psw708

Paul’s Security Weekly Episode #708 – August 26, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Working with OpenVAS – 06:00 PM-06:45 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: Lesley Carhart, David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code.

Technical segment slides, including all commands to compile OpenVAS on Ubuntu 20.04:

https://securityweekly.com/wp-content/uploads/2021/08/OpenVas-TechSegment-Aug2021.pdf

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. Trends in Mac Malware & Apple Security – 07:00 PM-07:45 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

Description

Apple’s new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well.
In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis.

Guest(s)

Patrick Wardle

Patrick Wardle – Creator at Objective-See

@patrickwardle

Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. Security News – 08:00 PM-09:30 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Segment description coming soon!

Hosts

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. Iran prison abuse exposed by hackers’ CCTV leak
  2. 4 Steps Organizations Can Take to Increase Diversity in Cybersecurity
  3. T-mobile hacker: Their security is awful
  4. Razer Mouse Grants Windows Admin Privileges
  5. Reversing SMART Health Cards
  6. Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain – IoT Inspector
  7. Botnet targets hundreds of thousands of devices using Realtek SDK
  8. Eavesdropping By LED
  9. Field Notice: FN – 63697 – Protective Boot on Certain Network Cables Might Push the Mode Button and Cause an Unexpected Reset on the 48-Port Models of Cisco Catalyst 3650 and 3850 Series Switches – Workaround Provided
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. Linux turns 30: ?Linus Torvalds on his “just a hobby” operating system – In 1991, Unix was an important but secondary x86 operating system. That year, on August 25, a mild-mannered Finnish graduate student named Linus Benedict Torvalds announced on the Usenet group comp.os.minix that he was working on “a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones.” No one knew it, not even Torvalds, but the technology was going to change forever.
  2. Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported – Earlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that they are aware of. For perspective on how large this attack was: Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of their Q2 average rps rate of legitimate HTTP traffic.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents – Krebs on Security – Interesting: “Mark Rasch, a former prosecutor with the U.S. Justice Department, said the plaintiff is claiming the parents are liable because he gave them notice of a crime committed by their kids and they failed to respond. “A lot of these crimes are being committed by juveniles, and we don’t have a good juvenile justice system that’s well designed to both civilly and criminally go after kids,” Rasch said.”
  2. Linux Attackers Take Advantage of Unpatched Vulnerabilities – ““The answer to the question of why so many systems are still running end-of-life versions of Linux distributions is patching, misconfigurations and software-defined infrastructure,” explained Aaron Ansari, vice president of cloud security at Trend Micro. “People start out with outdated images, or misconfigure them or never patch them due to inability or fear of breaking the custom app.””
  3. Cybercriminals Inducing Insiders to Plant Malware – Is training and awareness enough? – “The takeaway here is that companies should expect to see more of these types of pitches, both cold and warm, via email and other communication mediums. Why? Because they are effective, even if the batting average is below .200. The cost for cybercriminals to engage is low, and every success produces an attractive ROI. Provide your employees with triage training and a path to report when that proverbial knock sounds at their door.”
  4. Firmware: Beyond Securing the Software Stack – I’d say this must be part of your vulnerability and patch management programs today. Malware already exists that exploits firmware, so, there’s that.
  5. CERIAS – Center for Education and Research in Information Assurance and Security
  6. F5 Bug Could Lead to Complete System Takeover
  7. From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits – The Citizen Lab
  8. Google, Amazon, Microsoft unveil massive cybersecurity initiatives after White House meeting
  9. How Data Brokers Sell Access to the Backbone of the Internet – But the data can be used for good too! – “”Thanks to Team Cymru for providing access to their Pure Signal Recon product. Their tool’s ability to show Internet traffic telemetry from the past three months provided the breakthrough we needed to identify the initial victim from Candiru’s infrastructure,” the report reads. ” – This is netflow data…
  10. Security and compliance still a challenge for container architectures – Help Net Security
  11. How do I select an automated red teaming solution for my business? – Help Net Security
  12. Details Disclosed for Zoom Exploit That Earned Researchers $200,000
  13. New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
