Active Directory, Cloud Security, Attack surface mgmt, Bug bounties, Blue Team

SWN #10

February 10, 2020

 

 

Welcome to the Security Weekly News Wrap up for the Week of 2 – February – 2020. Ashley Madison, BADASSARMY, Security Through Obscurity in Iowa, all the show notes, and more on this episode of Security Weekly News Wrap Up.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Ashley Madison Sextortion, Iowa, 3D Brains

Threat of the Week: Security Through Obscurity
https://www.instapaper.com/read/1275238041“> Breach of the Week: Ashley Madison Sextortion
Read up on: Hacking Back and BADASS (see Paul’s Security Weekly Number 638 for this segment)

  1. Badass Army, helping with online shaming and revenge porn. Check it out.
  2. Sudo bug let’s non privileged Linux and macOS users run commands as root.
  3. I sabotaged My Boss with Ransomware from the Dark Web.
  4. Companies and employees embrace BYOD…
  5. Researchers develop a 3d Brain on a chip device at Lawrence Livermore National Lab.
  6. A bluetooth security flaw could let hackers track devices.
  7. For zero trust to work, machines and humans require identification.
  8. 61% of Businesses surveyed had moved away from a commercial app due to appsec concerns.
  9. and of course the Iowa app debacle.
  10. Iowa app.
  11. Kryptos cipher number 4 still unbroken after 3 decades in front of the CIA HQ.
  12. But the NSA broke the first three a lot faster than anyone else, secret NSA documents show.
  13. Tesla Mobileye autopilots can be duped by projected images.
  14. Maybe Deep Learning can learn to drive a vehicle.
  15. Hue Bulbs can lead to network hacks.
  16. How to hack airgapped machines.
  17. Video of airgapped attack.
  18. Performance artist used 99 phones to fake a google maps traffic jam.
  19. Google Maps hack video by Simon Weckert

Hosts

Doug White

Doug White – Professor

Guests



On this week’s news recap, Microsoft Remote Desktop Web Access Authentication Timing Attack, Multiple TCP/IP stack flaws could leave millions of devices open to attack, Adobe fixes a buffer overflow issue in Reader which is exploited in the wild, and Apple Patches Recent Sudo Vulnerability in macOS. Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Microsoft Patches 3 and Skips 1, Adobe Overflow, & Apple Sudo Fix – Wrap Up

Hosts

Matt Alderman

Matt Alderman –

Executive Director at CyberRisk Alliance

Audio



This week Dr. Doug talks Bad typing, Crippled Video Drivers from NVDIA, TDOS, APT31, Malformed URLs, and more! Also, Jason Wood returns for Expert Commentary! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Crippled Video Drivers, TDoS, APT31, Typing Inference, & “Shadow Attacks”

Hosts

Doug White

Doug White –

Professor at Roger Williams University

Jason Wood

Jason Wood –

Founder; Primary Consultant at Paladin Security

Audio



This week, Dr. Doug talks Flying cars, Net Neutrality, LOTS of supply chain stories, and all this weeks’ shows, on the Security Weekly News Wrap Up! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Supply Chain, Sandstorm Returns, Flying Cars, & Net Neutrality – Wrap Up

Hosts

Doug White

Doug White –

Professor at Roger Williams University

Audio



This week, Dr. Doug talks Flying cars, Net Neutrality, LOTS of supply chain stories, and all this weeks’ shows, on the Security Weekly News Wrap Up! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Supply Chain, Sandstorm Returns, Flying Cars, & Net Neutrality – Wrap Up

Hosts

Doug White

Doug White –

Professor at Roger Williams University

Audio

 

 


 

This week in the Security Weekly News, Gootloader, the darker web, Copyright infringement, a very special guest from the future, and deep fakes, all this Aaran Leyland joins for guest expert commentary! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Gootloader, the darker and lighter web, deep fakes, and Aaran Leyland

Hosts

Aaran Leyland

 

Aaran Leyland –

CEO at Restricted Access, Ltd

Doug White

 

Doug White –

Professor at Roger Williams University

Audio

 

 


 

This week in the Security Weekly News, Gootloader, the darker web, Copyright infringement, a very special guest from the future, and deep fakes, all this Aaran Leyland joins for guest expert commentary! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Gootloader, the darker and lighter web, deep fakes, and Aaran Leyland

