Episode616

From Security Weekly Wiki
Revision as of 15:55, 15 August 2019 by Wheat Loaf (talk | contribs) (→‎Hosts)
Jump to navigationJump to search

Recorded August 15, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
    • Qualys is introducing a new prescription for security and it’s FREE: Global IT Asset Discovery and Inventory. Activate it today at securityweekly.com/qualys so you can achieve 100% near real-time visibility across your hybrid environments.


    Interview: Tony Punturiero, Offensive Security - 6:00-7:00PM

    Tony Punturierois the Community Manager at Offensive Security

    Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor, and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland. He earned a BS in Cybersecurity from University of Maryland University College (UMUC) where he is a board member for the award winning UMUC Cyber Padawans. Over the year's, TJ has participated in over 200 Cyber Security competitions across the globe and is a 2 time SANS Netwars Champion.

    TJ is also one of the Founding members/Lead moderators of NetSecFocus--an online Information Security community consisting of 5700+ members that has partnered with other infosec organizations such as Hackthebox, Wizard Labs, and Hackmethod. Other then having a passion for cybersecurity TJ enjoys hiking, traveling, going to breweries, and playing video games.

    Segment Title/Topic:
    The journey of turning from a blue teamer to a red teamer. Kickstarting an Infosec Community and much more!

    Segment Description:
    Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.

    Segment Resources:


    Tech Segment: Stewart Room, PwC- 6:30 - 7:30PM

    Stewart Room
    is the Partner at PwC.

    Stewart Room, CIPP/E, is a partner at PwC UK. He is the global leader of the cyber security and data protection legal services practice, the joint global leader of the multidisciplinary data protection practice, and the UK data protection practice leader. He has more than 25 years of experience as a Barrister and Solicitor, focusing for the majority of this time on data, technology and communications.
    Room specialises in the field of data protection. information management and cyber security, including programme design and delivery, the commercial exploitation of data, the security of data, regulatory investigations and litigation arising from the misuse of data. He is rated as a leading individual in data protection by legal directory Chambers UK, who says he "is the kind of lawyer who inspires confidence" and "he is an excellent, first-rate, tactical lawyer."
    He is one of the founding directors of Cyber Security Challenge UK (which forms part of the UK National Strategy for Cyber Security), the President of the National Association of Data Protection Officers and the editor of the Cyber Security Practitioner journal. Room has written a number of textbooks on information law and is regularly quoted in the press. He is a past winner of the Financial Times Innovative Lawyer of the Year award.

    Segment Topic:
    Data Provacy and The Journey to Code

    Segment Description:
    Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimisation and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy.

    Segment Resources:
    https://www.linkedin.com/feed/update/urn:li:activity:6550420449854058497



    Security News - 7:30 - 8:30PM

    Paul's Stories

    1. Researchers find security flaws in 40 kernel drivers from 20 vendors | ZDNet
    2. What a security researcher learned from monitoring traffic at Defcon
    3. Gamers Beware: Zero-Day in Steam Client Affects All Windows Users
    4. We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe
    5. Hack in the box: Hacking into companies with warshipping
    6. New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
    7. A compendium of container escapes - Help Net Security
    8. NULL license plate gets security researcher $12K in tickets
    9. Serious flaws in six printer brands discovered, fixed
    10. Should You Upgrade to Wi-Fi 6?
    11. Intel Patches High-Severity Flaws in Tools, NUC Firmware | SecurityWeek.Com
    12. The Flaw in Vulnerability Management: It's Time to Get Real
    13. New Research Finds More Struts Vulnerabilities

    Larry's Stories

    Lee's Stories

    1. Malware lingers in SMBs for an average of 800 days before discovery SMBs are often understaffed, or lack staff and infrastructure to detect and respond to Malware.
    2. Update to iOS 12.4 to Block New Vulnerabilities 13% of five year old or less iOS devices are not even running iOS 12.
    3. AirDrop and Password sharing can reveal passwords Bug in AirDrop can be used to reveal device information including a cryptographic hash that can be decoded to the device phone number.
    4. CafePress changes password policy after 23m pwned accounts CafePress was storing passwords insecurely, having users change their passwords fixes that. They aren't really acknowledging the breach.
    5. Equifax Settlement Phishing Surprise, there are phishing emails for the Equifax settlement. Use the FTC Site or go directly to Equifax Settlement site.
    6. New flaws in Qualcomm Chips expose Android Devices to Hacking Critical vulnerabilities dubbed "QualPwn" could allow devices to be exploited via WLAN firmware weakness. Devices with Qualcomm Snapdragon 835 and 435 chips vulnerable.