Active Directory, Cloud Security, Attack surface mgmt, Bug bounties, Blue Team

SWN #2

January 10, 2020

 

 

Welcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week and I am going to try and sum it all up for you so you can just hit the high points for the week. So, stick around, and we’ll cover all the shows and all the top stories of the week.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Wrap Up – January 10, 2020

Show Summaries
  • On Security and Compliance Weekly, Jeff hosted an interview with Ian Amit who is like crazy famous and has done just about everything in the Sec world including found the Tel-Aviv Defcon Chapter. The topic of the interview was Quantifiable Risk Metrics which is about how you can demonstrate the value in a security program which is, of course, one of the most difficult things to sell with any service organization. They really talked about utilizing quantitative metrics, instead of just saying “it’s great” to bring everyone around to the idea of the value of security.
  • On Application Security Weekly, Mike and Matt interviewed Hillel Solow from Checkpoint (which recently acquired his company Protego Labs) about the Evolution of DEVSECOPS and APPSec Trends in 2020. The discussion centered around unique ways organizations are leveraging serverless for their applications and how DEVSECOPS teams are working together to build out these architectures at a rapid pace.
  • On Enterprise Security Weekly, Paul and Matt talked with Britta Glade and Linda Gray Martin about the upcoming RSAC 2020 conferences. Britta is the Director, of Content and Curation for RSA and Linda is the Senior Director and General Manager of the RSA Conference. The topic of the conversation was what to expect at the RSA 2020 conference this year in San Francisco. If you’ve never been to RSA you should check it out. They talked about the high level overview of the conference this year and “The Human Element” which is the overarching theme of the conference this year. Paul and Matt also talked about Docker Container Security — Vulnerable upon Inception. Look, when dockers are instantiated, well, they can have anything at all inside and you may not know if you downloaded the container. I mean, how hard would it be to build scripts inside a docker container and put it up on github? So, this is an important issue.
  • On Business Security Weekly, Matt, Jason and Paul talked about the Best and the Worst of 2019. They talked about Amazon, Apple, and Lululemon as three of the best performing companies of 2019 and Boeing, Facebook, and Pacific Gas and Light as three of the worst. Leadership articles for the show includes CIO and IT leadership trends for 2020, Leadership Books for Jan. 2020, Replace Resolutions with habits and make your life mean something beyond 2020, The right way to form new habits, How to handle speaking in public when you are not a public speaker, and 5 questions you can ask to learn about company culture in a job interview.
  • On Security Weekly News, Jason’s expert commentary focused on Iranian Cyber Threats: Practical Advice for Security Professionals. He basically summarized that you should continue to focus on operational basics. Patching, ensuring that backups are both safely stored and restorable, and that you understand “collateral damage” which can occur when an attack focused on someone else spills over and effects your organization but reminds us that despite a possible increased threat profile from Iran, you have been plugged into the hostile network 24/7 and you really need comprehensive defenses in place regardless of the state of world affairs.
  • On Paul’s Security Weekly, Paul, Larry, Lee, Jeff, and Tyler had an Interview with Dan DeCloss from PlexTrac. Dan is the founder and CEO of the company and the discussion centers around Improving pen testing outcomes with purple teaming. The second segment, last night, was a tech segment with Ambuj Kumar from Fortanix. He is the creator of Runtime Encryption technology. You definitely wanted to see this segment. The topic was: The Keys to your kingdom: protecting Data in Hybrid and Multiple Public clouds and focused on the challenges of protecting data and using encryption for multiple hybrid, public clouds, and how that increases complexity, cost, and security risk. When you move to the cloud, how do you keep crypto keys, shared secrets, and tokens secure and, of course, the Security News.
Links to CVEs from MS-ISAC Iran Warnings Top News from the Shows Mergers and Acquisitions this week
  • Pulse Secure and Secure Wave formed a Partnership
  • Broadcom acquired Bay Dynamics
  • Mimecast acquired Segasec
  • Cloudflare acquired S2 Systems

Hosts

Doug White

Doug White – Professor

Guests

Announcements

  • Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their “How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.

