In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal!
Warnings of world-wide worm attacks are the real deal, new exploit shows - Unfortunately, these tasks often take place in mission-critical environments such as hospitals, factories, and industrial settings. While patching is by far the most effective way to prevent exploits, there are a variety of workarounds that can be deployed. Chief among them is enabling Network Level Authentication (NLA) for Remote Desktop Services, although this defense is ineffective in the event that attackers have compromised the NLA credentials. It may also be possible to at least partially defeat NLA defenses using a remote desktop protocol weakness disclosed Tuesday. So, for these mission critical applications in those environments, where they can't go down, can't be rebooted, and they are so important that patching is out of the question, WHY THE HELL DID YOU CHOOSE WINDOWS? Isn't there a better solution? Is this the fault of the provider? This isn't even a security argument, can't we help fix this problem with better design choices?
Google expert disclosed details of an unpatched flaw in SymCrypt library - According to Microsoft, SymCrypt is the primary library for implementing symmetric cryptographic algorithms in Windows 8, it also implements asymmetric cryptographic algorithms starting with Windows 10 version 1703.Ormandy discovered that it is possible to trigger the flaw to cause an infinite loop when making specific cryptographic operations.
Lake City Fl. Hit by Ransomware City services are offline, water and utility payment systems reverted to paper, infected systems isolated to prevent spread; Public Safety systems were already isolated and encrypted for protection. Ideas to take home?
Follow us on Twitter: https://www.twitter.com/securityweekly
[caption id="attachment_210" align="alignleft" width="120"] Paul Asadorian - CTO, Security Weekly.[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Joff Thyer - Security Analyst, Black Hills Information Security.[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Lee Neely - Senior Cyber Analyst , Lawrence Livermore National Laboratory.[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Jeff Man - Sr. InfoSec Consultant, Online Business Systems.[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Larry Pesce - Senior Managing Consultant and Director of Research, InGuardians.[/caption]
Register for our upcoming webcasts with SaltStack, DomainTools, and LogRhythm by going to securityweekly.com/webcasts. If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
Some of you told us that you are overwhelmed by the amount of content we distribute! In an attempt to make it a little easier for you to find what you're interested in, we've created our new listener interest list! Sign up for list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!
Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!
Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a 15% discount to sit for any of their Bootcamp Courses or Workshops! Visit Securityweekly.com/hackerhalted to register now!
Wellframe CTO Mohammad Jouni discusses the current state of telehealth privacy and security amid a rise in use during the pandemic, addressing the need for a telehealth standard to address vulnerabilities.