Active Directory, Container security, Cloud Security, Bug bounties

SWN #6

January 27, 2020

 

 

Welcome to the Security Weekly News Wrap up for the Week of 19 – January – 2020. Bezos got hacked?

Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

The Unicorn Project, Bezos, AI Facial, FBI Seizes A Domain

  1. NY Times Cites Saudi Crown Prince as Source of Bezos phone hack
  2. Saudi Phone hack may have started during Amazon/Aramco deal
  3. The Unicorn Project
  4. The Phoenix Project
  5. Tomato routers added to scanner list of Muhstik Malware
  6. Bezos phone hack and tech report
  7. What happens when you don’t update an end of life product?
  8. NSA offers guidance on cloud flaw mitigation
  9. Microsoft says that 250 million customer records may have been exposed.
  10. AI facial recognition may be coming to your neighborhood soon
  11. Your privacy may be going away and AI facial recognition is the least of your worries.
  12. Congress holding hearings on AI Facial Recognition
  13. Sundar Pichai of Google/Alphabet calls for EU style AI regulation
  14. But…The Whitehouse prefers a light touch and doesn’t want to risk limiting innovation by banning AI
  15. Facebook ordered by MA judge to hand over information about apps which violated privacy as the lawsuit drags on
  16. FBI seizes a domain and people are arrested for hosting stolen credentials, 12 billion of them supposedly.
  17. A DirectTV satellite may explode in geostationary orbit.

Hosts

Doug White

Doug White – Professor

Guests

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.

This week, Dr. Doug talks MITRE, COBALT, SNYK, CISOs behaving badly at Uber, Zoom says it’s all better now, and Amazon AI wants you to send nudes for criticism, and all the show wrap ups from this past week! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Zoom Outages, MITRE Shield Matrix, & ‘SourMint’ – Wrap Up

None

Hosts

Doug White

Doug White – Professor

Sponsored By

sponsor
Visit https://securityweekly.com/crowdstrike for more information!

This week, Dr. Doug talks Tesla, Slack, Charming Kitten returns, KryptoCibule, and Tweets from the great beyond! In the Expert Commentary, we welcome Ian McShane,VP, Product Marketing at CrowdStrike, to discuss remote work/return to office, and the challenges therein!

This segment is sponsored by CrowdStrike.

Visit https://securityweekly.com/crowdstrike to learn more about them!

Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!
Full Episode Show Notes

Slack RCE, Charming Kitten, & KryptoCibule Malware

None

Hosts

Doug White

Doug White – Professor

Guests

Ian McShane

Ian McShane – VP, Product Marketing

This week, Dr. Doug talks Snowden Vindicated? Hermain Cain tweets from beyond the grave, APT TA413, Iranian cats again, Carolyn Meinel, hard coded credentials, and KryptoCibule! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

‘Sepulcher’ Malware, Tesla Dodges Attack, & Snowden Vindicated? – Wrap Up

#[https://www.instapaper.com/read/1338602386 Tesla avoids Russian Cyberattack on Nevada Gigafactory.]
#[https://www.instapaper.com/read/1338604404 Charming Kitten Returns using LinkedIn and WhatsApp.]
#[https://www.databreaches.net/wp-content/uploads/No-need-to-hack-when-its-leaking.pdf Jelle Ursem and Databreaches release guidance on Github best practices.]
#[https://www.instapaper.com/read/1339256583 KryptoCibule is a triple threat and a RAT.]
#[https://www.instapaper.com/read/1339258263 US Agencies must adopt Vulnerability disclosure policies by March of 2021.]
#[Indian Prime Minister’s twitter feed hacked by John Wick on Keanu’s Birthday.]
#[https://www.instapaper.com/read/1339261746 APT TA413 uses Sepulcher to target Europe this time around.]
#[https://www.instapaper.com/read/1339262975 Government sponsored MDBR service will roll out free to some MS-ISAC and EI-ISAC users.]
#[https://www.instapaper.com/read/1339263299 Snowden Vindicated? Probably not, but NSA surveillance he exposed is ruled illegal by US Court.]
#[https://www.instapaper.com/read/1338611922 Herman Cain begins tweeting again, after his death earlier this year.]