Hosts

Aaran Leyland

 

Aaran Leyland –

CEO at Restricted Access, Ltd

Doug White

 

Doug White –

Professor at Roger Williams University

Audio



This week Dr. Doug talks Non-fungible tokens, Exchange, Talon cameras, OSINT, Rockwell, & show wrap ups on the Security Weekly Wrap Up Show! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Non-Fungible Tokens, Talon Cameras, OSINT, & Rockwell – Wrap Up

Hosts

Doug White

Doug White –

Professor at Roger Williams University

Audio



This week Dr. Doug talks More Microsoft attacks and more info on the Exchange server attacks, a new Intel Side Channel attack, Your python may be poisoned, the DoD let down its guard on contractors, & Aaran Leyland returns for guest Expert Commentary! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Microsoft, DoD, Alexa, Intel, Aaran Leyland, & Side Channel Attacks

Hosts

Aaran Leyland

Aaran Leyland –

CEO at Restricted Access, Ltd

Doug White

Doug White –

Professor at Roger Williams University

Audio



This week Dr. Doug talks Studmaster, McAfee, z0Miner, Exchange, Linux, and bad cameras! All this, with his Favorite Threat of the Week, and the show Wrap Ups for the week! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

“Studmaster”, John McAfee, Exchange Escalation, z0Miner, & Bad Cameras

Hosts

Doug White

Doug White – Professor at Roger Williams University

@dougwhitephd

Doug White is a Cybersecurity professor at Roger Williams University, the President of Secure Technology, and a Security Weekly network host.

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Audio



This week: Dr. Doug talks more chrome zero days, Schneider Electric Meters, Exchange redux, Signal, iPhone, Nvidia, and the triumphant return of Jason Wood for Expert Commentary on the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Chrome Zero Days, Schneider Electric Meters, Exchange Redux, & Signal

Hosts

Doug White

Doug White – Professor at Roger Williams University

@dougwhitephd

Doug White is a Cybersecurity professor at Roger Williams University, the President of Secure Technology, and a Security Weekly network host.

Jason Wood

Jason Wood – Founder; Primary Consultant at Paladin Security

@Jason_Wood

Jason Wood is the founder of Paladin Security and the primary consultant. Prior to starting Paladin Security, Jason was a Principal Security Consultant with Secure Ideas. At Secure Ideas, he performed penetration tests for clients in a wide range of industries. These include health care, financial services, SaaS businesses, government agencies and critical infrastructure.

Audio



Dr. Doug talks Tinder, Schneider Electric, Chrome, Ulysses, Mirai, as well as his Favorite Threat of the Week, all the show Wrap Ups from this week, & more! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Tinder, Schneider Electric, Chrome, Ulysses, Mirai, & Zero Days – Wrap Up

Hosts

Doug White

Doug White – Professor at Roger Williams University

@dougwhitephd

Doug White is a Cybersecurity professor at Roger Williams University, the President of Secure Technology, and a Security Weekly network host.

Audio



Sponsored By


sponsor
Visit https://securityweekly.com/gigamon for more information!

This week, Dr.Doug talks GE Universal Relays, NETOP, Microsoft, F5, and has a special Guest Expert Commentary featuring Martyn Crew & Baseer Balazadeh from Gigamon!

This segment is sponsored by Gigamon.

Visit https://securityweekly.com/gigamon to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

F5, DTLS Servers, Black Kingdom Ransomware, GE Devices, & Gigamon

Guests

Baseer Balazadeh

Baseer Balazadeh – Sr. Technical Marketing Engineer at Gigamon

Baseer Balazadeh has worked in IT management and implementation for more than 15 years. His experiences range from hands-on work on application architectures to development with DevOps best practices to network security and application migration into the public cloud IaaS. He has a bachelor’s degree in computer system networking engineering from Westwood College.

Martyn Crew

Martyn Crew – Director, Industry Solutions at Gigamon

Martyn Crew is Director of Industry Solutions at Gigamon. He brings a 30 year background in all aspects of enterprise IT to his role at Gigamon where he focuses on a number of initiatives and products including the company’s Application Visibility and Intelligence solutions.

Hosts

Doug White

Doug White – Professor at Roger Williams University

@dougwhitephd

Doug White is a Cybersecurity professor at Roger Williams University, the President of Secure Technology, and a Security Weekly network host.

Audio

prestitial ad