This free webcast is from this year’s SANS Institute’s RSA Conference.

It includes these speakers;

Alan Paller
Johannes Ullrich
Heather Mahalik
Ed Skoudis

And touches on interesting topics such as;

1. How attackers continue to hijack DNS (for example compromised credentials for DNS administration and rogue DNS servers) and how companies need to use DNSSEC, monitor DNS updates and the creation of SSL certificates.

Tools/websites mentioned include:

https://crt.sh/
https://www.entrust.com/ct-search/
https://securitytrails.com/

2. Cloud security and how cloud services are being used more and more in attacks. Sadly many organisations trust data from their cloud providers (even though that data could be from insecure cloud accounts). 

Tools/websites mentioned include:

https://www.blackhillsinfosec.com/projects/rita/
https://isc.sans.edu/forums/diary/Using+RITA+for+Threat+Analysis/23926/

3. Attackers using built-in applications in a way they were not meant to be used. 

Tools/websites mentioned include:

 https://kalilinuxtutorials.com/lolbas/

4. Supply chain attacks with viruses built into USB cables.

Tools/websites mentioned include:

https://blog.hartleybrody.com/rubber-ducky-guide/
https://usbninja.com/

5. Heather Mahalik covered user data, authentication and user passwords and suggests being security conscious and always keep in mind;

  1. Enable 2FA
  2. Review settings
  3. Consider permissions
  4. Use manageable/strong passwords

Tools/websites mentioned include:

https://myactivity.google.com/

In regards to mobile security, she also mentioned these two important mobile security issues;

  1. the danger of mobile phone apps requesting access to your microphone, camera and location preferences
  2. making sure you have turned on the ability to remotely wipe your mobile if stolen as vulnerabilities in mobile phones means it could be compromised even if locked.

Tools/websites mentioned include:

https://wccftech.com/you-can-now-jailbreak-ios-13-3-with-checkra1n-0-9-7/
https://pangu8.com/jailbreak/checkra1n/
https://blog.elcomsoft.com/2019/11/ios-device-acquisition-with-checkra1n-jailbreak/

Webcast slides are available at the webcast URL: https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving

Watch the full webcast video below