CVE-2020-0601, Netscaler RCE, npm – PSW #635

 

 

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

CVE-2020-0601, Netscaler RCE, npm

Paul’s Stories

  1. Powerful GPG collision attack spells the end for SHA-1
  2. Artificial Personas and Public Discourse – Schneier on Security
  3. Unpatched Citrix Flaw Now Has PoC Exploits
  4. How Cyber Security Affects SEO
  5. Cisco addressed a high-severity bug in Webex that could allow Remote Code Execution
  6. Security pitfalls to avoid when programming using an API – Help Net Security
  7. Lottery hacker gets 9 months for his 5 cut of the loot
  8. 5G Security – Schneier on Security
  9. Exploit that gives remote access affects ~200 million cable modems
  10. Perfect Sense unveils Gyro to simplify cloud infrastructure management – Help Net Security
  11. Serious back door Vulnerabilities spotted in Tik Tok
  12. Malicious npm package taken down after Microsoft warning
  13. Windows 10: NSA reveals major flaw in Microsoft’s code
  14. Trump Slams Apple for Refusing to Unlock Suspected Shooters iPhones
  15. PussyCash adult webcam data breach exposes highly sensitive data of models
  16. How to Reduce Your Attack Surface with 11 Proven Tips

Larry’s Stories

  1. CableHaunt – RCE in up to 200 million cable modems in Europe
  2. Rumblings ahead of the Tuesday patch. – Oh NSA did you do this out of the goodness of your heart?
  3. Windows 7 support ended January 14th
  4. Honda corporate hacked leaking details 978 million customers
  5. Microsoft patches the NSA crypto bug… – and then we are seeing one or more initial PoCs, then a real release of code.
  6. The cost of a breach – and stupidity/lackluster security practices]

Jeff’s Stories

  1. Yo, sysadmins! Thought Patch Tuesday was big? Oracle says ‘hold my Java’ with huge 334 security flaw fix bundle
  2. Microsoft’s Chain of Fools
  3. Tom Ptacek Analysis of Windows 10 Vulnerability from Hacker News
  4. Windows 10 Has a Security Flaw So Severe the NSA Disclosed It Let’s talk the NSA angle
  5. Russia Hacked Ukrainian Company Linked To Trump Impeachment, Security Firm Says Let’s Get Political?
  6. U.S. Army Hacked By 52 Hackers In Five Weeks
  7. The dark side of IoT, AI and quantum computing: Hacking, data breaches and existential threat

Lee’s Stories

  1. PayPal patches high severity password vulnerability Security token exposure in CAPTCHA process resolved. No evidence of abuse found.
  2. DOI halting use of DJI drones over concerns of Chinese Tech DOI has over 800 DJI drones which may have surveylence capabilities. Decision to replace rather than repair.
  3. Maze ransomware operators publish 14GB of Southwire files Southware refused to pay the ransom, and obtained an injunction aginst the first publisher of their data. Maze raises the stakes. REvil similarly inclined.
  4. AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems CryptoAPI spoofing vulnerability – CVD-2020-0601, Windows RDP vulnerabilities – CVD-2020-0609, CVD-2020-0610, CVD-2020-0611 – impacts Server 2012 and newer, Windows 7 and newer. Apply January patch bundle.
  5. DHS CISA Emergency Directive 20-02 – MS January Patch bundle DHS mandates all US Government agencies apply the MS January updates by January 29th, with reporting/accountability.
  6. Russian Hacking group targets Barisma Holdings ATP28 is targeting Ukrainian gas company at center of impeachment debate.
  7. 29 Million records from LimeLeads put up for sale Records from B2B lead generation company LimeLeads data breach found up for sale by “Omnichorus.” Data good for supporting identity theft.
  8. P&N Bank discloses data breach, customer account information, balances exposed
  9. Oski Data-Stealing Malware Emerges to Target North America, China
  10. Adobe’s first 2020 security patch update fixes code execution vulnerabilities.

Tyler’s Stories

  1. Oski Data-Stealing Malware Emerges to Target North America, China
  2. The Evil List Which tech companies are really doing the most harm? Here are the 30 most dangerous, ranked by the people who know.
  3. Inside the Feds’ Battle Against Huawei
  4. APT40 is run by the Hainan department of the Chinese Ministry of State Security
  5. Families of deployed paratroopers received ‘menacing’ messages, warned to double-check social media settings
  6. Russian government resigns as Vladimir Putin plans future
  7. Russians hack energy company that played major role in Trump Ukraine scandal
  8. Google to phase out user-agent strings in Chrome
  9. Russian hackers targeted Ukrainian company at center of impeachment storm: cybersecurity firm
  10. DOD needs cyberwarriors so badly it may let skilled recruits skip boot camp
  11. Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution
  12. Report: Adult Site Leaks Extremely Sensitive Data of Cam Models

Hosts

Jeff Man
Jeff Man – Sr. InfoSec Consultant
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely
Lee Neely – Senior Cyber Analyst
Paul Asadoorian
Paul Asadoorian – Founder & CTO
Tyler Robinson
Tyler Robinson – Managing Director of Network Operations

Guests

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
  • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!