psw705

Paul’s Security Weekly Episode #705 – August 05, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. RF Village at DefCon – 06:00 PM-07:00 PM

Announcements

  • SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!

Description

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag games to promote learning.

Segment Resources:

https://rfhackers.com/ info@rfhackers.com
https://discordapp.com/invite/JjPQhKy
https://rfhackers.com/blog

Guest(s)

Rick Farina

Rick Farina – Board Member at RF Hackers Sanctuary

@zero_chaosx

After an unsuccessful adult film career under the pseudonym “Chubby Cox”, Zero has settled comfortably into his backup career of Wireless Security. Specializing in Wifi security, he has also branched out into bluetooth, radio, and sdr. Currently, he is working on the best Linux distro to ever grace the face of the earth, Pentoo. This bio is entirely unbiased.

Rick Mellendick

Rick Mellendick – Board Member at RF Hackers Sanctuary

@rmellendick

Rick is the Chief Security Officer for PI Achievers by day, a process improvement and security firm, and an RF Hacker by night. Rick specializes in designing and assessing networks using offensive techniques to assist in securing client networks. He is a subject matter expert in computer network operations, Radio Frequency (RF) offense and defense, and building large scale security programs. Rick has completed over 500 vulnerability assessments and penetrations tests, specializing in the radio frequency spectrum.

Hosts

BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. The Stakes Are Raised When Protecting the Foundation of Computing – 07:00 PM-08:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

With Eclypsium researchers’ discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late.

Segment Resources:
https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!

Guest(s)

Scott Scheferman

Scott Scheferman – Principal Cyber Strategist at Eclypsium

@transhackerism

Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. ‘Master Faces’, Ship Hijacked, Windows Container Escape, & DNS Loopholes – 08:00 PM-09:30 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency!

