Some SOPS!
    8. How Hackers Infiltrate Open Source Projects
    9. 2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz? - Look, don't knock Microsoft for making a pivot, they are good people who have transformed the company. Let's face it, Microsoft embracing Linux is good for everyone, except Apple.
    10. Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank
    11. Former Equifax CIO Sentenced to Prison for Insider Trading
    12. Caught in the Web of Shells?
    13. Publish WordPress Post with Python Requests and REST API
    14. Docker containers are filled with vulnerabilities: Here's how the top 1,000 fared
    15. Ransomware Recovery Firm Caught Wanting to Pay Off Hacker
    16. Tales From the SOC: Healthcare Edition | SecurityWeek.Com
    17. Mission Possible: ICS Attacks On Buildings Are a Reality | SecurityWeek.Com
    18. Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs - My heart beats for....my computers: This is according to a study (PDF) emitted this month by a trans-Atlantic pair of brains at UC Berkeley in the US and the University of Edinburgh in Scotland, who reckon electrocardiogram results are easy enough to measure, and vary enough from person to person that a reliable authentication system could be built from consumer hardware.

    Jeff's Stories

    1. Verizon BGP route leak causes Cloudflare customer outages, AWS issues The L0pht warned us...
    2. Nearly 100 drivers following Google Maps detour get stuck in muddy field Lemmings? Did I hear Lemmings?
    3. Breach at Cloud Solution Provider PCM Inc. Come to the cloud, it's simple, it's cheap, it's secure, oops
    4. Inside the West’s failed fight against China’s ‘Cloud Hopper’ hackers
    5. Massive DHS data breach raises questions about Oregon’s cybersecurity protocols Are they TCP or UDP Cybersecurity protocols?
    6. Nine States Pass New And Expanded Data Breach Notification Laws Illinois, Maine, Maryland, Massachusetts, New Jersey, New York, Oregon, Texas, and Washington
    7. Federal Cybersecurity Failures Include a 48-Year-Old System Few People Knew How to Use but if nobody knows how to run it, does anyone know how to hack it?

    Lee's Stories

    1. Mozilla fixes second Firefox zero-day Mozilla posted two updates back-to-back for CVE-2019-11707 and CVE-2019-11708. Update to ESR 60.7.2 or 67.0.4. These are medium risk vulnerabilities that require user interaction, and permit remote code execution.
    2. Cop awarded $585K after colleagues snooped her DMV data Need to know versus want to know? Due Process? Train before you need..
    3. DHS warns of Iranian Wiper Attacks After reported attacks by the US on Iranian targets, the Iranians are (likely) striking back.
    4. Chrome now displays popup on Win 10 lockscreen How to remove chrome pop-up from Windows 10 lock screen.
    5. Iranian group hacking into DNA Sequencers DNA sequencing apps targeted, back door shells installed. Vendor refused to patch apps back in 2017.
    6. Presidential Warnings 'easy' to spoof Researchers from the University of Colorado say U.S. Wireless Emergency Alert (WEA) can be compromised to send fake alerts.
    7. Tesco Hacked on Twitter spoofs Bill Gates for BTC scam Tesco grocer twitter account used for BTC scam, then converted to a fake Bill Gates account which then scammed folks out of PII. Tesco has reclaimed their twitter account.