Let’s just get to it, episode 77 show notes below…
SHOW NOTES – Episode 77
Date: Tuesday, April 28th, 2020
Episode 77 Topics
- Catching Up (as per usual)
- Remote Working and COVID-19 Stuff
- Quick Zoom Update
- Other Things
- Wrapping Up – Shout outs
[Brad] Welcome back! This is episode 77 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is April 28th, and joining me this morning as usual is Evan Francen. Good morning.
[Evan] Evan says his “blah, blah, blah”.
[Brad] We have a jam packed show this week for sure, but before we jump in, let’s catch up quick. Lots going on.
[Evan] Yep. LOTS going on! Good things, but a helluva lot of good things!
Quick discussion about some of the cool things we’re doing.
[Brad] Good! Let’s shift gears now quick and talk about security remote workers. We’ve briefly touched on it over the last few weeks but as this appears to be becoming the “new norm”, I would like to spend some time dedicated to the topic.
[Evan] Yeah man! Sounds good.
Remote Working and COVID-19 Stuff
Discussion about many news articles, topics, announcements and such…
[Brad] First up, a news article titled “Malware Risks Triple on WFH Networks: Experts Offer Advice”
[Brad] Obviously this is bitsight so we know the limitations however I think in this use-case the data is valuable. We’ve got some other good resources and guidance to share, including:
- FRSecure’s Resources – https://frsecure.com/covid-19-resources/
- Department of Homeland Security/CISA: Defending Against COVID-19 Cyber Scams – https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams
- CISA: CISA Alerts and Recommendations – https://www.cisa.gov/coronavirus
- Federal Trade Commission (FTC): Tips for Avoiding Coronavirus Scams
- NIST: Telework Security Basics – https://www.nist.gov/blogs/cybersecurity-insights/telework-security-basics
[Evan] Yeah, these are all great resources that are worth looking at. I think our listeners will appreciate them all. Quick announcement, S2Me version two is releasing this week! It’s a limited release, but it’s a VERY good one! We’ll get into S2Me and how it works with S2Team to offer a unique (and what we think is a better) approach to securing the remote workforce.
[Brad] Cool. Should be a good show next week then!
Quick Zoom Update
[Brad] Zoom has been all over the news since the COVID-19 outbreak, and the stories have been all over the place. Thought we’d mention some of the latest developments. As a quick aside, we’ve touched on Zoom the last few weeks and it’s interesting that some of the other options have flown under the radar despite attacks that seem to be more severe.
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack – https://threatpost.com/single-malicious-gif-opened-microsoft-teams-to-nasty-attack/155155/
- Slack Bug Allows Remote File Hijacking, Malware Injection – https://threatpost.com/slack-remote-file-hijacking-malware/144871/
And Zoom has released quite a few new security features, there’s this good write-up on Tech Republic titled “Zoom 5.0 Includes Security and Privacy Improvements” https://www.techrepublic.com/article/zoom-5-0-is-coming-with-improved-security-features-heres-whats-new/
[Brad] Like we said, there’s always a lot going on around here at FRSecure and SecurityStudio. Quick list of things:
- FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
- Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
- SecurityStudio Partner Community (Join here).
- The Daily inSANITY Check-in (Join here).
[Brad] Good conversation. Thank you Evan. Let’s do some news quick.
[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye:
- Paay Open Database Exposes 2.5Million Transactions, Challenges PCI Compliance – https://www.scmagazine.com/home/security-news/paay-open-database-exposes-2-5m-transactions-challenges-pci-compliance/
- Private Equity Firms Fall Prey to Business Email Compromise – https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html
- Dangerous VMware Vulnerability – https://www.darkreading.com/vulnerabilities—threats/researchers-explore-details-of-critical-vmware-vulnerability/d/d-id/1337589
Wrapping Up – Shout outs
[Brad] That’s it. Episode 77 is a wrap. Thank you listeners! We hope you’ve enjoyed the show. Any quick shout outs for you Evan?
[Evan] Yes, I have two…
[Brad] Keep the questions and feedback coming. Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.
That’s it! Talk to you all again next week!