Difference between revisions of "Psw661"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
Line 54: Line 54:
 
</gallery>
 
</gallery>
  
= 2. TBD - 07:30 PM  =
+
= 2. TBD - 07:30 PM-08:00 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
Line 67: Line 67:
 
==Hosts==
 
==Hosts==
  
<gallery mode="nolines" widths=175px heights=175px>
 
  
Image:Paul_Asadoorian-0.png|<center>[https://twitter.com/@securityweekly Paul Asadoorian] - Founder & CTO at Security Weekly</center>
+
==[https://twitter.com/@MrJeffMan Jeff Man]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Jeff_Man_2-0.jpg
 +
</gallery>
 +
{{Template:PSW661NewsJeffMan}}
 +
 
 +
==[https://twitter.com/@joff_thyer Joff Thyer]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Joff_Thyer-0.jpg
 +
</gallery>
 +
{{Template:PSW661NewsJoffThyer}}
 +
 
 +
==[https://twitter.com/@haxorthematrix Larry Pesce]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:larry_headshot-0.jpg
 +
</gallery>
 +
{{Template:PSW661NewsLarryPesce}}
 +
 
 +
==[https://twitter.com/@lelandneely Lee Neely]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Lee_Neely-0.jpg
 +
</gallery>
 +
{{Template:PSW661NewsLeeNeely}}
 +
 
 +
==[https://twitter.com/@maldermania Matt Alderman]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:MattAlderman-0.png
 +
</gallery>
 +
{{Template:PSW661NewsMattAlderman}}
 +
 
 +
==[https://twitter.com/@securityweekly Paul Asadoorian]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Paul_Asadoorian-0.png
 +
</gallery>
 +
{{Template:PSW661NewsPaulAsadoorian}}
  
 +
==[https://twitter.com/@tyler_robinson Tyler Robinson]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Tyler_Robinson-0.png
 
</gallery>
 
</gallery>
 +
{{Template:PSW661NewsTylerRobinson}}
 +
  
 
= 3. Automating your Vulnerability Management Program - 08:00 PM  =
 
= 3. Automating your Vulnerability Management Program - 08:00 PM  =

Revision as of 00:51, 31 July 2020

Paul's Security Weekly Episode #661 - August 06, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Observing Disinformation Campaigns - 07:00 PM-07:30 PM

Description

Guest(s)

Chad Anderson

Chad has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.


Hosts

2. TBD - 07:30 PM-08:00 PM

Description

Hosts

Jeff Man's Content:

Articles

  1. VPN security alert: 900 servers hit by huge data breach
  2. Blackbaud data breach: What you should know
  3. Capital One fined $80 million for data breach involving 100 million Americans
  4. Intel hacked, first wave of stolen chip data released in 20GB dump
  5. For DevOps, Application Programming Integration (API) Is A Major Security Vulnerability

Joff Thyer's Content:

Articles

Larry Pesce's Content:

Articles

  1. Blocking telemetry in Windows hosts filled now flagged by Windows Defender
  2. It appears Garmin paid the ransom
  3. Bitsight’s data on remote worker attack surface - From yesterday’s Summer camp preso, but amazing data too good not to share again]
  4. Arrested Coalfire Pentesters tell their tale
  5. Insecure satellite data interception

Lee Neely's Content:

Articles

  1. Iranian Hacker Group Becomes First Known APT to Weaponize DNS-over-HTTPS (DoH) "Oilrig" (APT34) group is the first to leverage DNS-over-HTTPS (DoH) to silently exfiltrate sensitive data from targeted networks. Using a new utility dubbed "DNSExfiltrator" and began using it as part of its intrusions into hacked networks.
  2. NSA Warns that Mobile Device Location Services Constantly Compromise Spies and Soldiers NSA has issued a new guide titled "Limiting Location Data Exposure" that provides advice for properly securing fitness trackers, smartphones, and tables that "store and share device geolocation data by design" and create a security risk for those working in defense and national security.
  3. Flaw in Popular NodeJS 'express-fileupload' Module Allows DoS Attacks and Code Injection
  4. Vermont Taxpayers Warned of Data Leak Over the Past Three Years Vermont Department of Taxes is warning taxpayers who filed property tax returns via its online filing site between Feb. 1, 2017, and July 2, 2020, that their personal information may have been leaked due to vulnerability in the system.
  5. EU Sanctions China, Russia, and North Korea for Past Hacks EU imposed first-of-their kind economic sanctions consisting of a travel ban and an asset freeze against China, North Korea, and Russia for conducting past cyber attacks that targeted EU business and citizens. Also a prohibition on EU citizens doing business with the three businesses and six individuals on the sanction list.
  6. Smart locks can be opened with nothing more than a MAC address In the case of the U-Tec $139.99 UltraLoq, marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Tripwire researchers have disclosed a misconfiguration error and other security issues that leaked data and allowed attackers to steal unlock tokens with nothing more than a MAC address.

Matt Alderman's Content:

Articles

  1. 29 Years Ago Today, The First Web Page Went Live
  2. 2019 Breach Leads to $80 Million Fine for Capital One
  3. Twitter hack teen's court date 'Zoombombed' with porn
  4. Researchers warn of an Achilles' heel security flaw for Android phones

Paul Asadoorian's Content:

Articles

  1. Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows
  2. How hackers could spy on satellite internet traffic with just $300 of home TV equipment
  3. Smart locks opened with nothing more than a MAC address
  4. Starting a Career in Information Security | Offensive Security
  5. 17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested - Graham Clark has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromised accounts.
  6. Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
  7. Trump says he will ban popular Chinese video app TikTok in the US
  8. Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection - Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function".
  9. Hackers can abuse Microsoft Teams updater to deliver malicious payloads
  10. Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
  11. Botnet abuses Docker servers & crypto blockchain to deliver Doki backdoor - The botnet attackers exploit their victims by scanning for misconfigured, openly accessible Docker API ports, and then establish their own malware-serving containers on the host. The malicious containers are based on abused images that are available through Docker hub.
  12. Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw - For instance, one such Modem Router that won’t receive an update, the AC1450 series, is as old as 2009. Other router models, while newer, have reached EOL: The R6200 and R6200v2 wireless routers reached EOL in 2013 and 2016, respectively; while the Nighthawk R7300DST wireless router reached EOL in the first half of 2017, said Henry.
  13. Twitter hack teen's court date 'Zoombombed' with porn
  14. Exploiting Google Cloud Platform With Ease

Tyler Robinson's Content:

Articles

3. Automating your Vulnerability Management Program - 08:00 PM

Description

Guest(s)

Mehul Revankar

Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable.

Sumedh Thakar

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.


Hosts