psw691

Paul’s Security Weekly Episode #691 – April 22, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Why Now is the Time for K-12 Cybersecurity Education – 06:00 PM-06:45 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

With the U.S. facing a shortage of roughly 314,000 cybersecurity professionals in the workforce, according to CSIS, there is an urgent need to build cybersecurity skills and fill the workforce pipeline with students who are prepared to pursue cybersecurity careers.

The aftermath of the SolarWinds breach has shown that there is a desperate need to expand K-12 cybersecurity education across the country.

Since its inception in 2007, over 21,500 teachers have enrolled in CYBER.ORG’s content platform and over 14,000 teachers have been trained to use CYBER.ORG content for cybersecurity education.

Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education.

Segment Resources:

https://cyber.org/standards https://cyber.org/about-us/our-impact
https://cyber.org/news/k-12-cybersecurity-learning-standards-review-session-completed
https://www.businesswire.com/news/home/20200914005156/en/CYBER.ORG-Kicks-Off-National-K-12-Cybersecurity-Learning-Standards-Development

Guest(s)

Kevin Nolten

Kevin Nolten – Director of Academic Outreach at CYBER.ORG

@KevinNolten

As the Director of Academic Outreach at CYBER.ORG, Kevin directs the organization’s?programmatic outreach efforts and partnerships with the goal of ensuring that every K-12 student in the U.S. has access to cybersecurity education. In his role, he helps advance CYBER.ORG’s K-12 cyber education program with age-appropriate content that aligns with state standards for education in 27 states and counting. The impact of that work is measured in thousands of teachers and students with more content, resources and training that will fuel the cyber workforce pipeline for the future.

Kevin received his Bachelor of Science in Business Management and Administration from LSU Shreveport. Kevin also received his MBA from LSU Shreveport.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. Encrypted Collaboration & Communication – 07:00 PM-07:45 PM

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and federal space.

Guest(s)

Joel Wallenstrom

Joel Wallenstrom – CEO and President at Wickr

Joel Wallenstrom is the CEO & President of Wickr and a world-renowned information security expert. He has led top white hat hacker teams responding to some of the most high-profile incidents in the past 20 years. Under his executive guidance, Wickr has since pivoted the company from solely offering a free consumer product to a robust enterprise compliance ready, secure collaboration platform used by the Fortune 500 and top federal organizations. Prior to joining Wickr, Joel co-founded iSEC Partners, one of the world’s leading information security research teams, later acquired by the NCC Group.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. Feds Have a Busy Two Weeks, British Tween Takes On TikTok, & More Facebook Woes… – 08:00 PM-09:30 PM

Announcements

  • And today is the official launch of SW Labs with our first set of product reviews on Attack Surface Monitoring. To see an overview of the category definition, our testing methodology, or the actual product reviews, please visit https://securityweekly.com/reviews

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for & prevent modern ransomware attacks! Our next technical training will be on May 6th at 11am ET. This technical training webcast will explore common misconfigurations of NGINX, the damage they could do, and how to avoid them. Also join us May 13th at 11am ET for a technical training with Thycotic to see how attackers gain access to endpoints and learn defensive strategies to protect against those attacks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force to Stop Ransomware Spread, Facebook faces mass legal action over data leak, and more!

