POPULARITY
Wes' self-decrypting bcachefs disk and a GrapheneOS twist that'll make you ditch your iPhone.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:
This week's EYE ON NPI will be your loyal friend like a pet dog - it's Authentrend FIDO2 Biometric Security Keys (https://www.digikey.com/en/product-highlight/a/authentrend/fido-biometric-security-keys). These FIDO2 compatible USB dongles have an absolutely adorable built-in fingerprint sensor on the end, which means they have an additional layer of security in addition to ownership: you also need to have the matching fingerprints. This is great when you want to secure something with 2 or 3 factors (https://en.wikipedia.org/wiki/Multi-factor_authentication) and possibly without having to have folks remember or change passwords. Historically, authentication was done with just a username and password . But, as we've all learned, usernames and passwords can be guessed or stolen or hacked! Some folks have two-factor time-based code cards (https://www.eff.org/deeplinks/2016/12/how-enable-two-factor-authentication-paypal), apps (https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DAndroid) or SMS messages which add "something you own" to the list. FIDO/U2F cards have been around as a USB-based authentication system for a bit, and they're slowly gaining traction through an open standard which makes it easy to integrate with web or desktop applications. (https://fidoalliance.org/fido2/) We're huge fans of moving all of your security risk to hardware like these, that abide by open standards - it's very hard to create a secure hardware device. Firmware, storage, even when encrypted, is not often crackable or glitchable (https://blog.securityinnovation.com/glitching-firmware-over-usb-using-facewhisperer). Using an external dongle gives you a hermetically sealed challenge-response system from a company that does only one thing. because the private keys are stored in the hardware, you don't have to store them on device in firmware. These come in a few different mechanical shapes and flavors, including USB A fingerprint key (https://www.digikey.com/en/products/detail/authentrend-technology-inc./ATKEY.PRO-TYPE-A/15761935), USB C fingerprint key (https://www.digikey.com/en/products/detail/authentrend-technology-inc./ATKEY.PRO-TYPE-C/15761936), and a keycard that has NFC, BLE and a USB-A flip-out (https://www.digikey.com/en/products/detail/authentrend-technology-inc./ATKEY.CARD/15761933) We were able to get our fingerprint entered into the dongle using Windows 10's key manager, then used the same dongle to add 3-factor authentication to our Google account. Of course you probably want to use it for non-website projects too! You can interface with the security dongle very easily using the python-fido2 library (https://github.com/Yubico/python-fido2), which means any embedded Linux/single board computer will be able to have trusted authentication added with USB. This could be a very inexpensive and fast way to add trusted authentication for your product without having to hire a cryptographer. There are plenty of Authentrend ATKEY.PRO TYPE-A (https://www.digikey.com/short/p3t50d14) in stock at Digi-Key right now, that's the one we've been using the most, but do check out the other variants as well, such as the USB C, if your computer has type C ports (https://www.digikey.com/short/p3t50d14). Order one for each user today, knowing that the FIDO2 standard will mean easy and trustworthy deployment for many years! See more at https://www.youtube.com/watch?v=11UfySDn7_I
In this sponsored BDS episode, Bryan Brake and Amanda Berlin interview Emily Eubanks, a Security Operations Analyst for #Blumira. We discuss common business risks like IT staff turnover, a lack of Incident Response procedures, choosing not to follow PowerShell best practices, and MFA use for critical or sensitive applications. We also discuss ways to improve security posture to mitigate these risks as well as how Blumira can help organizations in light of these common business challenges. ADDITIONAL RESOURCES OUR REDDIT AMA https://www.reddit.com/r/cybersecurity/comments/qao73j/we_are_a_security_team_with_20_years_of_ethical/ MFA https://attack.mitre.org/mitigations/M1032/ https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/ INCIDENT RESPONSE https://www.nist.gov/cyberframework/respond https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf POWERSHELL BEST PRACTICES https://www.blumira.com/analysis-of-a-threat-powershell-malicious-activity/ https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/ https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/ RISK: A lack of MFA where available or using SMS based MFA for critical applications. Please do not use SMS based MFA for critical applications. [6] [7] This is an easy layer of defense that has historically been very effective [5] One-Time Passwords (OTP) good but [8] FIDO U2F better Consider hardware tokens (e.g. Yubico YubiKey, Google Titan Security Key). MITIGATION: Blumira requires use of MFA MFA related detections (e.g. AWS, Duo) BLUMIRA HELPS: Incident Response Procedures RISK: A lack of Incident Response Procedures or the decision to postpone incident response procedures because they would result in a disruption in service typically results in unfavorable outcomes. A written plan that identifies the roles, responsibilities, and procedures that should be set in motion once an incident has been declared. If this is overwhelming to conceptualize, know there are a good amount of free and openly available resources already in existence to help with creations of new IR plans >> I highly recommend looking at NIST documentation to get an idea of what is possible and then scale to what is appropriate for your organization [4] The plan should be reviewed at a minimum once annually with everyone who is responsible for responding to incidents present. If anybody is unclear with their role, responsibilities or procedures then the Incident Response lead should work with them to get them there. Incident Response procedures