Difference between revisions of "PSWEpisode633"

From Security Weekly Wiki
Jump to navigationJump to search
Line 44: Line 44:
 
[[File:ChrisPainter.jpg|right|250px|thumb|<center>'''[https://twitter.com/C_Painter Chris Painter]'''is the Commissioner of [https://cyberstability.org/ Global Commission on the Stability of Cyberspace].</center>]] Chris Painter is a globally recognized leader and expert on cyber policy, Cyber Diplomacy and combating cybercrime. He has been on the vanguard of US and international cyber issues for over twenty-five years—first as a leading federal prosecutor of some of the most high-profile cybercrime cases in the country, then as a senior official at the Department of Justice, the FBI, the Senior Director for Cyber Policy at the White House National Security Council and finally as the world’s first top cyber diplomat at the State Department. In his State Department role, Mr. Painter helped create a whole new area of foreign policy focus and there are now cyber diplomats in over thirty countries. He has helped drive, initiated or been involved in virtually every major US cyber policy for over a decade and has created innovative new organizations and approaches to deal with threats and take advantage of opportunities in cyberspace. He was awarded the Order of the Rising Sun in 2018 by the Government of Japan for promoting Japan-US Cyber collaboration, awarded the RSA Conference Award for Public Policy, and was named the Bartels World Affairs Fellow for 2017-18 by Cornell University. Among other things, he currently serves as a William J. Perry fellow at Stanford’s Center for International Security and Cooperation, Commissioner on the Global Commission for the Stability of Cyberspace, Chair of the Global Forum for Cyber Expertise Working Group on Strategy and Policy, a member of the Board of Directors for the Center for Internet Security and an Associate Fellow at Chatham House.
 
[[File:ChrisPainter.jpg|right|250px|thumb|<center>'''[https://twitter.com/C_Painter Chris Painter]'''is the Commissioner of [https://cyberstability.org/ Global Commission on the Stability of Cyberspace].</center>]] Chris Painter is a globally recognized leader and expert on cyber policy, Cyber Diplomacy and combating cybercrime. He has been on the vanguard of US and international cyber issues for over twenty-five years—first as a leading federal prosecutor of some of the most high-profile cybercrime cases in the country, then as a senior official at the Department of Justice, the FBI, the Senior Director for Cyber Policy at the White House National Security Council and finally as the world’s first top cyber diplomat at the State Department. In his State Department role, Mr. Painter helped create a whole new area of foreign policy focus and there are now cyber diplomats in over thirty countries. He has helped drive, initiated or been involved in virtually every major US cyber policy for over a decade and has created innovative new organizations and approaches to deal with threats and take advantage of opportunities in cyberspace. He was awarded the Order of the Rising Sun in 2018 by the Government of Japan for promoting Japan-US Cyber collaboration, awarded the RSA Conference Award for Public Policy, and was named the Bartels World Affairs Fellow for 2017-18 by Cornell University. Among other things, he currently serves as a William J. Perry fellow at Stanford’s Center for International Security and Cooperation, Commissioner on the Global Commission for the Stability of Cyberspace, Chair of the Global Forum for Cyber Expertise Working Group on Strategy and Policy, a member of the Board of Directors for the Center for Internet Security and an Associate Fellow at Chatham House.
 
<br>
 
<br>
# How did you get your start in cybersecurity and cybersucirty policies and law?
+
# How did you get your start in cybersecurity and cybersecurity policies and law?
# What are the major obsticales today trying to find and prosecute international cyber criminals?
+
# What are the major obstacles today trying to find and prosecute international cybercriminals?
 
# How do the laws differ in other countries for things such as hacking back? For example, Japan has taken a stance recently on identifying vulnerabilities in consumer IoT devices over the Internet.
 
