PSWEpisode645

From Security Weekly Wiki
Revision as of 19:21, 30 March 2020 by Paul Asadoorian (talk | contribs) (Added By Paul's Craptastic PPWorks Code)
Jump to navigationJump to search

Paul's Security Weekly Episode 645 - 2020-04-02

Episode Audio

Paul's Security Weekly Episode 645

Announcements

  • In our next webcast with Synopsys we will cover "Better, Faster, More Secure Code By Combining SAST and SCA" with Utsav Sanghani, their Senior Product Manager. Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • SecureWorld Boston has been rescheduled to July 15-16, 2020 at the Hynes Convention Center in Boston, Massachusetts! You can register for this event by visiting secureworldexpo.com and using the code "SECURITYWEEKLY" to save $100 on a full conference pass! We will keep you in the loop as soon as we know who from Security Weekly will be there!

Interview: A Holistic View of Meeting Compliance Requirements - 6:00-6:45PM

Description:

Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a 'holistic' view (i.e., old school NetOps troubleshooting)

The vendor eco-system feeding on checking boxes.

RSAC's theme this year: 'the human factor.'

Are CFOs driving technical decisions that put SecOps teams underwater?

Investing in Protect vs. Detect vs. Responding tools/resources

Guest: Bio:
Matt Allen is Senior Solutions Engineer at VIAVI Solutions]
Matt Allen is a Senior Solutions Engineer at VIAVI Solutions. Prior to his 8 years at VIAVI, Matt has garnered 20 years of experience in the network engineering and telecommunications space. He holds the following certifications: Amazon Cloud Practictioner, Microsoft Certified Solutions Expert, Cisco Certified Network Associate, Certified Novell Engineer, and most recently Certified Ethical Hacker.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Larry Pesce - Senior Managing Consultant and Director of Research at InGuardians
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc

Interview: Lorrie Cranor - Carnegie Mellon - 6:00-6:45PM

Description:

None

Hosts

Paul Asadoorian - Founder & CTO at Security Weekly

News - Security News - TBD

Description:

None



Paul Asadoorian's Content:

Paul Asadoorian-0.png


Zoom Stories

  1. Two Zoom Zero-Day Flaws Uncovered
  2. Trojanized Zoom Apps Target Remote Workers | SecurityWeek.Com
  3. Zoom Removes Data-Mining LinkedIn Feature
  4. War Dialing Tool Exposes Zooms Password Problems Krebs on Security
  5. Good Apps Behaving Badly: Zoom macOS Installer - VMRay
  6. Zoom iOS App Sends Data to Facebook Even if You Dont Have a Facebook Account
  7. Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
  8. Jitsi Meet on Docker - We are testing this here, but only because we can control the network flows, e.g. we can stand up servers and clients and have them connect directly rather than bouncing through other people's servers. I have not done a security assessment yet. It was not security that drove us to test it out, in fact, I am worried about how tightly maintained WE can keep it, vs. having an entire team like Zoom or Microsoft.

Non-Zoom Stories

  1. Millions of routers running OpenWRT vulnerable to attack
  2. Uncovering OpenWRT remote code execution (CVE-2020-7982)
  3. Marriott Was Hacked -- Again - Schneier on Security
  4. Ex-NSA hacker drops new zero-day doom for Zoom TechCrunch
  5. Nvidia's Next-Generation GPUs Could Destroy Xbox Series X If Leaks Are True | Digital Trends
  6. CVE-2020-0796

Video Chat Client Vulnerability History

  1. Skype Technologies Skype : List of security vulnerabilities
  2. Zoom : Security vulnerabilities
  3. Cisco Webex : List of security vulnerabilities
  4. Skype Skype : List of security vulnerabilities
  5. Microsoft Skype : List of security vulnerabilities