psw735

Paul’s Security Weekly Episode #735 – April 06, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Identity Security Challenges – Active Directory, Azure AD, & Okta Oh My! – 06:00 PM-06:45 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence.

Guest(s)

Sean Metcalf

Sean Metcalf – Founder & CTO at Trimarc

@PyroTek3

Sean Metcalf is founder and CTO at Trimarc (TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) Active Directory certification, is a Microsoft MVP, and has presented on Active Directory, Azure AD, & Microsoft Cloud attack and defense at security conferences such as Black Hat, BSides, DEF CON, and DerbyCon.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Hacking Kubernetes – 07:00 PM-07:45 PM

Announcements

  • Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!

Description

Jay comes on the show to talk about container and Kubernetes architecture and security (or lack thereof).

Segment Resources:

Peirates, a Kubernetes penetration testing tool:
https://www.inguardians.com/peirates/

Free Kubernetes workshops:
https://inguardians.com/kubernetes/

DEF CON Kubernetes CTF
https://containersecurityctf.com/

Jay’s Black Hat Kubernetes Attack and Defense Training
https://www.blackhat.com/us-22/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-containers-26473

Guest(s)

Jay Beale

Jay Beale – CEO at InGuardians

@jaybeale

Jay Beale (@jaybeale) works on Kubernetes and cloud native security, both as a professional threat actor and in his open source work. He’s the architect of the Peirates attack tool for Kubernetes & the @Bustakube CTF cluster. He created Bastille Linux and the CIS Linux scoring tool, used by hundreds of thousands. Since 2000, he has led training classes on Linux & Kubernetes security at the Black Hat, RSA, CanSecWest and IDG confs. An author and speaker, Beale has contributed to nine books, two columns and over 100 public talks. He is a co-founder and CEO of the infosec consulting company InGuardians.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Teen Hackers, WTF Apple, Finding iPhones, & Getting Wise to Wyze – 08:00 PM-09:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Join us April 14th to learn how to monitor your wifi network for attacks with Nzyme, a free and open source wireless intrusion detection system, with Lennart Koopmann, hosted by Larry Pesce and Paul Asadoorian. Then, join Alan Stacilauskas and hosts Tyler Robinson and Paul Asadoorian on April 21st to learn how to gain visibility into your enterprise with SYSMON. Finally, join Paul Asadoorian and Rich Mogull on May 4th to learn how to choose the right architecture for your application. Live attendees at all of these webcasts will have the chance to win a $100 Hacker Warehouse gift card! Register at securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Description

In the Security News for this week: Ransomware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iPhone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, ranking endpoint detection, & more!

Hosts

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems – “Nordex did not disclose technical details of the cyberattack, but the fact that it was forced to shut down part of its IT infrastructure suggests that it felt victim to a ransomware attack.”
  2. Electric Vehicle Chargers Hacked to Show Porn – Gives a whole new meaning to a supply chain attack: “We are saddened to learn that a third-party web address displayed on our electric vehicle (EV) signage appears to have been hacked.”
  3. Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware – The Citizen Lab
  4. GitHub Advanced Security: Introducing security overview beta and general availability of secret scanning for private repositories – Nice: “Expanded secret scanning’s pattern coverage to cover tokens from more than 35 partners, Added an API and webhooks for secret scanning alerts, Started sending notifications to commit authors (as well as admins) when they commit secrets”
  5. Hackers have found a clever new way to steal your Microsoft 365 credentials
  6. Cash App notifies 8.2 million US customers about data breach
  7. Establishment of the Bureau of Cyberspace and Digital Policy – United States Department of State – “The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom.”
  8. Ukrainians use ‘Find My iPhone’ to see where Russians took their stolen Apple devices – “Thefts include technology, allowing Ukrainians to use Apple’s ‘Find My iPhone’ feature to track troop movements. “Ukrainians are locating their devices on the territory of the Homiel region, Belarus, where part of the Russian army retreated” – You’d think that tech stolen by Russian troops would go into RF shielding bags/cases, but no, they are being tracked (thankfully).
  9. Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina – The Mac Security Blog – This is why I run Linux (and no, not because it does not have vulnerabilities, but at least MOST security issues are out in the open and at least there if you look for them).
  10. Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition – Interesting to see the results, Microsoft coming in at #6 especially.
  11. Vulnerabilities Identified in Wyze Cam IoT Device – It seems like the authentication bypass has not yet been fixed, but the other two issues were addressed. But get this, Wyze did a terrible job handling the disclosure. Also, Bitdefender was generous and gave them like 18 months before they published. This is one hot mess for sure.
  12. I’m done with Wyze
  13. A Former Teen Hacker Explains Why It’s So Hard to Stop Teen Hackers – Actually, he (Marcus Hutchins who is interviewed for this article) doesn’t explain it at all but does provide some insights.
  14. Critical GitLab vulnerability lets attackers take over accounts
  15. Cybercriminals Fighting Over Cloud Workloads for Cryptomining
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element