# How do the laws differ in other countries for things such as hacking back? For example, Japan has taken a stance recently on identifying vulnerabilities in consumer IoT devices over the Internet.
# How do we deal with the obvious issue of nation states wanting to cover up hacking activities because they orginate from within the Government of the country?
+
# How do we deal with the obvious issue of nation-states wanting to cover up hacking activities because they originate from within the Government of the country?
# What can we do do curb IP theft by other countries such as China?
+
# What can we do curb IP theft by other countries such as China?
 
# With IoT, how can global regulations be enforced to require manufacturers to produce more secure devices?
 
# With IoT, how can global regulations be enforced to require manufacturers to produce more secure devices?
# What are the impacts of sanctions against other countries in an effort to curb nation state hacking?
+
# What are the impacts of sanctions against other countries in an effort to curb nation-state hacking?
  
 
= Security News - 7:30-8:30PM =
 
= Security News - 7:30-8:30PM =

Revision as of 21:55, 2 January 2020

Recorded January 2, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Tyler Robinson
    Managing Director of Network Operations at Nisos, Inc .


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Kavya Pearlman, XR Safety Initiative - 6:00-6:45PM

    Kavya Pearlman is the Cybersecurity Strategist of Wallarm & the CEO at XR Safety Initiative

    Well known as the “Cyber Guardian”, Kavya Pearlman is an Award-winning cybersecurity professional with a deep interest in emerging technologies. Kavya is the Global Cybersecurity Strategist at Wallarm, a global security company that protects hundreds of customers across e-commerce, fintech, health-tech, and SaaS for their artificial intelligence powered application security platform.

    Kavya is the founder of non-profit, XR Safety Initiative (XRSI), the very first global effort that promotes privacy, security, ethics and develops standards and guidelines for Virtual Reality, Augmented Reality and Mixed Reality (VR/AR/MR) collectively known as XR. She has previously advised Facebook on third party security risks during 2016 US presidential elections, reviewing security for various third parties of all sizes configurations and cloud composition.

    Kavya is constantly exploring new technologies to solve current cybersecurity challenges. She has been named one of the Top Cybersecurity influencers for two consecutive years 2018-29019 by IFSEC Global. Kavya has won many awards for her work and contribution to the security community including 40 under 40 Top Business Executives 2019 by San Francisco Business Times, Rising Star of the year 2019 by Women in IT Award Series and Minority CISO of the Year 2018 by ICMCP. For her work with XR Safety Initiative, Middle East CISO Council recently awarded her - CISO 100 Women Security Leader award in Dubai. Recently, Kavya was nominated as the "Innovator of the year 2019" by Women in IT Award Series and East Bay Innovation Award.

    Kavya has helped build Cloud Security Standards for National Institute of Standards and Technology (NIST) and Cloud Security Alliance (CSA). She holds many prestigious Information Security certifications including CISM (Certified Information Security Manager) from ISACA, PCI-DSS-ISA (Internal Security Assessor) and PCIP for Payment Card Industry Security Standard Council. Kavya is truly passionate about her work and inspires many around the world including women and underrepresented communities in security and emerging technologies. Kavya gives back to the tech community by mentoring women through “Million Women Mentor” program and is a board of director for non-profit “Minorities in Cybersecurity” as well as advisory board member for “CISO Council North America”.

    Segment Topic:
    Who is going to protect the Brave New Virtual Worlds and HOW?

    Segment Description:
    Emerging technologies such as Virtual, Augmented and Mixed Reality are inevitably gaining momentum and helping businesses gain competitive advantage. These technological advancements are giving rise to digital transformation as well as digital risks. The bigger question is who will protect these technologies. While the world is catching up on the business aspects and the real use cases, Silicon Valley startups are already gearing up to combat the risks born alongside emerging tech’s benefits. The Valley companies are utilizing the same technologies to combat the associated risks.
    My Quest to protect these Brave New Vitual Worlds has taken me around the world and connected me to the geniuses at Wallarm. In this segment, I will talk about WHY I believe Wallarm, XRSI and companies alike are the ones moving fast to protect the Immersive Technologies.