Hosts

Doug White

Doug White – Professor

This week, Dr. Doug talks Security Weekly sold to Cyber Risk Alliance, Argentina and Newcastle ransomwared, Cisco Jabber, the NSA wants to educate you, and Jason Wood returns for Expert Commentary on how Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Argentina Ransomware, WhatsApp Bugs, & Cisco Jabber RCE

#[https://www.cyberriskalliance.com/press/ Cyber Risk Alliance Acquires Security Weekly in Landmark Deal.]
#[https://www.instapaper.com/read/1340688639 Gartner describes an increasing threat of physical harm from Cyberattacks and CEOs may be held accountable.]
#[https://cointelegraph.com/news/ransomware-hackers-shut-down-argentinas-borders-demand-4m-btc Argentina closes borders due to ransomware attack. Data leaked.]
#[https://securityaffairs.co/wordpress/108032/malware/newcastle-university-doppelpaymer-ransomware.html Newcastle University also down with ransomware attack.]
##[https://www.imdb.com/title/tt0118715/ The Big Lebowski.]
#[https://www.instapaper.com/read/1340693439 WhatsApp begins transparency with new site for security disclosures.]
##[https://www.instapaper.com/read/1340693494 WhatsApp Security Advisories.]
#[https://www.instapaper.com/read/1340699857 Cisco Jabber flaw can allow RCE.]
##[https://www.instapaper.com/read/1340700132 CVE-2020-3495]
#[https://www.instapaper.com/read/1340702055 OSINT social media threats are one of the biggest threat vectors.]
#[https://www.instapaper.com/read/1340703985 NSA and NCMF release design plans for education center and museum.]
#[https://www.instapaper.com/read/1340706839 What if all your secrets were leaked at once?]
##[https://en.wikipedia.org/wiki/The_Light_of_Other_Days The Light of Other Days.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

This week, Dr. Doug talks Cisco patching Jabber Flaw, Insider Threats are huge, BLURrtooth, Apple COVID-19 opt ins, and pretty much everyone is trying to interfere with the election!
Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

BLURtooth Flaw, Insider Threats, & More 0-Days – Wrap Up

#[https://www.instapaper.com/read/1341684986 Are your old accounts haunting you?]
#[https://www.cyberriskalliance.com/wp-content/uploads/2020/09/Security-Weekly-Acquisition-Press-Release-1.pdf Cyber Risk Alliance Acquires Security Weekly.]
#[https://www.hstoday.us/subject-matter-areas/cybersecurity/report-61-percent-of-companies-have-experienced-an-insider-attack-over-the-last-year/ Bitglass reports that 61% of those surveyed had insider attacks last year.]
#[https://www.instapaper.com/read/1341686934 Are Microsoft august and 2004 patches ready yet?]
#[https://www.instapaper.com/read/1341688000 FireEye found more zero day attacks than in previous years.]
#[https://www.instapaper.com/read/1341689691 Cisco patches Jabber Flaw]
#[https://www.instapaper.com/read/1341691343 Microsoft issues warnings about election interference attempts.]
#[https://www.instapaper.com/read/1341692153 Blurtooth attack allows bypassing of Bluetooth keys.]
#[https://www.instapaper.com/read/1341693176 Apple and Android COVID tools gets response from EFF.]
#[https://www.instapaper.com/read/1341685894 Spaceforce gets a Cyber Directive.]

Hosts

Doug White

Doug White – Professor

This week, Dr. Doug talks Candiru fish, Office Phishing attacks with a twist, Fancy Bear, Zhenhua data leaks, TikTok and Oracle, and Big Eyed Beans from Venus! Jason Wood returns for Expert Commentary on a Russian hacker selling a how-to video on exploiting unsupported Magento installations to skim credit card details for $5,000! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Fancy Bear Returns, Zoom Rolls Out 2FA, & Massive Mailfire Leak

#[https://www.instapaper.com/read/1342572259 New API Phishing Attack on Office 365 Users.]
#[https://www.instapaper.com/read/1342575230 Fancy Bear launched even more attacks against Election Companies.]
#[https://www.instapaper.com/read/1342574476 3rd Party Mailfire leaks 320 million database records of dating and porn site users.]
#[https://www.instapaper.com/read/1342580865 Zhenhua has a LOT of data about lots of people.]
#[https://www.instapaper.com/read/1342576184 TikTok rebuffs Microsoft for Oracle Offer.]
#[https://www.instapaper.com/read/1342577377 Lots of remote workers are accessing corporate data on their personal devices.]
#[https://www.instapaper.com/read/1342577872 Temple University releases access to ransomware information for free.]
##[https://www.instapaper.com/read/1342577887 Temple Site.]
#[https://www.instapaper.com/read/1342578374 Zoom rolls out 2FA for all users.]
#[https://www.instapaper.com/read/1342582233 Life on Venus, I doubt it but who knows. Captain Beefheart might.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

This week, Dr. Doug discusses Miccrosoft OneFuzz, Tik Tok, QAnon, Mozi, and more news from the sunny shores of Venus!

Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Mozi Botnet, QAnon Shut Down, & Trump Bans TikTok – Wrap Up

#[https://bsidesbos.org BSidesBos link]
#[https://www.instapaper.com/read/1343624782 Congress is trying to pass an IoT Bill again.]
#[https://threatpost.com/mozi-botnet-majority-iot-traffic/159337/ Mozi botnet takes top spot in IoT networks.]
#[https://www.instapaper.com/read/1343626173 Miccrosoft OneFuzz released for free.]
##[https://github.com/microsoft/onefuzz OneFuzz Git]
#[https://www.instapaper.com/read/1343627032 ZeroLogon]
#[https://www.instapaper.com/read/1343628297 MFA Bypass with WS-Trust.]
#[https://www.instapaper.com/read/1343629368 Why only TikTok?]
##[https://www.nytimes.com/2020/09/18/business/trump-tik-tok-wechat-ban.html?action=click&module=Top%20Stories&pgtype=Homepage Trump bans TikTok and WeChat in the United States.]
#[https://www.instapaper.com/read/1343630091 QAnon main site shut down.]
#[https://www.instapaper.com/read/1343631371 Temple University has free Ransomware Data.]
##[https://www.instapaper.com/read/1342577887 Temple Repository]
#[https://gizmodo.com/hell-is-in-space-and-it-belongs-to-russia-roscosmos-ch-1845095031 Russia Owns Venus.]

Hosts

Doug White

Doug White – Professor

This week, Dr. Doug discusses Miccrosoft OneFuzz, Tik Tok, QAnon, Mozi, and more news from the sunny shores of Venus!

Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Mozi Botnet, QAnon Shut Down, & Trump Bans TikTok – Wrap Up

#[https://bsidesbos.org BSidesBos link]
#[https://www.instapaper.com/read/1343624782 Congress is trying to pass an IoT Bill again.]
#[https://threatpost.com/mozi-botnet-majority-iot-traffic/159337/ Mozi botnet takes top spot in IoT networks.]
#[https://www.instapaper.com/read/1343626173 Miccrosoft OneFuzz released for free.]
##[https://github.com/microsoft/onefuzz OneFuzz Git]
#[https://www.instapaper.com/read/1343627032 ZeroLogon]
#[https://www.instapaper.com/read/1343628297 MFA Bypass with WS-Trust.]
#[https://www.instapaper.com/read/1343629368 Why only TikTok?]
##[https://www.nytimes.com/2020/09/18/business/trump-tik-tok-wechat-ban.html?action=click&module=Top%20Stories&pgtype=Homepage Trump bans TikTok and WeChat in the United States.]
#[https://www.instapaper.com/read/1343630091 QAnon main site shut down.]
#[https://www.instapaper.com/read/1343631371 Temple University has free Ransomware Data.]
##[https://www.instapaper.com/read/1342577887 Temple Repository]
#[https://gizmodo.com/hell-is-in-space-and-it-belongs-to-russia-roscosmos-ch-1845095031 Russia Owns Venus.]

Hosts

Doug White

Doug White – Professor

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!
Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Wicked Panda, German Ransomware, & Dark Overlord Sentenced

#[https://www.instapaper.com/read/1345020122 Zerologon is a flaw and you were supposed to have it patched already.]
##[https://www.instapaper.com/read/1345021705 CVE-2020-1472]
#[https://www.instapaper.com/read/1344137941 Maze Ransomware will now come bundled in a Virtual Machine.]
#[https://www.instapaper.com/read/1345029004 Chris Moberly demonstrates how to Rick Roll other people’s Android Phones.]
##[https://www.instapaper.com/read/1345029054 more detail on the Android exploit.]
#[https://www.instapaper.com/read/1345030881 Nathan Wyatt of Dark Overlord fame goes to jail.]
#[https://www.instapaper.com/read/1345033651 Tony Abbott’s personal info obtained from boarding pass photo.]
#[https://www.instapaper.com/read/1345036362 Wicked Panda indicted by the United States.]
#[https://www.instapaper.com/read/1345037935 Apparently, most of us study Security in our spare time as well.]
#[https://www.instapaper.com/read/1345040783 German ransomware attack results in patient death.]
#[https://www.instapaper.com/read/1345033762 You really can run Doom on anything, even an XBox.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!
Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Wicked Panda, German Ransomware, & Dark Overlord Sentenced

#[https://www.instapaper.com/read/1345020122 Zerologon is a flaw and you were supposed to have it patched already.]
##[https://www.instapaper.com/read/1345021705 CVE-2020-1472]
#[https://www.instapaper.com/read/1344137941 Maze Ransomware will now come bundled in a Virtual Machine.]
#[https://www.instapaper.com/read/1345029004 Chris Moberly demonstrates how to Rick Roll other people’s Android Phones.]
##[https://www.instapaper.com/read/1345029054 more detail on the Android exploit.]
#[https://www.instapaper.com/read/1345030881 Nathan Wyatt of Dark Overlord fame goes to jail.]
#[https://www.instapaper.com/read/1345033651 Tony Abbott’s personal info obtained from boarding pass photo.]
#[https://www.instapaper.com/read/1345036362 Wicked Panda indicted by the United States.]
#[https://www.instapaper.com/read/1345037935 Apparently, most of us study Security in our spare time as well.]
#[https://www.instapaper.com/read/1345040783 German ransomware attack results in patient death.]
#[https://www.instapaper.com/read/1345033762 You really can run Doom on anything, even an XBox.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

