Physical security, Cybercrime, Leadership, Careers, Malware, Vulnerability management

PSW #741 – Robert Lee & Saumil Shah

This week, we kick off the show with an interview featuring Robert Lee, where we discuss The Year in Cyber Review 2021! In the second segment, we interview Saumil Shah, where we talk about Firmware Security! Then, in the Security News: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Year in Cyber Review 2021 – Robert Lee – PSW #741

The past year has been filled with incredible changes in the cyber security landscape from ICS, Mobile, Cloud, and increased threats from Ransomware. This discussion will focus on crucial and quick discussions surrounding the cyber landscape that has changed quickly and forced organizations to consider revamping many of their policies and preparations. Join us for a humorous, and insightful journey back over the past year filled with examples for practitioners, organizations, and those just starting in cyber security.

Guest

Robert Lee
Robert Lee
CEO & Co-Founder at Dragos

Robert M. Lee is the CEO and co-founder of the ICS cybersecurity technology and services firm Dragos. He gained his start in the U.S. Air Force as a Cyber Warfare Operations Officer where he spent most of his career at the National Security Agency where he built and led a first-of-its-kind mission hunting and analyzing state actors targeting ICS. He is also a Senior Instructor at the SANS Institute where he authored the Forensics 578 course on Cyber Threat Intelligence and the ICS 515 course on ICS network monitoring and incident response. He may be found on Twitter @RobertMLee

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Aaran Leyland
Aaran Leyland
CEO at Restricted Access, Ltd
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Firmware Security – Saumil Shah – PSW #741

In this segment Saumil Shah joins us for a discussion on Firmware Security, complete with a fascinating first-hand demonstration!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Saumil Shah
Saumil Shah
Organizer at Ringzer0 Training

Saumil is an internationally recognized speaker And instructor, having regularly presented At conferences Like Blackhat, Rsa, Cansecwest, Pacsec, Eusecwest, Hack.lu, Hack-in-the-box And Others. He has Authored Two Books Titled “Web Hacking: Attacks And Defense” And “the Anti-virus Book”.

Saumil Graduated With An M.s. In Computer Science from Purdue University, Usa And A B.e. In Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Windows GPU Display Vulns, NFT Discord Hack, Costa Rica Vs. Hackers, & Initial Access – PSW #741

In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. Singapore launches safety rating scheme for e-commerce sites - Assessing e-commerce marketplaces based on their anti-scam measures, the scheme gives Facebook Marketplace the lowest rating while Lazada and Amazon are amongst those that received the highest.
  2. 2. Hackers are exploiting critical bug in Zyxel firewalls and VPNs - Hackers are now actively exploiting a recently patched, critical vulnerability (CVE-2022-30525) affecting Zyxel firewall and VPN devices used by businesses that could be exploited by remote, unauthenticated attackers to inject arbitrary commands that enable the creation of a reverse shell
  3. 3. Malware is targeting crypto wallets, says Microsoft: Here’s how to protect yourself better - Everyone's heard of ransomware, and many people have heard of 'cryptojackers', banking trojans, and 'info stealers'. Now, Microsoft is introducing 'cryware' into the cybersecurity lexicon, predicting more people will start using so-called 'hot wallets' as they boost cryptocurrency holdings – and that crooks will try to grab them.
  4. 4. 5 critical questions to test your ransomware preparedness – Help Net Security - Five questions to ask yourself regarding your ransomware preparedness.
  5. 5. Wizard Spider hackers hire cold callers to scare ransomware victims into paying up - They will cold call victims and attempt to coerce/scare them into paying the ransom demand.
  6. 6. BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones – Help Net Security - A Bluetooth Low Energy (BLE) vulnerability discovered by NCC Group researchers may be used by attackers to unlock cars with automotive keyless entry, residential smart locks, building access systems, mobile phones, laptops, and many other devices.
  7. 7. US warns over the risk of hiring North Korea IT workers - North Korean information technology (IT) workers are hiding their true identities in order to land jobs and ultimately steal funds to finance the North Korean Government's weapons program.
  8. 8. Russians allegedly storm Ukrainian ISP, blackmail it to switch to Russian networks - Ukraine's State Service of Special Communications and Information Protection (SSSCIP) revealed that Russian forces successfully invaded an internet company operating out of Kherson, disconnected all equipment, and threatened to confiscate the equipment if the company refused to connect to Russian networks.
  9. 9. EMERGENCY DIRECTIVE 22-03 MITIGATE VMWARE VULNERABILITIES - Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element
prestitial ad