Wednesday, October 27, 2021
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2021-038-Liz Saling, 5 pillars of building a good team

Blog post that inspired this episode: https://lizsaling.com/SWE-team-five-pillars/   Liz Saling  (@lizsaling) https://www.mindtools.com/pages/article/newLDR_86.htm http://www.mspguide.org/tool/tuckman-forming-norming-storming-performing https://michaelhyatt.com/3-roadblocks-to-avoid-for-optimal-team-performance Erin meyer is the one who did the netflix study! https://bigthink.com/the-present/high-performing-teams/ https://alicedartnell.com/blog/why-smart-goals-are-stupid/   NEWS: Unlocking ‘god’ mode on windows 11:...

2021-037-Tony Robinson, leveraging your home lab for job success – Part2

Tony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html Similar device on ebay:...

2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1

Tony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html Similar device on ebay:...

2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'

GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric’s cyberpoppa show   Cyber Insight show - cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html...

2021-034-Khalilah Scott, good GRC tool practices – part1

GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric’s cyberpoppa show   Cyber Insight show - cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html...

2021-033-Kim_Crawley, 8 steps to better security-Part2

  8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th.    Pre-orders are available now via Amazon, Barnes & Noble, and other...

SPONSOR: Blumira's Patrick Garrity

Blumira-  Per crunchbase:“Blumira's end-to-end platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and...

2021-032–Author_Kim_crawley-8-Simple_Rules_for_Cybersecurity

  8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th.  It is available now via Kindle.  Pre-orders are available now via Amazon,...

2021-031- back in the saddle, conference discussion, company privacy

"bel paese, ma più caldo del buco del culo di Satana" https://www.theverge.com/22648265/apple-employee-privacy-icloud-id https://mysudo.com/ https://arstechnica.com/information-technology/2021/09/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability/ https://www.bleepingcomputer.com/news/security/bluetooth-braktooth-bugs-could-affect-billions-of-devices/ www.infoseccampout.com www.log-md.com @infosystir @bryanbrake @brakesec @hackershealth @boettcherpwned  

2021-030-incident response, business goal alignment, showing value in IR -p2

https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response.  Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most...

2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1

https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response.  Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues?...

2021-028-Rebekah Skeete – social engineering techniques and influences

BlackGirlsHack was created to share knowledge and resources to help black girls and women breakthrough barriers to careers in information security and cyber security. The vision for Black Girls Hack (BGH) is to provide resources, training, mentoring, and access...

2021-027-Black Girls Hack COO Rebekah Skeete!

BlackGirlsHack was created to share knowledge and resources to help black girls and women breakthrough barriers to careers in information security and cyber security. The vision for Black Girls Hack (BGH) is to provide resources, training, mentoring, and access...

2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare

https://www.mindtools.com/pages/article/newHTE_95.htm https://www.infoq.com/news/2021/07/microsoft-linux-builder-mariner/ https://www.productplan.com/glossary/action-priority-matrix/   More PrintNightmare issues: https://www.bleepingcomputer.com/news/microsoft/windows-10-july-security-updates-break-printing-on-some-systems/ “"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of...

2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing

Dan Borges - Author @1njection   Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl   https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/   Cool near real time updates on the hack: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://twitter.com/DAlperovitch/status/1412033278081708034 https://github.com/ahhh/Cybersecurity-Tradecraft/tree/main/   https://www.amazon.com/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128 https://en.wikipedia.org/wiki/Best_response https://labs.bishopfox.com/tech-blog/sliver https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164   Www.Globalcptc.org  ...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.