psw702

Paul’s Security Weekly Episode #702 – July 15, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The BIOS Disconnect – 06:00 PM-06:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices.

Segment Resources:
https://eclypsium.com/2021/06/24/biosdisconnect/
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Guest(s)

Scott Scheferman

Scott Scheferman – Principal Strategist at Eclypsium

@transhackerism

Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. The Journey from Network Security Engineer to Podcast Host – 07:00 PM-07:45 PM

Announcements

Description

In this segment of Paul’s Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast.

Segment Resources:
https://darknetdiaries.com/

Guest(s)

Jack Rhysider

Jack Rhysider – Podcaster at Darknet Diaries

@darknetdiaries

Worked as a network security engineer for 10 years for a MSSP. Admin of firewalls, IPS units, SIEMs.
Got burnt out, loved podcasts, wanted to hear a podcast about hacker stories. Started the podcast Darknet Diaries. Quit job 6 months later, focused on podcast full time. Now podcast make a full time income.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

3. Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption – 08:00 PM-09:30 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021!

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Trickbot Malware Returns with a new VNC Module to Spy on its Victims – Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware. Trickbot is using the updated tvncDLL module to monitor and collect intelligence on selected high-profile targets.
  2. Kaseya patches VSA vulnerabilities used in REvil ransomware attack – Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Network and functionality changes as well.
  3. Kaseya claims SaaS restoration going swimmingly
  4. New Trojan malware steals millions of login credentials – Cybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.
  5. Morgan Stanley discloses data breach after the hack of a third-party vendor – Morgan Stanley has disclosed it suffered a data breach in March 2021, after an Accellion FTA server belonging to third-party vendor GuideHouse was compromised, resulting in attackers accessing data belonging to Morgan Stanley stock plan participants.
  6. Hackers accessed Mint Mobile subscribers’ data and ported some numbers – Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.
  7. China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks – Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322.
  8. Cl0p ransomware gang leaks sensitive data from 6 US universites – In a recent update, the infamous Cl0p ransomware group claimed to gain access to financial documents and passport information that allegedly belonged to students and staff from six top universities in the United States.
  9. US charges close to 500 individuals for COVID-19 fraud, criminal activity – The US Department of Justice (DoJ) has charged 474 individuals for participating in COVID-19 scams and fraudulent activity.
  10. Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems – Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
  11. Quantum computers are coming. Get ready for them to change everything – Save-On-Foods has become an unlikely pioneer, using quantum technology to improve the management of in-store logistics. In collaboration with quantum computing company D-Wave, Save-On-Foods is using a new type of computing, which is based on the downright weird behaviour of matter at the quantum level.
  12. Two cyber insurance industry initiatives grapple with rise of ransomware – CyberScoop – Seven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry.
  13. Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds – CyberScoop – An audit of the cybersecurity of the U.S. Department of Defense’s (DoD) “Additive Manufacturing (AM) Systems” conducted by the DoD’s Office of Inspector General (OIG) has revealed that the office handling the U.S. military’s 3D printing left defense technology designs vulnerable to theft by attackers.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Microsoft just blew up the only reason you can’t use a Linux desktop – This is the year of the Linux desktop! Or maybe next year…
  2. Bug bounties: Here’s how much Microsoft paid out to security researchers last year – The math is interesting: “Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs. The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards from the previous year. ” If MS were to hire researchers, they’d fall short of 341 FTEs for that price…
  3. Amazon rolls out encryption for Ring doorbells – “This is done with Amazon’s Video End-to-End Encryption (E2EE). If you decide to install this optional privacy feature, you’ll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair. In English, the foundation is pretty darn secure.”
  4. Review of dnsx – a multi-purpose DNS toolkit – Latest Hacking News
  5. White House Announces Ransomware Task Force – “The White House is also taking into account the possibility of new partnerships with cybersecurity providers and critical infrastructure companies so that businesses and the government can share information about ransomware attacks faster.” – There seems to be more focus on information sharing than prevention and disruption, which is sad.
  6. For years, a backdoor in popular KiwiSDR product gave root to project developer – ” A few lines of code allow the developer to remotely access any device by entering its URL in a browser and appending a password to the end of the address. From there, the person using the backdoor can make configuration changes not only to the radio device but, by default, also to the underlying computing device it runs on. “
  7. 10 Mistakes Companies Make In Their Ransomware Responses
  8. Stop Huffing About Cyber Retaliation
  9. Absolute funniest quotes about cyber security & tech in 2021 – “I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions….” —Brian Krebs
  10. How I Would Hack You and Attack You
  11. Google: four zero-day flaws have been exploited in the wild
  12. 5 Security Pillars Required For All AWS Cloud Deployments
  13. The Code Red worm 20 years on – what have we learned? – “In the Code Red days, […] if you could find a stack buffer overflow, it was often very, very little work, maybe half an afternoon’s work, to weaponise it, to use the paramilitary terminology that cybersecurity seems to like, and turn it into a workable exploit that could basically break in on any similar Windows sytem.”
  14. US government launches plans to cut cybercriminals off from cryptocurrency – CyberScoop
  15. iOS zero-day let SolarWinds hackers compromise fully updated iPhones
  16. Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
  17. Microsoft fixes Windows Hello authentication bypass vulnerability
  18. Cube0x0 on Twitter
  19. BIOPASS RAT New Malware Sniffs Victims via Live Streaming