Pornhub has Italians singing from balconies, The Senate renews surviellance rules, Drobo hacks, Google Cloud bug bounties, all the show wrapups, and COVID-19

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

COVID-19, SMBv3.11, & Drobo Exploit – Wrap Up

Hosts

Doug White

Doug White – Professor

Guests

This week, Doug White brings you the latest news for this week, including Zoombombing, Zero Days at Microsoft, AI Takes charge at Facebook, and COVID-19! In the Expert Commentary, we welcome Daniel Hampton, Sr. Technical Account Manager at Signal Sciences, to talk Working Smarter and Not Harder!

To learn more about Signal Sciences or to request a demo, visit: https://securityweekly.com/signalsciences

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Zoombombing, Zero Days, & Signal Sciences

Hosts

Doug White

Doug White – Professor

Guests

Daniel Hampton

Daniel Hampton – Sr. Technical Account Manager

Zoombombing, Russian Hackers, Zuck turns over the controls to the AIs, free cybersecurity products to help out, Chubb hacked, and more.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

DEER.IO, Maze Ransomware, & Unacast – Wrap Up

Hosts

Doug White

Doug White – Professor

Guests

This week, Zoombombers threatened with jail time by FBI, Cybercriminals are trying to cash in on Zoom use, How to protect your Zoom calls, Bad Bots in 2020, CyberHero Comics: Defending your Health, and zoom configurations along with the lack of effective zooming on the zoom camera application!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Zooming, Zoomie, & Zoomfest Zoo

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Guests

This week, Doug White brings you the latest on the Security Weekly Network in the Weekly Wrap Up, discussing Soaring phone calls, analprints, yes, I said that correctly, snake oil, Grace Hopper’s ghost, and COBOL. No one has ever said all those things in a single sentence in the history of the world. All this and more on the Security Weekly News Wrapup.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Grace Hopper, COBOL, & AI Toilets – Wrap Up

Hosts

Doug White

Doug White – Professor

Guests

This week on the Security Weekly News, Checkpoint Global Threat Index moved Dridex to third place, Dutch Telco towers damaged by 5G protestors, CyberCube reports indicate Increased targeting of C-Suite employees, Cybercrime may be the world’s third-largest economy by 2021, and Jason Wood joins for the Expert Commentary on how WooCommerce Falls to Fresh Card-Skimmer Malware!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Zombieware, 5G Conspiracies, & C-Suite Targets

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Guests

This week in the Security Weekly News Wrap Up Show, Doug White covers the hot topics and and stories across all our shows on the Security Weekly Network! How to teach your iPhone to recognize FACE ID while wearing a mask, Energetic bear behind SFO Airport site hacks, Hackers are targeting critical healthcare facilities with ransomware during the pandemic, Cyber insurance providers using “act of war” exclusion in reference to “cyberwar” in notPetya Claims, and more!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Masking Face ID, Hospital Hacks, & Attacking 5G – Wrap Up

Hosts

Doug White

Doug White – Professor

Guests

This week on the Security Weekly News, COVID-19 affects web traffic and attack trends, Hackers continue to exploit patched Pulse Secure VPN Flaws, Starbleed: Flaw in FPGA chips exposes safety-critical devices to attacks, COVID-19’s impact on Tor, and more! Jason Wood delivers the Expert Commentary on how Attackers Are Not Letting This Crisis Go To Waste!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Starbleed, Hacking Dropbox, & FGPA Chip Flaws

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Guests

This week on the Security Weekly News Wrap Up, Cyber Justice League volunteers working with healthcare in the COVID-19 plague, Android 8.0-9.0 Bluetooth zero click RCE – Bluefrag, IBM refuses to patch 4 zero days and so, they are released on github, Audits Don’t solve security problems, and Hack a satellite with the US Air Force CTF!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

0 Day Extravaganza, Zoom Can’t Win, & Starbleed – Wrap Up

Hosts

Doug White

Doug White – Professor

Guests

This week on the Security Weekly News, Shade Ransomware End of Life, Microsoft vulnerability in Teams can allow hijacking of accounts, Two spaces after a period now decreed a “typo”, Israel reports attacks on SCADA Water Systems, Microbes have memory and the use of biofilm to create a biological computing environment, and more! In the Expert Commentary, Jason Wood discusses how Agent Tesla was delivered by the same phishing campaign for over a year!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Shade Ransomware, FBI Warnings, & SCADA Attacks

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Guests

prestitial ad