Paul's Security Weekly (Video)

In the Security News, a phishing scheme that targets AMEX cardholders, the list of labs affected by the American Medical Collection Agency data breach continues to grow, a Silk Road drug dealer gets caught converting Bitcoin to cash, how GDPR is forcing the tech industry to rethink Identity Management and Authentication, and a Mirai-Like botnet wages massive application layer DDoS attack! Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Troels Oerting is the Head of the Global Centre for Cybersecurity established by World Economic Forum in 2018. Troels talks about Security, Privacy, Integrity through Prevention, Protection and Prosecution via People, Tech and Processes. Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about the Intro to Sense of Security, DDoS in 2019, New trends, and How to address these issues! Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Slack Resets User Passwords After 2015 Data Breach, Hacker Breached Sprint Customer Accounts Through Samsung Website, Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink, A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias., and much more! Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

Topics being discussed: Vulnerability Management, Patching, Asset Management, and System Hardening. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers! Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user s existing account, tips to protect against account takeover. Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies. To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story. More stories and links here: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them. Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018 Links to more slides here: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Don Pezet will be discussing the new CySA+ and PenTest+ certs that ITProTV has to offer! Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco. To learn more about ITProTV, visit: https://securityweekly.com/itprotv Full Show Notes: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks 2 factor authentication! Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels. To learn more about SCYTHE, visit: https://securityweekly.com/scythe Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card. Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal! Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week! To get involved with Gravwell, visit: https://securityweekly.com/gravwell Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University's first NAC system before it became a security category. Peter comes on the show to talk about Edgewise's 1 click microsegmentation! To get involved with Edgewise, visit: https://securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized cars?! Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and how we can provide them with the proper support services to help! Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind. To learn more about Endgame, visit: https://securityweekly.com/endgame Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that makes you WannaCry! Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtual), network devices, and endpoints. From "day 0" provisioning to "day n" configuration drift management and compliance management, Salt can scale to automate all the most difficult and frustrating tasks. To learn more about SaltStack, visit: https://securityweekly.com/saltstack Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems! Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digital hygiene if we don't have the proper education in place?, what is Digital Citizenship, and how is the Privacy playing a roll in our always-on youth? Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability! Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management. Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks! Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Lesley will be discussing her transition from IT security to OT security, DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?, and much more! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole! Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary! To get started with Canary, visit: https://securityweekly.com/canary Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications! To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion's rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter! To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how Android Q will come with improved privacy protections, hacked tornado sirens taken offline ahead of a major storm, and how Putty released an update that fixed 8 new security flaws! Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris! To learn more about DomainTools, visit: https://securityweekly.com/domaintools Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcus Carey is the Founder & CEO at Threatcare. Navy Cryptologist turned cybersecurity entrepreneur, Marcus Carey is Currently working as founder and CEO of cybersecurity company Threatcare. He joins us talk about the book that he Co-Authored, "Tribe of Hackers"! Full Show Notes: https://wiki.securityweekly.com/Episode598 Follow us on Twitter: https://www.twitter.com/securityweekly

We interview Carsten Williams, Co-Founder and CEO at VMRay, discussing malware sandboxing! Carsten is the original developer of CWSandbox, a commercial malware analysis suite that was later renamed to GFI Sandbox, and now Threat Analyzer by ThreatTrack Security. To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly