Episode610

From Security Weekly Wiki
Revision as of 15:14, 29 May 2019 by Wheat Loaf (talk | contribs) (Created page with "''Recorded June 27, 2019 at G-Unit Studios in Rhode Island!'' ==Episode Audio== <!-- <div align="center"> {{#widget:SoundCloud |id=496965687 |width=75% |height=100 |color=660...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Recorded June 27, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Don Pezet, ITProTV - 6:00-6:30PM

    Don Pezetis the Co-Founder & Edutainer of ITProTV

    Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.

    Topic: Discussing the new CySA+ and PenTest+ certs


    Tech Segment: - 6:30 - 7:30PM



    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Black Hat Q&A: Defending Against Cheaper, Accessible 'Deepfake' Tech
    2. The Rise of 'Purple Teaming'
    3. World's Largest Beer Brewer Sets Up Cybersecurity Team
    4. Report: No Eternal Blue Exploit Found in Baltimore City Ransomware Krebs on Security
    5. Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
    6. Critical Flaw Reported in Popular Chrome Extension from Evernote Users
    7. UP Specifications
    8. Some Raspberry Pi compatible computers
    9. Interesting JavaScript Obfuscation Example - SANS Internet Storm Center
    10. UPDATE: Sysdig Falco v0.15.1 - PenTestIT
    11. Advanced Linux backdoor found in the wild escaped AV detection
    12. Remote attack flaw found in IPTV streaming service | ZDNet
    13. Warnings of world-wide worm attacks are the real deal, new exploit shows - Unfortunately, these tasks often take place in mission-critical environments such as hospitals, factories, and industrial settings. While patching is by far the most effective way to prevent exploits, there are a variety of workarounds that can be deployed. Chief among them is enabling Network Level Authentication (NLA) for Remote Desktop Services, although this defense is ineffective in the event that attackers have compromised the NLA credentials. It may also be possible to at least partially defeat NLA defenses using a remote desktop protocol weakness disclosed Tuesday. So, for these mission critical applications in those environments, where they can't go down, can't be rebooted, and they are so important that patching is out of the question, WHY THE HELL DID YOU CHOOSE WINDOWS? Isn't there a better solution? Is this the fault of the provider? This isn't even a security argument, can't we help fix this problem with better design choices?
    14. Microsoft Warns of Email Attacks Executing Code Using an Old Bug
    15. Radiohead sells recordings to public after hacker threatens to leak them
    16. Microsoft Patches Critical Vulnerabilities in NTLM | SecurityWeek.Com
    17. Jumpboxes: How to avoid storing SSH keys
    18. This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already - With Debian and some other Linux distros, .vimrc ships with modelines already disabled by default, hence those versions are not vulnerable out of the box, though it is still a good idea to update your copy of Vim or Neovim to the latest version.
    19. Google expert disclosed details of an unpatched flaw in SymCrypt library - According to Microsoft, SymCrypt is the primary library for implementing symmetric cryptographic algorithms in Windows 8, it also implements asymmetric cryptographic algorithms starting with Windows 10 version 1703.Ormandy discovered that it is possible to trigger the flaw to cause an infinite loop when making specific cryptographic operations.
    20. Tomorrow's Cybersecurity Analyst Is Not Who You Think
    21. Cognitive Bias Can Hamper Security Decisions

    Larry's Stories

    Lee's Stories