PSW #637 | SC Media
Container security, Hardware security, Pen testing, OSINT

PSW #637

January 31, 2020

 

 

In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale,, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware

Paul’s Stories

  1. Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more! – Help Net Security
  2. How to better control access to your Windows network
  3. Coronavirus claims new victim: ‘DEF CON cancelled’ joke cancelled after DEF CON China actually cancelled
  4. Rings selling my email address to spammers? Thats the least of its problems
  5. Wawa card breach: 30 million card records for sale in the dark web
  6. 97% of airports showing signs of weak cybersecurity
  7. Enterprise Hardware Still Vulnerable to Memory Lane Attacks
  8. Check Point detailed two flaws in Microsoft Azure that could have allowed taking over cloud servers
  9. Securing Containers with Zero Trust

Larry’s Stories

  1. Technical report on how the Saudi’s hacked Bezos’ phone
  2. OpenSMTPD RCE
  3. Charges against Coalfire employees dropped

Jeff’s Stories

  1. Wawa Breach May Have Compromised More Than 30 Million Payment Cards Nothing to see here…just PCI related
  2. United Nations Data Breach Started with Microsoft SharePoint Bug
  3. Mega Breach Exposes More Than 250 Million
  4. Data breaches soared by 17% in 2019: ‘We also saw the rise of a significant new threat’

Lee’s Stories

  1. NHS alerted to severe vulnerabilities in GE Health Equipment CISA and CyberMDX release notices called “MDHex” – include SSH and SMB abuse as well as Windows XP components.
  2. Cisco fixes Critical Flaw in network management platform Cisco releases fix for “Firepower Management Center” to resolve CVE-2019-16028 which allows attackers to achieve admin on affected devices.
  3. Russian pleads guilty to running “CardPLanet” to sell Stolen Credit Cards CardPlanet web site sold cards for $2.50-$10. ~150,000 cards sold for about $20,000,000 in fraudulent purchases.
  4. Ragnarok Ransomware targets Citrix ADC, disables Windows Defender New ransomware dubbed Ragnarok targets unpatched Cisco AVS servers vulnerable to CVE-2019-1978.
  5. OurMine hackers attack and takeover NFL twitter accounts OurMine group is hacking NFL twitter accounts to prove they’re back and everything is hackable. Hacked accounts properly secured _AFTER_ notification of the hack…
  6. Critical Bug: OpenBSD OpenSMTP bug allows RCE In the default configuraiton, a technique inspired by the Morris worm executes sendmail body as script. Patch released.
  7. Suspected Magecart hackers arrested in Indonesia Magecart “web skimmer” techniques used to target card-not-present data. Multi-agency task force shuts down C&C servers as part of Operation Night Fury.
  8. Wawa breach data found for sale Wawa breach data, affecting as many as 30 million found for sale on the Joker’s Stash dark web site.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!

 

 

The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments.

To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Stopping Python Backdoor Attacks

Learn:

  • Why network address-based defenses alone cannot prevent attack propagation and lateral movement
  • Why protection based on software-identity verification (zero trust security) can stop such attacks
  • How Purple teams can collaborate more effectively with a shared visualization and understanding of application topology and attack pathways to targets

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Matt Alderman

Matt Alderman – CEO

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Peter Smith

Peter Smith – Founder, CEO

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!
prestitial ad