psw682

Paul’s Security Weekly Episode #682 – February 04, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Starting A Non-Profit To Help Small Companies With CMMC – 06:00 PM-06:45 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Small federal contractors are being required to become compliant with a new standard, CMMC. They’ve never had to do the level of security and compliance maturity that it requires! What do they do? Who can they talk to?

Guest(s)

Josh Marpet

Josh Marpet –

COO at Red Lion

COO of Red Lion
IANS Faculty
Blockchain Patent Holder
MISTI Instructor
Entrepreneurship Curmudgeon
Board Member BSidesDE
Board Member BSidesDC
Ex-cop and Fireman

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer –

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

LeeNeely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

2. Quantum Computing & Finding the Truth – 07:00 PM-07:45 PM

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

Bill will provide insight on best practices for internet safety, for work from home, family friendly internet habits which leads to the conversation of secure chats/files, & more!

Guest(s)

Bill DeLisi

Bill DeLisi –

CEO at GOFBA

Bill DeLisi is one of the world’s most authoritative experts on cybersecurity. He is currently the Chief Executive Officer, Chief Technology Officer and a founding member of the Board of Directors for GOFBA, Inc. DeLisi has more than 30 years of experience in the computer industry, including holding the position of Chief Technology Officer at several companies. He has worked closely with Microsoft Gold Certified Partners, helping pioneer “cloud” computing and creating security infrastructures that are still in use today. DeLisi is responsible for the development of proprietary technology that serves as the backbone of GOFBA’s platform and has over 30 certifications with Microsoft, Cisco, Apple, and others, which includes the coveted Systems Engineer with Advanced Security certification, as well as expert status in Cloud Design and Implementation.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer –

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

LeeNeely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc

3. Vending Machine Hack, Chucky’s Amber Alert, HarmonyOS, & Realtek Vulns – 08:00 PM-09:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hacks prepaid vending machines, When was the last time you said: “Hey, that web app on that IoT/network device was really secure!”? Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies, Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module, New Linux malware steals SSH credentials from supercomputers, From Microsoft: how not to run Docker in Azure Functions.

Hosts

JeffMan

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer –

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce –

Senior Managing Consultant and Director of Research at InGuardians

  1. Plex Media servers actively abused to amplify DDoS attacks
  2. OverSoft on Twitter
  3. Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module
  4. The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit – The Citizen Lab
LeeNeely

Lee Neely –

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Experts discovered a new Trickbot module used for lateral movement – Trickbot operators have been spotted leveraging a new Trickbot module dubbed “masrv” (masrvDll32 and masrvDll64) which uses the “Masscan” open-source utility to scan local networks, allowing attackers to more easily move laterally across targeted organizations’ networks in search of vulnerable devices with open ports that can be compromised.
  2. New Linux malware steals SSH credentials from supercomputers – A new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of SSH. Even with SSH, you should enable MFA, and limit certificates trusted for authentication.
  3. Trickbot Back from the Dead in New Campaign – Security researchers are warning of a resurgence of prolific Trojan malware Trickbot, which had its infrastructure disrupted by a Microsoft-led coalition late in 2020
  4. Operation NightScout: Supply?chain attack targets online gaming in Asia – ESET discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. DIsable or untnstall until known good patch available.
  5. CISA Launches Campaign to Reduce the Risk of Ransomware – CISA has launched a campaign to reduce the risk of ransomware, including a one-stop resource for alerts, guides, fact sheets, training and other resources. While the initial focus is on supporting COVID-19 response organizations and K-12 educational institutions, there is real value to any organization wanting to combat ransomware.
  6. ZINC attacks against security researchers – Microsoft Security – Microsoft’s Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team write that over that past months, they have “detected cyberattacks targeting security researchers by an actor we track as ZINC.”
  7. US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack – US courts have been instructed to issue standing or general orders that “highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system.
  8. North Korean hackers are targeting security researchers with malware, 0-days – A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight.

    According to a report released tonight by Google’s Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware.

  9. Intel says it wasn’t hacked after all; blames internal error for financial results leaking out – The URL of their earnings infographic was inadvertently leaked, and accessed by third-parties, necessitating an immediate release of the earnings report. Unintentional insider incidents are common and can cause significant damage, including the accidental exposure of sensitive financial data.
PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

  1. Security in a Complex World – “So, all these years later, how do we console the Bruce Schneier’s of the world? How do we have innovation and security? There is one possibility. Since innovation won’t slow, the key is to use innovation to make ever-expanding complexity comprehensible and its effects predictable. In other words, fight fire with fire.”
  2. Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
  3. Huawei’s HarmonyOS: “Fake it till you make it” meets OS development – So, it’s basically a pirated version of Android, only with more backdoors.
  4. How Hackers Are Infiltrating the World of Online Gaming – Latest Hacking News – There is no “How” in this article, it is only about how people hack games. Basically, people cheat, steal in-game artifacts, and fake game updates. In case you didn’t already know that…
  5. Sloppy patches are a breeding ground for zero-day exploits – Sloppy or just putting a splotlight on bad code? “In a blog post, Maddie Stone of Google’s Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely related to previously publicly disclosed vulnerabilities, and “potentially could have been avoided if a more thorough investigation and patching effort” were made.” and “Maddie Stone specifically highlights three vulnerabilities (in Internet Explorer, Google Chrome, and Microsoft Windows) that were exploited in-the-wild, but were not properly fixed after they were reported to each software vendor.”
  6. Free coffee! Dutch researcher hacks prepaid vending machines – Oh, it’s just this: “Unfortunately, as Venhoof discovered, older Nespresso cards are based on the Mifare Classic NFC chip, which uses strong-but-not-quite-strong-enough cryptography.”
  7. Critical Cisco Flaws Open VPN Routers Up to RCE Attacks – When is the last time you said: “Hey, that web app on that IoT/network device was really secure!”. Okay, never: “The flaws exist because HTTP requests are not properly validated in the management interface, according to Cisco. An attacker could exploit the vulnerabilities, merely by sending a specially crafted HTTP request to the management interface of one of the affected router models. From there, they would be able to execute arbitrary code as a root user, Cisco said.” I feel like I’ve read the same advisory a thousand times.
  8. Test Amber Alert accidentally sent out warning of Chucky from the Child’s Play horror movies – Test data is funny sometimes: ““This was actually a test we were running on a dev server and it accidentally went out. We appreciate you reaching out to us to verify this. We do apologize for this inconvenience (to) you.””
  9. NIST Offers Tools to Help Defend Against State-Sponsored Hackers
  10. Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module – “The most severe issue we discovered is VD-1406, a remote stack overflow that allows an attacker in the proximity of an RTL8195 module to completely take over the module, without knowing the Wi-Fi network password (PSK) and regardless of whether the module is acting as a Wi-Fi access point or client. “
  11. emba, an analyzer for Linux-based firmware of embedded devices
  12. Detecting Threats with Process Tree Analysis without Machine Learning
  13. A Look at iMessage in iOS 14
  14. Vovalex is likely the first ransomware written in D
  15. Why Russia May Have Stepped Up Its Hacking Game
  16. Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
  17. New Linux malware steals SSH credentials from supercomputers – One way to get some time on a Supercomputer: “”On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file””
  18. Intezer – How We Escaped Docker in Azure Functions – Dear Microsoft, please listen to this show: ” With these extra capabilities it was clear that the container was run with the ––privileged flag.”
TylerRobinson

Tyler Robinson –

Managing Director of Network Operations at Nisos, Inc