The Godfather – PSW #700
View Show IndexSegments
1. Career Pathing and Advice From Offensive Security – Jim O’Gorman – PSW #700
Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives concrete examples of job roles available to those who prove themselves through industry certifications and other means.
This segment is sponsored by Offensive Security.
Visit https://securityweekly.com/offSec to learn more about them!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!
Guest
Jim (elwood) began his tech career as a network administrator with a particular talent for network intrusion simulation, digital investigations, and malware analysis. Jim started teaching for OffSec in 2009 as an instructor for the Penetration Testing with Kali (PWK) course — a role he still enjoys. He went on to co-author Metasploit: The Penetration Tester’s Guide and Kali Linux: Revealed, and has developed and curated a number of OffSec courses. As the Chief Content and Strategy officer, he currently oversees the open source Kali Linux development project and participates with OffSec’s Penetration Testing Team.
Hosts
2. CFAA: Recent US Supreme Court Case Van Buren v. US – Thomas Lonardo – PSW #700
Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession.
Segment Resources:
https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf:
Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf
"Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Associate Professor at Roger Williams University School of Justice Studies and Mario J. Gabelli School of Business. Possess a BS and MBA from Bryant University and a Juris Doctor from Roger Williams University School of Law. I have been teaching in higher education for over 20 years. Prior to teaching in higher-ed I had spent 20 years’ in the financial services industry in various management capacities.
I teach courses in Computer Forensic Law, Business Law, Criminal Justice and Financial Accounting. I have given a number of presentations and authored articles relating to Computer Forensic Law and Practice dealing with Fourth Amendment privacy issues as well as the licensing of Computer Forensic professionals in the US. An attorney for 25 years as a member of the Rhode Island and Massachusetts bar associations as well as the federal bar association.
Hosts
3. Thermostat Hijacking, MA Androids, Windows 11, Hacking Pelotons, & John McAfee – PSW #700
In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more!
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Hosts
- 1. An internal code repo used by New York State’s IT office was exposed online – TechCrunch
- 2. SimuLand: Understand adversary tradecraft and improve detection strategies
- 3. How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It – The Zero Hack
- 4. How Cyber Safe is Your Drinking Water Supply? – Krebs on Security
- 5. iPhone bug breaks WiFi when you join hotspot with unusual name
- 6. Even creepier COVID tracking: Google silently pushed app to users’ phones
- 7. Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
- 1. Microsoft announces Windows 11, with a new design, Start menu, and moreMicrosoft is officially confirming the name for the next release of Windows today: Windows 11. After months of teases, hints of the number 11, and a giant Windows 11 leak, Microsoft’s new operating system is official.
- 2. Windows 11 is a free upgradeMicrosoft officially unveiled Windows 11 today, and the software maker is committing to make it a free upgrade for Windows 10 users. Much like how Windows 10 was free for Windows 7 and Windows 8 users, this new Windows 11 version will be free for existing Windows 10 users.
- 3. Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level – Help Net SecurityAn estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, Eclypsium researchers have found.
- 4. New DNS Name Server Hijack Attack Exposes Businesses, Government AgenciesResearchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
- 5. Antivirus software pioneer John McAfee dies by suicide in prison: reportEccentric tech entrepreneur John McAfee died by suicide in a Spanish jail cell Wednesday evening — hours after reports surfaced that he would be extradited to face federal charges in the US, according to local media.
- 6. Wormable DarkRadiation Ransomware Targets Linux and Docker InstancesCybersecurity researchers have disclosed a new ransomware strain called " DarkRadiation " that's implemented entirely in Bash and targets Linux and Docker cloud containers.
- 7. Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux DistributionsTrendMicro investigation of DarkRadiation tools. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script.