should be like a fire drill so that when there is a real fire, the team can work together to quickly put that fire out and minimize impact to the company and their customers. (Shoutout to the BDS podcast on drawing connections from fire fighting to Incident Response procedures with Dr. Catherine J. Ullman (@investigatorchi)) MITIGATION: Workflows Blumira helps with this by providing built-in guidance with workflows. Workflows ask direct questions and provide specific options to record responses to security findings to guide practitioners towards a conclusion. provides additional details to help operators make informed decisions in response to new findings. Finding analysis BLUMIRA HELPS: Recent or Frequent IT Staff Turnover RISK: impedes troubleshooting logflow and/or investigations due the a lack of familiarity with the network environment Prevention might be the best solution? Giving your workers time during the work week to improve a work related skill can help identify when a team is reaching or exceeding their resource capacity. If your team is overworked they are more likely to make mistakes, will be less prepared to go the extra mile when it is needed because they'll already be tapped out of energy, and may be more likely to consider opportunities elsewhere. You want to limit keystone employees, meaning that if an employee leaves for whatever reason you do not want that employee's absence to cause a breakdown in processes for others. Redundancy is best here in most cases IMO. MITIGATION: Blumira works hard to create fewer, more actionable findings. We strive to keep our alerts simple to provide the information that operators need to make informed decisions. We try to focus on findings that require action and provide workflows to provide additional guidance to help share recommendations on what to investigate next to evaluate the impact of a security event BLUMIRA HELPS: PowerShell Scripting Best Practices RISK: Detections will be less helpful if staff are frequently dismissing events in response to approved administrative behavior like maintenance scripts. Follow the PowerShell recommendations shared by Microsoft [1] including: Sign your scripts (lol Microsoft has this bolded by the way hint hint wink wink) “another method for keeping scripts security is vetting and signing your scripts Do not store secrets in PoSH scripts; if you are doing this you're gonna want to google “secrets management” [2] and learn more about how to secure store and access secrets across an enterprise environment Briefly, there is a powershell module for vault secret extensions [3] some vault extensions include KeePass, LastPass, Hashicorp Vault, Azure KeyVault, KeyChain, and CredMan Use a recent version of Powershell (we are on version 7, but this article recommends 5+) Enable and collect powershell logs MITIGATION: Blumira detects on malicious powershell usage. BLUMIRA HELPS: ADDITIONAL LINKS AND SOURCES: [1] https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security [2] https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/ [3] https://github.com/PowerShell/SecretManagement [3] https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/ [4] https://www.nist.gov/cyberframework/respond [5] https://attack.mitre.org/mitigations/M1032/ [6] https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 [7] https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ [8] https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/ https://www.blumira.com/analysis-of-a-threat-powershell-malicious-activity/
In Episode 224, Ben and Scott go down a rabbit hole to explore Windows Hello for Business and passwordless authentication options in Windows. They also talk about how these features can be used to satisfy requirements for standards such as CMMC. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you're too busy to manage your inbox ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Azure usage & costs Office365AdminPortal.com - Providing admins the knowledge and tools to run Office 365 successfully Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes DNS issue impacting multiple Microsoft services - Mitigated (Tracking ID GVY5-TZZ) RCA - Authentication errors across multiple Microsoft services (Tracking ID LN01-P8Z) CMMC Model and Assessment Guides NIST SP 800-171 10 Reasons to love Passwordless #1: FIDO Rocks Enable Windows 10 Multifactor Authentication with Windows Hello Multifactor Device Unlock & Microsoft Intune Windows Hello for Business Deployment Prerequisite Overview Why a PIN is better than a password Passwordless authentication options for Azure Active Directory Satisfying CMMC – Level 3 - IA.3.083 MFA requirement with Windows Hello for Business How Smart Card Sign-in Works in Windows Sign in with passwordless credential Logitech BRIO Ultra HD Webcam for Video Conferencing, Recording, and Streaming - Black Kensington VeriMark USB Fingerprint Key Reader - Windows Hello, FIDO U2F, Anti-Spoofing (K67977WW),Black About the sponsors Sperry Software, Inc focuses primarily on Microsoft Outlook and more recently Microsoft Office 365, where a plethora of tools and plugins that work with email have been developed. These tools can be extended for almost any situation where email is involved, including automating workflows (e.g., automatically save emails as PDF or automatically archive emails that are over 30 days old), modifying potentially bad user behaviors (e.g., alert the user to suspected phishing emails or prompt the user if they are going to inadvertently reply to all), and increased email security (e.g., prompt the user with a customizable warning if they are about to send an email outside the organization). Get started today by visiting www.SperrySoftware.com/CloudIT Every business will eventually have to move to the cloud and adapt to it. That's a fact. ShareGate helps with that. Our industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and understand their Azure usage & costs. Visit https://sharegate.com/ to learn more. Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.
On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware shutters US natural gas plants Huawei hit with huge indictment Voatz mobile voting app shredded by MIT, dust-up ensues The latest from the Vault7 trial Reality Winner seeking clemency Ring to force all users on to 2FA Israeli court rules Facebook must reinstate NSO staff profiles USG drops more North Korean samples OpenSSH gets Fido/U2F support This week’s sponsor interview is with Dave Cottingham from Airlock Digital. They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to. Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DHS says ransomware hit US gas pipeline operator | ZDNet Ransomware Impacting Pipeline Operations | CISA U.S. charges Huawei with conspiracy to steal trade secrets, racketeering Voting App Flaws Could Have Let Hackers Manipulate Results | WIRED 'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws - VICE Voatz Response to Researchers’ Flawed Report - Blog @ Voatz Microsoft to deploy ElectionGuard voting software in first real-world test | ZDNet Joshua Schulte's attorneys are trying to call Mike Pompeo in the Vault 7 trial Joshua Schulte's defense asks for a mistrial in the Vault 7 case Reality Winner seeks clemency for leaking NSA report on Russian hacking attempts Ring to enable 2FA for all user accounts after recent hacks | ZDNet Facebook must unblock NSO Group employee’s account, Israeli court rules US government goes all in to expose new malware used by North Korean hackers | Ars Technica Israeli soldiers tricked into installing malware by Hamas agents posing as women | ZDNet Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world | ZDNet Leaked report describes Federal Parliament's cyber security as having 'low level of maturity' - ABC News (Australian Broadcasting Corporation) Data Protection Authority Investigates Avast for Selling Users’ Browsing History - VICE Pay Up, Or We’ll Make Google Ban Your Ads — Krebs on Security Ohio man arrested over darknet bitcoin laundering operation | The Daily Swig IOTA cryptocurrency shuts down entire network after wallet hack | ZDNet A Light at the End of Liberty Reserve’s Demise? — Krebs on Security Signal Is Finally Bringing Its Secure Messaging to the Masses | WIRED Hundreds of Millions of PC Components Still Have Hackable Firmware | WIRED OpenSSH adds support for FIDO/U2F security keys | ZDNet Second Windows 10 update is now causing problems by hiding user profiles | ZDNet Nasty Android malware reinfects its targets, and no one knows how | Ars Technica Google removes 500+ malicious Chrome extensions from the Web Store | ZDNet FBI: BEC scams accounted for half of the cyber-crime losses in 2019 | ZDNet foone on Twitter: "So I learned of an amusing bug today: Docker for Windows won't run if you have the Razer Synapse driver management tool running. But the reason is the funny part... https://t.co/s42SeQ949z" / Twitter
Apple's has proposed a standardize format for one-time passcodes sent over SMS, used in two factor authentication, while Google launched OpenSK, an open source Rust-based firmware to turn Nordic chip dongles into FIDO U2F and FIDO2-compliant security keys. What will this mean for 2FA and online security?Starring Tom Merritt, Sarah Lane, Shannon Morse, Roger Chang, Len Peralta See acast.com/privacy for privacy and opt-out information.
Während Martina und Jürg sich mit Roboter streiten, wippt Guido mit seinem Sohn im Takt und Reto träumt von Drohnen Der ganze Podcast im Überblick: [00:00:36] Aktuell: Swisscom verliert Kundendaten [00:04:26] Sicher anmelden mit FIDO U2F [00:09:54] GameTipp: Cadence of Hyrule [00:15:20] Werden Schweizer YouTuber vernachlässigt? [00:20:54] Kampfroboter für zu Hause [00:24:53] Notfall-Apps – was bringt das? [00:29:37] Drohnen – des einen Leid, des anderen Freud
Während Martina und Jürg sich mit Roboter streiten, wippt Guido mit seinem Sohn im Takt und Reto träumt von Drohnen Der ganze Podcast im Überblick: [00:00:36] Aktuell: Swisscom verliert Kundendaten [00:04:26] Sicher anmelden mit FIDO U2F [00:09:54] GameTipp: Cadence of Hyrule [00:15:20] Werden Schweizer YouTuber vernachlässigt? [00:20:54] Kampfroboter für zu Hause [00:24:53] Notfall-Apps – was bringt das? [00:29:37] Drohnen – des einen Leid, des anderen Freud
Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack. Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly
Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack. Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode569 Visit https://www.securityweekly.com/psw for all the latest episodes! →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode569 Visit https://www.securityweekly.com/psw for all the latest episodes! →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
© 2020-2026 Ivy Podcast Discovery LLC
