Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Paul's Security WeeklySubscribe
IOT, Pen testing, Threat hunting, Endpoint Security, Endpoint Security

PSW #672

October 30, 2020
Section 0

 

 

Sponsored By

 

sponsor
Visit https://securityweekly.com/vicarius for more information!

 

Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characteristics provide the rich contextual clues to complete the picture.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Determining Vulnerability Exploitation With Real Software Activity

Prioritizing Vulnerabilities: A Holistic Approach: https://www.vicarius.io/blog/prioritizing-vulnerabilities

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Roi Cohen

Roi Cohen – Co-Founder & VP Sales

Shani Dodge

Shani Dodge – C++ Developer

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

http://traffic.libsyn.com/sw-all/PSW_672_-_Roi_Cohen_Shani_Dodge_Vicarius-0_converted.mp3
Section 1

Sponsored By

sponsor
Visit https://securityweekly.com/polarity for more information!

Polarity uses computer vision that works like augmented reality for your data. It’s not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We’ll be talking about how analysts are using Polarity to balance thoroughness and speed.

This segment is sponsored by Polarity.

Visit https://securityweekly.com/polarity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

How Computer Vision Balances Thoroughness & Speed

Try the Free Community Edition of Polarity at https://polarity.io/sw

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Paul Battista

Paul Battista – CEO & Founder

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

http://traffic.libsyn.com/sw-all/PSW_672_-_Paul_Battista_Polarity-0_converted.mp3

Section 2

In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irriation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn’t MFA more popular?! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

JavaScript Web Tokens, NVIDIA GeForce Experience Vulns, & Hacking Coffee Pots

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Paul Battista

Paul Battista – CEO & Founder

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our webcast on November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Learn how to thwart attackers using deception in our November 19th technical training! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

http://traffic.libsyn.com/sw-all/PSW_672_-_News-0_converted.mp3

Related

Patch management
7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Joe UchillMarch 8, 2022

PTC sunset Axeda in 2019, but the industrial IoT remote monitoring and management agent is still in use in several systems. Based on Forescout telemetry, it is particularly popular in active use within the medical sector, particularly lab testing and imaging.

IOT
Healthcare sector saw largest increase in IoT malware attacks in 2021

Jessica DavisFebruary 17, 2022

SonicWall Cyber Threat report shows the rate of IoT malware attacks are heaviest against the healthcare sector, spotlighting the continued pressure on critical infrastructure.

IOT
More than 100 tech companies, cyber organizations rally around 5 baseline security standards for IoT devices

Derek B. JohnsonFebruary 17, 2022

The organizations – ranging from private companies like Google, Microsoft and Deloitte to non-profits like Consumer Reports, the Center for Internet Security, and the Cyber Threat Alliance – say there is a “global consensus” forming around core IoT security standards that must be addressed through a mix of government regulation and voluntary private sector action.

prestitial ad

About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.