Hosts

BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. assless-chaps
  2. Dominic White on Twitter
  3. ‘Master Faces’ That Can Bypass Over 40% Of Facial ID Authentication Systems
  4. Mysterious “Potential Hijack” Of Commercial Ship Ongoing In The Gulf Of Oman (Updated)
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. New Android Malware Uses VNC to Spy and Steal Passwords from Victims – A previously undocumented Android-based RAT has been found to use VNC screen and keystroke recording features to steal sensitive information on the device.
  2. Chipotle’s Email Marketing Account Hacked to Spread Malware – A new phishing campaign exploiting a compromised Chipolte Mailgun mailing service account was discovered in mid-July. In Of the 121 phishing emails detected, two were vishing attacks (fake voicemail notifications with malware attachments), 14 impersonated the USAA Bank, and 105 impersonated Microsoft.
  3. PwnedPiper critical bug set impacts major hospitals in North America – Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively dubbed “PwnedPiper,” that could be exploited by unauthenticated attackers to take complete control over some Internet-connected TransLogic PTS stations and ultimately take control over a targeted hospital’s entire PTS network.
  4. LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains – A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies.
  5. SafeWA – Application Audit – An audit report regarding Western Australia’s SafeWA COVID-19 contact tracing app reveals that police accessed the app’s data and that the app itself contained security flaws. In the report, the Auditor-General of Western Australia expressed concern that the personal data the app collected were used for purposes other than contact tracing. Western Australia released the SafeWA app in November 2020.
  6. The Lazio Region vaccine portal is held hostage by hackers – Lazio Italy’s regional government was forced to take down its COVID-19 shot-booking system after it was hit by a possible ransomware attack during which attackers targeted its database
  7. Over 100 warship locations have been faked in one year – Abuses of location technology might just result in hot political disputes. According to Wired, SkyWatch and Global Fishing Watch theyound the fakes by comparing uses of the automatic identification system (AIS, a GPS-based system to help prevent collisions) with verifiable position data by using an identifying pattern.
  8. Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors – Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The issues could be exploited by attackers to perform remote code execution; conduct denial-of-service attacks, TCP spoofing, DNS cache poisoning; and to leak information.
  9. Stop ignoring this iPhone warning – Have you seen the prompt on your iPhone to update to iOS 14.7.1, but you’ve been putting it off? After all, it doesn’t seem like there’s much to it… Hint -it’s a big deal.
  10. Reindeer leaked the sensitive data of more than 300,000 people – WizCase’s ethical cyber researchers discovered a misconfigured Amazon S3 bucket belonging to Reindeer containing over 50,000 files and totaling 32GB of data. The Reindeer Company is a defunct American advertising company.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. July Firmware Threat Report – Eclypsium
  2. Why Would Someone Hack My Website? – Basically: Because it’s there…
  3. A NSA Guidance Explains How to Secure Your Wireless Devices? – Actually some pretty decent tips
  4. The hostel WiFi vigilante – This is like the easy button for ARP poisoning: http://arcai.com/what-is-netcut/. The solution? perhaps: “So, wrote a script to scrape ARP table repeatedly, found duplicate entries for IP addresses, New duplicate ARP entries in subsequent scrapes are attackers, since original entry is the victim device’s ARP entry. Found original MAC addresses for attackers from the duplicate ARP entries, ARP poisoned the attackers themselves.”
  5. Let’s understand Cryptography – This is a much better article on crypto.
  6. Research Shows How a Remote Print Server Leads to Windows Admin Privileges
  7. Productivity tools for H@xors – Some neat tips, in fact I am testing out this one: https://github.com/laurent22/joplin as it allows for note taking, copy/paste images and even has a vim mode. I also thought it was a neat trick to switch your caps lock key for the escape key.
  8. ‘I’m Calling About Your Car Warranty’, aka PII Hijinx – This is a really interesting concept, and glad to see the research will be continued: “Researchers created 300 fake identities, signing them up on 185 legitimate websites ranging from Target to Fox News, with each identity used on a single website. Then they tracked how many email messages, phone calls, text messages and other responses were received based on the personally identifiable information (PII) used to register.”
  9. A brief history of cryptography – This article was not what it claimed to be. I suggest that the author, and anyone else looking to write articles such as this, to confide in someone in the community as a reviewer/editor first. We are happy to help.
  10. How I Monitor Active SSH Sessions With Prometheus And Grafana – I need to look into this one more. So Prometheus is a time-series DB for monitoring (https://prometheus.io/) and Grafana (https://grafana.com/) allows you to “Query, visualize, alert on, and understand your data no matter where it’s stored.”.
  11. Nothing is Unhackable – Agree or Disagree? “Nothing is unhackable. It is extremely important for everyone to understand that nothing is unhackable. The more complicated the device, and the more complicated the software, or the more open it is to interaction with other applications, or research by security researchers or hackers, the more likely it is that you have created an additional attack surface. Playing offense is easy, because all you need to do is find a vulnerability. And playing defense is hard, because you need to defend yourself on all fronts, all the time.”
  12. Microsoft Patched the Issue That Enabled a Windows Container Escape – “…users should follow Microsoft’s guidance recommending not to use Windows containers as a security feature. Microsoft recommends using strictly Hyper-V containers for anything that relies on containerization as a security boundary. Any process running in Windows Server containers should be assumed to have the same privileges as admin on the host, which in this case is the Kubernetes node. ” – So can you run a container inside Kubernetes and then run Kubernetes inside Hyper-V?
  13. Cisco Patches Critical Vulnerability in Small Business VPN Routers – 1) Its often the web interface 2) Its never supposed to be exposed to the Internet 3) scans always show that people have exposed it to the Internet 4) its always specially crafted requests that lead to RCE or DoS, hence this: “To exploit the bug, a remote, unauthenticated attacker has to send specially crafted HTTP requests to an affected device, which could allow them to execute arbitrary code or cause a denial of service (DoS) condition. “[T]he web management interface is locally accessible by default and cannot be disabled, but is not enabled for remote management by default. However, based on queries via BinaryEdge, we’ve confirmed there are at least 8,850 remotely accessible devices,” “
  14. Cobalt Strike Bugs Found in the Latest Versions of the Cobalt Strike’s Server. – Handy, so a good tool used by bad people has a vulnerability that good people can use against the bad people using the good tool: “They discovered that a user is able to register fake beacons with the server of a particular Cobalt Strike installation and that by sending fake tasks to the server, can crash it by exhausting the available memory.”
  15. Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain – “What we found was that registering certain “special” domains, specifically the name of the name server itself, has unexpected consequences on all other customers using the name server. It breaks the isolation between tenants. We successfully registered one type of special domain, but we suspect there are many others.”
  16. Scientist Invents Toilet That Turns Human Feces Into Cryptocurrency – Just for the LOLs
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security