Funny Stories – PSW #717
Full Audio
View Show IndexSegments
1. Peel Back the Layers of Your Enterprise with Security Onion 2 – Doug Burks – PSW #717
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. We've got a new container-based platform that is more flexible, more powerful, and more scalable than ever before. Join us to see how you can peel back the layers of your enterprise and make your adversaries cry!
Segment Resources:
Announcements
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Guest
Doug Burks started Security Onion in 2008 to provide a comprehensive platform to help folks peel back the layers of their enterprise and make their adversaries cry. Today, Security Onion has over 1,000,000 downloads and is being used by organizations around the world for threat hunting, enterprise security monitoring, and log management. In 2014, Doug started Security Onion Solutions LLC to help those organizations by providing training, professional services, and hardware appliances. Doug is a CEO, public speaker, teacher, former president of the Greater Augusta ISSA, and co-founder of BSides Augusta, but what he really likes the most is catching bad guys.
Hosts
2. Part 2: Scanning For Default Creds With Python – PSW #717
We've updated our script with all sorts of new features. The latest version uses the TOML configuration file format to store the vendor information and the credentials to test with. We'll focus on how to implement that as it's handy for all sorts of projects. We'll also cover some of the other updates, including testing protocols on different ports and better reporting.
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Hosts
3. Shrootless Bug, Statistic Stats, Trojan Source, Fake Students, & Clippy Returns – PSW #717
This week in the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy!
Announcements
In case you missed it: Paul's Security Weekly's new streaming time is Wednesday nights from 6pm-9pm ET & Enterprise Security Weekly's new streaming time is Thursday afternoons from 3pm-4:30pm ET. You can view our live stream schedule at any time at https://securityweekly.com/live!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Over 800 million medical records exposed in data breach – Sacut Cyber Securityan American medical artificial intelligence platform, containing 886,521,320 records. The total size of the dataset was 68.53 GB and contained U.S.-based medical-related data. The type of data collected was divided into the following sections: Date, document type, physician note, encounter IDs (An interaction between a patient and healthcare provider(s) to provide healthcare service(s)), patient ID, note, UUID, patient type, doctor notes, date of service, note type (example Nursing/other), and detailed note text.
- 2. FBI director asks US businesses to work with it to foil Chinese espionageThe head of the FBI urged US companies on Thursday to develop closer ties with it to counter a “multi-avenue” effort by Beijing to amass enough intellectual property to “become the world’s only superpower”. Suggests establishing partnerships with the agency’s local offices – before breaches occur like the Microsoft Exchange email server hack discovered earlier this year.
- 3. Iranian hackers take down servers of Israeli internet hosting company CyberserveBlack Shadow hacking group, which hit Shirbit insurance firm last year, takes public transport companies, children’s museum and other sites offline; warns of data leak. Retaliation for gas pump hack or are they just continuing the cyber jousting?
- 4. New ‘Shrootless’ Bug Could Let Attackers Install Rootkit on macOS SystemsLast week, Microsoft disclosed details about a new vulnerability (CVE-2021-30892) dubbed "Shrootless" that could be exploited by attackers to bypass macOS security restrictions and assume complete control over targeted devices to perform arbitrary operations on compromised devices without being flagged by security solutions.
- 5. APTs, Teleworking, and Advanced VPN Exploits: The Perfect StormVPNs which have become essential for many organizations since the pandemic's onset, are a popular target for cyberattacks. Incident response teams say these attacks on VPNs aren't new, but attackers are finding new and sophisticated ways to compromise enterprise VPNs.
- 6. TA575 criminal group using ‘Squid Game’ lures for Dridex malware – The Cyber PostCybersecurity firm Proofpoint has found evidence of a prolific cybercrime group using the popularity of Netflix hit “Squid Game” to spread the Dridex malware.
- 7. ‘Trojan Source’ Hides Invisible Bugs in Source Code – Sacut Cyber SecurityResearchers say they have uncovered a new attack method they have dubbed "Trojan Source attacks" in which attackers could exploit how Unicode handles script ordering to encode potentially malicious source code in such a way that human reviewers will only see the harmless version of the code while compilers see the nefarious version. The Trojan Source attack method exploits the difference between how text renderers display information versus how a compiler processes it.
- 8. Ransomware cybercriminals linked to Norsk Hydro attack fall prey to Europol swoopEuropol says it has successfully disrupted operations of the high-profile, "professional, highly organized" ransomware group responsible for thousands of "devastating" attacks, including the one that hit Norsk Hydro, after successfully targeting 12 group members.
- 9. FBI warns of fake govt sites used to steal financial, personal dataThe FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims.
- 10. War-Driving – Still an Easy Bet for Household Wi-Fi attacksThe old-time war-driving technique is still proving an efficient way to crack WiFi passwords. Recently, a researcher in Israel was able to crack 70% of WiFi network passwords after collecting network hashes via war-driving.
- 11. 40% of organizations suffered a cloud-based data breach in the past 12 months – Help Net SecurityDespite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.
- 12. FBI: HelloKitty ransomware adds DDoS attacks to extortion tacticsThe FBI has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added DDoS attacks to their arsenal of extortion tactics.
- 13. FBI: Ransomware targets companies during mergers and acquisitionsThe Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in "time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims.
- 14. Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million DevicesCybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million evices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer (P2P) networks, and central command-and-control (C2) servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over.
- 15. Yahoo is the third major US tech platform to exit China in the past monthYahoo announced today (Nov. 2) that it will no longer operate in China as the country tightens data and privacy regulations that are making it increasingly difficult for US companies to operate there.