In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute!
To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode653
"Burn-In: A Novel of the Real Robotic Revolution" (May 26 release) is a new kind of novel+nonfiction. It uses the technothriller format as a way to share real research on the ways that AI+automation will shape our future, but also leave it vulnerable to a new scale of risks. That is, it is a fictional story following an FBI agent as she and a new partner hunt a new kind of terrorist bent on holding the entire city hostage in a way previously impossible. But baked into the story are some 300 macro and micro predictions of the tech and trends that will change our tomorrow, drawn from the latest nonfiction studies to show that it could/will come true (IE, it is a novel, but with endnotes on everything). Think of it as the veggies hidden in the smoothie, to give people a fun/scary read, but also to understand key terms and ideas soon to shape their lives.
To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode653
The MITRE ATT&CK framework has had a major impact on the cybersecurity industry and has given a defenders a haystack in which to focus their defensive efforts. What’s most interesting, perhaps, is where and how these TTPs intersect and how we can use that information to determine patterns and disrupt attacks by analyzing historical datasets.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode653
Security Leadership, Accountability in Security Leadership, and Enforcing Buy-in From the Top!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode185
What is the value of identity in a larger security conversation? Why does CyberArk partner with so many technology vendors? What’s the value to you, the customer? It’s an opportunity to talk about Privileged Access Management solution integrations with market leading software applications in the vulnerability management, SIEM, storage, discovery, orchestration & response, governance and many other fields. We will discuss why identity is an important part of securing an application - fundamental security principle that is not yet widely considered.
To learn more about CyberArk, visit: https://securityweekly.com/cyberark
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode185
This week, MITRE ATT&CK for ICS: A Technical Deep Dive, Tufin Expands Security Automation Capabilities, Strengthen Business and Security Alignment with ThreatConnect, BeyondTrust Privilege Management for Windows and Mac SaaS Accelerates and Enhances Endpoint Security, Re-imaging threat detection, hunting and response with CTI, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode185
In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode652
HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly.
Security Header Whitepaper: https://www.netsparker.com/whitepaper-http-security-headers/
Slide Show: https://securityweekly.com/http-security-headers-in-action/
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode652
The guests on Trust Me I'm Certified have dropped some real knowledge and I'd like to distill that down as well as talk about building technical skills, looking at your career as a 'thing' that needs care and feeding, and the BSidesNH conference.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode652
In this segment we'll discuss why email security is still not a solved problem and how now that people are increasingly working from home, it poses an increased risk. We'll also share some interesting attacks that we've uncovered in the past several weeks since the beginning of shelter-in-place.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode184
Whether it's an external red team, internal red team, vulnerability scanning data, or a self-assessment questionnaire, results from all of these different types of assessments must be tracked and managed. Dan from Plextrac will walk you through how to track and manage all of these activities in one place!
To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode184
RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode184
Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode29
Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode29
In the leadership and communications section, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
As many organizations look to their "new normal," remote work will likely be a large piece of that strategy. Adler will dive into the impact this has on the SOC and why EDR should be top-of-mind.
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode108
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode108
In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode651
We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?
To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode651
In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.
To learn more about Elastic Security, visit: https://securityweekly.com/elastic
To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/PSWEpisode651
Many companies hire external consultants to conduct incident response and remediation, which can add up quickly in cost. By providing these security consultants with network data in seconds as opposed to hours or days, we can drastically reduce remediation costs and speed breach containment.
To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode183
Discuss approach to vulnerability management at Toyota Financials and benefits of a full life-cycle approach to vulnerability management.
To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode183
In the Enterprise Security News, how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode183
Security vs. Compliance: Where are the overlaps? Where are the differences?
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode28