Welcome to the first-ever Security Weekly News Wrap up for the week of January 5th, 2020. We have a massive amount of content here on Security Weekly every week and I am going to try and sum it all up for you so you can just hit the high points for the week. So, stick around, and we’ll cover all the shows and all the top stories of the week.
Visit https://www.securityweekly.com/swn for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Wrap Up – January 10, 2020Show Summaries
- On Security and Compliance Weekly, Jeff hosted an interview with Ian Amit who is like crazy famous and has done just about everything in the Sec world including found the Tel-Aviv Defcon Chapter. The topic of the interview was Quantifiable Risk Metrics which is about how you can demonstrate the value in a security program which is, of course, one of the most difficult things to sell with any service organization. They really talked about utilizing quantitative metrics, instead of just saying “it’s great” to bring everyone around to the idea of the value of security.
- On Application Security Weekly, Mike and Matt interviewed Hillel Solow from Checkpoint (which recently acquired his company Protego Labs) about the Evolution of DEVSECOPS and APPSec Trends in 2020. The discussion centered around unique ways organizations are leveraging serverless for their applications and how DEVSECOPS teams are working together to build out these architectures at a rapid pace.
- On Enterprise Security Weekly, Paul and Matt talked with Britta Glade and Linda Gray Martin about the upcoming RSAC 2020 conferences. Britta is the Director, of Content and Curation for RSA and Linda is the Senior Director and General Manager of the RSA Conference. The topic of the conversation was what to expect at the RSA 2020 conference this year in San Francisco. If you’ve never been to RSA you should check it out. They talked about the high level overview of the conference this year and “The Human Element” which is the overarching theme of the conference this year. Paul and Matt also talked about Docker Container Security — Vulnerable upon Inception. Look, when dockers are instantiated, well, they can have anything at all inside and you may not know if you downloaded the container. I mean, how hard would it be to build scripts inside a docker container and put it up on github? So, this is an important issue.
- On Business Security Weekly, Matt, Jason and Paul talked about the Best and the Worst of 2019. They talked about Amazon, Apple, and Lululemon as three of the best performing companies of 2019 and Boeing, Facebook, and Pacific Gas and Light as three of the worst. Leadership articles for the show includes CIO and IT leadership trends for 2020, Leadership Books for Jan. 2020, Replace Resolutions with habits and make your life mean something beyond 2020, The right way to form new habits, How to handle speaking in public when you are not a public speaker, and 5 questions you can ask to learn about company culture in a job interview.
- On Security Weekly News, Jason’s expert commentary focused on Iranian Cyber Threats: Practical Advice for Security Professionals. He basically summarized that you should continue to focus on operational basics. Patching, ensuring that backups are both safely stored and restorable, and that you understand “collateral damage” which can occur when an attack focused on someone else spills over and effects your organization but reminds us that despite a possible increased threat profile from Iran, you have been plugged into the hostile network 24/7 and you really need comprehensive defenses in place regardless of the state of world affairs.
- On Paul’s Security Weekly, Paul, Larry, Lee, Jeff, and Tyler had an Interview with Dan DeCloss from PlexTrac. Dan is the founder and CEO of the company and the discussion centers around Improving pen testing outcomes with purple teaming. The second segment, last night, was a tech segment with Ambuj Kumar from Fortanix. He is the creator of Runtime Encryption technology. You definitely wanted to see this segment. The topic was: The Keys to your kingdom: protecting Data in Hybrid and Multiple Public clouds and focused on the challenges of protecting data and using encryption for multiple hybrid, public clouds, and how that increases complexity, cost, and security risk. When you move to the cloud, how do you keep crypto keys, shared secrets, and tokens secure and, of course, the Security News.
- https://www.symantec.com/security-center/writeup/2019-030106-2440-99 — CVE-2018-20250
- https://nvd.nist.gov/vuln/detail/CVE-2017-11882 — CVE-2017-11882
- https://nvd.nist.gov/vuln/detail/CVE-2017-11774 — CVE-2017-11774
- https://nvd.nist.gov/vuln/detail/CVE-2017-0199 — CVE-2017-0199
- https://securelist.com/the-curious-case-of-a-cve-2012-0158-exploit/37158/ — CVE-2012-0158
- https://www.us-cert.gov/ncas/alerts/aa20-006a CISA Bulletin AA20-006A: Potential for Iranian Cyber Response to U.S. military Strike in Baghdad (PSW)
- https://www.theregister.co.uk/2020/01/07/pulse_secure_attacks/ — That Pulse Secure VPN you’re using to protect your data? Better get it patched or it’s going to be ransomware time(PSW)
- https://www.infosecurity-magazine.com/news/facebook-remove-deepfake/ — Facebook moves to detect and remove deep-fake videos (PSW)
- https://collaborate.mitre.org/attackics/index.php/Main_Page — MITRE Attack framework for ICS(PSW)
- https://threatpost.com/four-ring-employees-fired-spying/151689/ — 4 Ring employees fired for spying on customers. (PSW)
- https:https://www.darkreading.com/endpoint/how-a-password-free-world-could-have-prevented-the-biggest-breaches-of-2019/a/d-id/1336629#msgs (SWN)
- www.darkreading.com/edge/theedge/car-hacking-hits-the-streets/b/d-id/1336730 — (PSW) Car Hacking Hits the Streets
- https://www.today.com/food/landry-s-announces-credit-card-info-hacked-its-60-chains-t171297 — This breach of Landry’s, Joe’s Crab Shack, Rainforest Cafe, and Hilton Hotel restaurants
- Pulse Secure and Secure Wave formed a Partnership
- Broadcom acquired Bay Dynamics
- Mimecast acquired Segasec
- Cloudflare acquired S2 Systems
- Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their “How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.