Security Weekly
Paul's Security WeeklySubscribe
Security awareness, Social engineering, Careers, Data security, Leadership

Coming To A Theatre Near You – PSW #684

This week, we welcome Peter Warmka the founder of the Counterintelligence Institute and author of the newly released new book titled: "Confessions of a CIA Spy - The Art of Human Hacking"! Senior Security Architect Bryan Seely from Cyemptive Technologies joins us to discuss How to be a CyberSecurity Hero! In the Security News Nvidia tries to throttle cryptocurrency mining, Digging deeper into the Solarwinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money?!

Peter's new book is available on Amazon: https://amazon.com

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. “Confessions of a CIA Spy – The Art of Human Hacking” Book Release – Peter Warmka – PSW #684

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection.

Peter's new book is available on Amazon: https://amazon.com

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Peter Warmka
Peter Warmka
Founder at Counterintelligence Institute

Former Senior Intelligence Officer with the CIA with over 20 years experience in breaching the security of organizations overseas. Certified Protection Professional (CPP) and Certified Fraud Examiner (CFE.) Professional trainer and Certified Instructor (CIA-U.) Adjunct Professor in Webster University’s Masters in Cyber Security Program Conference speaker, guest podcaster, and author of numerous publications on social engineering and fraud including “Confessions of a CIA Spy – The Art of Human Hacking.” Founder of Orlando based firm Counterintelligence Institute, LLC. Passionate about using his expertise in helping city, state and federal government entities, non-profits, academic institutes, private companies and individuals safeguarding their sensitive proprietary and/or personal data.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Wait, You Did What? How To Be A Cybersecurity Hero… – Bryan Seely – PSW #684

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughter from being trafficked. Bryan will then explain what he does with Cyemptive, his day job.

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Bryan Seely
Bryan Seely
Senior Security Architect / Evangelist at Cyemptive Technology

Bryan Seely is an international keynote speaker, world-famous hacker, Cybersecurity expert, author and former U.S. Marine. Seely became one of the most famous hackers in 2014 when he became the only person to ever wiretap the United States Secret Service and FBI. Shockingly he told the 2 agencies before he was caught, and instead of being sent to maximum security prison, the Secret Service called him a hero and praised his courage and integrity. He has appeared in the New York Times, Wall Street Journal, Washington as well as television appearances on Closing bell on CNBC, CNN, FOX News, ABC, NBC and TMZ with Harvey Levin. Bryan is passionate about fighting for consumers rights, privacy and educating the public about how to stay safe in a constantly changing technology landscape. He currently works as a Senior Security Architect for Cyemptive Technologies, professional keynote speaker, podcast host and full time single father of 2 usually-adorable children.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. TV Hacking, Nvidia, Nation States, NASA, & WMware – PSW #684

