psw696

Paul’s Security Weekly Episode #696 – May 27, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Polarity’s Power-up Sessions, Add an Ability in 15 Minutes – 06:00 PM-06:45 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Join us for our June 3 webcast at 11am ET, where you will learn about pen testing tools and why every organization should be using them regularly. Then join us on June 10 at 11am ET for our technical training on insider risk to learn how to quickly mitigate data exposure risks. Finally, join us June 24 to learn why web application firewalls keep changing and how these changes affect business in the security industry. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability to automate search and save time. Examples include, how to write basic regular expressions, how to find exploit code faster, basics of cyberchef, or how to read a malware sandbox report.

Segment Resources:

Sign up page: https://polarity.io/ctt/
Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc
Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg
Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg
Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8

Guest(s)

Paul Battista

Paul Battista – CEO & Founder at Polarity

@paulbattista

Paul Battista is CEO and Co-Founder of Polarity.io. Prior to Polarity, Paul was an intelligence officer for the United States Government and participated in all elements of the intelligence cycle from planning operations through dissemination to senior policy makers in the White House. Before his government service, Paul was a senior engineer for Aetna Inc., a penetration tester, and incident responder for multiple fortune 100 customers.

Hosts

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Cybersecurity Canon – 07:00 PM-07:45 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it’s hall of winners for 2021.

Segment Resources:

https://icdt.osu.edu/cybercanon

Guest(s)

Rick Howard

Rick Howard – CSO at The CyberWire

@raceBannon99

Rick is the Chief Analyst, Chief Security Officer, and Senior Fellow at The CyberWire, a cybersecurity podcasting network. His prior jobs include the Palo Alto Networks CSO, the TASC CISO, the iDefense GM (A commercial cyber threat intelligence service at Verisign,) the Counterpane Global SOC Director (one of the original MSSPs), and the Commander of the U.S. Army’s Computer Emergency Response Team where he coordinated network defense, network intelligence and network attack operations for the Army’s global network. He was one of the founding players that created the Cyber Threat Alliance (an ISAC for security vendors) and he also created and still runs the Cybersecurity Canon; a Rock & Roll Hall of Fame for cybersecurity books. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1993 to 1999. He has published many academic papers on technology, security, and risk and has contributed as an executive editor to two books: “Cyber Fraud: Tactics, Techniques and Procedures” and “Cyber Security Essentials.”

Hosts

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

3. M1 Chip Flaw, Boeing 747 Hacking, Don’t Blame the Intern, & John Deere – 08:00 PM-09:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don’t tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more!

Hosts

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. FragAttacks + Antenna for Hire™: The Perfect Storm in Your Network Airspace
  2. Can the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol
  3. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
  4. Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Cybersecurity leaders lacking basic cyber hygiene – Help Net Security – This is interesting? – “48% of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%).”
  2. Introducing Security By Design – But what is the incentive? – “That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including Google Play, has many built-in security features that help protect developers and users. The course Introduction to app security best practices takes these protections one step further by helping you take advantage of additional security features to build into your app.”
  3. nginx 1.20.0 DNS Resolver Off-By-One Heap Write
  4. Bypassing Container Image Scanning – This is awesome, and a simple little trick to lock down the container: “For example, try building RUN apt-get remove apt into the image after all of it’s essential packages have been installed. The packages will remain on the image, but the runtime scanner will be unable to query with apt list, therefore resulting in 0 vulnerabilities found.” Of course, you should not be running as root anyhow. Ooooh and this: “If you know exactly where and how the runtime scanner binary gets injected, find a way to prevent it. For example in the microscanner case above, we know it will add the scanner binary at /microscanner . In this case, we can add a layer before the microscanner gets written that creates a symlink to /dev/null. Meaning at image build time the microscanner binary gets discarded instead of written to the filesystem.”
  5. Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
  6. Kali Linux team releases Kaboxer, a tool for managing applications in containers – Help Net Security
  7. “Unpatchable” vuln in Apple’s new Mac chip – what you need to know – “According to Hector Martin, this register can be read from by userland programs running at EL0, though he doesn’t know what the register is actually used for, if anything. However, userland programs aren’t supposed to be able to write into it, given that it’s a system register and supposedly off-limits to EL0 programs. But Martin discovered that userland code can write to just two individual bits inside this register – bits that are apparently otherwise unused and therefore might be considered unimportant or even irrelevant… …and those bits can then be read out from any other userland program.”
  8. New Rowhammer Vulnerability Exploits Increasingly Smaller DRAM Chips
  9. NASA identified 1,785 cyber incidents in 2020
  10. Let’s Stop Blaming Employees for Our Data Breaches
  11. Hackers used macOS 0-days to bypass privacy features, take screenshots – “According to Jamf researchers Jamf researchers Jaron Bradley, Ferdous Saljooki, and Stuart Ashenbrenner, the malware controls legit applications that can capture screen records or screenshots without requiring user consent as soon as it infects the device.”
  12. CVE-2021-21551: Learning Through Exploitation
  13. Bosses putting a ‘digital leash’ on remote workers could be crossing a privacy line
  14. The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms – “. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.””
  15. M1RACLES: An Apple M1 Vulnerability
  16. Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
  17. Vulnerability in VMware product has severity rating of 9.8 out of 10
  18. Bluetooth bugs open the door for attackers to impersonate devices
  19. SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern – CyberScoop – Backpedaling: ““What happened at the congressional hearings where we attributed it to an intern was not appropriate, and was not what we are about or is not what we are about,” he said. “We have learned from that and I want to reset it here by saying that we are a very safe environment, and we want to attract and retain the best talent.”” and this: ““As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said.”
  20. Bose Corporation discloses breach after ransomware attack. – CyberWorkx
  21. Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cad – Awesome write-up, down the rabbit hole we go: “Suddenly they had a private vulnerability disclosure program. It did not exist when we started. 24 hours later, I received the invitation to the program… I was the only researcher in the program The program was created that day Every single asset had no bounty The company does not allow public disclosure”
  22. How to protect your Wi-Fi devices from new FragAttacks vulnerabilities
  23. The Full Story of the Stunning RSA Hack Can Finally Be Told
  24. Global Socket – If you trust someone else’s computers…
  25. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
  26. Getting a persistent shell on a 747 IFE – This was neat. Windows NT!