cpas2014 - CISO Webinars - CISO Platform2024-03-29T15:20:35Zhttps://www.cisoplatform.com/videos/feed/tag/cpas2014A Sprint To Protect POS by Nir Valtman Discoverer of Point-of-Sale Vulnerabilitieshttps://www.cisoplatform.com/videos/a-sprint-to-protect-pos-by-nir-valtman-discoverer-point-of-sales2019-06-12T07:12:31.000Z2019-06-12T07:12:31.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8670056453?profile=RESIZE_400x&width=400"></div><div>A journey to protect POS by Nir Valtman Discoverer of Point-of-Sale Vulnerabilities
From Target to other retail chains were all about 'POS'. Point-Of-Sale vulnerability has been at its peak for a while. This talk illustrates the POS vulnerabilities from both retailer and software vendor's perspective. Get an insight into how the POS devices are compromised including difficult methods like memory scraping. This talk will demonstrate the working of POS vulnerability and how threats can be minimized. It will also explain the ways to mitigate the risk while you get the basic concepts and get to know which of these actually work.
<iframe src="//www.slideshare.net/slideshow/embed_code/42963422" width="476" height="400" frameborder="0"></iframe></div>Practical Forensics - Tools & Techniques by Sachin Deodhar (Part-1)https://www.cisoplatform.com/videos/practical-forensics-tools-techniques-by-sachin-deodhar-part-12015-01-09T13:14:15.000Z2015-01-09T13:14:15.000Zprithahttps://www.cisoplatform.com/members/pritha<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8670052467?profile=RESIZE_400x&width=400"></div><div>This lecture introduces security professionals to Forensics and includes - Forensic basics,Locard's principle,PGP,Public Key Cryptoraphy,symmetric key crypto...</div>The Notorious 9 in Cloud Securityhttps://www.cisoplatform.com/videos/the-notorious-9-in-cloud-security2014-12-23T12:31:48.000Z2014-12-23T12:31:48.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div>The Notorious 9 in Cloud Security by Moshe Ferber.
Cloud Computing presents major opportunities and benefits for the organization worldwide. It is scalable, flexible and efficient. But along with those major advantages, comes the threats. Most Cloud Computing threats and risks are well documented, but we are missing information regarding how those threats can be put into practice in the real world, what are the attack vector used and what is the risks and results for those events. In the presentation we will elaborate the notorious nine Cloud computing threats as described by the Cloud Security Alliance, and for each threat we will provide recent examples for known incidents, the attack vectors used and the damage resulted from the incident. By understanding the risks and case studies, we can better prepare our organization for cloud adoption. Among the recent events we will explore: Supply chain attacks, Attacks for Bitcoin mining, Attacks on the management GUI, API manipulation and more. We will talk about recent incidents for such as Code-spaces.com hack, Buffer and Mongo DB OAUTH credential theft, attacks on Twitter and Microsoft and many more.
<iframe src="//www.slideshare.net/slideshow/embed_code/42962470" width="476" height="400" frameborder="0"></iframe></div>Antti Karjalainen on How we discovered Heartbleed?https://www.cisoplatform.com/videos/antti-karjalainen-on-how-we-discovered-heartbleed2014-12-22T14:49:04.000Z2014-12-22T14:49:04.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div>How the Heartbleed bug was found by Antti Karjalainen discoverer of Heartbleed.
The Heartbleed bug was a catastrophic vulnerability in widely used OpenSSL TLS implementation. This talk at CISO Platform Annual Summit, will give background how the Heartbleed bug was found by Codenomicon. The mechanism that initially detected the vulnerability is presented. It is also discussed what made the Heartbleed bug so severe, and what kind of factors would have mitigated the consequences of the vulnerability.
<iframe src="//www.slideshare.net/slideshow/embed_code/42934736" width="476" height="400" frameborder="0"></iframe></div>More Shadow Walker The Progression of TLB Splitting On X86 Jacob Torreyhttps://www.cisoplatform.com/videos/more-shadow-walker-the-progression-of-tlb-splitting-on-x86-jacob2014-12-16T12:47:49.000Z2014-12-16T12:47:49.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div>This talk will cover the concept of mis-using the hardware (x86 translation lookaside buffer) to provide code hiding and how the evolution of the Intel x86 architecture has rendered previous techniques obsolete and new techniques to perform TLB-splitting on modern hardware. After requisite background is provided, the talk will then move to the new research, the author's method for splitting a TLB on Core i-series and newer processors and how it can again be used for defensive (MoRE code-injection detection) and offensive purposes (EPT Shadow Walker root-kit). This talk will be very high-level but aims to convey the complexities of the hardware and possible attack vectors that can happen at the lowest-levels of an organization's IT infrastructure.
<iframe src="//www.slideshare.net/slideshow/embed_code/42755283" width="476" height="400" frameborder="0"></iframe></div>Bitcoin Transaction Malleability: An Insight by Daniel Chechikhttps://www.cisoplatform.com/videos/bitcoin-transaction-malleability-an-insight-by-daniel-chechik2014-12-16T12:18:02.000Z2014-12-16T12:18:02.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div>Bitcoin Transaction Malleability - An Insight by Daniel Chechik
The bitcoin network vulnerability had disturbed the huge bitcoin network. Plenty trading websites like Silk Road,MTGox and more have been victim to "Bitcoin Transaction Malleability." This talk will take you through the vulnerability and how exactly it may be exploited.
<iframe src="//www.slideshare.net/slideshow/embed_code/42755122" width="476" height="400" frameborder="0"></iframe></div>Cyber Safety in Cars and Medical Deviceshttps://www.cisoplatform.com/videos/cyber-safety-in-cars-and-medical-devices2014-12-16T11:51:30.000Z2014-12-16T11:51:30.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div>Cyber Safety in Cars and Medical Devices by Beau Woods - Creator of IOT Security Framework
We are adopting connecting, computerized technology faster than we are able to secure it. When this technology is integrated into life and safety systems, bits and bytes meet flesh and bone. We must know, not just hope, that devices with the ability to impact human life and public safety are worthy of our trust. Learn how the safety impacts of merging cyber security with cars and automobiles impacts all of our safety. Learn the current state of research and what it tell us about these devices' resilience to accidents and adversaries. Understand why our current approaches to cyber security won't work and, in many cases, will be more dangerous than doing nothing.
<iframe src="//www.slideshare.net/slideshow/embed_code/42754185" width="476" height="400" frameborder="0"></iframe></div>