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money!?!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. CVSS as a Framework, Not a Score
  2. 2. Is a password manager worth your money?
    Agree or disagree? - "Until passwords go the way of the dodo you need to keep them protected, safe, and accessible. Whether you use a paid, free, or homegrown password manager, use something to keep these most valuable keys protected. Personally, I feel paying a small amount to a company gives me the right to demand better services and improvements, something being a free user does not."
  3. 3. Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries – CyberScoop
    "A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed." - So many questions and theories.
  4. 4. Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks
    This wreaks of "we want to put a limitation on our products". And when you do that, people just want to hack it. Why? Because you put a limitation on your products.
  5. 5. SamyGO
    We have 17 Samsung TVs in the studio now (and several more in other parts of the office and studios). Naturally, I've been curious about hacking them. My intentions are to gain some more control over them, e.g. I don't need any "Smart" features! Also, I don't need audio. Initial research led me here. Mute -> 1-8-2 -> Power is a fairly well-known way to access a "secret" service menu. However, this site details so many more hacks and hidden menus. My goal is to really just turn the TVs into monitors. So much more is possible!
  6. 6. HDMI 8X8 Matrix [email protected] 4:4:4 Control4 Driver – J-Tech Digital
    I was investigating this product. I found that the default password is "Admin/Admin" by guessing as it was not documented. The IP configuration asked for a default gateway, however, I could find no evidence of firmware updates. In fact, there were no firmware updates posted to the vendor site and no way to apply firmware updates via the web interface or via the serial connection. There is a USB-C port, but the documentation does not mention it. The device runs Telnet on port 23, however, the default credentials do not work on that service.
  7. 7. Python jsonpickle 2.0.0 Remote Code Execution
    Check your jsonpickle.
  8. 8. Ukraine says Russia hacked its document portal and planted malicious files
    "Wednesday’s statement came two days after Ukraine’s National Coordination Center for Cybersecurity reported what it said were “massive DDoS attacks on the Ukrainian segment of the Internet, mainly on the websites of the security and defense sector.” An analysis revealed that the attacks used a new mechanism that hadn’t been seen before. DDoS attacks take down targeted servers by bombarding them with more data than they can process." - Nothing new here, just more Russia hacking Ukraine and everyone else in the world turning a blind eye.
  9. 9. This chart shows the connections between cybercrime groups
    Attribution is hard doesn't even begin to cover. When are we going to dig deeper and start identifying which groups were responsible for each phase of the attacks?
  10. 10. Cisco Warns of Critical Auth-Bypass Security Flaw
  11. 11. Cybersecurity Canon
    Some of my favorite hacking/security books in here (and some are not my favorites).
  12. 12. Unauthorized RCE in VMware vCenter
    "After sending an unauthorized request to /ui/vropspluginui/rest/services/*, I discovered that it did not in fact require any authentication." - That's your problem right there...
  13. 13. Heavily used Node.js package has a code injection vulnerability
    "This library is still work in progress. It is supposed to be used as a backend/server-side library (will definitely not work within a browser)," states the developer behind the component." - We cannot just blindly trust all our components and libraries. A human, sometimes, has to read the documentation and performs a risk assessment, that is until the deadline is approaching and you can save 5 days by implementing an experimental library someone else wrote.
  14. 14. Chinese spyware code was copied from America’s NSA Researchers
    If you leave missiles laying around and they fall into the wrong hands, it's a bigger deal than "cyber" weapons.
  15. 15. Ukraine sites suffered massive attacks launched from Russian networks
    "The Ukrainian authorities did not attribute the attack to a specific threat actor." - This does not mean they don't know, they just don't want to say and show their hand. If they know who, it tips them off, and potentially any/all tactics and methods used to observe the attackers.
  16. 16. Python programming language hurries out update to tackle remote code vulnerability
    "The bug occurs because "sprintf" is used unsafely. The impact is broad because Python is pre-installed with multiple Linux distributions and Windows 10."
  17. 17. Clubhouse Chats Are Breached, Raising Concerns Over Security
    https://flip.it/F8VAjg
  18. 18. John Deere Lied For Years About Making Its Tractors Easier To Service
    https://flip.it/qAlsMl
  19. 19. Zombie infection threat as country unlocks 50,000-year-old viruses
    https://flip.it/Cm19ID
  20. 20. New type of supply-chain attack hit Apple, Microsoft and 33 other companies
    https://flip.it/SFR7xq
  21. 21. Microsoft: SolarWinds attack took more than 1,000 engineers to create
    "Microsoft, which was also breached by the bad Orion update, assigned 500 engineers to investigate the attack said Smith, but the (most likely Russia-backed) team behind the attack had more than double the engineering resources. "When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000," said Smith."
  22. 22. France Ties Russia’s Sandworm to a Multiyear Hacking Spree
    "Remarkably, ANSSI says the intrusion campaign dates back to late 2017 and continued until 2020. In those breaches, the hackers appear to have compromised servers running Centreon, sold by the firm of the same name based in Paris. Though ANSSI says it hasn't been able to identify how those servers were hacked, it found on them two different pieces of malware: one publicly available backdoor called PAS, and another known as Exaramel, which Slovakian cybersecurity firm ESET has spotted Sandworm using in previous intrusions. While hacking groups do reuse each other's malware—sometimes intentionally to mislead investigators—the French agency also says it's seen overlap in command and control servers used in the Centreon hacking campaign and previous Sandworm hacking incidents." - Supply chain attack?
Doug White
Doug White
Professor at Roger Williams University
  1. 1. President Biden’s Supply Chain Executive Order
    Cybersecurity is included in this mandate to examine the whole infrastructure in the wake of Solarwinds.
