Security Weekly
Paul's Security WeeklySubscribe
Vulnerability Management, Privacy, Security Staff Acquisition & Development

Glorious Purpose – PSW #702

Full Audio

View Show Index

Segments

1. The BIOS Disconnect – Scott Scheferman – PSW #702

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices.

Segment Resources:
https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Sponsored By

Eclypsium

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Guest

Scott Scheferman
Principal Cyber Strategist at Eclypsium

Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

Principal Security Evangelist at Eclypsium
Sr. InfoSec Consultant at Online Business Sytems
Senior Cyber Advisor at Lawrence Livermore National Laboratory

2. The Journey from Network Security Engineer to Podcast Host – Jack Rhysider – PSW #702

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast.

Segment Resources: https://darknetdiaries.com/

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Jack Rhysider
Podcaster at Darknet Diaries

Worked as a network security engineer for 10 years for a MSSP. Admin of firewalls, IPS units, SIEMs.
Got burnt out, loved podcasts, wanted to hear a podcast about hacker stories. Started the podcast Darknet Diaries. Quit job 6 months later, focused on podcast full time. Now podcast make a full time income.

Hosts

Principal Security Evangelist at Eclypsium
Sr. InfoSec Consultant at Online Business Sytems
Senior Cyber Advisor at Lawrence Livermore National Laboratory

3. Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption – PSW #702

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Hosts

Principal Security Evangelist at Eclypsium
  1. 1. Microsoft just blew up the only reason you can’t use a Linux desktop
    This is the year of the Linux desktop! Or maybe next year...
  2. 2. Bug bounties: Here’s how much Microsoft paid out to security researchers last year
    The math is interesting: "Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs. The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards from the previous year. " If MS were to hire researchers, they'd fall short of 341 FTEs for that price...
  3. 3. Amazon rolls out encryption for Ring doorbells
    "This is done with Amazon's Video End-to-End Encryption (E2EE). If you decide to install this optional privacy feature, you'll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair. In English, the foundation is pretty darn secure."
  4. 4. Review of dnsx – a multi-purpose DNS toolkit – Latest Hacking News
  5. 5. White House Announces Ransomware Task Force
    "The White House is also taking into account the possibility of new partnerships with cybersecurity providers and critical infrastructure companies so that businesses and the government can share information about ransomware attacks faster." - There seems to be more focus on information sharing than prevention and disruption, which is sad.
  6. 6. For years, a backdoor in popular KiwiSDR product gave root to project developer
    " A few lines of code allow the developer to remotely access any device by entering its URL in a browser and appending a password to the end of the address. From there, the person using the backdoor can make configuration changes not only to the radio device but, by default, also to the underlying computing device it runs on. "
  7. 7. 10 Mistakes Companies Make In Their Ransomware Responses
  8. 8. Stop Huffing About Cyber Retaliation
  9. 9. Absolute funniest quotes about cyber security & tech in 2021
    “I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions….” —Brian Krebs
  10. 10. How I Would Hack You and Attack You
  11. 11. Google: four zero-day flaws have been exploited in the wild
  12. 12. 5 Security Pillars Required For All AWS Cloud Deployments
  13. 13. The Code Red worm 20 years on – what have we learned?
    "In the Code Red days, […] if you could find a stack buffer overflow, it was often very, very little work, maybe half an afternoon’s work, to weaponise it, to use the paramilitary terminology that cybersecurity seems to like, and turn it into a workable exploit that could basically break in on any similar Windows sytem."
  14. 14. US government launches plans to cut cybercriminals off from cryptocurrency – CyberScoop
  15. 15. iOS zero-day let SolarWinds hackers compromise fully updated iPhones
  16. 16. Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
  17. 17. Microsoft fixes Windows Hello authentication bypass vulnerability
  18. 18. Cube0x0 on Twitter
  19. 19. BIOPASS RAT New Malware Sniffs Victims via Live Streaming
Sr. InfoSec Consultant at Online Business Sytems
Senior Cyber Advisor at Lawrence Livermore National Laboratory
  1. 1. Trickbot Malware Returns with a new VNC Module to Spy on its Victims
    Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware. Trickbot is using the updated tvncDLL module to monitor and collect intelligence on selected high-profile targets.
  2. 2. Kaseya patches VSA vulnerabilities used in REvil ransomware attack
    Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Network and functionality changes as well.
  3. 3. Kaseya claims SaaS restoration going swimmingly
    Sign in All Off-Prem Edge + IoT Channel PaaS + IaaS SaaS All On-Prem Servers Storage Networks HPC Personal Tech All Software AI + ML Applications Databases
  4. 4. New Trojan malware steals millions of login credentials
    Cybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.
  5. 5. Morgan Stanley discloses data breach after the hack of a third-party vendor
    Morgan Stanley has disclosed it suffered a data breach in March 2021, after an Accellion FTA server belonging to third-party vendor GuideHouse was compromised, resulting in attackers accessing data belonging to Morgan Stanley stock plan participants.
  6. 6. Hackers accessed Mint Mobile subscribers’ data and ported some numbers
    Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.
  7. 7. China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks
    Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322.
  8. 8. Cl0p ransomware gang leaks sensitive data from 6 US universites
    In a recent update, the infamous Cl0p ransomware group claimed to gain access to financial documents and passport information that allegedly belonged to students and staff from six top universities in the United States.
  9. 9. US charges close to 500 individuals for COVID-19 fraud, criminal activity
    The US Department of Justice (DoJ) has charged 474 individuals for participating in COVID-19 scams and fraudulent activity.
  10. 10. Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems
    Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
  11. 11. Quantum computers are coming. Get ready for them to change everything
    Save-On-Foods has become an unlikely pioneer, using quantum technology to improve the management of in-store logistics. In collaboration with quantum computing company D-Wave, Save-On-Foods is using a new type of computing, which is based on the downright weird behaviour of matter at the quantum level.
  12. 12. Two cyber insurance industry initiatives grapple with rise of ransomware – CyberScoop
    Seven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry.
  13. 13. Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds – CyberScoop
    An audit of the cybersecurity of the U.S. Department of Defense's (DoD) "Additive Manufacturing (AM) Systems" conducted by the DoD's Office of Inspector General (OIG) has revealed that the office handling the U.S. military's 3D printing left defense technology designs vulnerable to theft by attackers.

Related