    Inspiring story - Hairstylist turned cybersecurity professional XR Safety Initiative - threat categories in virtual reality, different types of virtual reality, establishing what is VR/XR and then provide guidance and frameworks for technologies. 2020 is the goal, non-profit. No one advocating for security here. WAFs - Dispell the myths Containers / DevSecOps - automation to enable the sec and ops and dev teams Facebook - advising during the election

    Segment Resources:



    Tech Segment: Chris Painter, Global Commission on the Stability of Cyberspace - 6:45PM-7:30PM

    Chris Painter is a globally recognized leader and expert on cyber policy, Cyber Diplomacy and combating cybercrime. He has been on the vanguard of US and international cyber issues for over twenty-five years—first as a leading federal prosecutor of some of the most high-profile cybercrime cases in the country, then as a senior official at the Department of Justice, the FBI, the Senior Director for Cyber Policy at the White House National Security Council and finally as the world’s first top cyber diplomat at the State Department. In his State Department role, Mr. Painter helped create a whole new area of foreign policy focus and there are now cyber diplomats in over thirty countries. He has helped drive, initiated or been involved in virtually every major US cyber policy for over a decade and has created innovative new organizations and approaches to deal with threats and take advantage of opportunities in cyberspace. He was awarded the Order of the Rising Sun in 2018 by the Government of Japan for promoting Japan-US Cyber collaboration, awarded the RSA Conference Award for Public Policy, and was named the Bartels World Affairs Fellow for 2017-18 by Cornell University. Among other things, he currently serves as a William J. Perry fellow at Stanford’s Center for International Security and Cooperation, Commissioner on the Global Commission for the Stability of Cyberspace, Chair of the Global Forum for Cyber Expertise Working Group on Strategy and Policy, a member of the Board of Directors for the Center for Internet Security and an Associate Fellow at Chatham House.


    1. How did you get your start in cybersecurity and cybersecurity policies and law?
    2. What are the major obstacles today trying to find and prosecute international cybercriminals?
    3. How do the laws differ in other countries for things such as hacking back? For example, Japan has taken a stance recently on identifying vulnerabilities in consumer IoT devices over the Internet.
    4. How do we deal with the obvious issue of nation-states wanting to cover up hacking activities because they originate from within the Government of the country?
    5. What can we do curb IP theft by other countries such as China?
    6. With IoT, how can global regulations be enforced to require manufacturers to produce more secure devices?
    7. What are the impacts of sanctions against other countries in an effort to curb nation-state hacking?

    Security News - 7:30-8:30PM

    Paul's Stories

    1. InfoSec Handlers Diary Blog - Here is a sample that I spotted two days ago. It’s an interesting one because it’s a malware that implements ransomware features developed in Node.js[1]! The stage one is not obfuscated and I suspect the script to be a prototype or a test…
    2. Hacking Git Directories - First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
    3. Critical Citrix Bug Puts 80,000 Corporate LANs at Risk - No details yey, but: Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
    4. The Coolest Hacks of 2019 - My favorite from this list: Researcher Matthew Wixey calls them acoustic cyber weapons: the PWC UK researcher wrote custom malicious code that forces Bluetooth and Wi-Fi-connected embedded speakers to emit painfully high-volume sound or even high intensity and inaudible frequency sounds that can possibly produce destructive sound levels to the speakers - and to the ear.
    5. 2020 Cybersecurity Trends to Watch - I hate slide shows in posts. This article is not all that useful. What are we watching? What is a trend?
    6. 7 Tips for Maximizing Your SOC - Perhaps the best advice: Analysts and managers make a hard job harder when they conceal operational failures, fail to disclose known vulnerabilities or create a dishonest organizational culture. Instead, make your SOC a place where employees can be honest about what they find without worrying about getting fired. And incorporating automation and security analysis software into places in your SOC where human failures commonly occur can greatly improve its overall operational efficiency and effectiveness.
    7. The Most Dangerous People on the Internet This Decade - This is mostly a political post. I worry about dangerous people on the Internet who are smart enough not to be on anyone's list.
    8. Ethics and Encryption
    9. Mysterious Drones are Flying over Colorado - Schneier on Security - “There are many theories about what is going on, but at this point, that’s all they are,” he said. “I think we are all feeling a little bit vulnerable due to the intrusion of our privacy that we enjoy in our rural community, but I don’t have a solution.”
    10. Critical Vulnerabilities Impact Ruckus Wi-Fi Routers | SecurityWeek.Com - They comprise three different remote code execution (RCE) exploit possibilities built from information and credentials leakage, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. The researchers examined the firmware of 33 different Ruckus access points and found them all to be vulnerable. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, "I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication," he continued, "I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices."
    11. Cisco DCNM Users Warned of Serious Vulnerabilities | SecurityWeek.Com

