psw697

Paul’s Security Weekly Episode #697 – June 03, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Attack Surface Discovery and Enumeration – 06:00 PM-06:45 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

Description

We’ve let the compliance world drive security for so long there are folks that literally have no idea what ‘reasonably secure’ looks or feels like because they’ve never seen it before.

Segment Resources:
phobos.io/orbital

Guest(s)

Dan Tentler

Dan Tentler – Executive Founder at Phobos Group

@Viss

Dan Tentler is the executive founder of Phobos Group, a boutique information services and products company focused on shifting the overton window from compliance to actual measurable security.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. Digital Transformation’s Impact On IT Asset Visibility – 07:00 PM-07:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ for more information!

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility.

Segment Resources:

View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38

Read our CEO’s blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security

Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management

This segment is sponsored by Qualys.

Visit https://securityweekly.com/qualys to learn more about them!

Guest(s)

Sumedh Thakar

Sumedh Thakar – CEO at Qualys

@ssthakar

As CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. Since 2014, he has served as Chief Product Officer at Qualys, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24×7 follow-the-sun product team.

Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins – 08:00 PM-09:30 PM

Announcements

  • Join us on June 10 at 11am ET for our technical training on insider risk to learn how to quickly mitigate data exposure risks. Then join us June 24 at 11 AM ET to learn how web application firewalls can help mitigate exposure in a complex threat landscape. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. Supreme Court narrows scope of CFAA computer hacking law
  2. Establishing Confidence in IoT Device Security: How do we get there?
  3. FireEye to sell products unit to Symphony-led group for $1.2B – TechCrunch
  4. NortonLifeLock Unveils Norton Crypto
  5. Major meat producer JBS USA hit by cyberattack, likely from Russia
  6. Ransomware attack disrupts Massachusetts ferries
  7. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
  8. MOSI/MISO and 140 Years Of Wrong
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Army wants teleworkers to switch off smart IoT devices — FCW – The Army informed its teleworking workforce that they must immediately remove Internet of Thing (IOT) devices from their teleworking workspaces that possess the capability to listen for keywords that would automatically activate them.
  2. Exclusive: Alibaba’s Huge Browser Business Is Harvesting The ‘Private’ Web Activity Of Millions Of Android And iPhone Users – UC Browser promised that with its “incognito” mode, no web browsing or search history would be recorded. Researcher discovers on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they’re in incognito mode or not, is sent to servers owned by UCWeb.
  3. JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit: experts – The White House stated the attack against the world’s largest meat-packer was likely conducted by Russian hackers; several U.S. government agencies are assisting the Brazilian company with cyber assistance.
  4. Australian meat processor JBS Foods hit by cyber attack – Meat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in Australia, US and other locations.
  5. A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely – Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be leveraged by attackers to obtain remote access to protected areas of memory, allowing them to perform unrestricted and undetected code execution.
  6. Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery – CyberScoop – Cozy Bear (APT29) group was spotted just days ago leveraging an election fraud-related lure document attached to a phishing email that purports to originates from the U.S. Agency for International Development (USAID) in attacks targeting government agencies, research institutions, and non-governmental organizations (NGO) in the U.S. and Europe.
  7. Feds Warn DarkSide May Not Stay Dark – U.S. government cybersecurity and counterintelligence officials have revealed that the DarkSide cybercrime gang responsible for the Colonial Pipeline ransomware attack may soon reemerge, if it ever stopped operating at all.
  8. US Pipelines Ordered to Increase Cyber Defenses After Hack – TSA has issued a directive mandating that U.S. pipeline owners and operators hire a cybersecurity coordinator, conduct regular cybersecurity assessments, and report any and all cyber incidents to the U.S. federal government.
  9. APT actors exploiting Fortinet vulnerabilities to gain access to local governments – APT actors recently exploited old vulnerabilities affecting Fortinet firewalls and breached a web server hosting the domain belonging to a local U.S. government, and then moved laterally through the compromised network and created new domain controller, server, and workstation user accounts mimicking already existing accounts in order to exfiltrate or encrypt data and perform other malicious activities.
  10. Researchers find four new malware tools created to exploit Pulse Secure VPN appliances – Mandiant Threat Intelligence says it has spotted four new malware samples (Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse) that were specifically created to target Pulse Secure VPN appliances and are being used in attacks targeting defense, government, and financial organizations.
  11. Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agencies – Foreign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication.
  12. Japanese government offices hacked – The Japanese government has disclosed it suffered a data beach after hackers accessed Fujitsu’s “ProjectWEB” information-sharing software, which is widely used by public offices and business in Japan, and gained access to data related to air traffic control.
  13. French police seized dark web marketplace Le Monde Parallèle – Last week, French authorities have seized the dark web marketplace Le Monde Parallèle and arrested two of the platform’s administrators following a months-long investigation.
  14. Plaintext Passwords of 8.3 Million Users Leaked in a DailyQuiz Data Breach – Researchers say they found an unsecured, exposed database belonging to DailyQuiz containing some 13 million users’ PII and plaintext passwords.
  15. Chip shortage will lead to higher PC prices as Dell, HP, and Lenovo pass on higher costs – PC prices are likely to move higher in the second quarter and rest of 2021 as vendors pass along higher component and logistics costs amid strong demand.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Vulnerability Management is the Key to Stopping Attacks – “Virtually anything could become a security vulnerability, from applications containing legacy components, old software versions and outdated OS to even employees and users. In the fast-changing IT environment with several moving parts, third-party components and services, it is easy to miss updates, and this creates new vulnerabilities”
  2. Overcoming Compliance Issues in Cloud Computing – “data security is always YOUR responsibility.”
  3. 9 Ransomware Early Warning Signs To Monitor In Your District’s Systems
  4. 5 Devastating Endpoint Attacks: Lessons Learned – Security Boulevard
  5. Attack on meat supplier came from REvil, ransomware’s most cutthroat gang – “REvil and its affiliates account for about 4 percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims.”
  6. Agile security testing?—?pentest and automate – “I explore the idea of agile security testing, where penetration testing is performed first and test cases are automated after that. Agile security testing would be made in iterations of 1) test case execution, 2) penetration testing, and 3) creation of new test cases. The iterative approach naturally leads to constantly updating tests, which addresses the problem of evolving threat landscape.”
  7. WordPress Plugins Are Responsible for 98% of All Vulnerabilities – Latest Hacking News – “Like WordPress, WordPress Plugins are vulnerable to hacking. Why? For two reasons: (i) not all plugins follow the security protocol, and (ii) we can see the codes of the plugins. Hackers always analyze the code to find vulnerabilities in them. If you use a plugin, and the plugin is vulnerable to hacking, or you have not updated to the latest version, your website is then easily hackable. Since WordPress is open source, hackers know what the endpoints (URL) are, what data to use, and how to inject the scripts. “
  8. The Vulnerabilities of the Past Are the Vulnerabilities of the Future
  9. A Supreme Court ruling limits the reach of a landmark hacking law – CyberScoop – “The Supreme Court issued a 6-3 ruling Thursday determining that improper use of a computer system by someone allowed to use it does not fall under the Computer Fraud and Abuse Act, the nation’s landmark hacking law.”
  10. White House calls for companies to address ransomware threat 2021
  11. Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
  12. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
  13. Supreme Court narrows Computer Fraud and Abuse Act: Misusing access not quite the same as breaking in
  14. Security Aspects to consider for a React Native Application
  15. Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors
  16. A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets
  17. Cyber Security Researchers have Disclosed Two new Attack Techniques in PDF. – CyberWorkx
  18. Intrusion Detection System – Have they become useless?
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security