psw729

Paul’s Security Weekly Episode #729 – February 23, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Elite Hackers, HerpaDerps, Unskilled Hackers, & CyberWarfare – 06:00 PM-07:00 PM

Announcements

  • We have a couple webcasts coming up soon. First, join us March 2nd to learn five things you can do to catch more bad guys! Live attendees will have the chance to win a $100 gift card to Hacker Warehouse. Then join us March 10th for an intro to KQL queries! To register for these webcasts visit https://securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.

Description

In the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more!

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. PyPI XMLRPC Search Disabled
  2. New Sandworm malware Cyclops Blink replaces VPNFilter
  3. Bionic Eyes Go Dark
  4. SP 800-219 (Draft), Automated Secure Configuration Guidance from the mSCP
  5. Herpaderping: Security risk or unintended behavior?
  6. The Elite Hackers of the FSB
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

  1. New Sandworm Malware Cyclops Blink Replaces VPNFilter – The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and network-attached storage devices.
  2. Expeditors shuts down global operations after likely ransomware attack – Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyber attack over the weekend that forced the organization forcing it to shut down the majority of its worldwide operations.

    Downtime notice: https://www.expeditors.com/022022-downtime-notification

  3. CISA Launches New Catalog of Free Public and Private Sector Cybersecurity Services – CISA has published a catalog of free public and private sector cybersecurity services. The Free Cybersecurity Services and Tools webpage “includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.” CISA plans to include additional tools and services in the future.

    Services and tools page: https://www.cisa.gov/free-cybersecurity-services-and-tools

  4. CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations – The CISA has issued new guidance to critical infrastructure organizations about how to adequately prepare for and address foreign influence operations that use misinformation, disinformation, and malinformation (MDM) as well as other tactics in order to undermine the security of the U.S. and its allies.

    CISA Guidance: https://www.cisa.gov/sites/default/files/publications/cisa_insight_mitigating_foreign_influence_508.pdf

  5. Port of LA’s new Cyber Resilience Center aims to bolster physical and digital supply chain defenses – The Port of Los Angeles has reportedly established a new “Cyber Resilience Center” that will create an automated, portwide “community cyber defense solution” intended to combat increasing threats to the physical and digital supply chains. According to reports, the center will include some 20 stakeholders that include terminal operators, shipping lines, and truck and rail freight companies.
  6. FBI: Cybercriminals Using Virtual Meeting Platforms to Wage BEC Attacks – The FBI warned today that some business email compromise (BEC) scammers have moved their attack vectors to virtual meeting platforms, where they dupe employees into transferring money to them by posing as the CEO or CFO of the victim organization.
  7. Unskilled hacker linked to years of attacks on aviation, transport sectors – A low-skilled hacking group tracked as “TA2541” that is believed to be operating out of Nigeria has been targeting firms operating in the aviation, aerospace, defense industries, transportation, and manufacturing sectors since 2017 leveraging off-the-shelf malware that is delivered via malicious Word documents.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. The Rise and Fall of log4shellThe Rise and Fall of log4shell, Author: Johannes UllrichSANS Internet Storm Centerisc, sans, internet, security, threat, worm, virus, phishing, hacking, vulnerability
  2. This Is the ‘Hacking’ Investigation Into Journalist Who Clicked ‘View Source’ on Government Website
  3. Ubuntu addresses Linux kernel vulnerabilities
  4. Samsung shipped ‘100m’ Android phones with flawed encryption
  5. New Sandworm Malware Cyclops Blink Replaces VPNFilter
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Blame Stuxnet – 07:00 PM-07:45 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

Chris will tell the tale on how an electrical engineer got sucked backwards into the infosec abyss. Also, Chris will share some war stories about what he’s seen…and be open to questions from Paul that his viewers will enjoy. Beware of dad jokes.

Segment Resources:

Presentations: https://www.slideshare.net/chrissistrunk

Guest(s)

Chris Sistrunk

Chris Sistrunk – Technical Manager, ICS/OT at Mandiant

@chrissistrunk

Chris Sistrunk is Technical Manager on the ICS/OT Security Consulting team at Mandiant and has been focusing on helping protect critical infrastructure there for 8 years. Before Mandiant, Sistrunk was a Senior Engineer at Entergy where he was a subject matter expert for Transmission & Distribution SCADA systems. Sistrunk was awarded Energy Sector Security Professional of the Year in 2014. He is a Senior Member of the IEEE and is a registered Professional Engineer in Louisiana. He founded BSidesJackson. He holds BS Electrical Engineering and MS Engineering & Technology Management degrees from Louisiana Tech University.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. CISA Stories – 08:30 PM-09:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Josh Corman joins to describe, in vivid detail, some of his experiences working for CISA, as a fed, & from the frontlines.

Additional resources:

https://www.cisa.gov/sites/default/files/publications/CISA_Insight_Provide_Medical_Care_Sep2021.pdf

https://www.cdc.gov/mmwr/volumes/70/wr/mm7046a5.htm?s_cid=mm7046a5_w

https://www.cisa.gov/BadPractices

https://www.cisa.gov/publication/stuff-off-search

https://www.cisa.gov/sites/default/files/publications/Assets_Showing_Overview_508c.pdf

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://www.youtube.com/watch?v=F-uh-lx_KKU&t=6s

Guest(s)

Josh Corman

Josh Corman – Founder, I am The Cavalry / recently Chief Strategist for the CISA COVID Task Force at I am The Cavalry

@joshcorman

Joshua Corman is a Founder of I am The Cavalry (dot org), and recently served as Chief Strategist for the CISA COVID Task Force. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon’s Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element