Have a Couple Beers on the Lawnmower – PSW #721

Announcements

• In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

Guest

Ed Skoudis

President of SANS Technology Institute, Director of Holiday Hack Challenge at SANS Institute & Counter Hack

http://counterhack.com/

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

Josh Marpet

Executive Director at RM-ISAO

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

Sponsored By

Announcements

• Throughout 2022, CRA's Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

Guest

Sinan Eren

VP, Zero Trust at Barracuda Networks

Sinan is a veteran in the cybersecurity space and serves as VP of Zero Trust at Barracuda. Sinan is passionate about helping companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources for their outsourcers, partners, contractors and telework employees.

Hosts

Josh Marpet

Executive Director at RM-ISAO

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

Announcements

• We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

• Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Josh Marpet

Executive Director at RM-ISAO

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

1. 1. Printing Shellz
2. 2. Windows 10 RCE: The exploit is in the link
3. 3. A mysterious threat actor is running hundreds of malicious Tor relays
4. 4. Russia issues threat to GPS satellites – GPS World
5. 5. Google warns over 1M devices have been infected in ‘Russian hack’
6. 6. ruDALL-E
7. 7. Jaques Tits, the mathematician behind Tits buildings, the Tits alternative, the Tits group, and the Tits metric, has died at 91
8. 8. Ragnar Locker ransomware group took screenshots of their targets Cybersecurity Incident Response
   Ragnar Locker ransomware group took screenshots of their targets Cybersecurity Incident Response meeting mid-breach. * Image censored to comply with Twitters
9. 9. Hackers drain $31 million from cryptocurrency service MonoX Finance

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

1. 1. Statement from CISA Director Easterly on “Log4j” Vulnerability
   CISA director Jen Easterly said, “We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies -- and signals to non-federal partners -- to urgently patch or remediate this vulnerability." CVE-2021-44228 or Log4Shell has us all busy.
2. 2. Apple Releases Security Updates for Multiple OSs
   Apple has released updates for multiple operating systems, including macOS, iOS, watchOS, iPadOS, and tvOS. The new iOS and iPadOS updates address 42 CVEs and adding new features including Apple Music Voice Plan, “App Privacy Report” and new “communication safety” settings intended to notify parents when their children receive or send photos that contain nudity.
3. 3. Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird
   Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs.
4. 4. Google pushes emergency Chrome update to fix zero-day used in attacks
   As part of its Chrome 96.0.4664.110 release for Linux, Mac, and Windows, Google has issued a fix to address a high-severity use-after-free vulnerability (CVE-2021-4102) affecting the Google Chrome V8 JavaScript engine that has already been actively exploited in the wild.
5. 5. ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware
   Researchers say the financially motivated "Karakurt" threat group, which is focused on data exfiltration and follow-up extortion, has already targeted some 40 victims since September 2021 but has shown no interest in deploying ransomware on targeted systems or taking high-profile targets down. Rather than deploying Cobalt Strike, the group "persisted within the victim's network via the VPN IP pool or installed AnyDesk to allow external remote access to compromised devices. Threat group claims that it "… do[es] not try to harm your processes, delete your data, destroy your business, at least until you yourself give us a reason.”
6. 6. China continues to exploit US universities to bolster military modernization: Report
   The Foundation for Defense of Democracies released a report asserting that China is exploiting its existing relationship with U.S. universities to steal sensitive data and technology that it will ultimately use to "achieve military dominance." China operates more than 200 talent recruitment plans, the most prominent of which is the Thousand Talents Plan (TTP) established in 2008.
7. 7. University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
   Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021. Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns.