BH2020 Episode #1 – August 03, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Pentesting Results Paint A Biased Picture – 11:00 AM-11:15 AM
Sponsored By
Visit https://securityweekly.com/vicarius for more information! Description
Visit https://securityweekly.com/vicarius for more information!
Description
Pentesting is littered with politics, bias reporting, and human error. So how do you clean up the trash? A former IDF engineer shares how his stint as a pentester changed the way he thinks about it – and ultimately led to the development of a new technology.
This segment is sponsored by Vicarius.
Visit https://securityweekly.com/vicarius to learn more about them!
Start your free trial today, visit: https://www.vicarius.io/sign/up
Guest(s)
Hosts
2. Why Secure Remote Access Is Like The Emperors New Clothes – 11:45 AM-12:00 PM
Description
Our research for Black Hat demonstrates that the Secure Remote Access or so-called ‘VPN’ technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don’t provide the full level of protection typically expected of them. This isn’t because of bugs in the technology, but rather due to a ubiquitous scenario in which the remote worker is connected to Wi-Fi that is is untrusted, insecure or compromised. We demonstrate that in this common use-case ‘VPN’ technologies do not act as we expect them to and therefore expose several opportunities to an attack with control over the Wi-Fi access point.
To get access to the most recent results from our studies, updates, additional demos and other resources on our research, visit: https://orangecyberdefense.com/global/insecure-remote-access/.
Guest(s)
Hosts
3. Purple Teaming With PlexTrac – 12:30 PM-12:45 PM
Sponsored By
Visit https://securityweekly.com/plextrac for more information! Description
Visit https://securityweekly.com/plextrac for more information!
Description
The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs.
Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all.
Key questions to cover:
What is purple teaming?
Who’s on the purple team?
How does the purple team relate to the CISO?
Where does PlexTrac fit in this process?
This segment is sponsored by PlexTrac.
Visit https://securityweekly.com/plextrac to learn more about them!
To get one month free, visit: https://securityweekly.com/plextrac
Guest(s)
Hosts
4. Protecting Data That Egresses From Cloud Services & SaaS Applications – 01:15 PM-01:30 PM
Sponsored By
Visit https://securityweekly.com/securecircle for more information! Description
Visit https://securityweekly.com/securecircle for more information!
Description
For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control and audit data that egresses form these services onto endpoints.
– How do you protect data that egresses from your cloud services (i.e., Github, Workday, SalesForce, Box, OneDrive)?
– Do you control access to your data after it egresses from your cloud services?
This segment is sponsored by SecureCircle.
Visit https://securityweekly.com/securecircle to learn more about them!
Demo and 30-day free trial: https://www.securecircle.com/
Guest(s)
Hosts
5. Are You Effectively Addressing API Security? – 02:00 PM-02:15 PM
Sponsored By
Visit https://securityweekly.com/synopsys for more information! Description
Visit https://securityweekly.com/synopsys for more information!
Description
All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively?
We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure.
Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software.
This segment is sponsored by Synopsys.
Visit https://securityweekly.com/synopsys to learn more about them!
Learn more about API security, visit: https://www.synopsys.com/software
Guest(s)
Hosts
6. Protecting Ethical Hackers – 02:45 PM-03:00 PM
Description
Arrests in Iowa and a Good Samaritan law for Cyber security. The mistake Iowa has made allowing politicians to pass sweeping reforms on a subject they knew nothing about based on politics and who owned what, versus what was best for the citizens of Iowa.
Help protect ethical hackers: https://www.coalfire.com/ethicalhackerprotection
Guest(s)
Hosts
7. Satellite Broadband Security – 03:30 PM-03:45 PM
Description
In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications. We find that it is possible for attackers using cheap home-television equipment to eavesdrop on the internet traffic of people who are thousands of miles away. In the briefing, we show how this effects individuals and organizations ranging from home internet customers, to oil companies, to airlines.
Guest(s)
 |
Hosts
8. What’s Going On With TikTok? – 04:15 PM-04:30 PM
Description
What’s the latest with TikTok? Will the application be banned? Can you actually ban it? Doug White and Matt Alderman discuss the latest news on TikTok.
https://www.cnbc.com/2020/08/03/microsoft-confirms-talks-to-buy-tiktok-in-us.html
Hosts
9. How Did The Twitter Hackers Get Caught? – 05:00 PM-05:15 PM
Description
The FBI tracked down the Twitter hackers, but how? What mistake did they make? Doug White and Matt Alderman discuss the latest news on the Twitter hack.
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/
https://www.wired.com/story/how-alleged-twitter-hackers-got-caught-bitcoin/