psw701

Paul’s Security Weekly Episode #701 – July 01, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. New Security Threats Stemming from PII Online – Rob Shavell – 06:00 PM-06:45 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • In our July 14th democast at 11 AM ET, learn how to reveal and protect your entire attack surface. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Finally, in our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites.

Guest(s)

Rob Shavelle

Rob Shavell – Co-Founder and CEO at Abine/DeleteMe

@RobShavell

Rob Shavell is a Co-founder and CEO of Abine / DeleteMe, The Online Privacy Company. Rob has been quoted as a privacy expert in the Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox News. Rob has also been a vocal proponent of privacy legislation reform, including as a public advocate of the California Privacy Rights Act (CPRA) and Abine is an early implementer of the new Global Privacy Control.

Rob brought Abine’s core products to market, including Blur, which has protected the privacy of over 10 Million consumers and DeleteMe, which has completed over 30 million opt-outs from data brokers.

Prior to Abine, Rob was VP Product at Identity Force, an identity theft provider and co-founder of one of the first consumer group travel portals, “TravelTogether.com” and was an associate at Softbank Capital Partners (Boston) and Softbank / Mobius Venture Capital (Silicon Valley). Rob has a BA from Cornell University where he began his studies in the school of Architecture.

Hosts

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. The Rise of Sim Swapping – 07:00 PM-07:45 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Description

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a wildfire.

Guest(s)

Haseeb Awan

Haseeb Awan – CEO at EFANI Inc

CEO and co-founder of EFANI Inc and Bitaccess. He’s an Engineer by profession with Master’s in Engineering Management and also has studied Financial Markets from Yale University & holds Project Management Professional (PMP) designation. He is also a Y-Combinator Alumni as well Next Founders & couple of other associations. He is among the earliest entrepreneurs in blockchain space & personal investor in 30+ companies & advisor to over 10 companies.

Hosts

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. LinkedIn Breach, Bitcoin From Banks, PrintNightmare, & NFC Flaws in ATMs – 08:00 PM-09:30 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 5th at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, flaws let you hack an ATM by waving your phone, PrintNightmare, Bitcoins from Banks and more!

Hosts

DougWhite

Doug White

@dougwhitephd

Professor at Roger Williams University

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Cobalt Strike Usage Explodes Among Cybercrooks – Researchers say that between 2019 and 2020, they witnessed a 161 percent year-over-year increase in the number of real-world attacks leveraging the commercially available, legitimate pen testing tool “Cobalt Strike” and that use of the tool has become “fully mainstream in the crimeware world.”
  2. Over 200,000 Students Data Leaked in Cyberattack – The Malaysian pro-Palestinian hacking group “DragonForce” revealed June 20 via Telegram that it hacked job placement firm AcadeME, which serves various colleges and universities throughout Israel, and stole PII belonging to more than 200,000 Israeli students who have used the site since 2014.
  3. PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug – The Record by Recorded Future – Proof-of-concept exploit code has been published online today for a vulnerability in the windows print spooler dubbed “PrintNightmare”
  4. PJobRAT Disguised as Android Dating App Steals contacts and GPS data – The cybersecurity experts of Cyble along with 360 Core Security Lab have recently detected the PJobRAT spyware in dating and instant messaging apps. Not only that even, the analysts have also claimed that the spyware samples disguised themselves as Android dating apps.
  5. Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware – Microsoft on Friday said it’s investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with a command-and-control (C&C) server as part of an attack targeting gaming environments in China.
  6. FBI director Chris Wray urges companies stop paying ransoms to hackers – His message before the U.S. Senate last week was simple: companies that choose to pay ransom to malware authors is only inspiring the criminal groups to broaden their attacks against vulnerable and/or high-value computer networks.
  7. Credential Phishing Campaign Exploits Housing Boom – Exceptionally high demand in the housing market has created the opportunity for a timely new lure in a credential phishing campaign. Emails in this campaign reached users in a variety of sectors and arrived in environments protected by several different secure email gateways (SEGs).
  8. Malware author made $2 million after infecting 222,000 Windows systems – The Record by Recorded Future – The malware known as “Crackonosh”, which gained recent notoriety for infecting highly popular games, has reportedly infected over 222,000 computers since 2018 and “earned” over $2 million to its author(s).
  9. Pakistan-linked hackers targeted Indian power company with ReverseRat – A threat actor has been spotted targeting government and energy organizations in the South and Central Asia regions since at least January 2021 in spear-phishing attacks designed to infect targeted Windows systems with the “ReverseRAT” .NET backdoor and steal sensitive data.
  10. Malware blamed for remotely wiping WD My Book Live users’ disks – Hard disk maker Western Digital said Thursday that some users of its My Book Live cloud storage devices were suddenly losing all their data due to “malicious software” and recommended all users disconnect the devices from the internet.
  11. NFC Flaws Let Researchers Hack ATMs by Waving a Phone – Flaws in card reader technology let a security firm consultant wreak havoc with point-of-sale systems and more.
  12. LinkedIn breach reportedly exposes data of 92% of users – 9to5Mac – A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web. Not as much a breach, more of a collection of things scraped contrary to the TOS per LinkedIn.
  13. Fix for PrintNightmare CVE-2021-1675 exploit to keep your Print Servers running while a patch is not available – The exploit works by dropping a DLL in a subdirectory under C:\Windows\System32\spool\drivers
    By restricting the ACLs on this directory (and subdirectories) we can prevent malicious DLLs to be introduced by the print spooler service.

