Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs. – PSW #639

 

 

In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs.

Paul’s Stories

  1. ASSET Research Group: SweynTooth – SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different BLE software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security depending on the circumstances.
  2. Misconfigured Docker Registries Expose Thousands of Repositories – “With all the source code and historical tags, malicious actors can design tailored exploits to compromise the systems. If the push operation is allowed, benign application images may be replaced with images with backdoors. These registries may also be used for hosting malware. If the delete operation is allowed, hackers could encrypt or delete the images and ask for ransom,” they note in a blog post. but as of tonight, only 940, at least one person got the memo. But there are probably more in other hosted providers.
  3. top-ten-password-cracking-techniques-used-hackers
  4. Mac malware reportedly grew faster than Windows malware in 2019 – Mac threats increased by more than 400% in 2019, with 11 threats per Mac endpoint compared to 5.8 threats per Windows endpoint.
  5. Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks – criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows. This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.
  6. Dell SupportAssist flaw exposes computers to hack, patch it asap!
  7. Jail Software Left Inmate Data Exposed Online – The storage bucket containing JailCore’s data was seemingly completely unsecured, and could be accessed by anyone who stumbled across its URL. After the research team contacted the company responsible for the software on January 5, the issue was finally resolved on January 15 and the S3 bucket now appears to be properly secured.
  8. Why Ransomware Will Soon Target the Cloud – This is a valid point: Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server.
  9. Hackers could shut down satellites or turn them into weapons
  10. Emotet Evolves With new Wi-Fi Spreader – Binary Defense
  11. CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments: Report

Larry’s Stories

  1. The Fido Alliance is trying to get rid of passwords
  2. Can’t break the encryption? Backdoor is the sell it instead…
  3. The privacy parasite to save you from Alexa

Jeff’s Stories

  1. End It Movement’s Annual Global Campaign #Kicks Off On Social Media To Bring Awareness And Shine A Light On Modern-Day Slavery
  2. CIA controlled global encryption company for decades, says report I can neither confirm nor deny.
  3. Estée Lauder exposes 440 million internal records in security breach
  4. Every voter in Israel just had their data leaked in ‘grave’ security breach
  5. Malware Attack Hits Boston Children’s Hospital Physician Group
  6. Last Year ‘Worst on Record’ for Breaches, Data Exposure
  7. Microsoft’s February 2020 Patch Tuesday fixes 99 security bugs
  8. Security professionals are overconfident in the effectiveness of their security tools: Keysight Survey

Lee’s Stories

  1. The war against space hackers: how the JPL works to secure its missions from nation-state adversaries
  2. Official: Puerto Rico govt loses $2.6M in phishing scam BEC remains a successful social engineering technique.
  3. Adobe patches 42 vulnerabilities across 5 products Patch – there are critical fixes
  4. Social Engineering Scam Hits Washington County Government “Elaborate scam” got $740,000 from county, Ellensburg fell for it for $186,000 last year, and a few years ago PNNL lost $530,000.
  5. Global Average Cost of Insider Threats has Reached $11.45 Million, Says New Report The Ponemon group released a study that shows health and Pharma orgs average $10.81M, Large (> 75,000 headcount) $17.92M and small (<500 headcount) spent $7.68M.

Tyler’s Stories

  1. Google fixes no-user-interaction bug in Android’s Bluetooth component
  2. DSA-2020-005: Dell SupportAssist Client Uncontrolled Search Path Vulnerability
  3. The Billion-Dollar Disinformation Campaign to Reelect the President
  4. American Businessman Who Ran Houston-Based Subsidiary of Chinese Company Sentenced to Prison for Theft of Trade Secrets
  5. Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm
  6. ‘The intelligence coup of the century’ For decades, the CIA read the encrypted communications of allies and adversaries.
  7. U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach
  8. App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry
  9. New “red team as a service” platform aims to automate hacking tests for company networks
  10. The Secretive Company That Might End Privacy as We Know It

Hosts

Jeff Man
Jeff Man – Sr. InfoSec Consultant
Joff Thyer
Joff Thyer – Security Analyst
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely
Lee Neely – Senior Cyber Analyst
Matt Alderman
Matt Alderman – CEO
Paul Asadoorian
Paul Asadoorian – Founder & CTO
Tyler Robinson
Tyler Robinson – Managing Director of Network Operations

Guests

Announcements

  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!
  • Please join OSHEAN and Security Weekly at Salve Regina University, Pell Center on Wednesday, March 18th, 2020 from 9am – 3pm for OSHEAN’s Cybersecurity Exchange Day! Visit securityweekly.com/O-S-H-E-A-N-2-0-2-0 to register for free!