Difference between revisions of "PSWEpisode623"
From Paul's Security Weekly
(→Interview: Daniel DeCloss, PlexTrac - 6:00-6:30PM)
|Line 39:||Line 39:|
== Larry's Stories ==
== Larry's Stories ==
== Joff's Stories ==
== Joff's Stories ==
Revision as of 22:27, 17 October 2019
Recorded October 17, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Daniel DeCloss, PlexTrac - 6:00-6:30PM
Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.
What makes a good pentest report?
The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.
Security News - 7:30PM-8:30PM
- Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
- Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
- Vulnerability found and fixed in HP bloatware | ZDNet
- 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
- Cybercrime Tool Prices Bump Up in Dark Web Markets
- Pen testers find mystery black box connected to ships engines
- Using Machine Learning to Detect IP Hijacking - Schneier on Security
- Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
- Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
- Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
- Critical and high-severity flaws addressed in Cisco Aironet APs
- ISC Releases Security Advisories for BIND | CISA
- Older Amazon Devices Subject to Old Wi-Fi Vulnerability
- D-Link routers remote exploit to remain unmatched
- FBI Warns of MFA bypass with SIM porting
- Android Privesc in the wild.
- Father of Unix Ken Thompson’s password finally cracked
- USB device security still lacking
- Free WiFi tracks your location even when you are not connected
- 36 pieces of consequential code
Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM
Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.
Cybercrime, threat hunting, APT, spear phishing and tactics etc
"Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."