  14. $6 Billion NCR Opens Bitcoin Purchases To 650 Banks And Credit Unions – 650 U.S. banks will soon be able to offer bitcoin purchases to an estimated 24 million total customers. As part of the deal between enterprise payments giant NCR and digital-asset management firm NYDIG, community banks, including North Carolina-based First Citizens Bank, and credit unions, including Bay Federal Credit Union in California, will be able to offer their clients cryptocurrency trading through mobile applications built by the payments provider.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Ignorance is Bliss… for Hackers – Agree? – “To deal with today’s evolving threats, it is imperative that we break this cycle. Relying on a single vendor for both infrastructure and security is not good for your business. We need to start making the hacker’s job harder and not easier. We can do this by employing best-of-breed security practices at all segments of the infrastructure via security products and services that are independent of the underlying infrastructure.”
  2. A hacker is selling 700 million LinkedIn users accounts
  3. Industrial facilities progressively at risk of data theft and ransomware attacks – Help Net Security
  4. Netgear Authentication Bypass Allows Router Takeover – Wow: “We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”). For example: hxxps://10[.]0[.]138/WAN_wan.htm?pic.gif. This is a complete and fully reliable authentication bypass.”
  5. Why MTTR is Bad for SecOps
  6. 3 Things Every CISO Wishes You Understood
  7. The KonMari Method for Your Digital Footprint
  8. PrintNightmare, the zero-day hole in Windows – here’s what to do – I feel like this is not the first Print Spooler vulnerability in Windows: “It seems that the newly-disclosed Print Spooler bug discovered the Sangfor researchers wasn’t actually the same security hole that was fixed on Patch Tuesday. In short, the Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit.” – Oh right, the 2010 print spooler bug compliments of Stuxnet…
  9. Zero day for every supported Windows OS version in the wild?—?PrintNightmare
  10. 11 Actions Everyone can Do to Improve Their Cloud Native Security Posture – Good article, lots of links to tools (some of which I’ve used and work really well). However, I have a different definition of cloud-native…
  11. Vulnerability Found in Industrial Remote Access Product From Claroty
  12. NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
  13. Microsoft warns of serious vulnerabilities in Netgear’s DGN2200v1 router
  14. 10 competitors Cisco just can’t kill off
  15. Who can match the US as a cyber superpower? No one
  16. Hackers are Targeting Cisco ASA device, After the POC Code was Published Online by Researcher. – CyberWorkx – “As the researcher has released the POC code for the XSS vulnerability(CVE-2020-3580), it has gained significant attention in the infosec community. Tenable has informed that cisco has not released any official updates for the POC published and the only solution to fix this issue is to prioritize the patching for the CVE-2020-3580” – To publish the PoC or not to publish si the question?
  17. Exclusive: Hacker reveals smart meters are spilling secrets about the Texas snowstorm
  18. SonicWall ‘Botches’ October Patch for VPN Bug
  19. Microsoft signed a malicious Netfilter rootkit – “The company said that the threat actor’s goal is to cheat gaming systems: “To use the driver to spoof their geo-location to cheat the system and play from anywhere,” according to Microsoft’s advisory. “The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.”” – If the goal was to cheat games, what could even more evil attackers do and what will they try to get drivers signed?
  20. NFC Flaws Let Researchers Hack ATMs by Waving a Phone – “Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash—though that “jackpotting” hack only works in combination with additional bugs he says he’s found in the ATMs’ software”
  21. How to convince your boss that cybersecurity includes Active Directory – ” Here’s the punchline: Everything relies on Active Directory. To get your boss to care, start with a discussion about operations and which parts are business critical. Have a business-level discussion, with you keeping score at a technical level. For example, when your boss says “Development needs to be running 100 percent of the time,” you work backward through all the systems, applications, and endpoints that need AD to function.”
  22. Vuls · Agentless Vulnerability Scanner for Linux/FreeBSD
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security