Security News: October 17, 2019 – PSW #623

 

 

Cybercrime Tool Prices Bump Up in Dark Web Markets, Pen testers find mystery black box connected to ships engines, Using Machine Learning to Detect IP Hijacking – Schneier on Security, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security News: October 17, 2019

Paul’s Stories

  1. Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
  2. Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
  3. Vulnerability found and fixed in HP bloatware | ZDNet
  4. 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
  5. Cybercrime Tool Prices Bump Up in Dark Web Markets
  6. Pen testers find mystery black box connected to ships engines
  7. Using Machine Learning to Detect IP Hijacking – Schneier on Security
  8. Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
  9. Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
  10. Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
  11. Critical and high-severity flaws addressed in Cisco Aironet APs
  12. ISC Releases Security Advisories for BIND | CISA
  13. Older Amazon Devices Subject to Old Wi-Fi Vulnerability

Larry’s Stories

  1. D-Link routers remote exploit to remain unmatched
  2. FBI Warns of MFA bypass with SIM porting
  3. Android Privesc in the wild.
  4. Father of Unix Ken Thompson’s password finally cracked
  5. USB device security still lacking
  6. Free WiFi tracks your location even when you are not connected
  7. 36 pieces of consequential code

Hosts

Joff Thyer
Joff Thyer – Security Analyst
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely
Lee Neely – Senior Cyber Analyst
Paul Asadoorian
Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand