Difference between revisions of "PSWEpisode622"

From Paul's Security Weekly
Jump to: navigation, search
(Created page with "''Recorded October 3, 2019 at G-Unit Studios in Rhode Island!'' ==Episode Audio== <!-- <div align="center"> {{#widget:SoundCloud |id=496965687 |width=75% |height=100 |color=6...")
 
(Larry's Stories)
Line 32: Line 32:
  
 
== Larry's Stories ==
 
== Larry's Stories ==
 +
#[https://securityintelligence.com/news/masad-stealer-preys-on-telegram-users-in-cryptocurrency-theft-campaign/ A malware strain dubbed Masad Stealer is using the Telegram messaging app to steal cryptocurrency by accessing browser passwords and clipboard information, security researchers learned.]
 +
#[https://securityintelligence.com/news/new-gucci-botnet-capable-of-launching-multiple-types-of-ddos-attacks/ Security researchers detected a previously undocumented botnet named Gucci, which is capable of launching multiple types of distributed denial-of-service (DDoS) attacks against targeted organizations.]
 +
#[https://www.cnet.com/news/former-yahoo-engineer-pleads-guilty-to-hacking-6000-accounts-in-hunt-for-nudes/ A former Yahoo software engineer has pleaded guilty to hacking 6,000 user accounts in a hunt for sexual images. Following an FBI investigation, Reyes Daniel Ruiz, 34, also admitted to hacking the iCloud, Facebook, Dropbox and Gmail accounts of his victims, primarily young female colleagues and friends.]
 +
#[https://www.infosecurity-magazine.com/news/pryingeye-vulnerability/ Web-conferencing users who don't assign passwords could be having online meetings with more people than they think, according to new research.]
  
 
== Lee's Stories ==
 
== Lee's Stories ==

Revision as of 22:05, 3 October 2019

Recorded October 3, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Security News - 6:00-6:30PM

    Paul's Stories

    1. American Express Insider Breaches Cardholder Information
    2. Turkey fines Facebook $282,000 over privacy breach
    3. FBI: Don't pay ransomware demands, stop encouraging cybercriminals
    4. WhatsApp Flaw Opens Android Devices to Remote Code Execution Attacks
    5. Measuring the Security of IoT Devices - Schneier on Security
    6. Good cybersecurity comes from focusing on the right things, but what are they? - Help Net Security
    7. Skylight Cyber | All Your Cloud Are Belong To Us (CVE-2019-12491)
    8. MITRE ATT&CK: Clipboard data
    9. 10 Cybersecurity Myths That Criminals Love
    10. Top 5 New Open Source Security Vulnerabilities in September 2019
    11. The Secret to CISO Success? Do This One Thing Extremely Well - Accellion

    Larry's Stories

    1. A malware strain dubbed Masad Stealer is using the Telegram messaging app to steal cryptocurrency by accessing browser passwords and clipboard information, security researchers learned.
    2. Security researchers detected a previously undocumented botnet named Gucci, which is capable of launching multiple types of distributed denial-of-service (DDoS) attacks against targeted organizations.
    3. A former Yahoo software engineer has pleaded guilty to hacking 6,000 user accounts in a hunt for sexual images. Following an FBI investigation, Reyes Daniel Ruiz, 34, also admitted to hacking the iCloud, Facebook, Dropbox and Gmail accounts of his victims, primarily young female colleagues and friends.
    4. Web-conferencing users who don't assign passwords could be having online meetings with more people than they think, according to new research.

    Lee's Stories

    1. Unfixable Jailbreak Exploit released iPhone X and prior vulnerable to exploit, physical access required. Fixed in iPhone 11.
    2. Doordash third-party breach hits 4.9M users Third party security is critical.
    3. "Bulletproof" Dark Web data center seized by German Police While the takedown is significant, services will likely move to alternate hosting sites.
    4. Ex-Yahoo Engineer Hacked accounts seeking Porn Ex-Yahoo Engineer cracked passwords, seeking credentials to access other services, porn, gaming, iTunes, etc.
    5. Microsoft blocks 38 more attachment types in Email These can be enabled by Exchange Admin. Include Python, PowerShell, Java and Certificate file typical extensions.
    6. O.MG Lightning Cable hits Prime Time The O.MG cable is hitting the shelves at Hak5 for $49.




    Interview: Stewart Room, PwC - 6:30 - 7:30PM

    Stewart Roomis a Partner of PwC.
    Stewart Room, CIPP/E, is a partner at PwC UK. He is the global leader of the cyber security and data protection legal services practice, the joint global leader of the multidisciplinary data protection practice, and the UK data protection practice leader. He has more than 25 years of experience as a Barrister and Solicitor, focusing for the majority of this time on data, technology and communications.

    Room specialises in the field of data protection. information management and cyber security, including programme design and delivery, the commercial exploitation of data, the security of data, regulatory investigations and litigation arising from the misuse of data. He is rated as a leading individual in data protection by legal directory Chambers UK, who says he "is the kind of lawyer who inspires confidence" and "he is an excellent, first-rate, tactical lawyer."

    He is one of the founding directors of Cyber Security Challenge UK (which forms part of the UK National Strategy for Cyber Security), the President of the National Association of Data Protection Officers and the editor of the Cyber Security Practitioner journal. Room has written a number of textbooks on information law and is regularly quoted in the press. He is a past winner of the Financial Times Innovative Lawyer of the Year award.

    Segment Topic:
    Data Privacy and The Journey to Code

    Segment Description:
    Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimisation and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy.

    Segment Resources:

    Security & Compliance Introduction - 7:30PM-8:30PM

    It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly. This show is hosted by: Jeff Man, Josh Marpet, and Scott Lyons

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+