This week, Dr. Doug talks Zerologon, Wicked Panda, OSINT, Doom found to run on Xbox, and Dark Overlord! Jason Wood returns for Expert Commentary on why to Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere!
Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Wicked Panda, German Ransomware, & Dark Overlord Sentenced

#[https://www.instapaper.com/read/1345020122 Zerologon is a flaw and you were supposed to have it patched already.]
##[https://www.instapaper.com/read/1345021705 CVE-2020-1472]
#[https://www.instapaper.com/read/1344137941 Maze Ransomware will now come bundled in a Virtual Machine.]
#[https://www.instapaper.com/read/1345029004 Chris Moberly demonstrates how to Rick Roll other people’s Android Phones.]
##[https://www.instapaper.com/read/1345029054 more detail on the Android exploit.]
#[https://www.instapaper.com/read/1345030881 Nathan Wyatt of Dark Overlord fame goes to jail.]
#[https://www.instapaper.com/read/1345033651 Tony Abbott’s personal info obtained from boarding pass photo.]
#[https://www.instapaper.com/read/1345036362 Wicked Panda indicted by the United States.]
#[https://www.instapaper.com/read/1345037935 Apparently, most of us study Security in our spare time as well.]
#[https://www.instapaper.com/read/1345040783 German ransomware attack results in patient death.]
#[https://www.instapaper.com/read/1345033762 You really can run Doom on anything, even an XBox.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

This week, Dr. Doug talks the Tesla outage, Microsoft Redux, Lokibot, Wicked Panda, Maze, Facebook gone forever, Magic Swords, and enchanted codpieces! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Tesla Outage, Lokibot Returns, & Maze Ransomware in VMs – Wrap Up

#[https://www.instapaper.com/read/1345618066 Tesla Outage.]
##[https://www.instapaper.com/read/1345749685 Tesla Stock tumbles.]
#[https://www.instapaper.com/read/1345753542 New Microsoft Patch App rolled out.]
#[https://www.instapaper.com/read/1345755682 DHS Dire Patch Warning about Zerologon.]
##[https://www.instapaper.com/read/1345021705 CVE 2020-1472]
#[https://www.instapaper.com/read/1345761379 Samba and End of Life Server Zerologon patches.]
#[https://www.instapaper.com/read/1345036362 Wicked Panda Indictment by US Government.]
#[https://www.instapaper.com/read/1345758358 Maze Ransomware in a VM.]
#[https://www.instapaper.com/read/1345760679 Lokibot is back with a vengeance.]
#[https://www.instapaper.com/read/1345762634 Online Gamer Credentials are valuable too.]
#[https://www.instapaper.com/read/1345764574 What if Zuck deleted Facebook?]

Hosts

Doug White

Doug White – Professor

 

 

This week, Dr. Doug discusses the Microsoft outage, Jokers wild, Alien Forking at Android, Ryuk, United Health, possessed coffee makers, and Jason Wood joins us for Expert Commentary to talk about REvil Ransomware! Visit https://www.securityweekly.com/swn for all the latest episodes! Visit https://www.securityweekly.com/swn for all the latest episodes!

Full Episode Show Notes

Microsoft Outage, Joker Trojan, & Alien Android Trojan

#[https://www.instapaper.com/read/1347184287 Microsoft Outage on Monday.]
#[https://www.instapaper.com/read/1347181000 Twitter API bug]
#[https://www.instapaper.com/read/1347182482 Universal Health Services Ransomware.]
#[https://www.instapaper.com/read/1347184156 Las Vegas School District refuses to pay ransom and student info is released.]
#[https://www.instapaper.com/read/1347185461 McAfee files for an IPO.]
#[https://www.instapaper.com/read/1347185872 Joker Trojan appears on Google Play]
#[https://www.instapaper.com/read/1347187046 Alien Android bypasses Two Factor Authentication.]
#[https://www.instapaper.com/read/1347000244 Even your coffeemaker is coming to get you.]
##[https://www.youtube.com/watch?v=bJrIh94RSiI&feature=emb_logo Possessed Coffee maker video.]

Hosts

Doug White

Doug White – Professor

Jason Wood

Jason Wood – Founder; Primary Consultant

prestitial ad