Nintendo Breach, NSA Advisory, & Security of IoMT – ASW #105
April 28, 2020
This week, in the Application Security News, Nintendo Confirms Breach of 160,000 Accounts via a legacy endpoint, NSA shares list of vulnerabilities commonly exploited to plant web shells, Code Patterns for API Authorization: Designing for Security, Health Prognosis on the Security of IoMT Devices? Not Good, and 8 Tips to Create an Accurate and Helpful Post-Mortem Incident Report!
Visit https://www.securityweekly.com/asw for all the latest episodes!
[caption id="attachment_210" align="alignleft" width="120"] John Kinsella - Vice President of Container Security[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Matt Alderman - CEO[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Mike Shema - Product Security Lead[/caption]
Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
Join us at InfoSecWorld 2020 - June 22nd-24th now at Disney's Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
This week’s breach roundup is led by network outage at Central Indiana Orthopedics brought on by a ransomware attack and a dental vendor data breach affecting multiple dentist offices and 174,000 patients.
The Joint Cyber Defense Collaborative sounds similar to past nerve centers, like NCCIC, that failed to live up to their promise. Government officials say this time around, they and industry are far more eager to work together and larger cultural evolutions in government have helped to break down previous information silos.