  14. Top 10 Things You Must Do to Avoid Getting Hacked – Not a bad list, one that I would use to have a conversation with users and/or develop a security policy. Multi-factor, password vault, keep software updated, use something other than SMS for 2nd factor, don’t install random crap software from the Internet (and browser extensions too).
  15. IoT devices are insecure by default
  16. HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting – Stored XSS in a printer, could be an interesting sleeper attack? Not sure what else you could get other than the creds to the printer, if they have any to begin with…
  17. Watch as hackers disrupt Iran’s prison computers; leak live footage
  18. Get a Free SSL Certificate From AWS
  19. Will Low-Code Development Lead to Security Problems and Data Breaches?
  20. Vulnerability allowed hackers to tamper medication in infusion pump – No details, but an interesting video: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/overmedicated-breaking-the-security-barrier-of-a-globally-deployed-infusion-pump/ – Looks like how some of the AV gear is configured, as there is not authentication (or easily bypassed) and you can interact with the device and send commands, causing the device to behave differently in the real-world.
  21. AWS privilege escalation: exploring odd features of the Trust Policy
  22. How Threat Detection is Evolving
  23. People shouldn’t care about privacy – The use-cases for fully homomorphic encryption are interesting, but also the limiting factor as many different data types and processes will actually need to read your data, therefore you should still care about privacy: “Preventive Medicine: Imagine knowing in advance what you need to do to stay healthy throughout your life. This is increasingly possible with AI but requires sharing all your health data — everything from your DNA to your medical history to your lifestyle habits. With FHE, you could send all of this data in encrypted form, and the AI would respond with encrypted health recommendations that you alone could see. Facial Recognition: From science fiction to the palm of your hand, facial recognition is now a part of our everyday experience. We use facial recognition to enter buildings, to unlock our phones, to tag people in pictures, and soon, to log in to websites everywhere. This, however, requires your biometric fingerprint to be on file, which, in the wrong hands, can be used to impersonate you. With FHE, you could authenticate yourself securely, without anybody being able to steal this biometric data. Voice Assistants: Every time you or someone in your family speaks to Siri, Alexa, or Google Assistant, personal information is sent to the companies behind them. With FHE, your voice query would be sent encrypted to your AI assistant, and they could respond without actually knowing what you asked! This means you would no longer have to worry about your family’s data being misused or stolen. It would no longer matter if you had microphones in the most sensitive places in your home because nobody would be able to listen to what you say.”
  24. Microsoft Breaks Silence on Barrage of ProxyShell Attacks
  25. New variant of PRISM Backdoor ‘WaterDrop’ targets Linux systems – “The threat actor behind this variant has managed to maintain a zero or almost-zero detection score in VirusTotal for its samples and domains. This is most likely due to their campaigns being fairly small in size. The waterdropx[.]com domain was registered to the current owner on August 18, 2017, and as of August 10, 2021, it was still online,” – https://cybersecurity.att.com/blogs/labs-research/prism-attacks-fly-under-the-radar – “We have conducted further investigation of the samples and discovered that several campaigns using these malicious executables have managed to remain active and under the radar for more than 3.5 years. The oldest samples Alien Labs can attribute to one of the actors date from the 8th of November, 2017.” – It’s HTTP and it’s using a specific User-Agent, I would think this could be easily detected…
  26. Phishing campaign uses UPS.com XSS vuln to distribute malware
  27. 1Password Secret Retrieval?—?Methodology and Implementation – IN-depth technical article that details what was tried and what worked to accomplish this: “This .NET application is built on the same version of the CLR (4.7.2) the latest 1Password binary uses at the time of upload (8/13/21). This binary gets function pointers to various critical functions responsible for decrypting secrets within the 1Password SQLite database and waits until the 1Password application is unlocked by the user. Once unlocked, it writes the results as a JSON array to C:\Users\Public\1Password.log for you to view and parse.” (https://github.com/djhohnstein/1PasswordSuite)
  28. Razer bug lets you become a Windows 10 admin by plugging in a mouse – “When the Razer Synapse software is installed, the setup wizard allows you to specify the folder where you wish to install it. The ability to select your installation folder is where everything goes wrong. When you change the location of your folder, a ‘Choose a Folder’ dialog will appear. If you press Shift and right-click on the dialog, you will be prompted to open ‘Open PowerShell window here,’ which will open a PowerShell prompt in the folder shown in the dialog.” – I also saw on Twitter a theory that you could do this with any programmable USB device, like a rubber ducky… (https://twitter.com/Serianox_/status/1429355333756071937)
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security