psw699

Paul’s Security Weekly Episode #699 – June 17, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Avoiding the Silo: Bridging the Divide Between Security + Dev Teams – 06:00 PM-06:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/fastly for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

Description

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization’s InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he’ll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them.

This segment is sponsored by Fastly.

Visit https://securityweekly.com/fastly to learn more about them!

Guest(s)

Brian Joe

Brian Joe – Director of Security Product Management at Fastly

Brian Joe is the Director of Security Product Management at Fastly, where he runs the Security Product team and manages Fastly’s Security Product Portfolio. Previously, Brian led the Product and Growth functions at Signal Sciences (acquired by Fastly), and has had Product, Partnership, and Operations leadership roles at Edgecast Networks (acquired by Verizon), and Verizon Communications with over 16 years of experience in Security, Networking, Cloud, and SaaS.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

2. “Eavesdropping Cameras”, Ransomware Poll Results, Windows 11, & CVS Records Leak – 07:00 PM-07:45 PM

Announcements

  • Join us June 24 at 11 AM ET to learn how web application firewalls can help mitigate exposure in a complex threat landscape. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10’s End-Of-Life, Drones that hunt for human screams, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. Puerto Rico’s Power Distributor Suffered a Cyberattack Hours Before a Devastating Fire
  2. Ransomware attack hit Teamsters in 2019 — but they refused to pay
  3. How Hackers Used Slack to Break into EA Games
  4. IoT Security: IoT Needn’t Be the Internet of Threats
  5. Keylime
  6. SEC charges mortgage title issuer First American with cybersecurity vulnerability violation
  7. Cyber insurance costs and terms spike as ransomware attacks multiply
DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

  1. REvil ransomware hits US nuclear weapons contractor
  2. Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
  3. Peloton Bike+ vulnerability allowed complete takeover of devices
  4. Bitcoin and Encryption: A Race Between Criminals and the F.B.I.
  5. Scientists are teaching drones to hunt down human screams
  6. Krebs on Security – In-depth security news and investigation
  7. Ukrainian Police Nab Six Tied to CLOP Ransomware – Krebs on Security
  8. Biden Tells Putin Critical Infrastructure Sectors ‘Off Limits’ to Russian Hacking
  9. Required MFA Is Not Sufficient for Strong Security: Report
  10. Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up
  11. Millions of Connected Cameras Open to Eavesdropping
JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. Make way for Windows 11? Windows 10 end-of-life is October 2025
  2. Certified Pre-Owned
  3. CaribouLite: A 30-6000 MHz 13-bit 4MHz SDR HAT for the Raspberry Pi
  4. How to hack a bicycle – Peloton Bike+ rooting bug patched
  5. Taming iButton Keys with Flipper Zero
  6. Ukrainian police arrest multiple Clop ransomware gang suspects – TechCrunch
  7. CVS Accidentally Leaks 1 Billion Website Records—Including Covid-19 Vaccine Searches

3. Web Cache Poisoning – Timur Guvenkaya – 08:00 PM-09:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/netsparker for more information!

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the users using the web application.

Segment Resources:
www.netsparker.com

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Presenter(s)

Timur Guvenkaya

Timur Guvenkaya – Security Engineer at Invicti Security

@ntguv

Security Engineer with a 3+ year history of managing the security of web applications, APIs, conducting security code reviews on various programming languages, and conducting security research. Currently working as a Security Engineer at Invicti Security, the world’s leading provider of dynamic web application security solutions that secures organizations from small businesses to Fortune 50 companies. Excited to learn new technologies such as Blockchain & AI to find ways to combine them with cybersecurity.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly