esw208

Enterprise Security Weekly Episode #208 – November 25, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Drupal Vulnerability, Sectigo DevOps Integrations, & Vulnerable Fortinet VPNs – 12:30 PM-01:00 PM

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Description

This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!

Hosts

AdrianSanabria

Adrian Sanabria –

PaulAssadorian

Paul Assadorian –

  1. Why Companies Should Outsource Cybersecurity During COVID and Beyond – Data Point Reason No. 2: The remote workforce expands the threat surface. Data Point Reason No. 3: Cybersecurity experts that meet your needs are hard to find, nurture and retain. Data Point Reason No. 4: It takes too much time and money to get in-house SOCs up and running. Data Point Reason No. 5: Businesses and other organizations want to lower their liability.
  2. Sectigo Adds Five PKI DevOps Integrations – Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform. The new integrations, which expand upon Sectigo’s first round of DevOps integrations, seize the benefits of automation for DevOps environments and further aid DevSecOps teams in speeding application deployment by using automation to provision certificates.
  3. Canonical publishes set of secure container application images – Help Net Security – “We address high and critical CVEs in LTS offerings, and fix critical issues within 24 hours.” The Snyk report finds the average time for enterprises to remediate homegrown images is 68 days.
  4. Drupal vulnerability press statement from ExtraHop – A malicious file with a double extension (e.g., php.txt) could be “interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations,” the Drupal security team noted.
  5. Respond Software Joins the FireEye Team – Today, FireEye announced that Respond Software is joining our Team. Respond is the creator of an AI Based Cloud native XDR Engine that automates the investigation of security alerts at machine speed. Respond Software is a perfect fit with our Mandiant Advantage platform, adding proven automation technology in the fast-growing category of Extended Detection and Response (XDR) to help secure our customers.
  6. FireEye receives USD 400 mln investment from Blackstone, buys Respond Software
  7. Splunk to Acquire Network Performance Monitoring Leader Flowmill – With this acquisition, Splunk will continue to deliver on its vision to offer the world’s most comprehensive Observability Suite. With Flowmill, Splunk further expands its existing observability capabilities, giving customers the ability to ingest, analyze and take action on additional cloud network and infrastructure data to quickly resolve network-related issues, optimize network performance and reduce network costs.
  8. Palo Alto Networks launches Industry’s first 5G-Native Security offering
  9. Digital Shadows launches sensitive document alerts with added context – Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says “private and confidential” or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.
  10. McAfee launches app marketplace, developer portal
  11. Passwords exposed for almost 50,000 vulnerable Fortinet VPNs – The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive “sslvpn_websession” files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users. Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing “sslvpn_websession” files for every IP that had been on the list.

2. Which Multifactor Authentication is the Right One? – 01:00 PM-01:30 PM

Announcements

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

It’s widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We’ll talk through the benefits and drawbacks of each and explore why Microsoft ‘s director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication.

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Guest(s)

Matt Barnett

Matt Barnett –

Chief Strategist at SEVN-X

After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

3. Beyond Subjectivity: Sharpening CVSS with Asset Context – 01:30 PM-02:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/vicarius for more information!

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Description

Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don’t factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!

Blog post: https://www.vicarius.io/blog/beyond-subjectivity-sharpening-cvss-with-asset-context

Guest(s)

Clayton Fields

Clayton Fields –

Advisor at Vicarius

For 15 years, Clayton has been a technologist and client advocate. He helped launch the first intrusion prevention system for Active Directory. Clayton brings a breadth of acquisition experience focused on market truths and buyer languages.

Michael Assraf

Michael Assraf –

CEO & Co-Founder at Vicarius

Michael has more than ten years of experience in the startup world. He has been part of six different startups, filling out several positions up to VP R&D, both on the tech and operational sides. In his last position at Atlis, Michael built and managed an R&D department. He led the Israeli team of the startup on a daily basis from day one to the release of the product’s GA. In his professional experience, Michael filled multiple positions from Network Engineer at Deltathree, Automation Engineer at Secure Islands (later acquired by Microsoft), Software Developer at Idomoo to VP R&D at Cellxpert and Atlis. Michael holds an MBA from Tel Aviv University and a BSc from the Jerusalem College of Engineering.

Hosts

AdrianSanabria

Adrian Sanabria –

Senior Research Engineer at CyberRisk Alliance

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance