Burn It All Down – PSW #728
This week, we start the show off with an interview featuring Michael Daniel, President & CEO, Cyber Threat Alliance! Next up, A tech segment walking through Running Windows Inside Containers On Linux! In the Security News for this week: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket, It was Russia unless it wasn't Russia, Cassandra and Magento, and how not to redact!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. Cybersecurity Coordinator Under President Obama – Michael Daniel – PSW #728
Michael joins us to discuss the importance of information sharing, how to convey cybersecurity practice and topics to senior leaders, cybersecurity regulation, myths surrounding militarizing cyberspace, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Michael Daniel currently serves as the President & CEO of the Cyber Threat Alliance (CTA), a not-for-profit that enables cyber threat information sharing among cybersecurity organizations. Prior to coming to CTA in March 2017, Michael served for four years as US Cybersecurity Coordinator, leading US cybersecurity policy development, facilitating US government partnerships with the private sector and other nations, and coordinating significant incident response activities. From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the U.S. Intelligence Community. Michael also works with the Aspen Cybersecurity Group, the World Economic Forum’s Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem. In his spare time, he enjoys running and martial arts.
Hosts
2. Running Windows Inside Containers On Linux – PSW #728
Yes, this is possible! We have incoporated into our vulhub-lab project a way to run Windows inside a Docker Container that is running on Linux. We didn't invent this technique but we will show you how to do it!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
3. Pixelating Info, Pilfer Or Report, Digital Credit Unions, & Airtag Abuse – PSW #728
This week in the Security News: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket or?, It was Russia unless it wasn't Russia, Cassandra and Magento, how not to redact, & more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!
Hosts
- 1. Hacker could’ve printed unlimited ‘Ether’ but chose $2M bug bounty instead"Software engineer Jay Freeman (who goes by Saurik online) didn’t leverage the exploit. Instead, he reported the issue to Optimism’s dev team, who paid him a $2-million bug bounty." - Interesting, if the bug bounty is high enough, people may not steal...
- 2. Hacking group is on a tear, hitting US critical infrastructure and SF 49ersPrint bombing: "Another characteristic of BlackByte, Red Canary said, was its use of “print bombing.” This feature caused all printers connected to an infected network to print ransom notes at the top of each hour that said, “Your [sic] HACKED by BlackByte team. Connect us to restore your system.”"
- 3. Never Use Text Pixelation To Redact Sensitive Information"Today, we’re focusing on one such technique – pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. To show you why, I wrote a tool called Unredacter that takes redacted pixelized text and reverses it back into its unredacted form. There’s plenty of real-world examples of this in the wild to redact sensitive information, but I won’t name names here. " - Black bars are the way to go...(just don't distribute the PPT LOL)
- 4. Patch now: Adobe releases emergency fix for exploited Commerce – Magento zero-day"The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a "product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." - Well yea, this is so many bugs... Curious to see the exploit.
- 5. A Hacker Group Has Been Framing People for Crimes They Didn’t CommitInteresting: "The most prominent case involving Elephant centers around Maoist activist Rona Wilson and a group of his associates who, in 2018, were arrested by India security services and accused of plotting to overthrow the government. Evidence for the supposed plot—including a word document detailing plans to assassinate the nation’s prime minister, Narendra Modi—was found on Wilson’s laptop. However, later forensic analysis of the device showed that the documents were actually fake and had been planted using malware. According to Sentinel researchers, it was Elephant that put them there."
- 6. Linux kernel patches remote stack overflow bugUsed for clustering. "The TIPC module must be loaded for the system to be vulnerable. In addition, for the system to be targeted remotely, it needs to have a TIPC bearer enabled."
- 7. 74% of ransomware revenue goes to Russia-linked hackersOr is it a group that wants to make it look like Russia? (Adorns tin foil hat): "Their ransomware code is written to prevent it from damaging files if it detects the victim's computers are located in Russia or a CIS country, The gang operates in Russian on Russian-speaking forums, The gang is linked to Evil Corp - an alleged cyber-crime group wanted by the US"
- 8. Apple moves to stop AirTag tracking misuseYea, a stern warning, that'll work: "As part of the changes to make misuse harder, Apple said every user setting up their AirTag for the first time will see a message warning that using the device to track people without consent is a crime in many regions around the world." So, if you don't have an air tag, you still need to install the app: "Currently, iPhone users (and Android users who download an app) receive "unwanted tracking" alerts if an unknown AirTag moves with them."
- 9. Experts disclose details of Apache Cassandra DB RCE
- 10. Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
- 11. High-Severity RCE Bug Found in Popular Apache Cassandra Database
- 12. Ukraine Defense and Bank Networks DDoS-ed
- 13. Securing IoT from the ground up – Help Net Security
- 1. NFL’s San Francisco 49ers hit by Blackbyte ransomware attackThe NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the team. Blackbyte operators have previously exploited Microsoft Exchange servers via the “ProxyShell” vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).
- 2. CISA Says ‘HiveNightmare’ Windows Vulnerability Exploited in AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 16 new CVE identifiers to its list of known exploited vulnerabilities, including HiveNightmare and the Apple WebKit vulnerabilities.
- 3. Cyberattack exposes data of 1.2 million guests of Harbour Plaza hotels in Hong KongAttack on retailer HKTVmall that resulted in the exposure customers' delivery addresses, names, and contact numbers.
- 4. Credit unions should be enabled to provide digital asset servicesCryptocurrency and digital assets and platforms created through blockchain technology are poised to create major disruptions in the delivery of financial services, CUNA wrote to the Senate Banking, Housing, and Urban Affairs Committee Tuesday.
- 5. Threat actors compromised +500 Magento-based e-stores with e-skimmersExperts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Magento 1 is unsupported. Move to Magento 2 based versions of the platform, or a commercial product.
- 6. Apple patches exploited bug in WebkitApple has issued security patches for its macOS, iOS and iPadOS to address CVE-2022-22620, a use after free flaw. The flaw is fixed in macOS 12.2.1, Safari 15.3, Watch OS 8.4.2 and iOS/iPadOS 15.3.1. https://support.apple.com/en-us/HT201222
