Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
Description
In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a need for a customized identifying threat process.
Roi has over 13 years of experience as a pentester, IT admin, and CISO. In his current Role as Vicarius VP Sales, he helps companies to better product their infrastructure against software vulnerabilities.
Shani Dodge –
C++ Developer at Vicarius
Shani is Vicarius’s machine learning expert. She’s widely experienced with binary analysis, data science, and low-level development both in the academic and practical areas.
Hosts
Jeff Man –
Sr. InfoSec Consultant at Online Business Systems
Larry Pesce –
Senior Managing Consultant and Director of Research at InGuardians
Lee Neely –
Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian –
Founder/CIO at Security Weekly/CyberRisk Alliance
Tyler Robinson –
Managing Director of Network Operations at Nisos, Inc
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Description
SolarWinds is just the latest example of how the enterprise software supply chain, when compromised, can be used successfully by attackers. These coordinated and well-managed attacks prey on trust, so how can we trust our enterprise software?
Harry Sverdlove, Chief Technologist for Secure Workload Communication, Zscaler, Inc. (formerly Co-Founder and Chief Technology Officer of Edgewise Networks), was previously CTO of Carbon Black, where he was the key driving force behind their endpoint security platform. Earlier in his career, Harry was principal research scientist for McAfee, Inc. (formerly Chief Scientist of SiteAdvisor), where he supervised the architecture of crawlers, spam detectors and link analyzers. Prior to that, Harry was director of engineering at Compuware Corporation (formerly NuMega), and principal architect for Rational Software, where he designed the core automation engine for Rational Robot.
Hosts
Joff Thyer –
Security Analyst at Black Hills Information Security
Jeff Man –
Sr. InfoSec Consultant at Online Business Systems
Larry Pesce –
Senior Managing Consultant and Director of Research at InGuardians
Lee Neely –
Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian –
Founder/CIO at Security Weekly/CyberRisk Alliance
Tyler Robinson –
Managing Director of Network Operations at Nisos, Inc
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!
Description
In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ‘solarwinds123’ Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!
FireEye Mandiant SunBurst Countermeasures – These rules are provided freely to the community without warranty. In this GitHub repository you will find rules in multiple languages: Snort Yara IOC ClamAV
AMNESIA:33 – Forescout – Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT , OT and IT devices that present an immediate risk for organizations worldwide.
Data of 243 million Brazilians exposed online via website source code – Personally identifiable information (PII) belonging to some 243 million living and dead Brazilians was found exposed online after web developers inadvertently left the password to a government database in the source code of an official Brazilian Ministry of Health website for roughly six months.
TransLink confirms ransomware attack, says payment data secure – In this case, customers were unable to use credit and debit cards at certain vending machines and tap-to-pay fare gates, but TransLink said that payment card data was not compromised. Egregor ransomware was used in this attack.
Adobe users targeted in dangerous new phishing campaign – A new credential capturing phishing attack has been discovered targeting Adobe users. This particular campaign uses an email that purports to be from the non-existent service Adobe Cloud. (As opposed to Adobe Creative Cloud which exists.)
Ransomware gang says they stole 2 million credit cards from E-Land – Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. E-Land claims no customer data was accessed or exposed in the attack as that data was encrypted on a different server.
Hackers target groups in COVID-19 vaccine distribution, says IBM – IBM is warning companies instrumental in the distribution of COVID-19 vaccines that its “cold chain” process for keeping vaccines at the proper temperature during delivery is being targeted in a global phishing campaign.
Nuclear weapons agency breached amid massive cyber onslaught – The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies. They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE.
51% of WFH Parents Say Children Have Accessed Work Accounts – We need to take the time to educate: “Nearly half of parents let children access devices with saved passwords on them, data shows, but 14% admit their kids have caused trouble by accessing an account with a saved password. One noted their child got into their bank account and wired money to a random account.”
How suspected Russian hackers outed their massive cyberattack – “We initially detected the incident because we saw a suspicious authentication to our VPN solution,” said Charles Carmakal, senior vice president and chief technology officer at Mandiant, FireEye’s incident response arm. “The attacker was able to enroll a device into our multi-factor authentication solution, and that generates an alert which we then followed up on.”
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks – “Based on our analysis, we have now identified multiple organizations where we see indications of compromise dating back to the spring of 2020, and we are in the process of notifying those organizations. Our analysis indicates that these compromises are not self-propagating; each of the attacks require meticulous planning and manual interaction.”
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure – More of the same, if you want to pwn stuff, just use firmware and IoT, still… “According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. And, 80 percent of those devices affected by CDPwn remain unpatched.”
RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems – Coming to an embassy near (or far away?) from you: “The AIR-FI attack relies on DDR SDRAM buses for emitting electromagnetic signals on the 2.4 GHz Wi-Fi band and for encoding data on top of these signals. A nearby Wi-Fi-capable device that has been infected with malware is used to intercept these signals, decode them, and then transmit them to the attacker, over the Internet.”
Zodiac Killer Cipher Solved – Schneier on Security – A 51-year-old cipher: “Cryptologist David Oranchak, who has been trying to crack the notorious “340 cipher” (it contains 340 characters) for more than a decade, made a crucial breakthrough earlier this year when applied mathematician Sam Blake came up with about 650,000 different possible ways in which the code could be read. From there, using code-breaking software designed by Jarl Van Eycke, the team’s third member, they came up with a small number of valuable clues that helped them piece together a message in the cipher”
Why the Weakest Links Matter – “Developer machines, source control management systems, build servers, or even sites that developers download tools from may be compromised, giving an attacker an entry point to inject malicious code. Too often, these are the weakest links in the chain, and attackers will always focus on the weak links. There’s no need to spend the time and effort to attack the hard targets when there are easier options available; attackers — especially those that work for state-backed operations — have deadlines too.”
Killswitch Found for Malware Used in SolarWinds Hack – The profile is weird. The attackers were smart enough to backdoor Solarwinds. But yet, they reportedly stole some of Fireeye’s attack tools. But then, left it easy to shut down the campaign: “During its analysis of the malware, FireEye noticed that SUNBURST had been communicating with a domain named avsvmcloud[.]com. The cybersecurity firm worked with Microsoft and registrar GoDaddy to seize control of the domain.” Smoke and mirrors?
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019 – This may help explain it: “Security researcher Vinoth Kumar told Reuters that he contacted the company in 2019, alerting it that anyone could access its update server by guessing the password “solarwinds123.” Reuters also reports that hackers claiming they could sell access to SolarWinds’ computers since 2017. It is not clear from the wording of the story whether the offer was for a method of infiltrating SolarWinds itself, or if the black hat was offering to sell access to computers that used SolarWinds software.”
‘I Am the Dopest NASA Engineer You Will Ever Meet’: 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist – I want to end the year on a high note, I LOVE this story: “A second mistake happened during Williams’ freshman year in high school, when a teacher inadvertently enrolled her in an honors geometry class. Williams said she was excited, but her heart dropped when the teacher told her it was a mishap and offered to re-enroll her in a normal math class. “But by this time, I knew that mistakes were my strength,” she said. “Mistakes gave me a second chance. Mistakes have me showing a whole generation of students how cool math and science can be.” Williams forged ahead, got an A in the class, and the rest is history. In 2017, she made her first splash when she penned lyrics teaching the quadratic formula. The song explained coefficients and x-axis intercepts over the sound bed of Soulja Boy’s 2007 summer anthem “Crank Dat.” A music video for the song got thousands of views on Youtube and helped catapult Williams to a level of stardom for her catchy educational jingles.”