Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Paul's Security WeeklySubscribe
Remote access, IOT, Hardware security, Patch management, Endpoint Security, Endpoint Security

PSW #671

October 23, 2020
Section 0

Sponsored By

sponsor
Visit https://securityweekly.com/gravwell for more information!

Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We’ll discuss what’s in the events and how to easily visualize and search them with Gravwell’s new Sysmon Kit.

This segment is sponsored by Gravwell.

Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism

None

Hosts

Doug White

Doug White – Professor
Jeff Man

Jeff Man – Sr. InfoSec Consultant
Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely

Lee Neely – Senior Cyber Analyst
Paul Asadoorian

Paul Asadoorian – Founder & CTO
Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Corey Thuen

Corey Thuen – Co-Founder

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

http://traffic.libsyn.com/sw-all/PSW_671_-_Corey_Thuen_Gravwell-0_converted.mp3
Section 1

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

In 2020 attackers are increasingly targeting firmware and hardware – going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We’ll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices.

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Hackers Hitting Below The Belt

None

Hosts

Doug White

Doug White – Professor
Jeff Man

Jeff Man – Sr. InfoSec Consultant
Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely

Lee Neely – Senior Cyber Analyst
Paul Asadoorian

Paul Asadoorian – Founder & CTO
Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Scott Scheferman

Scott Scheferman – Principal Cyber Strategist

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

http://traffic.libsyn.com/sw-all/PSW_671_-_Scott_Scheferman_Eclypsium-0_converted.mp3
Section 2

In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a WordPress plugin aimed at protecting WordPress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw

#[https://www.instapaper.com/read/1354318368 Donald Trumps says “nobody gets hacked”

Hosts

Doug White

Doug White – Professor
Jeff Man

Jeff Man – Sr. InfoSec Consultant
Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely

Lee Neely – Senior Cyber Analyst
Paul Asadoorian

Paul Asadoorian – Founder & CTO
Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

http://traffic.libsyn.com/sw-all/PSW_671_-_Security_News-0_converted.mp3

Related

Remote access
Zyxel patches RCE vulnerability in firewalls following report by Rapid7

Steve ZurierMay 13, 2022

Rapid7 researchers found the vulnerability allowing remote code execution by an attacked in a broad range of Zyxel firewalls.

Malware
Novel ‘Nerbian RAT’ uses OS-agnostic Go programming language to spread across platforms 

Steve ZurierMay 11, 2022

Proofpoint researchers say novel malware uses COVID-19 and World Health Organization themes to spread in Italy, Spain and the United Kingdom.

Remote access
Microsoft patches flaw in Azure Data Factory and Azure Synapse Pipelines

Steve ZurierMay 10, 2022

Security researchers advise teams to patch immediately because the flaw lets attackers execute remote commands across Azure integration runtimes.

prestitial ad
About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.