  2. 2. Nvidia throttles Ethereum mining on the RTX 3060
  3. 3. President Biden’s Executive Order on Supply Chain
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems
  1. 1. NASA Sent a Secret Message to Mars. Meet the People Who Decoded It
    Drink more Ovaltine!
  2. 2. Why America would not survive a real first strike cyberattack today
  3. 3. Heavily used Node.js package has a code injection vulnerability
  4. 4. Hackers Tied to Russia’s GRU Targeted the US Grid for Years
  5. 5. Daisy Ridley fires back at Ted Cruz after he defends Gina Carano over ‘Mandalorian’ firing
    Not wanting to get political or anything, but it's Star Wars...
  6. 6. Google Cloud puts its Kubernetes Engine on autopilot
    A WOPR of a story?
  7. 7. Kroger joins victims of Accellion data breach
  8. 8. Clubhouse suffers data breach
  9. 9. Wawa Reaches Proposed $12M Settlement in Data Breach Litigation
  10. 10. Students’ Information Compromised by Data Breach at Harvard Business School
  11. 11. Massive SolarWinds Hack Prompts Calls for U.S. Law Requiring Cyber Breach Reporting
  12. 12. Tactics & Measures for Ransomware in Enterprise Workplace 2021
    I was interviewed recently on Airgap's "Ransomware Battleground" podcast. Different venue, but a good discussion about recent ransomware attacks.
  13. 13. Gula Tech Cyber Fiction Show: Episode #7 – Jeff Man – Cybersecurity Evangelism
    Ron Gula asked me to chat with him about a whole variety of topics. We will do this again.
  14. 14. SCW Ep #62: Interview with John Threat, Part 1
    Must watch episode for everyone who has an interest in hacker history, hacker culture, hip hop, and more.
  15. 15. SCW Ep #62: Interview with John Threat, Part 2
    Second part of the John Threat interview, and also the guys from Hacker Valley Studio.
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. VMware addresses a critical RCE issue in vCenter Server
    VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. CVE-2021-21972 rated as high risk due to arbitrary command execution potential.
  2. 2. 10,000 mailboxes hit in phishing attacks on FedEx and DHL Express
    Attackers have been spotted leveraging phishing emails that purport to be a FedEx online document share and an email from DHL, both sharing shipping details in two phishing attacks targeting some 10,000 mailboxes at DHL Express and FedEx in an effort to steal victims' work email credentials.
  3. 3. California DMV Halts Data Transfers After Vendor Breach
    The California Department of Motor Vehicles (DMV) has announced it has ceased all data transfers after Seattle, Wash.-based third-party funds transfer service provider Automatic Funds Transfer Services, Inc. (AFTS) suffered a ransomware attack that compromised data belonging to millions of California drivers.
  4. 4. Hackers steal credit card data abusing Google’s Apps Script
    Hackers abuse Google Apps Script business application development platform to steal credit cards, bypass CSP
  5. 5. First Malware Designed for Apple M1 Chip Discovered in the Wild
    Security researcher Patrick Wardle detailed a Safari adware extension called GoSearch22 that was originally written to run on Intel x86 chips but has since been ported to run on ARM-based M1 chips. The rogue extension, which is a variant of the Pirrit advertising malware, was first seen in the wild on November 23, 2020, according to a sample uploaded to VirusTotal on December 27.
  6. 6. New malware found on 30,000 Macs has security pros stumped
    A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles. Read Red Canary report https://redcanary.com/blog/clipping-silver-sparrows-wings/
  7. 7. Silver Sparrow macOS malware with M1 compatibility
    Earlier this month, Red Canary detection engineers Wes Hurd and Jason Killam came across a strain of macOS malware using a LaunchAgent to establish persistence.
  8. 8. US Retailer Kroger Admits Accellion Breach
    US retail giant Kroger has become the latest big-name brand to admit it suffered a data breach via legacy file transfer software. The supermarket chain, America’s largest by revenue, posted the notice late last week. It revealed that some of the firm’s customers and employees may have had their data compromised by a malicious third party who exploited a vulnerability in Accellion’s FTA platform
  9. 9. Chinese spies ‘used code copied from America’s NSA’ for hacking operations
    It is not clear how the China-linked malware analysed by Check Point was used.
  10. 10. NurseryCam hacked, company shuts down IoT camera service
    Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off. A hacker contacted El Reg on Friday to say they had obtained real names, usernames, what appeared to be SHA-1 hashed passwords, and email addresses for 12,000 NurseryCam users' accounts – and had then dumped them online.
  11. 11. Exploitation of Accellion File Transfer Appliance
    Accellion has identified cyber actors targeting FTA customers by leveraging the following additional vulnerabilities. CVE-2021-27101 – Structured Query Language (SQL) injection via a crafted HOST header (affects FTA 9_12_370 and earlier) CVE-2021-27102 – Operating system command execution via a local web service call (affects FTA versions 9_12_411 and earlier) CVE-2021-27103 – Server-side request forgery via a crafted POST request (affects FTA 9_12_411 and earlier) CVE-2021-27104 – Operating system command execution via a crafted POST request (affects FTA 9_12_370 and earlier)
  12. 12. Transport for NSW data stolen in Accellion breach
    Transport for NSW has joined a growing list of global organisations to fall victim to the Accellion data breach after confirming that data from the file-sharing system was stolen. Acellion has patched all FTA vulnerabilities known to be exploited by threat actors and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.
  13. 13. FireEye Links Accellion Attacks to FIN11
    FireEye says it has linked the recent string of attacks exploiting vulnerabilities in the Accellion legacy file transfer product (tracked as UNC2546) to financial crime group "FIN11." Note the overlaps between FIN11, UNC2546, and UNC2582 are compelling but not yet conclusively determined how they are connected
  14. 14. Python programming language hurries out update to tackle remote code vulnerability
    The Python Software Foundation (PSF) has released Python 3.9.2 and 3.8.8 in order to address a remotely exploitable remote code execution (RCE) vulnerability (CVE-2021-3177) and a web cache poisoning vulnerability (CVE-2021-23336) that could be exploited by attackers to take targeted systems offline.
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

prestitial ad