psw676

Paul’s Security Weekly Episode #676 – December 03, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. From Chaos to Topia – 06:00 PM-06:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/vicarius for more information!

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Description

More computers, more software, and faster development cycles lead to more vulnerabilities. The security and IT teams are put under immense pressure to tackle the growing number of vulnerabilities with the same old tools that can’t keep up with the requirements. New technologies emerged to bridge that gap and allow the security team to solve the whole problem, end-to-end, in a seamless manner.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!

https://www.vicarius.io/blog/vulnerability-management-best-practices

Presenter(s)

Gilad Lev

Gilad Lev –

Sales Engineer at Vicarius

Gilad is an IT professional with multiple years of experience in the IT/Security space. He is a graduate of an elite technology unit where he managed multiple cutting edge projects.

Roi Cohen

Roi Cohen –

Co-Founder & VP Sales at Vicarius

Roi has over 13 years of experience as a pentester, IT admin, and CISO. In his current Role as Vicarius VP Sales, he helps companies to better product their infrastructure against software vulnerabilities.

Hosts

DougWhite

Doug White –

Professor at Roger Williams University

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer –

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

LeeNeely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

2. Zero Trust Data Security – 07:00 PM-07:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/securecircle for more information!

Announcements

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

Ensure all your data is secure, without impacting the business.

This segment is sponsored by SecureCircle.

Visit https://securityweekly.com/securecircle to learn more about them!

Guest(s)

Jeff Capone

Jeff Capone –

CEO, Co-founder at SecureCircle

Jeff Capone, PhD, is CEO, Co-founder of SecureCircle, founded in 2015. An award-winning executive leader with expertise in cyber security, enterprise software development, network and storage solutions, and IoT applications, Jeff has a track record of founding and selling successful software companies. Prior to SecureCircle, Jeff served as CTO at NETGEAR and CEO and Co-Founder of Leaf Networks, which was acquired by NETGEAR. Jeff was an assistant professor at Arizona State University and Director of the Network Engineering and Wireless Telecom Laboratory. Jeff’s distinctions include the National Science Foundation’s CAREER award, numerous IEEE Journal and conference publications. He holds a PhD in Electrical Engineering from Northeastern University.

Hosts

DougWhite

Doug White –

Professor at Roger Williams University

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer –

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

LeeNeely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

3. Security News w/ Ed Skoudis – 08:00 PM-09:30 PM

Announcements

  • SCYTHE is offering a FREE purple team workshop where attendees get hands-on in an isolated enterprise environment for three hours! It is scheduled for December 9th (the day before Security Weekly Unlocked!) Register for this free workshop now: https://securityweekly.com/purpleteamsw

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Description

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!

Guest(s)

Ed Skoudis

Ed Skoudis –

Faculty Fellow at SANS

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

DougWhite

Doug White –

  1. PowerPepper back door is DeathStalker’s new tool
  2. Trickbot returns with UEFI capability
  3. Salesforce will buy Slack for 27.7 billion
JeffMan

Jeff Man –

  1. COVID-19 and Cybersecurity: ‘Catastrophic Attack on Our Technology Systems’ – Ransomware attacks shut down school systems in Baltimore and Chicago.
  2. The ‘smartest man in the room’ has joined Sidney Powell’s team – Someone sent me this link and asked me if the guy is a big deal in our industry…I think this is fake news! But how can you be reasonably sure?
JoffThyer

Joff Thyer –

LarryPesce

Larry Pesce –

  1. Thousands of unsecured medical records were exposed online
  2. An iOS zero-click radio proximity exploit odyssey
  3. Call Fraud Operator Ordered to Pay $9M to Victims
  4. Evilginx-ing into the cloud: How we detected a red team attack in AWS – Expel
  5. Hackers are trying to disrupt the COVID-19 vaccine supply chain
LeeNeely

Lee Neely –

  1. Carrefour Handed $3.7m GDPR Fine – France-based retailer Carrefour and its banking division have been fined more than €3 million EUR (~$3.6 million USD) by the French Commission nationale de l’informatique et des libertés (CNIL) for multiple data breaches that violated the EU’s GDPR.
  2. Talos reported WebKit flaws in WebKit that allow Remote Code Execution – Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites. Consider this medium-risk due to the potential to execute arbitrary code, offset by the user interaction required for exploitation.
  3. Palo Alto researchers said Baidu apps could have tracked users ‘over their lifetime’ – According to Palo Alto Networks, the Baidu apps were collecting user data such as MAC addresses, carrier information, and IMSI numbers stored on SIM cards from victims’ phones.
  4. This critical software flaw is now being used to break into networks – so update fast – The U.K.’s National Cyber Security Centre (NCSC) has issued a warning about a critical remote code execution vulnerability (CVE-2020-15505) affecting the MobileIron mobile device management (MDM) software that is reportedly being used by state-backed hackers and organized crime groups to access and steal data from government, healthcare provider, and other networks.
  5. Advanced Persistent Threat Actors Targeting U.S. Think Tanks
  6. Vietnam-Linked Cyberspies Use New macOS Backdoor in Attacks – Trend Micro’s security researchers say they believe the Vietnamese advanced persistent threat (APT) group “OceanLotus” (APT-C-00, APT32) has been leveraging a new macOS backdoor in attacks designed to steal sensitive data from government and corporate organizations throughout Southeast Asia.
  7. Industrial computer manufacturer Advantech hit with a ransomware attack – SiliconANGLE – Advantech received a ransom demand for 750 Bitcoin ($13.8 million), but publication of stolen data by Conti operators indicates that the company has at least so far refused to make the payment.
  8. Digitally Signed Bandook Malware Once Again Targets Multiple Sectors – The “Dark Caracal” cyber espionage group, which is suspected to have ties to the Kazakh and Lebanese governments, has been spotted leveraging a re-tooled version of the 13-year-old “Bandook” Windows Trojan, also known as HAIRBALL, in attacks targeting various sectors in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the U.S.
  9. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever – Really cool hack. Be sure to read the linked white paper from Ian Beer.
PaulAssadorian

