The Floppy Tangent – PSW #679
Full Audio
View Show IndexSegments
1. Automated Vulnerability Remediation – The Good, the Bad and the Ugly – PSW #679
The way we identify, prioritize, and mitigate software vulnerabilities was built in the reverse order. Why did it happen? Could a new remediation strategy finally form an alliance between IT and security teams?
This segment is sponsored by Vicarius.
Visit https://securityweekly.com/vicarius to learn more about them!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
For 15 years, Clayton has been a technologist and client advocate. He helped launch the first intrusion prevention system for Active Directory. Clayton brings a breadth of acquisition experience focused on market truths and buyer languages.
Hosts
2. What Has Changed (or Not) Since Our Last Visit? – Ming Chow – PSW #679
-What are we seeing from infosec graduates as they come into the enterprise to begin their careers?
-How has data privacy changed since 2014?
-Is the cloud a solution, or creates more problems?
-How does the changing model of application architecture and security testing improve things? (DevOps, "shift left" testing, IAST, etc.)
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Hosts
3. Custom Python Encryption, Shady 0-Days, & The Great iPwn – PSW #679
In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting attacks targeting your smart device, & the rise of Uncaptcha3!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Hosts
- 1. Nissan Source Code Leaked Online After Git Repo Misconfiguration – Slashdot
- 2. Widely Used Software Company May Be Entry Point for Huge U.S. Hacking
- 3. Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again – Check Point Software
- 4. 81,000 UK-owned .eu domains suspended as Brexit transition ends
- 5. Telegram Triangulation Pinpoints Users’ Exact Locations
- 6. DHS Looking Into Cyber Risk from TCL Smart TVs
- 7. Let’s Encrypt comes up with workaround for abandonware Android devices
- 8. The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit – The Citizen Lab
- 1. Ticketmaster fined $10 million for breaking into rival’s systemsFormer employees of a competitor provided Ticketmaster with URLs of ticketing web pages and stolen passwords that were used to unlawfully collect business intelligence by repeatedly accessing the competitor’s systems without authorization.
- 2. Malware uses WiFi BSSID for victim identificationNew malware strain that relies on obtaining victims' Basic Service Set Identifier (BSSID) in addition to stealing their IP addresses, and then checking the BSSID against Alexander Mylnikov's free BSSID-to-geo database in order to obtain victims' last geographical locations.
- 3. Activists Publish a Vast Trove of Ransomware Victims’ DataDistributed Denial of Secrets (DDoSecrets) transparency collective published a new data set containing approximately 1TB of data that includes more than 750,000 emails, photos, and documents belonging to five companies. The groups is also reportedly offering to privately share another 1.9TB of data lifted from more than 12 other organizations with academic researchers and/or journalists.
- 4. Babuk Locker is the first new enterprise ransomware of 2021Babuk targets victims using executables customized for each victim that contain a hard-coded extension, ransom note, and a Tor victim URL. Once executed on targeted systems, attackers can use command-line arguments (i.e., lanfirst, lansecond, nolan) to control how the ransomware encrypts network shares and whether to encrypt them before the local file system is encrypted.
- 5. Russian Software Company May Be Entry Point for Huge U.S. HackAmerican intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure. Hackers allegedly exploited TeamCity to compromise networks.