PSW #616
Tony Punturiero is the Community Manager at Offensive Security. Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.
Full Show Notes: https://wiki.securityweekly.com/Episode616
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Blue Team To Red Team, Offensive Security
Hosts
 Jeff Man – Sr. InfoSec Consultant |
 Larry Pesce – Senior Managing Consultant and Director of Research |
 Lee Neely – Senior Cyber Analyst |
 Paul Asadorian – CTO |
Guests
 Tony Punturiero – None – Tony Punturiero is the Community Manager at Offensive Security |
Announcements
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for our upcoming webcasts with (ISC)2 by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you’re interested in, we’ve created our new listener interest list! Sign up for list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!
The Huawei shenanigans get deeper and more broad. – This is why I have issues with supply chain, CapitalOne hacker may have stolen from 30 more companies, New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records, Malware lingers in SMBs for an average of 800 days before discovery, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode616
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Security News: August 15, 2019
Paul’s Stories
- Researchers find security flaws in 40 kernel drivers from 20 vendors | ZDNet
- What a security researcher learned from monitoring traffic at Defcon
- Gamers Beware: Zero-Day in Steam Client Affects All Windows Users
- We checked and yup, it’s no longer 2001. And yet you can pwn a Windows box via Notepad.exe
- Hack in the box: Hacking into companies with warshipping
- New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
- A compendium of container escapes – Help Net Security
- NULL license plate gets security researcher $12K in tickets
- Serious flaws in six printer brands discovered, fixed
- Should You Upgrade to Wi-Fi 6?
- Intel Patches High-Severity Flaws in Tools, NUC Firmware | SecurityWeek.Com
- The Flaw in Vulnerability Management: It’s Time to Get Real
- New Research Finds More Struts Vulnerabilities
Larry’s Stories
- the Huawei shenanigans get deeper and more broad. – This is why I have issues with supply chain.
- CapitalOne hacker may have stolen from 30 more companies
- DEFCON 27 badge hacking for beginners
- Anti-surveilance techniques make you look like a….car. – Related, I really need to set up the open source license plate recognition software in front of my house…
- New, CRITICAL, workable RDP attack
- Why choosing and making a list of good VPN services is hard. – I also like the DIY option of Streisand, which I’d never heard of before.
Jeff’s Stories
- Black Hat USA 2019 Closes Out Another Record-Breaking Event in Las Vegas So that happened.
- New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records
- 28M Records Exposed in Biometric Security Data Breach
- Accused Capital One Hacker May Have Breached Over 30 Other Organizations
- Bad news: Your $125 Equifax data breach payout is pretty damn unlikely If everyone files a claim the individual payout is less than 25 cents.
Lee’s Stories
- Malware lingers in SMBs for an average of 800 days before discovery SMBs are often understaffed, or lack staff and infrastructure to detect and respond to Malware.
- Update to iOS 12.4 to Block New Vulnerabilities 13% of five year old or less iOS devices are not even running iOS 12.
- AirDrop and Password sharing can reveal passwords Bug in AirDrop can be used to reveal device information including a cryptographic hash that can be decoded to the device phone number.
- CafePress changes password policy after 23m pwned accounts CafePress was storing passwords insecurely, having users change their passwords fixes that. They aren’t really acknowledging the breach.
- Equifax Settlement Phishing Surprise, there are phishing emails for the Equifax settlement. Use the FTC Site or go directly to Equifax Settlement site.
- New flaws in Qualcomm Chips expose Android Devices to Hacking Critical vulnerabilities dubbed “QualPwn” could allow devices to be exploited via WLAN firmware weakness. Devices with Qualcomm Snapdragon 835 and 435 chips vulnerable.
Hosts
 Jeff Man – Sr. InfoSec Consultant |
 Larry Pesce – Senior Managing Consultant and Director of Research |
 Lee Neely – Senior Cyber Analyst |
 Paul Asadorian – CTO |
Guests
Announcements
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for our upcoming webcasts with (ISC)2 by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you’re interested in, we’ve created our new listener interest list! Sign up for list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!
In this segment, we interview O’Shea Bowens from Null Hat Security and Tyler Robinson from Nisos, Inc., from the Blue Team Village. Then we interview Aaran Leyland in the Social Engineering Village.
Full Show Notes: https://wiki.securityweekly.com/Episode616
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Hosts
 Matt Alderman – CEO |
Announcements
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for our upcoming webcasts with (ISC)2 by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you’re interested in, we’ve created our new listener interest list! Sign up for list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man’s talk as well!