Paul Assadorian –

  1. Home Wi-Fi security tips – 5 things to check – In reality, it’s just two: Enable encryption and set a “good” password. Firmware updates should happen automatically in a perfect world, but really no one is going to apply those unless there is a problem.
  2. Why Vulnerable Code Is Shipped Knowingly
  3. It’s hard to keep a big botnet down: TrickBot sputters back toward full health – CyberScoop
  4. WarGames for real: How one 1983 exercise nearly triggered WWIII – “As it turned out, Exercise Able Archer ’83 triggered that forecast. The war game, which was staged over two weeks in November of 1983, simulated the procedures that NATO would go through prior to a nuclear launch. Many of these procedures and tactics were things the Soviets had never seen, and the whole exercise came after a series of feints by US and NATO forces to size up Soviet defenses and the downing of Korean Air Lines Flight 007 on September 1, 1983. So as Soviet leaders monitored the exercise and considered the current climate, they put one and one together. Able Archer, according to Soviet leadership at least, must have been a cover for a genuine surprise attack planned by the US, then led by a president possibly insane enough to do it.”
  5. The Supreme Court will hear its first big CFAA case – TechCrunch
  6. Exploring malware to bypass DNA screening and lead to ‘biohacking’ attacks
  7. A scan of 4 Million Docker images reveals 51% have critical flaws – How accessible these vulnerabilities remain up for debate: “Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prevasio Analyzer service that ran for one month on 800 machines. 51% of the 4 million images were including packages or app dependencies with at least one critical flaw and 13% had high-severity vulnerabilities. The dynamic analysis also revealed 6,432 malicious or potentially harmful container images, representing 0.16% of all publicly available images at Docker Hub.”
  8. TrickBoot feature allows TrickBot bot to run UEFI attacks – Actual research: https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ – “Collaborative research between Advanced Intelligence (AdvIntel) and Eclypsium has discovered that the TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This new functionality, which we have dubbed “TrickBoot,” makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to read, write, or erase the UEFI/BIOS firmware of a device. At the time of writing, our research uncovered TrickBot performing reconnaissance for firmware vulnerabilities. This activity sets the stage for TrickBot operators to perform more active measures such as the installation of firmware implants and backdoors or the destruction (bricking) of a targeted device.”
  9. Cyber Command deployed personnel to Estonia to protect elections against Russian threat – CyberScoop – What many outside of our field may not have understood (esp. as they watched Chris Krebs on 60-minutes) is that we hacked into other nation-states to protect the election. I present this as my evidence: “Personnel from the U.S. Department of Defense’s Cyber Command deployed to Estonia in recent months as part of a broader effort to protect U.S. elections against foreign hacking, American and Estonian officials announced Thursday. The mission allowed personnel from U.S. Cyber Command and Estonia’s Defense Forces Cyber Command to collaborate on hunting for malicious hacking efforts on critical networks from adversaries, officials said. Estonia in particular could help the U.S. glean intelligence about Russian cyber-operations, as it has borne the brunt of Russian hacking in the past.”
  10. Researchers Bypass Next-Generation Endpoint Protection
  11. A DMZ, what is that? – “A DMZ is a network typically exposing public services like web, DNS or email functions, in a subnetwork separated from the internal network of a company. The main purpose of this subnet separation is to protect internal systems while providing these services to untrusted networks like the Internet.”
  12. Baltimore County Schools close after a ransomware attack – Why does Baltimore keep getting hit? Should it be illegal to pay a ransom? Also, this: “The sad news is that the incident was not a surprise, the Baltimore County Public Schools system was notified by state auditors of several cybersecurity flaw the day before the district was hit with the ransomware attack. The audit was published by the Baltimore Sun. “Significant risks existed within BCPS computer network,” the audit stated. “For example, monitoring of security activities over critical systems was not sufficient, and its computer network was not properly secured. In this regard, publicly accessible servers were located in BCPS internal network rather than being isolated in a separate protected network zone to minimize risks.”
  13. The biggest hacks, data breaches of 2020
  14. DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882
  15. Email Spoofing ????
  16. Dua Lipa and other Spotify artists’ pages hacked by Taylor Swift ‘fan’ – Spotify has not publicly said anything about the attack or how it happened, but has been contacted for comment.
  17. Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
  18. Ethical hackers and a “dangerously vague” statute – “In the past, this statute and its ambiguous language have served to deter software developers and others from exposing vulnerabilities. If it continues to do so, will organizations and consumers end up paying the price? As the law presently stands, there is no way to criminalize malicious actions without simultaneously criminalizing other groups, such as white hat hackers.”
TylerRobinson

Tyler Robinson –