Paul's Security Weekly (Video)

New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common? Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University's first NAC system before it became a security category. Peter brings a security practitioner's perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers. To learn more about Edgwise, visit: https://securityweekly.com/edgewise/ Full Show Notes: https://wiki.securityweekly.com/Episode597 Follow us on Twitter: https://www.twitter.com/securityweekly

YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you need to know about the Huawei controversy! Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

David Marble is the President & CEO at OSHEAN. David joins us to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! This conference will be held on March 13th 2019 from 9am to 3pm at Salve Regina University, w/ a featured keynote by our Founder and CTO, Paul Asadoorian! Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

Allan Liska is the Senior Solutions Architect at Recorded Future. Allan talks about threat intelligence – no longer just for the secret squirrels among us. While the term can elicit reactions ranging from exasperated sigh to flashbacks of security buzzword bingo circa 2015, Recorded Future is delivering on the industry promise – actionable intelligence for all security pros. Get Trending Threat Insights Delivered to Your Inbox, at: https://securityweekly.com/recordedfuture Full Show Notes: https://wiki.securityweekly.com/Episode596 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a nasty code-execution bug in WinRAR threatened millions of users for 14 years! Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation! Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly

Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level! Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense. Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls! To learn more about Edgewise, visit: https://www.securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly

Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Can We Protect Ourselves?" Connie teases her talk and explains how to protect ourselves, our clients, and the information that we handle daily. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War 2 German message decrypts to go on display at the National Museum of Computing! Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigate a DDoS attack generated 500 million packets per second! Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! Full Show notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication. Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly

Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty program! Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes. To learn more about BHIS, visit: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players. Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly

Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El Chapo's IT manager cracked his encrypted chats and brought him down! Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods. Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation. To learn more about SCYTHE.io, go to: https://www.scythe.io/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install! Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes. Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is. Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture? Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques! To get involved with LogRhythm, go to: https://www.securityweekly.com/logrhythm Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitter: https://www.twitter.com/securityweekly

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already! Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition". Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Challenge, and other organizations. Our featured products include NetWars, CyberCity, Holiday Hack Challenge, Cyber Aces Online, and several Cyber Quests." Join KringleCon: www.kringlecon.com Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell. To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger. To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly

Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN), talk about their experience as developers, their journey to creating SATAN and their decision to keep SATAN a open source tool. Full Show Notes: https://wiki.securityweekly.com/Episode584 Follow us on Twitter: https://www.twitter.com/securityweekly

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo. Full Show Notes: https://wiki.securityweekly.com/Episode584 To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly Follow us on Twitter: https://www.twitter.com/securityweekly

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how Las Vegas police are cracking down on Black Market marijuana sales! Full Show Notes: https://wiki.securityweekly.com/Episode584 Follow us on Twitter: https://www.twitter.com/securityweekly

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer! Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs. To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

Jon Buhagiar is responsible for Network Operations at Pittsburgh Technical College for the past 19 years. Jon is currently a Network+ Review Course Instructor at Sybex, and he joins us to talk about Network Operations at Sybex. Full Show Notes: https://wiki.securityweekly.com/Episode583 Follow us on Twitter: https://www.twitter.com/securityweekly

Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, and some of these vibrating apps turn your phone into a sex toy! Full Show Notes: https://wiki.securityweekly.com/Episode582 Follow us on Twitter: https://www.twitter.com/securityweekly

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren't as good, and show you have to connect to remote machines using AD. Full Show Notes: https://wiki.securityweekly.com/Episode582 Follow us on Twitter: https://www.twitter.com/securityweekly

Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. This interview, they talk about DNS, phishing tools, and tease what DomainTools has in store for 2019. Full Show Notes: https://wiki.securityweekly.com/Episode582 Follow us on Twitter: https://www.twitter.com/securityweekly

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode581 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS). To learn more about BHIS, go to: https://www.blackhillsinfosec.com/PSW Full Show Notes: https://wiki.securityweekly.com/Episode581 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks. To learn more about Acunetix, go to: https://www.acunetix.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode581 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly