Remote access, Zero trust, Social engineering, Security Research

PSW #683

February 12, 2021



Sponsored By


sponsor
Visit https://securityweekly.com/zscaler for more information!

In this segment we’ll unpack “Zero Trust”, what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an “apt upgrade” (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (cough Solarwinds cough), you have to trust it, but to what degree? Tune in to find out more!

This segment is sponsored by Zscaler.

Visit https://securityweekly.com/zscaler to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

What Does Zero Trust Mean To You?

Guests

Peter Smith

Peter Smith –

VP, Secure Workload Communications at ZScaler

Hosts

Jeff Man

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

Larry Pesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

Lee Neely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

Paul Asadoorian

Paul Asadoorian –

Founder at Security Weekly

Tyler Robinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

Audio



“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He’ll provide an overview of the vulnerability and then dive into a technical discussion of the research. Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Unearthing a 10-Year Old SUDO Vulnerability

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Guests

. Wheel

. Wheel –

Researcher at Qualys

Hosts

Lee Neely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

Paul Asadoorian

Paul Asadoorian –

Founder at Security Weekly

Tyler Robinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

Announcements

Audio



This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new ‘dependency confusion’ attack, Old security vulnerability left in millions of IoT devices, A ‘Simple And Yet Robust’ Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft’s Remote Desktop Web Access Vulnerability, & more! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

CD Projekt Ransomwared, Ciphers, Water Supply Hacked, & Clubhouse Security Risks

Hosts

Jeff Man

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

Larry Pesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

Lee Neely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

Paul Asadoorian

Paul Asadoorian –

Founder at Security Weekly

Tyler Robinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Audio

prestitial ad