PCI Security Deathmatch – PSW #698
This week, we kick off the show with an interview featuring Gene Erik, Senior Product Officer at Xcape, Inc, to talk OpenWRT for Enterprise and Labs! Then, Rob Gurzeev, CEO and Co-Founder of CyCognito joins for a technical segment all about Protecting the Attack Surface! In the Security News, Microsoft patches 6 Zero-Days under active attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, how to pwn a satellite, one Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one!
Segment Resources:
Visit https://securityweekly.com/cycognito to learn more about them!
Company Website Link: xcapeinc.com
Topic Link: openwrt.org
Commercial Product for Topic Link: gl-inet.com
Personal CI/CD Projects Link: gitlab.com/fossdevops
Personal GitLab Link: gitlab.com/geneerik
Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Segments
1. OpenWRT for Enterprise and Labs – Gene Erik – PSW #698
OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with enterprise level features, making it a successful product for enterprise uses. Due to the fact that it will run on many IoT platforms, including home gateways, and has an easy-to-use web interface, it is also a great platform to use to start building a lab.
Segment Resources:
Company Website Link: xcapeinc.com
Topic Link: openwrt.org
Commercial Product for Topic Link: gl-inet.com
Personal CI/CD Projects Link: gitlab.com/fossdevops
Personal GitLab Link: gitlab.com/geneerik
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Gene is an experienced security professional whose work history runs the gamut of IT, from red teaming and tools development, to DevSecOps and working on the blue team, to engineering, development, and automation. He has worked for several Fortune 500 companies, as well as start-ups, from security companies to Fin-tech to medical device manufacturers. Gene is a long time hacker community member and enjoys contributing to the community.
Hosts
2. Protecting the Attack Surface – Rob Gurzeev – PSW #698
What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to discuss why attack surface monitoring needs to run across the entire infrastructure. It's not just about open ports, but finding the assets that are exposed or exploitable, or abandoned, that create the greatest risk.
This segment is sponsored by CyCognito.
Visit https://securityweekly.com/cycognito to learn more about them!
Sponsored By
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Guest
Rob Gurzeev, CEO and Co-Founder of CyCognito, has led the development of offensive security solutions for both the private sector and intelligence agencies. Prior to founding CyCognito, he was Director of Offensive Security and head of R&D at C4 Security (acquired by Elbit Systems) and the CTO of the Product Department of the 8200 Israeli Intelligence Corps. Honors that he received as an Israel Defense Forces Officer included Award for Excellence, the Creative Thinking Award and the Source of Life Award.
Hosts
3. ANOM Bust, Ransomware Solutions, NAC, & A PCI Deathmatch! – PSW #698
This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, How to pwn a satellite, One Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one, and more!
Announcements
Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!
Hosts
- 1. Australian cops, FBI created backdoored chat app, told crims it was secure – then snooped on 9,000 users’ plotsThe FBI was able to trick criminals into using an FBI-developed app, ANoM, to communicate with each other. The app was distributed on phones configured for the purpose of using the app, and starting in 2018, distributed on black markets.
- 2. New Kubernetes malware backdoors clusters via Windows containersAttackers have been identified leveraging the new "Siloscape" malware for more than a year in attacks designed to compromise Windows containers in order to then compromise Kubernetes nodes and backdoor clusters, which allows them to later abuse the compromised clusters to conduct other malicious attacks.
- 3. WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial ProcessesResearchers have uncovered two vulnerabilities (CVE-2021-21000 and CVE-2021-21001) affecting WAGO industrial controllers that could be exploited by attackers to disrupt technological processes, which could result industrial accidents.
- 4. RockYou2021: largest password compilation of all time leaked online with 8.4 billion entriesRockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords.
- 5. Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang – Krebs on SecurityThe U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. 63.7 of 75 Bitcoins. DarkSide got 15%, Affiliate got 85% of the 75, this represents the affiliate's share.
- 6. US to give ransomware attacks similar priority as terrorism, official saysDOJ has announced it will prioritize ransomware attacks similar to the way it prioritizes terrorism
- 7. Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi ModuleA new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges and hijack wireless communications on vulnerable devices.
- 8. UF Health Florida hospitals back to pen and paper after cyberattackUF Health The Villages Hospital UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT.
- 9. ALERT: Critical RCE Bug in VMware vCenter Server Under Active AttackHackers have been spotted actively scanning the Internet in search of VMware vCenter servers that have not been patched against a critical remote code execution (RCE) vulnerability (CVE-2021-21985) that could be exploited to execute commands on the system hosting the targeted vCenter Server.
- 10. TikTok just gave itself permission to collect biometric data on U.S. users, including ‘faceprints and voiceprints’ – TechCrunchA change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information. (Faceprints and Voiceprints)
- 11. India’s Finance Software Powerhouse NSE Blown By EpsilonRed RansomwareFinancial software maker NSE has disclosed it suffered a ransomware attack during which attackers breached its internal networks and encrypted "essential business data."
- 12. Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flawsMicrosoft's June 2021 Patch Tuesday, comes fixes for seven zero-day vulnerabilities, six of which are known to be exploited, and a total of 50 flaws, so Windows admins will be busy.
- 13. Feds Say Imprisoned Hacker Ran a Drone Smuggling RingA San Francisco hacker already serving a 13-year prison term has been charged with using a smuggled cell phone to loot consumer debit card accounts, then channeling the profits into smuggling which used a remotely-piloted drone to drop contraband into the prison yard.
