Psw675

From Security Weekly Wiki
Revision as of 19:45, 19 November 2020 by Ppworks (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Paul's Security Weekly Episode #675 - November 19, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Mimecast Web Security - 06:00 PM-06:45 PM

Visit https://securityweekly.com/mimecast for more information!


Announcements

  • In our upcoming webcasts & technical trainings, you will learn how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

Segment Description Coming Soon! This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!



Guest(s)

Jamie Fernandes

Jamie Fernandes is the Sr. Director, Product Management at Mimecast, where he leads Product Management for Security, including the Web and Cloud Security product lines. Jamie has spent 20 years in SaaS Product Development & Product Management, serving all segments from SMB to Large Enterprise, B2B andB2C, in Enterprise HCM, Enterprise Product Portfolio Management, and Cybersecurity. He’s had a significant amount of experience bringing new products and services to market during that time, creating new businesses and revenue streams for companies. Jamie holds a B.A from Brandeis University in American Studies & History and is listed as an inventor on two patents: Providing program and policy information to managers - Patent Issued Mar 30, 2004; US 2005/0228799 A1 Management and Delivery of Product Information - Patent Issued Jan9, 2001; US 9/757,376

Karsten Chearis

Karsten Chearis is a Product Manager, Web Threats and Shadow IT for Mimecast, a leading email security and cyber resilience company. Karsten works with Mimecast's Global GTM (Go To Market) teams to achieve total product success, including enablement, deal support, and scaling the Web Threats and Shadow IT business. He also works with the Product and Engineering teams to help innovate and achieve new levels of success with their emerging offerings.

Previously, Karsten worked as a Senior Sales Engineer, supporting Mimecast’s Enterprise sales efforts. Prior to working at Mimecast, Karsten worked for various organizations in IT Operations and IT Operations Leadership, including O365 administration, systems administration, patch management, Enterprise Mobility Management, messaging security, and systems standardization.


Hosts

2. Michael Roytman, Kenna Security - 07:00 PM-07:45 PM

Visit https://securityweekly.com/kennasecurity for more information!


Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Description

Segment Description Coming Soon! This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!



Presenter(s)

Michael Roytman

Michael Roytman is a recognized expert in cybersecurity data science. At Kenna Security, Michael is responsible for building the company's core analytics functionality focusing on security metrics, risk measurement, and vulnerability measurement. Named one of Forbes' 30 Under 30, Michael's strong entrepreneurship skills include founding organizations such as Dharma Platform, a cloud-based data management platform, and TruckSpotting, a mobile app for tracking food trucks. He also serves on the board of Cryptomove, a moving target data protection startup. In addition, Michael chairs the Board of Dharma Platform, is a board member and the program director at the Society of Information Risk Analysts (SIRA), and is a co-author of the Exploit Prediction Scoring System (EPSS). Michael is a frequent speaker at security industry events, including Black Hat, BSides, Metricon, RSA, SIRACon, SOURCE, and more. Michael holds a Master of Science in Operations Research degree from Georgia Institute of Technology.


Hosts

3. Security News - 08:00 PM-09:30 PM

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Description

Segment Description Coming Soon!


Hosts

Doug White's Content:

Articles

Jeff Man's Content:

Articles

Joff Thyer's Content:

Articles

  1. Enterprise Attacker Emulation and C2 Implant Development Training Class!!!

Lee Neely's Content:

Articles

  1. Ransomware attack takes web hosting provider Managed.com servers offline Managed.com, one of the world's largest web hosting providers, has disclosed it was forced to shut down its entire web hosting infrastructure after being hit by a ransomware attack on Nov. 16 that also reportedly took down "a small number" of customer websites.
  2. Hacking group exploits ZeroLogon in automotive, industrial attack wave The possibly Chinese government state-sponsored "Cicada" (APT10, Stone Panda, Cloud Hopper) advanced persistent threat (APT) group has been spotted leveraging the "Zerologon" vulnerability (CVE-2020-1472) in a worldwide attack campaign targeting businesses connected to Japan in order to access and exfiltrate sensitive information.
  3. Microsoft fixes Windows Kerberos authentication issues in OOB update Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers CVE-2020-17409. Low risk, high complexity and high priv level needed to exploit.
  4. Australian government warns of possible ransomware attacks on health sector The Australian government has issued a security alert today urging local health sector organizations to check their cyber-security defenses, attacks targeting the health care sector with the "SDBBot" remote access Trojan (RAT), which is a known precursor to "Clop" ransomware infections.
  5. Vertafore data breach exposed data of 27.7 million Texas drivers Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that after an employee inadvertently stored three files containing the PII on an unsecured external storage service that was ultimately accessed by an unknown third party.
  6. More than 200 systems infected by new Chinese APT 'FunnyDream' A new Chinese state-sponsored hacking group "FunnyDream" has infected more than 200 systems across Southeast Asia. Activity leverages RIGHTSIDE and ENDRANT malware, among others.
  7. Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak Misconfigured Amazon S3 bucket belonging to Canoga Park, Calif.-based used electronics reseller TronicsXchange exposed on the Internet containing more than 2.6 million files that included victims' personally identifiable information (PII) and biometric images.
  8. Millions of Bumble users put at risk after online dating hack

Paul Asadoorian's Content:

Articles

Tyler Robinson's Content:

Articles