IOT, Forensics

PSW #622

October 4, 2019

 

 

It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly. This show is hosted by: Jeff Man, Josh Marpet, and Scott Lyons

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security & Compliance Introduction

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
  • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!

 

 

This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals love, Doordash third-party breach hits 4.9 Million users, and how a “Bulletproof” Dark Web data center was seized by German police!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security News: October 3, 2019

Paul’s Stories

  1. American Express Insider Breaches Cardholder Information
  2. Turkey fines Facebook $282,000 over privacy breach
  3. FBI: Don’t pay ransomware demands, stop encouraging cybercriminals
  4. WhatsApp Flaw Opens Android Devices to Remote Code Execution Attacks
  5. Measuring the Security of IoT Devices – Schneier on Security
  6. Good cybersecurity comes from focusing on the right things, but what are they? – Help Net Security
  7. Skylight Cyber | All Your Cloud Are Belong To Us (CVE-2019-12491)
  8. MITRE ATT&CK: Clipboard data
  9. 10 Cybersecurity Myths That Criminals Love
  10. Top 5 New Open Source Security Vulnerabilities in September 2019
  11. The Secret to CISO Success? Do This One Thing Extremely Well – Accellion

Larry’s Stories

  1. A malware strain dubbed Masad Stealer is using the Telegram messaging app to steal cryptocurrency by accessing browser passwords and clipboard information, security researchers learned.
  2. Security researchers detected a previously undocumented botnet named Gucci, which is capable of launching multiple types of distributed denial-of-service (DDoS) attacks against targeted organizations.
  3. A former Yahoo software engineer has pleaded guilty to hacking 6,000 user accounts in a hunt for sexual images. Following an FBI investigation, Reyes Daniel Ruiz, 34, also admitted to hacking the iCloud, Facebook, Dropbox and Gmail accounts of his victims, primarily young female colleagues and friends.
  4. Web-conferencing users who don’t assign passwords could be having online meetings with more people than they think, according to new research.

Lee’s Stories

  1. Unfixable Jailbreak Exploit released iPhone X and prior vulnerable to exploit, physical access required. Fixed in iPhone 11.
  2. Doordash third-party breach hits 4.9M users Third party security is critical.
  3. “Bulletproof” Dark Web data center seized by German Police While the takedown is significant, services will likely move to alternate hosting sites.
  4. Ex-Yahoo Engineer Hacked accounts seeking Porn Ex-Yahoo Engineer cracked passwords, seeking credentials to access other services, porn, gaming, iTunes, etc.
  5. Microsoft blocks 38 more attachment types in Email These can be enabled by Exchange Admin. Include Python, PowerShell, Java and Certificate file typical extensions.
  6. O.MG Lightning Cable hits Prime Time The O.MG cable is hitting the shelves at Hak5 for $49.

Hosts

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
  • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!

Stewart Room is a Partner of PwC. Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimization and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Data Privacy and The Journey to Code

Segment Resources: https://www.linkedin.com/feed/update/urn:li:activity:6550420449854058497

Hosts

Lee Neely

Lee Neely – Senior Cyber Analyst

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Stewart Room

Stewart Room – Partner

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
  • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!
prestitial ad