Difference between revisions of "Episode611"
From Paul's Security Weekly
|Line 41:||Line 41:|
== Larry's Stories ==
== Larry's Stories ==
== Patrick's Stories ==
== Patrick's Stories ==
Revision as of 18:28, 11 July 2019
Recorded July 11, 2019 at G-Unit Studios in Rhode Island!
- Register for our upcoming webcasts with ISC2 by going to securityweekly.com/webcasts . If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand. Also, you can now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!
- Some of you told us that you are overwhelmed by the amount of content we distribute! To help you get selected topics you're interested in, join our new listener interest list! Sign up for a list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a 15% discount to sit for any of their Bootcamp Courses or Workshops! Visit Securityweekly.com/hackerhalted to register now!
Interview: Blue/Purple Teaming (defense) - Ben Mauch, TrustedSec - 6:00-6:30PM
Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.
- Education & Certifications
- GIAC Certified Penetration Tester (GPEN)
- Professional Affiliations
- Board Member for Secure Chicago, LLC
- Passion for Security
- Ben has dedicated himself to the security industry for the past 15 years.
He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.
Security News - 6:30 - 7:30PM
An open question: PGP vs Signal for e-mail secure communication? Adoption of PGP vs Signal?
- Malware on the High Seas - phishing being used against the US Cost Guard in an attempt to gain access to data on the vessels.
- Microsoft warns of file-less malware attack Astaroth, reminds me of what we do as red teasers
- Unattended, no click Zoom hacks
- Hate crime perps caught because they automatically connected to WiFi
- US weapon systems hacked in 9 second because of default passwords and other DoD cyber security folly
- GoBotKR botnet through pirate Korean videos
- Apple iMessage bug bricks phones, patch available
- Android apps harvest data, even though they were told not to
- Zoom RCE Vulnerability Found
- YouTube banning hacking videos, now admits mistake
- Android Won't Take No For an Answer More than 1000 Android apps still collect personal data even after user clicks no.
- Porn Pirating Lawyers sentenced - A US lawyer who uploaded pornography on to file-sharing sites then sued people who downloaded it, has been sentenced to five years in jail.
- Crypto Peer-to-Peer Exchanges Grow in Popularity as Regulatory Scrutiny Rises - The uptick in regulatory scrutiny amid this year’s re-emergence of cryptocurrencies is driving some of the speculative asset classes’ biggest advocates further into the darkest corners of finance.
- Rhode Island Governor Cuts CISO Position from Cabinet - The controversial decision to eliminate the state's chief information security officer has inspired criticism, though state officials have promised a continued commitment to cybersecurity efforts.
- Cybersecurity Firm McAfee Preps for Public Market Return - The company's owners - private-equity firms TPG and Thoma Bravo, and chipmaker Intel - have been meeting with bankers this week to discuss plans for an initial public offering that could occur later this year, The Wall Street Journal reports.
- Chinese Tourists forced to install Software at border Chinese border officials side-load JingWang application; primarily targeting Xinjiang's Uighur population; that sends device data to their servers, un-encrypted, for analysis also searches for 73,000 files of interest such as religious videos, images and electronic documents.
- 1TB Police Bodycam footage available online The police department IT service providers, who were collecting the videos were compromised. Make sure that your service provider is InfoSec aware. Should we expect the hackers to store the acquired content securely?
- Orvibo IoT management database insecure SmartMate device management database, with 2 Billion records for devices in 2 Million households had no protection and included usernames, non-salted MD5 Hashed passwords, password reset codes and device location data. How secure is your IoT management system?
- Russian hackers target banks Hacker group compromises IT systems, causes ATM to dispense any amount unchecked.
- U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers Hckers exploit Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
- Huawei Employees linked to China State Intel Agencies Look to the big picture - consider the alliances of your suppliers, at all levels. Who are they truly working for?
Tech Segment: Reinhard Hochrieser, Jumio - 7:30PM-8:30PM
Today’s State of Security Demands the Need for Biometric Authentication
- Growth of account takeover and how to prevent it – Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user’s existing account, tips to protect against account takeover
- Death of traditional authentication methods & rise of biometric-based authentication – Two-factor authentication, passwords and knowledge-based authentication are no longer reliable or secure because they can be easily bypassed. Companies need to embrace emerging technology, such as artificial intelligence, augmented intelligence and machine learning, and adopt new authentication methods, like biometric-based authentication, to fight automated fraud and protect their online ecosystems.