AI Fear, FDA, Tesla, and D-Link – Paul’s Security Weekly #580

October 28, 2018
Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly!

Paul's Stories

  1. Most security professionals fear AI attacks
  2. Masscan as a lesson in TCP/IP
  3. Have Network, Need Network Security Monitoring
  4. UPDATED VERSION: RouterSploit 3.4.0
  5. Serious D-Link router security flaws may never be patched
  6. FDA releases cybersecurity guidance
  7. Few employers have a culture that supports cybersecurity
  8. Watch Hackers Steal A Tesla
  9. Most Enterprise Vulns Remain Unpatched A Month After Discovery
  10. Securing Serverless: Attacking an AWS Account via a Lambda Function
  11. California Addresses Default Passwords
  12. Spies Among Us: Tracking, IoT & the Truly Inside Threat
  13. NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
  14. RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence, (Wed, Oct 17th)

Kevin's Stories

  1. In Groundbreaking Decision, Feds Say Hacking DRM to Fix Your Electronics Is Legal "The new exemptions are a major win for the right to repair movement and give consumers wide latitude to legally repair the devices they own."
  2. Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant "Cybersecurity firm FireEye points the finger at the Russian government and a government-linked facility for creating a destructive malware."
  3. British Airways: 185,000 more passengers may have had details stolen "Airline says customers affected by data breach will be contacted by Friday, as investigation continues"
  4. An ISP Left Corporate Passwords, Keys, and All its Data Exposed on the Internet "According to a new report by the security researchers at UpGuard, a Washington-based ISP by the name of Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months."'
  5. Technical Rundown of WebExec "... flaw in WebEx's WebexUpdateService allows anyone with a login to the Windows system where WebEx is installed to run SYSTEM-level code remotely. That's right: this client-side application that doesn't listen on any ports is actually vulnerable to remote code execution! A local or domain account will work, making this a powerful way to pivot through networks until it's patched."
Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Doug White Doug White - Professor, Roger Williams University.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Patrick Laverty Patrick Laverty - Security Consultant, Rapid 7.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Not Kevin Not Kevin - Senior Sales Engineer, Barkly.[/caption] [audio src="http://traffic.libsyn.com/sw-all/AI_Fear_FDA_Tesla_and_D-Link_-_Pauls_Security_Weekly_580_converted.mp3" ]
prestitial ad