In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras & Dots! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw674
Sumedh and Badri discuss challenges associated with container Security & DevOps need for visibility into containers. Qualys' new approach to runtime security. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw674...
Attackers have repeatedly demonstrated that they can evade perimeter defenses to compromise a system inside the network. Once they get in, they must break out from that beachhead, conduct discovery, credential theft, lateral movement, privilege escalation, and data collection activities. Suppose they go looking for locally stored files or network shares and instead see nothing of value? What if they query Active Directory and don’t get real credentials in the responses? What if they look for por...
In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekl...
Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases. This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673...
Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers! This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com...
In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irriation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672...
Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed. This segment is sponsored by Polarity. Visit https://securityweekly.com/polarity to learn more about them...
Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characteristics provide the rich contextual clues to complete the picture. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672...
In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wi...
In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into...
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit. This segment is sponsored by Gravwell. Show Notes: https://wiki.securityweekly.com/psw671 Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securi...
In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, 5 Signs That Point to a Schism in Cybersecurity, and Using nginx to Customize Control of Your Hosted App! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wik...
Threats are no longer only a concern of large sophisticated organizations and there is a continued need to democratize security operations and controls so they are accessible to organizations of any size or skill level. Security services and tools need to be plug-in play for anyone with IT skills without requiring security expertise. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw670...
Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren’t doing much to save them, either. A new advancement in threat prioritization offers relief, integrating the vulnerabilities’ surrounding characteristics to identify the most severe risks. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw...
US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet: Is Your Operational Technology Safe? Visit https://www.securityweekly.com/psw for all the latest epis...
Assembling an infosec home lab is great way to learn more about the ever-changing programs and systems in the cyber world. However, it can get complicated to figure out what you really need to get your own home lab assembled and running. In this segment Tony will go over the the things you need to think about and the resources he uses to build an infosec home lab. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw669...
Tempesta FW is an open source hybrid of an HTTPS accelerator and a firewall aiming to accelerate web resources and protect them against DDoS and web attacks. The project is built into the Linux TCP/IP stack to provide performance comparable with the kernel bypass approaches (e.g. using DPDK), but still be well-integrated with the native Linux networking tools. We'll talk about Tempesta FW integration with IPtables/nftables to filter network traffic on all the layers and other tools to protect ag...
In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw668...
Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw668...
Paul will discuss his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw668
Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667...
Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allo...
BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiatives. BSIMM11 reflects the software security practices observed across 130 firms from industries such as finserv, independent software vendors, cloud and healthcare. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.co...
We welcome special guest Lea Snyder, BSides Boston Organizer, to talk all things BSides Boston 2020 for its 10 year anniversary! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided...
DevOps has gained momentum over the years as its methods have been used by teams worldwide to accelerate application delivery. But where we continue to struggle is in integrating security into this workflow. In this discussion, Sumedh Thakar, president and chief product officer at Qualys, will talk with the Security Weekly Team about the importance of building security into the CI/CD pipeline to ensure the quality of code and to protect the application and data infrastructure. He'll talk about Q...
Every time you deploy a patch nothing has ever gone wrong, right? Most of us have been burned by deploying a patch, causing downtime in your environment, getting in trouble with users and management for causing an outage and having to back out a patch, then re-deploy. The team at Vicarious has a way to apply in-memory virtual patches that mitigate exploitation and do not require binaries to be altered. Tune-in for the full description and demo! This segment is sponsored by Vicarius. Visit https:...
The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: h...
Successful attacks on healthcare entities are steadily increasing. Sophisticated criminals and nation states are focusing more attention on healthcare than ever before. The main goals are to steal money, data and intellectual property, execute ransomware, and attack critical infrastructure. Why do the hackers continue to succeed and what are some effective strategies and tactics to combat this scourge of ransomware? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes...
Loveable Security: Flee's approach to cybersecurity is that is should be "loveable." He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy. Visit https://www.securitywee...
