esw281

Enterprise Security Weekly Episode #281 – July 21, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Going Passwordless with Risk Signals – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ping for more information!

Announcements

Description

Passwordless authentication is all the rage. And rightly so, given its promise of driving engagement and boosting productivity via more secure and frictionless user experiences. However, the path to passwordless often leads to more questions than answers. Don’t fret! We’ll offer a passwordless journey roadmap that delves into leveraging different risk signals like user behavior and device characteristics to make smarter authentication decisions.

Segment Resources:
https://www.pingidentity.com/en/solutions/business-priority/passwordless.html
https://download.pingidentity.com/public/assets/misc/en/3637-workforce-survey-passwordless-future.pdf

This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!

Guest(s)

Aubrey Turner

Aubrey Turner – Executive Advisor at Ping Identity

Aubrey Turner has extensive background successfully delivering strategic, enterprise cyber security solutions to Fortune 1000 companies that addresses business problems, strengthens organizations, reduces risk and delivers positive business outcomes. Aubrey has demonstrated rapport and consensus building with key stakeholders. Additionally, he has proven leadership, communication, management, collaboration and sales skills.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Supply Chain Level 0: Grinding Tractors to a Halt – 03:30 PM-04:00 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

Sick Codes hacked all four John Deere Telematics Gateway’s, and the John Deere Gen4 Series Display. Without those, it’s “just a tractor.” However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.

Segment Resources:
https://sick.codes
https://github.com/sickcodes
https://www.youtube.com/watch?v=zpouLO-GXLo
https://hardwear.io/usa-2022/speakers/sick-codes.php

Guest(s)

Sick Codes

Sick Codes – Security Researcher & Consultant at Sick Codes, Automated Security Research

@sickcodes

“Sick Codes” is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 25k+ stars, 300k+ downloads. I’ve spoken 2x at DEF CON 29, DEF CON 30, published 30+ CVEs, and do consulting and contracting.

Sick Codes will be speaking DEF CON Main Stage at DEF CON 30 August 11-14th, and recently spoke at Hardwear.io about one of the most ignored, yet highly relied on, pieces of critical infrastructure; the food supply chain.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Whistleblowing, Pwnednomore, Robot Protection, Securing Embedded Devices, & Hatching – 04:00 PM-04:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Finally, in the Enterprise Security News: HiveWatch raises $20M to protect the office, FORT Robotics raises $13M to protect the office from robots, Emproof raises €2M to secure embedded devices, Dutch startup OneWelcome acquired by Thales, Dutch startup Hatching acquired by Recorded Future, Pwnednomore aims to protect Web3, Cybersecurity vendors make us less secure And perverse incentives in whistleblowing!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

  1. FUNDING: HiveWatch Raises $20M Series A Led by Former Twitter Executives
  2. FUNDING: FORT Robotics Closes On $13 Million In Funding
  3. FUNDING: Push announces $4M seed round to drive user-centric security for SaaS
  4. FUNDING: Emproof secures €2M from TIIN Capital, others to provide security solutions for embedded devices
  5. ACQUISITIONS: Dutch startup OneWelcome acquired by Paris-based Thales for €100M: Here’s why
  6. ACQUISITIONS: Dutch cybersecurity specialist Hatching acquired by US-based Recorded Future
  7. ACQUISITIONS: Putting the Dee(Dee) in Defense: Huntress Acquires Curricula
  8. NEW PRODUCTS: HiddenLayer emerges from stealth to protect AI models from attacks – TechCrunch
  9. NEW PRODUCTS: Pwnednomore – one of the newest crypto builders from Alliance DAO’s demo day – TechCrunch
  10. NEW PRODUCTS: Paladin Cloud launches open source platform – TechCrunch
  11. TRENDS: How cybersecurity vendors make us less secure
  12. LEGAL: Aerojet Rocketdyne to pay $9 mln to resolve U.S. cybersecurity allegations
  13. SQUIRREL: Hands-On with Mojo Augmented Reality Contact Lens!
KatieTeitler

Katie Teitler

@Katherinert15

Senior Security Strategist at Axonius

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element