    Larry's Stories

    Lee's Stories

    1. Poloniex Crypto Exchange Confirms Data Leak After Awkward Email Poloniex forces password reset on all customers after list of usernames/passwords posted on Twitter. MFA, offline, client side encrypted and multi-signature wallets strongly encouraged.
    2. North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Company Alleges Microsoft files suit against two individuals associated with North Korean "Thallium" hacking group. Phishing emails designed to drop "BabyShark" and "KimJongRAT" to obtain user credentials. Historically targeting involved nuclear security related issues.
    3. US Coast Guard Discloses Ryuk Ransomware Infection at Maritime Facility Malware shutdown operations for 30 hours, even impacting control systems that control cargo transfer encrypting critical files. Coast Guard published bulletin on preventing Ryuk ransomware attacks.
    4. Wyze Leaks Personal Data for 2.4 Million Security Camera Users Non-secured database uncovered with 2.4 million Wyze customer's PII and PHI data including addresses, WiFi SSID, and "body metrics." Enable 2FA and password changes for Wyze accounts encouraged.
    5. University Hit by Ransomware, Almost All Windows Systems Compromised Maastrich Univerisity hit by Ransomware 12/23, forcing them to take all systems offline. Systems being rebuilt, security enhanced, it's not clear which ransomware hit, nor if files were exflitrated. New TTPs for Ransomware include disclosure of victims sensitive files.
    6. DHS wants more input on how to share vulnerabilities DHS has extended the comment time on their draft vulnerability disclosure program to 1/10/20. Mandating a bug-bounty program can have interesting impacts and side-effects.
    7. Researcher Releases Data on 100,000 Phishing Attempts to Teach You How to Not Get Hacked Claudio Guarnieri, who works at Amnesty International, published the dataset to help other researchers track hackers, and to help cybersecurity educators use them as real-world examples.
    8. SEC charges IT administrator over $7 million insider trading ring Palo Alto Networks IT Administrator Janardhan Nellore and four friends engaged in insider trading after leveraging their IT administrator credentials and contacts to access financial data and make trades. While all face SEC fraud charges, one team member also faces federal criminal charges.
    9. U.S. Navy bans TikTok from government-issued mobile devices United States Navy banned the social media app TikTok from government-issued mobile devices, saying the popular short video app represented a “cybersecurity threat.” and theKorea Communications Commission (KCC) announced it was investigating the Chinese-developed TikTok video app after finding that the app was sending users' personally identifiable information (PII) to the Chinese government.
    10. TRACED Act signed into law, putting robocallers on notice Has good requirements, such as adoption of the STIR/SHAKEN framework, but may not truly cut down on calls.
    11. Sherwood AR telemarketing company shuts down, at least temporarily, blames cyber attack ransom CEO has let go 300 employees, days before Christmas, after the company failed to recover from a ransomware infection a few months back. While they paid the ransom, the company was not able to get back on it's feet. Hopes to resume business 1/2/20.


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+