Encryption, IOT, Pen testing, Email security

PSW #623

October 18, 2019

 

 

Peter Kruse is the Founder of CSIS Security Group. “Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more.”

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cybercrime, Threat Hunting, & APT

Hosts

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Peter Kruse

Peter Kruse – Founder of CSIS Security Group & Cybercrime Investigator, Head of CSIS eCrime Unit

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

Cybercrime Tool Prices Bump Up in Dark Web Markets, Pen testers find mystery black box connected to ships engines, Using Machine Learning to Detect IP Hijacking – Schneier on Security, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security News: October 17, 2019

Paul’s Stories

  1. Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
  2. Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
  3. Vulnerability found and fixed in HP bloatware | ZDNet
  4. 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
  5. Cybercrime Tool Prices Bump Up in Dark Web Markets
  6. Pen testers find mystery black box connected to ships engines
  7. Using Machine Learning to Detect IP Hijacking – Schneier on Security
  8. Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
  9. Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
  10. Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
  11. Critical and high-severity flaws addressed in Cisco Aironet APs
  12. ISC Releases Security Advisories for BIND | CISA
  13. Older Amazon Devices Subject to Old Wi-Fi Vulnerability

Larry’s Stories

  1. D-Link routers remote exploit to remain unmatched
  2. FBI Warns of MFA bypass with SIM porting
  3. Android Privesc in the wild.
  4. Father of Unix Ken Thompson’s password finally cracked
  5. USB device security still lacking
  6. Free WiFi tracks your location even when you are not connected
  7. 36 pieces of consequential code

Hosts

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

DeCloss is the President and CEO of PlexTrac. The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.

To learn more about PlexTrac, visit: https://securityweekly.com/plextrac

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

What Makes A Good Pentest Report?

Segment Resources:

Hosts

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Daniel DeCloss

Daniel DeCloss – President / CEO

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
prestitial ad