psw738

Paul’s Security Weekly Episode #738 – April 27, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Security Blind Spots: Are You Protected? – 06:00 PM-06:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/perceptionpoint for more information!

Announcements

  • Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!

Description

The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed.

In this session we’ll discuss:
Cyber attack trends in the collaboration channel ecosystem
The (yet) unsolved challenges of email security – the main channel of targeted attacks
The rising threat of cloud collaboration and the growing risk of content-borne attacks
…And we will walk three use cases, their challenges and their deployments.

Segment Resources:
Request a demo and get a FREE coffee on us: https://hubs.la/Q0156lpK0

This segment is sponsored by Perception Point.

Visit https://securityweekly.com/perceptionpoint to learn more about them!

Guest(s)

Michael Aminov

Michael Aminov – Founder & Chief Architect at Perception Point

@xmxmichael

Michael Aminov works with the Product, Marketing, and Sales teams to bring exceptional value to Perception Point’s customers. He aims to position Perception Point as the top solution for protecting digital communication channels. Michael was formerly the Chief Architect of CyActive, acquired by Paypal, and is a veteran of the Intelligence Corps of the IDF. Michael has spent the last 15 years in the cybersecurity industry and holds a BA in Computer Science from Ben-Gurion University of the Negev.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Cryptography Collecting & Japanese Typewriters – 07:00 PM-07:45 PM

Announcements

  • Join Paul Asadoorian and Rich Mogull on May 4th to learn how to choose the right architecture for your application. Live attendees at this webcast will have the chance to win a $100 Hacker Warehouse gift card! Register at securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Description

Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, joins to discuss his cryptography collection, service for the US Army & Government, Antique Typewriters, & more!

Guest(s)

Marcus Sachs

Marcus Sachs – Deputy Director for Research at McCrary Institute for Cyber and Critical Infrastructure Security, Auburn University

@marcussachs

Marcus (Marc) Sachs is the Deputy Director for Research at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. He also serves as the Chief Security Officer of Pattern Computer. He is a retired US Army Officer and was a White House appointee in the George W. Bush administration. His private sector experience includes serving as the Deputy Director of SRI International’s Computer Science laboratory, as the Vice President for National Security Policy at Verizon Communications, and as the Senior Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC) where he directed the Electricity Information Sharing and Analysis Center (E-ISAC). He was also the Director of the SANS Internet Storm Center and has co-authored several books on information security. He holds degrees in civil engineering, computer science and technology commercialization, and is an avid collector of mechanical cipher equipment.

Hosts

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

LeeNeely

Lee Neely

@lelandneely

Information Assurance APL at Lawrence Livermore National Laboratory

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Silk Road Seizure, Psychic Signatures, Twitter Algorithms, & Linux Desktops – 08:00 PM-09:30 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Security News: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions, Silk Road Seizures, 0-Days, & more!

Hosts

JoffThyer

Joff Thyer

@joff_thyer

Security Analyst at Black Hills Information Security

JoshMarpet

Josh Marpet

@quadling

Executive Director at RM-ISAO

LarryPesce

Larry Pesce

@haxorthematrix

Principal Managing Consultant and Director of Research & Development at InGuardians

  1. How a new generation of IoT botnets is amplifying DDoS attacks
  2. VMWare Identity Manager Attack: New Backdoor Discovered
  3. CVE-2022-21449: Psychic Signatures in Java
  4. Brave’s browser can automatically bypass Google’s AMP pages
  5. Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
  6. ESET uncovers vulnerabilities in Lenovo laptops
  7. Cory Doctorow on Twitter
LeeNeely

Lee Neely

@lelandneely

Information Assurance APL at Lawrence Livermore National Laboratory

  1. What Google is getting wrong about expired domains – TechCrunch – Expired domains are being leveraged to lure users from legitimate backlinks to the prior legitimate site.
  2. Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilities – DHS is drinking their own Kool-AId. VDP participation, per BOD 21-01, is now complete for their internet facing sites, and they are now hiring vetted researchers to test them.
  3. Static SSH host key in Cisco Umbrella allows stealing admin credentials – Cisco has addressed a high-severity vulnerability (CVE-2022-20773) affecting its Umbrella Virtual Appliance (VA) that could be exploited by attackers to remotely steal administrator credentials.
  4. Docker servers hacked in ongoing cryptomining malware campaign – The operators of the “Lemon_Duck” botnet have been spotted conducting a large-scale Monero crypto-mining campaign in which they are exploiting misconfigured Docker systems in order to hide their wallets behind proxy pools.
  5. Atlassian Patches Critical Authentication Bypass Vulnerability in Jira – Atlassian has patched a critical authentication bypass vulnerability (CVE-2022-0540) in the Jira and Jira Service Management “Seraph” web authentication framework and could be exploited by attackers to bypass authentication and authorization by sending a specially crafted HTTP request.
    ==> Patch your Jira environment
  6. T-Mobile confirms Lapsus$ had access its systems – T-Mobile has confirmed that the “Lapsus$” extortion group managed to breach its network in March 2022, giving the gang access to its systems.

    Team chat messages show LAPSUS$ members continuously targeted T-Mobile employees, whose access to internal company tools could give them everything they needed to conduct hassle-free ‘SIM swaps’

  7. Organizations Warned of Attacks Exploiting WSO2 Vulnerability – WSO2’s API Manager, Identity Server, Enterprise Integrator, and Open Banking products are impacted by an arbitrary file upload vulnerability (CVE-2022-29464) that has already been exploited in the wild. Time to roll the update.
  8. Group behind Emotet botnet malware testing new methods to get around Microsoft security – Those behind the “Emotet” botnet have been spotted altering their existing methods and testing new attack approaches on a “very small and limited scale,” related to Microsoft actions taken in February to block macros that facilitated malware execution.
  9. One-third of employees who quit their jobs take company IP with them? – More bad security news from the Great Resignation: Code42’s new research on Wednesday said that when employees quit their jobs, there’s now a 37% chance the organization will lose intellectual property.

    The research also adds that some 96% of all companies surveyed say they have experienced challenges in protecting corporate data from insider risks.

  10. Auction of Dorsey tweet NFT—listed at $48M—closes at high of $280 – The cryptocurrency entrepreneur who bought a NFT of Twitter founder Jack Dorsey’s first tweet was hoping to sell it for $48 million, more than 16 times the $2.9 million he paid for it. But after an auction that lasted a week, the highest bid offered was a mere $280.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Major cryptography blunder in Java enables “psychic paper” forgeries – Interesting: “If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages. All using the digital equivalent of a blank piece of paper.”
  2. Hackers are exploiting 0-days more than ever – “Mandiant and Project Zero each have a different scope for the types of zero-days they track. Project Zero, for example, doesn’t currently focus on analyzing flaws in Internet-of-things devices that are exploited in the wild. As a result, the absolute numbers in the two reports aren’t directly comparable, but both teams tracked a record high number of exploited zero-days in 2021. Mandiant tracked 80 last year compared to 30 in 2020, and Project Zero tracked 58 in 2021 compared to 25 the year before. The key question for both teams, though, is how to contextualize their findings, given that no one can see the full scale of this clandestine activity.”
  3. Musk’s plans to make Twitter’s algorithms public raises disinformation conundrum – “Another advantage of open source is that people can learn from the code,” said Wysopal. “Even if Twitter doesn’t implement improvements, it could lead to better social media algorithms on other or new platforms.” – This could also open up a cat and mouse game, as people figure out how to cheat the algorithms, Twitter then has to implement defenses, those defenses are open-source, rinse, lather and repeat.
  4. Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?
  5. The Nimbuspwn Linux Flaw Allows Root Access
  6. 5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
  7. Zero-Day Vulnerabilities Are on the Rise – Schneier on Security
  8. ‘Bossware is coming for almost every worker’: the software you might not realize is watching you
  9. Atlassian fixes critical Jira authentication bypass vulnerability – “The flaw is tracked as CVE-2022-0540 and comes with a severity rating of 9.9. It allows a remote attacker to bypass authentication by sending a specially crafted HTTP request to vulnerable endpoints.” – just when I think there is a glimmer of hope…
  10. Docker servers hacked in ongoing cryptomining malware campaign
  11. These hackers showed just how easy it is to target critical infrastructure
  12. AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
  13. Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System
  14. Elon Musk to Acquire Twitter
  15. A $3 Billion Silk Road Seizure Will Erase Ross Ulbricht’s Debt – “Last year, prosecutors quietly signed an agreement with Ulbricht stipulating that a portion of a newfound trove of Silk Road bitcoins, seized from an unnamed hacker, will be used to cancel out the more than $183 million in restitution Ulbricht was ordered to pay as part of his 2015 sentence, a number calculated from the total illegal sales of the Silk Road based on exchange rates at the time of each transaction.”
TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element