Not Very Moist – PSW #671
This week, we welcome back Corey Thuen from Gravwell, to talk about Sysmon Endpoint Monitoring complete with Clipboard Voyeurism! Next up, Scott Scheferman, the Principal Cyber Strategist at Eclypsium, joins us to talk about how Hackers Are Hitting Below The Belt! In the Security News, testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, and 8 new hot, steamy, moist cybersecurity certifications!
Visit https://securityweekly.com/gravwell to learn more about them! Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism – Corey Thuen – PSW #671
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit.
This segment is sponsored by Gravwell.
Visit https://securityweekly.com/gravwell to learn more about them!
Sponsored By
Announcements
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Guest
Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.
Hosts
2. Hackers Hitting Below The Belt – Scott Scheferman – PSW #671
In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices.
This segment is sponsored by Eclypsium.
Visit https://securityweekly.com/eclypsium to learn more about them!
Sponsored By
Announcements
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Guest
Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.
Hosts
3. Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw – PSW #671
In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Donald Trump says “nobody gets hacked”Yes, it bugged me.
- 1. Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135
- 2. Dickey’s Barbecue Pit Investigating Possible Breach Affecting 3M Payment Cards
- 3. New Emotet campaign uses a new ‘Windows Update’ attachment
- 4. Albion Online game maker discloses data breach
- 5. Discord desktop app vulnerability chain triggered remote code execution attacks
- 6. US charges six Russian intelligence officers with hacking Ukraine, 2018 Olympics, and Skripal investigation
- 7. VoIP Firm Broadvoice Leaks 350 Million Customer RecordsAn unsecure, Elasticsearch database cluster belonging to Los Angeles, Calif.-based voice over internet protocol (VOIP) provider Broadvoice was found exposed online on Oct. 1 containing more than 275 million Broadvoice XBP customers' full names, identification numbers, phone numbers, and states and cities of residence.