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

  1. Pulse Secure Critical Zero-Day Security Bug Under Active Exploit – A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.
  2. How to Obtain PCI DSS Compliance and Why It’s Important – I didn’t write this!!!
  3. Cyberattacks and Security Breach Disclosures: U.S. Federal Law Coming? – The U.S. intelligence apparatus is pressing Congress to propose measures that require private industry to share security breach information and other threat intelligence to the federal government.
  4. Google and Apple grilled on app store policies in tense Senate hearing – Rivals including Match Group and Spotify accuse the tech giants of retaliation and anticompetitive behavior.
LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. Becoming N-able
  2. In epic hack, Signal developer turns the tables on forensics firm Cellebrite
  3. Re: [PATCH] SUNRPC: Add a check for gss_release_msg – Greg KH
  4. Felix Wilhelm on Twitter
  5. grep.app
  6. Bash Uploader Security Update – Codecov
  7. Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer
  8. Airstrike Attack – FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
  9. Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Com
  10. ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing
  11. Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
  12. Dutch supermarkets run out of cheese after ransomware attack
  13. Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities
  14. IoT bug report claims “at least 100M devices” may be impacted
  15. Security researcher drops Chrome and Edge exploit on Twitter
  16. Identity Management Day: Cybercriminals No Longer Hack in, They Log In – Security Boulevard
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors – A new zero-day vulnerability (CVE-2021-22893) affecting PulseSecure VPN equipment is being exploited by two China-linked hacking groups in order to breach networks belonging to U.S. defense contractors as well as government organizations around the world.
  2. Zero-day vulnerabilities in SonicWall email security are being actively exploited – SonicWall is urging customers to apply patches to resolve three zero-day vulnerabilities (CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023) in its email security solution that are being actively exploited in the wild.
  3. REvil gang tries to extort Apple, threatens to sell stolen blueprints – The REvil/Sodinokibi operators published a post on their shaming website on April 20, 2021, claiming to have stolen information from Quanta Computer Inc who refused to pay. Now turning to Apple for ransom.
  4. Russia-linked APT SVR actively targets these 5 flaws – NSA, FBI, and CISA issued a joint alert warning on April 15 that Russia-linked APT group SVR (“Cozy Bear, The Dukes, APT29) has been spotted actively exploiting five vulnerabilities affecting Fortinet FortiGate VPN (CVE-2018-13379), Synacor Zimbra Collaboration Suite (CVE-2019-9670), Pulse Secure Pulse Connect Secure VPN (CVE-2019-11510), Citrix Application Delivery Controller and Gateway (CVE-2019-19781), and VMware Workspace ONE Access (CVE-2020-4006) in attacks targeting U.S. companies and the DIB.
  5. Security Bug Allows Attackers to Brick Kubernetes Clusters – The Open Security – Vulnerability (CVE-2021-20291) affecting one of the Go libraries on which Kubernetes is based that is triggered when a cloud container pulls a malicious image from a registry could be exploited by attackers to cause a denial-of-service (DoS) condition on the CRI-O and Podman container engines, effectually bricking Kubernetes clusters.
  6. Domain Name Security Neglected by U.S. Energy Companies: Report – A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC it found that the 80 percent of energy firms neglecting their domain names do not use registry locks.
  7. Arrest Made Over California City Data Breach – Nearly every member of the Huntington Park, Calif. finance department has been placed on leave and one was arrested following a probe into a “large-scale security breach of electronic financial records at Huntington Park City Hall” on April 14 that resulted in a criminal investigation by the Huntington Park Police Department (HPPD).
  8. ParkMobile Data Breach: 21Million User Data Exposed – Atlanta, Ga.-based smart parking and mobility solutions provider ParkMobile has disclosed that account details belonging to 21 million customers using its ParkMobile app were compromised and are now being sold online following a March 2021 security incident caused by a vulnerability affecting third-party applications used by the company. ParkMobile recommends changing your password.
  9. Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks – Multiple vulnerabilities (CVE-2021-27478, CVE-2020-13556, CVE-2021-27482, CVE-2021-27500, and CVE-2021-27498) in the OpENer stack are being exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial control systems.
  10. Popular Codecov code coverage tool hacked to steal dev credentials – Codecov platform used to host code testing reports and statistics has disclosed that an unknown threat actor managed to modify its Bash Uploader on April 1 and expose sensitive information located in customers’ CI environments as part of a supply-chain attack that took place in late January.
  11. NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices – Security researchers say they have discovered nine vulnerabilities affecting the FreeBSD, Nucleus NET, IPnet, and NetX TCP/IP stacks, collectively dubbed “NAME:WRECK,” that could be leveraged to target a variety of servers, medical devices, and industrial devices.
  12. Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says – CyberScoop
  13. NSA discovers critical Exchange Server vulnerabilities, patch now
  14. Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
  15. Dutch supermarkets run out of cheese after ransomware attack
  16. Joker Android Trojan Lands in Huawei AppGallery App Store
  17. Pokies shut down by hacker ransomware attack
  18. Incident at Natanz not an accident, damage worse than Iran revealing
  19. Attackers deliver legal threats, IcedID malware via contact forms
  20. Researchers uncover a new Iranian malware used in recent cyberattacks
  21. 330K stolen payment cards and 895K stolen gift cards sold on dark web
  22. Vulnerability in ‘Domain Time II’ Could Lead to Server, Network Compromise
  23. Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall
  24. Hackers Hack Hackers as Underground Carding Site is Breached
MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Justice Dept. Creates Task Force to Stop Ransomware Spread
  2. British Tween Takes On TikTok
  3. 7 Old IT Things Every New InfoSec Pro Should Know
  4. NSA: 5 Security Bugs Under Active Nation-State Cyberattack
  5. FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
  6. Hackers Set Up 100,000 Websites Delivering Malware Via Malicious PDFs
  7. US government strikes back at Kremlin for SolarWinds hack campaign
  8. US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
  9. Facebook faces mass legal action over data leak
  10. Facebook Messenger users targeted by a large-scale scam – Help Net Security
  11. GEICO Alerts Customers Hackers Stole Driver License Data for Two Months
  12. Nigerian email scammer sent down for 40 months in the US, ordered to pay back $2.7m to victims
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security