Paul's Security Weekly (Video)

This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache 0-day, you iPhone is always turned on, Apple pay hacked, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

There are many options to choose from when setting up The Security Onion. The use cases are vast, including a NIDS (Zeek, Suricata), HIDS (Beats, Wazuh, osquery) and standalone instances for a SOC workstation and static analysis. I really like SO as a platform to collect all kinds of data from the network and from your systems (some even use the word XDR). Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Today Dan DeCloss, CEO of PlexTrac, joins the panel to share results from a CyberRisk Alliance survey of 315 security practitioners in the U.S. and Canada. This research, sponsored by PlexTrac, shows a correlation between purple teaming and program maturity, which emphasizes the importance of adversary emulation in today's security landscape. Tune in to get the scoop on the survey results and MUCH more! This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe that's a good thing? Speaking of which, Apple patches some 0days, Lithuania warns against using Huawei and Xiaomi phones, the FCC pays companies to ditch Huawei and ZTE gear, the latest on Cybercrime, UK researchers find a way to pickpocket Apple Pay, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw712

To defend themselves, companies need to detect ransomware attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. Qualys' Mehul Revankar will discuss ransomware trends, defensive maneuvers and discuss the inspiration and research behind Qualys' new ransomware exposure dashboard that provides companies with personalized plan to remediate the vulnerabilities in their environment. Segment Resources: www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw712

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange AutoDiscover bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more! Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection methods are just too easy to circumvent in WiFi environments. Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale. It's fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information. In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks. Show Notes: https://securityweekly.com/psw711 Segment Resources: Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/ Visit https://www.securityweekly.com/psw for all the latest episodes!

This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App, Drone accidentally delivers drug paraphernalia to high schoolers, & more! Show Notes: https://securityweekly.com/psw710 Visit https://www.securityweekly.com/psw for all the latest episodes!

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development. Justin first released Brakeman in 2010. In 2018, the commercial version, "Brakeman Pro", was acquired by Synopsys. Brakeman continues to be a very popular security tool for Rails, with tens of thousands of downloads per day. Show Notes: https://securityweekly.com/psw710 https://github.com/presidentbeef/brakeman Visit https://www.securityweekly.com/psw for all the latest episodes!

Network breaches, ransomware attacks, and remote-work challenges highlight the need for cloud-native Secure Access Service Edge (SASE) deployments. Show Notes: https://securityweekly.com/psw710 This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Benjamin will discuss securing iframes with the sandbox attribute. This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

This week in the Security News: Hacking Honda, a fact about single-factor, disarming your home and alarming vulnerability disclosure response, btw, you have a Sudo vulnerability, NSO under investigation, Loki and 0days, Linux turns 30, SANS appoints a new president of the college, how much does your USB thumb drive weigh?, and When "Florida Woman" attacks! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

Paul presents a Technical Segment that walks through Nmap, Vulners scripts, & Flan Scan! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw709

This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting malware, LEDs can spy on you, hacking infusion pumps, PRISM variants, 1Password vulnerabilities, plugging in a mouse gives you admin, & yard sales! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Shifting security left is good - but it's an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of breach by embracing the modern AppSec techniques, that will allow development, operations and security teams to work together in order to efficiently and effectively secure all of their applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel's filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely vulnerable and probably exploitable. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

In the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application security and why you shouldn't do it on a shoe string budget, vulnerability disclosure miscommunication, tractor loads of vulnerabilities, The HolesWarm.......malware, T-Mobile breach, and All you need is....Love? No, next-generation identity and access management with zero-trust architecture is what you need!!! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherriff's department, Fingerprinting Windows, double secret quadruple extortion, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the framework, and modifying public payload types to evade signature-based detections. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some social engineering (conducting it or defenses). He will also mention the Trace Labs OSINT Search Party competitions (he won his 2nd one last weekend at DEFCON). Segment Resources: https://www.theosintion.com https://wiki.theosintion.com http://discord.theosintion.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag games to promote learning. Segment Resources: https://rfhackers.com/ [email protected] https://discordapp.com/invite/JjPQhKy https://rfhackers.com/blog Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being aware of the widening attack surface due to an inter-connected world of cyber-physical security. • The critical need to have the right solutions in place to thwart bad actors from gaining access to a physical system. • The security considerations organizations, specifically in the healthcare and critical infrastructure sectors, should address to circumvent cyber-physical attacks. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancies do. CyberMarket.com is a place to help facilitate the sales pipeline for cybersecurity consultancies of various sizes. Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status, personal reviews, and more. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast. Segment Resources: https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, flaws let you hack an ATM by waving your phone, PrintNightmare, Bitcoins from Banks and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a wildfire. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw701

In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession. Segment Resources: https://www.supremecourt.gov/opinions/20pdf/19-783_k53l.pdf Prosecuting Computer Crimes DOJ,: https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf "Computer Crime and Intellectual Property Section DOJ": https://www.justice.gov/criminal-ccips/ccips-documents-and-reports Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives concrete examples of job roles available to those who prove themselves through industry certifications and other means. This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw700

This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the users using the web application. Segment Resources: www.netsparker.com This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization's InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he'll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, How to pwn a satellite, One Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to discuss why attack surface monitoring needs to run across the entire infrastructure. It's not just about open ports, but finding the assets that are exposed or exploitable, or abandoned, that create the greatest risk. This segment is sponsored by CyCognito. Visit https://securityweekly.com/cycognito to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with enterprise level features, making it a successful product for enterprise uses. Due to the fact that it will run on many IoT platforms, including home gateways, and has an easy-to-use web interface, it is also a great platform to use to start building a lab. Segment Resources: Company Website Link: xcapeinc.com Topic Link: openwrt.org Commercial Product for Topic Link: gl-inet.com Personal CI/CD Projects Link: gitlab.com/fossdevops Personal GitLab Link: gitlab.com/geneerik Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware's most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility. Segment Resources: View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38 Read our CEO's blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before. Segment Resources: phobos.io/orbital Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697