psw681

Paul’s Security Weekly Episode #681 – January 28, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. XDR and Vitamins – 06:00 PM-06:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/kennasecurity for more information!

Announcements

Description

What is XDR? How do we know the security protections we’re investing in are working? All this and Paul’s CBD Pineapple Pizza Drink on this week’s show.

This segment is sponsored by Kenna Security.

Visit https://securityweekly.com/kennasecurity to learn more about them!

Guest(s)

Michael Roytman

Michael Roytman –

Chief Data Scientist at Kenna Security

Michael Roytman is a recognized expert in cybersecurity data science. At Kenna Security, Michael is responsible for building the company’s core analytics functionality focusing on security metrics, risk measurement, and vulnerability measurement. Named one of Forbes’ 30 Under 30, Michael’s strong entrepreneurship skills include founding organizations such as Dharma Platform, a cloud-based data management platform, and TruckSpotting, a mobile app for tracking food trucks. He also serves on the board of Cryptomove, a moving target data protection startup. In addition, Michael chairs the Board of Dharma Platform, is a board member and the program director at the Society of Information Risk Analysts (SIRA), and is a co-author of the Exploit Prediction Scoring System (EPSS). Michael is a frequent speaker at security industry events, including Black Hat, BSides, Metricon, RSA, SIRACon, SOURCE, and more. Michael holds a Master of Science in Operations Research degree from Georgia Institute of Technology.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

2. How Tall Do You Have to Be to Ride the Ride? – 07:00 PM-07:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/plextrac for more information!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of conducting assessments, addressing the cybersecurity talent shortage, and facilitating automated assessments. Lastly, we’ll discuss what makes you feel ready for what’s headed your way.

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

Guest(s)

Dan DeCloss

Dan DeCloss –

Founder / CEO & President at PlexTrac

Dan has over 15 years of experience in cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

3. EMOTET Disrupted, “Ghost” Hackers, & Why Privacy is ‘Like Bubblewrap’ – 08:00 PM-09:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc!

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

  1. ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping
  2. Balldo is a balls-mounted dildo
  3. World’s most dangerous malware EMOTET disrupted through global action
  4. CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
  5. Ghost hack – criminals use deceased employee’s account to wreak havoc
  6. New campaign targeting security researchers
  7. This Week In Security: OpenWRT, Favicons, And Steganographia
  8. British schoolkids issued laptops conveniently pre-loaded with malware that connects with Russian servers
  9. Mitigating the $I30:$Bitmap NTFS Bug – OSR
  10. Hidden Threat To Navies: How Freely Available Satellite Imagery Can Track Radars – Naval News
PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

  1. Stack Overflow 2019 hack was guided by advice from none other than… Stack Overflow – It’s called “hacking” for a reason (we’re not experts in ALL software LOL): ”the attacker successfully logged into the StackOverflow development environment, using a crafted login request that bypassed access controls, and then successfully escalated privileges. They then got access to TeamCity, the JetBrains continuous integration product…Although not having secrets in source code seems like a no-brainer, developers sometimes find this hard to avoid How does TeamCity work? “The attacker is clearly not overly familiar with the product so they spend time looking up Q&A on Stack Overflow on how to use and configure it”
  2. Ghost hack – criminals use deceased employee’s account to wreak havoc – We go after accounts when people are on vacation, and apparently permanent vacation too: “The account of the late employee wasn’t shut down because various internal services had been configured to use it, presumably because the deceased had been involved in setting up those services in the first place. Closing down the account, we assume, would have stopped those services working, so keeping the account going was probably the most convenient way of letting the dead person’s work live on.”
  3. From zero to your first Penetration Test – Best advice in this article is here: “You have to make sacrifices, you have to put in the hard work and the grind, to become a good Penetration Tester. Practice, practice, and practice! Sometimes, it will be hard to see all of your friends partying and feeling good on Social Media, while you are staying home, trying to crack that HackTheBox machine, practicing for OSCP or learning about SQL Injections, but remember how worth it will be in the end. Think about the long-term.”
  4. Nvidia Squashes High-Severity Jetson DoS Flaw
  5. Maritime port cybersecurity
  6. Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
  7. For Microsoft, cybersecurity has become bigger than business – CyberScoop
  8. Sudo Heap-Based Buffer Overflow – Exploitalert
  9. TikTok vulnerability left users’ private information exposed
  10. Why Privacy Is Like Bubble Wrap – A really long article that takes its time to get to this mediocre point: “In a sense, we should think of privacy not as something that resides in an individual, but something that surrounds them. This is where the bubble wrap metaphor comes in – a layer that’s transparent enough to allow you to be seen but also a protection against harmful intrusion. The more bubble wrap, the more protection, but also the greater the degree of constriction: sure I can bubble wrap my experience online (no cookies, no tracking, ProtonMail account, etc) but it’s going to be a slower, more plodding experience, which has its own costs.”
  11. TeamTNT group adds new detection evasion tool to its Linux miner
  12. Microsoft releases Application Guard for Office to M365 customers
  13. Crypto Tools like Signal and Bitcoin Don’t Harm Democracy. They Help It
  14. South African government releases its own browser just to re-enable Flash support – “The South African Revenue Service has released this week its own custom web browser for the sole purpose of re-enabling Adobe Flash Player support, rather than port its existing website from using Flash to HTML-based web forms.”
  15. New campaign targeting security researchers
  16. Former LulzSec Hacker Releases VPN Zero-Day Used to Hack Hacking Team – So, not an 0day: “This story and its headline have been updated to clarify that this exploit was not a zero-day, as SonicWall had patched it.”
  17. Oracle WebLogic Server 14.1.1.0 Remote Code Execution ? Packet Storm
  18. Hacker leaks data of 2.28 million dating site users
  19. SonicWall firewall maker hacked using zero-day in its VPN device
  20. SonicWall says it was hacked using zero-days in its own products
  21. Phishing scam had all the bells and whistles—except for one
  22. Nmap project becomes latest victim of Google’s ‘wrongful blocking’ of cybersecurity resources – This is the best way to fix this problem, but unfortunately it’s not available to everyone: “The tweet was fired to 130,000 followers and an associate at Google Security spotted the message. The issue was then personally escalated, although the developer added that others may have seen the tweet and helped, too.”
  23. Here’s how a researcher broke into Microsoft VS Code’s GitHub – I believe this is the real vulnerability: “Since actions/checkout was executed in the step before the vulnerable workflow file is used, there was a GitHub token with write permission to the repository. So I made a plan to use this token”
  24. Oracle WebLogic Server 14.1.1.0 Remote Code Execution ? Packet Storm
TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc