Security News: January 2, 2020 – PSW #633

 

 

In the security news, mysterious Drones are Flying over Colorado (watchout Mr. Alderman), 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole ‘Highly Sensitive Information’ from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security News: January 2, 2020

Paul’s Stories

  1. InfoSec Handlers Diary Blog – Here is a sample that I spotted two days ago. It’s an interesting one because it’s a malware that implements ransomware features developed in Node.js[1]! The stage one is not obfuscated and I suspect the script to be a prototype or a test…
  2. Hacking Git Directories – First, make sure your build process is not deploying this folder. Second, configure your web server not to serve files from the .git directory, ever. Do both, then build a test to make sure someone has not opened this exposure. This is a well-known and basic security hygiene thing.
  3. Critical Citrix Bug Puts 80,000 Corporate LANs at Risk – No details yey, but: Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
  4. The Coolest Hacks of 2019 – My favorite from this list: Researcher Matthew Wixey calls them acoustic cyber weapons: the PWC UK researcher wrote custom malicious code that forces Bluetooth and Wi-Fi-connected embedded speakers to emit painfully high-volume sound or even high intensity and inaudible frequency sounds that can possibly produce destructive sound levels to the speakers – and to the ear.
  5. 2020 Cybersecurity Trends to Watch – I hate slide shows in posts. This article is not all that useful. What are we watching? What is a trend?
  6. 7 Tips for Maximizing Your SOC – Perhaps the best advice: Analysts and managers make a hard job harder when they conceal operational failures, fail to disclose known vulnerabilities or create a dishonest organizational culture. Instead, make your SOC a place where employees can be honest about what they find without worrying about getting fired. And incorporating automation and security analysis software into places in your SOC where human failures commonly occur can greatly improve its overall operational efficiency and effectiveness.
  7. The Most Dangerous People on the Internet This Decade – This is mostly a political post. I worry about dangerous people on the Internet who are smart enough not to be on anyone’s list.
  8. Ethics and Encryption
  9. Mysterious Drones are Flying over Colorado – Schneier on Security – “There are many theories about what is going on, but at this point, that’s all they are,” he said. “I think we are all feeling a little bit vulnerable due to the intrusion of our privacy that we enjoy in our rural community, but I don’t have a solution.”
  10. Critical Vulnerabilities Impact Ruckus Wi-Fi Routers | SecurityWeek.Com – They comprise three different remote code execution (RCE) exploit possibilities built from information and credentials leakage, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. The researchers examined the firmware of 33 different Ruckus access points and found them all to be vulnerable. Although the devices examined were from the Ruckus Unleashed stable, Zror told SecurityWeek, “I believe the same issues will affect the Ruckus regular routers and other Ruckus devices. Without pre-authentication,” he continued, “I can run my own code on those devices. The implication is that I can upload my own malware into the router, and manipulate all the router activity, as I wish. From there I can access any other network, including the corporate network, that may be connected or may also use Ruckus devices.”
  11. Cisco DCNM Users Warned of Serious Vulnerabilities | SecurityWeek.Com

Larry’s Stories

  1. So, this is a weird breach at Landry’s…

Jeff’s Stories

  1. Before Wawa found data breach exposing customers’ credit and debit cards, Visa warned it could happen I know what you’re going to say…but were they PCI compliant at the time of the breach?
  2. 7 security incidents that cost CISOs their jobs “If you keep your job, incidents can be good.”
  3. Password Breach of Game Developer Zynga Compromises 170 Million Accounts Do they still make Mafia Wars???
  4. The first thing to do after you’re involved in a hack, according to experts

Lee’s Stories

  1. Poloniex Crypto Exchange Confirms Data Leak After Awkward Email Poloniex forces password reset on all customers after list of usernames/passwords posted on Twitter. MFA, offline, client side encrypted and multi-signature wallets strongly encouraged.
  2. North Korean Hackers Stole ‘Highly Sensitive Information’ from Microsoft Users, Company Alleges Microsoft files suit against two individuals associated with North Korean “Thallium” hacking group. Phishing emails designed to drop “BabyShark” and “KimJongRAT” to obtain user credentials. Historically targeting involved nuclear security related issues.
  3. US Coast Guard Discloses Ryuk Ransomware Infection at Maritime Facility Malware shutdown operations for 30 hours, even impacting control systems that control cargo transfer encrypting critical files. Coast Guard published bulletin on preventing Ryuk ransomware attacks.
  4. Wyze Leaks Personal Data for 2.4 Million Security Camera Users Non-secured database uncovered with 2.4 million Wyze customer’s PII and PHI data including addresses, WiFi SSID, and “body metrics.” Enable 2FA and password changes for Wyze accounts encouraged.
  5. University Hit by Ransomware, Almost All Windows Systems Compromised Maastrich Univerisity hit by Ransomware 12/23, forcing them to take all systems offline. Systems being rebuilt, security enhanced, it’s not clear which ransomware hit, nor if files were exflitrated. New TTPs for Ransomware include disclosure of victims sensitive files.
  6. DHS wants more input on how to share vulnerabilities DHS has extended the comment time on their draft vulnerability disclosure program to 1/10/20. Mandating a bug-bounty program can have interesting impacts and side-effects.
  7. Researcher Releases Data on 100,000 Phishing Attempts to Teach You How to Not Get Hacked Claudio Guarnieri, who works at Amnesty International, published the dataset to help other researchers track hackers, and to help cybersecurity educators use them as real-world examples.
  8. SEC charges IT administrator over $7 million insider trading ring Palo Alto Networks IT Administrator Janardhan Nellore and four friends engaged in insider trading after leveraging their IT administrator credentials and contacts to access financial data and make trades. While all face SEC fraud charges, one team member also faces federal criminal charges.
  9. U.S. Navy bans TikTok from government-issued mobile devices United States Navy banned the social media app TikTok from government-issued mobile devices, saying the popular short video app represented a “cybersecurity threat.” and the Korea Communications Commission (KCC) announced it was investigating the Chinese-developed TikTok video app after finding that the app was sending users’ personally identifiable information (PII) to the Chinese government. Also US Army Bans TicTok over ‘Cyber Threat’ Concerns. U.S. Senate Minority Leader Chuck Schumer and Senator Tom Cotton asked for a national security probe in a letter to Joseph Macguire, acting director of national intelligence. The Committee on Foreign Investment in the United States (CFIUS), which reviews deals by foreign acquirers for potential national security risks, has started to review the Musical.ly deal. CFIUS reviews are confidential.
  10. TRACED Act signed into law, putting robocallers on notice Has good requirements, such as adoption of the STIR/SHAKEN framework, but may not truly cut down on calls.
  11. Sherwood AR telemarketing company shuts down, at least temporarily, blames cyber attack ransom CEO has let go 300 employees, days before Christmas, after the company failed to recover from a ransomware infection a few months back. While they paid the ransom, the company was not able to get back on it’s feet. Hopes to resume business 1/2/20.

Tyler’s Stories

  1. When I load the Xiaomi camera in my Google home hub I get stills from other people’s homes!!

Hosts

Jeff Man
Jeff Man – Sr. InfoSec Consultant
Joff Thyer
Joff Thyer – Security Analyst
Larry Pesce
Larry Pesce – Senior Managing Consultant and Director of Research
Lee Neely
Lee Neely – Senior Cyber Analyst
Paul Asadoorian
Paul Asadoorian – Founder & CTO
Tyler Robinson
Tyler Robinson – Managing Director of Network Operations

Guests

Announcements

  • Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their “How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
  • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!