Burn It All Down – PSW #728

Announcements

• Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Michael Daniel

President & CEO at Cyber Threat Alliance

Michael Daniel currently serves as the President & CEO of the Cyber Threat Alliance (CTA), a not-for-profit that enables cyber threat information sharing among cybersecurity organizations. Prior to coming to CTA in March 2017, Michael served for four years as US Cybersecurity Coordinator, leading US cybersecurity policy development, facilitating US government partnerships with the private sector and other nations, and coordinating significant incident response activities. From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the U.S. Intelligence Community. Michael also works with the Aspen Cybersecurity Group, the World Economic Forum’s Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem. In his spare time, he enjoys running and martial arts.

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Josh Marpet

Executive Director at RM-ISAO

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

Tyler Robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

trob#6466

http://darkelement.io/

Announcements

• Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Josh Marpet

Executive Director at RM-ISAO

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

Tyler Robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

trob#6466

http://darkelement.io/

Announcements

• Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

• CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

1. 1. Hacker could’ve printed unlimited ‘Ether’ but chose $2M bug bounty instead
   "Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty." - Interesting, if the bug bounty is high enough, people may not steal...
2. 2. Hacking group is on a tear, hitting US critical infrastructure and SF 49ers
   Print bombing: "Another characteristic of BlackByte, Red Canary said, was its use of “print bombing.” This feature caused all printers connected to an infected network to print ransom notes at the top of each hour that said, “Your [sic] HACKED by BlackByte team. Connect us to restore your system.”"
3. 3. Never Use Text Pixelation To Redact Sensitive Information
   "Today, we’re focusing on one such technique – pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. To show you why, I wrote a tool called Unredacter that takes redacted pixelized text and reverses it back into its unredacted form. There’s plenty of real-world examples of this in the wild to redact sensitive information, but I won’t name names here. " - Black bars are the way to go...(just don't distribute the PPT LOL)
4. 4. Patch now: Adobe releases emergency fix for exploited Commerce – Magento zero-day
   "The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a "product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." - Well yea, this is so many bugs... Curious to see the exploit.
5. 5. A Hacker Group Has Been Framing People for Crimes They Didn’t Commit
   Interesting: "The most prominent case involving Elephant centers around Maoist activist Rona Wilson and a group of his associates who, in 2018, were arrested by India security services and accused of plotting to overthrow the government. Evidence for the supposed plot—including a word document detailing plans to assassinate the nation’s prime minister, Narendra Modi—was found on Wilson’s laptop. However, later forensic analysis of the device showed that the documents were actually fake and had been planted using malware. According to Sentinel researchers, it was Elephant that put them there."
6. 6. Linux kernel patches remote stack overflow bug
   Used for clustering. "The TIPC module must be loaded for the system to be vulnerable. In addition, for the system to be targeted remotely, it needs to have a TIPC bearer enabled."
7. 7. 74% of ransomware revenue goes to Russia-linked hackers
   Or is it a group that wants to make it look like Russia? (Adorns tin foil hat): "Their ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country, The gang operates in Russian on Russian-speaking forums, The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US"
8. 8. Apple moves to stop AirTag tracking misuse
   Yea, a stern warning, that'll work: "As part of the changes to make misuse harder, Apple said every user setting up their AirTag for the first time will see a message warning that using the device to track people without consent is a crime in many regions around the world." So, if you don't have an air tag, you still need to install the app: "Currently, iPhone users (and Android users who download an app) receive "unwanted tracking" alerts if an unknown AirTag moves with them."
9. 9. Experts disclose details of Apache Cassandra DB RCE
10. 10. Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
11. 11. High-Severity RCE Bug Found in Popular Apache Cassandra Database
12. 12. Ukraine Defense and Bank Networks DDoS-ed
13. 13. Securing IoT from the ground up – Help Net Security

Josh Marpet

Executive Director at RM-ISAO

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

1. 1. NFL’s San Francisco 49ers hit by Blackbyte ransomware attack
   The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the team. Blackbyte operators have previously exploited Microsoft Exchange servers via the “ProxyShell” vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).
2. 2. CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in Attacks
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 16 new CVE identifiers to its list of known exploited vulnerabilities, including HiveNightmare and the Apple WebKit vulnerabilities.
3. 3. Cyberattack exposes data of 1.2 million guests of Harbour Plaza hotels in Hong Kong
   Attack on retailer HKTVmall that resulted in the exposure customers' delivery addresses, names, and contact numbers.
4. 4. Credit unions should be enabled to provide digital asset services
   Cryptocurrency and digital assets and platforms created through blockchain technology are poised to create major disruptions in the delivery of financial services, CUNA wrote to the Senate Banking, Housing, and Urban Affairs Committee Tuesday.
5. 5. Threat actors compromised +500 Magento-based e-stores with e-skimmers
   Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Magento 1 is unsupported. Move to Magento 2 based versions of the platform, or a commercial product.
6. 6. Apple patches exploited bug in Webkit
   Apple has issued security patches for its macOS, iOS and iPadOS to address CVE-2022-22620, a use after free flaw. The flaw is fixed in macOS 12.2.1, Safari 15.3, Watch OS 8.4.2 and iOS/iPadOS 15.3.1. https://support.apple.com/en-us/HT201222

Tyler Robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

trob#6466

http://darkelement.io/