Glorious Purpose – PSW #702
This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware Returns with a new VNC Module to Spy on its Victims, and some of the absolute funniest quotes about cyber security & tech in 2021!
Segment Resources:
https://eclypsium.com/2021/06/24/biosdisconnect/
Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. The BIOS Disconnect – Scott Scheferman – PSW #702
Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices.
Segment Resources:
https://eclypsium.com/2021/06/24/biosdisconnect/
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Sponsored By
Announcements
Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!
Guest
Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.
Hosts
2. The Journey from Network Security Engineer to Podcast Host – Jack Rhysider – PSW #702
In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast.
Segment Resources:
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Worked as a network security engineer for 10 years for a MSSP. Admin of firewalls, IPS units, SIEMs.
Got burnt out, loved podcasts, wanted to hear a podcast about hacker stories. Started the podcast Darknet Diaries. Quit job 6 months later, focused on podcast full time. Now podcast make a full time income.
Hosts
3. Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption – PSW #702
The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021!
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Microsoft just blew up the only reason you can’t use a Linux desktopThis is the year of the Linux desktop! Or maybe next year...
- 2. Bug bounties: Here’s how much Microsoft paid out to security researchers last yearThe math is interesting: "Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs. The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards from the previous year. " If MS were to hire researchers, they'd fall short of 341 FTEs for that price...
- 3. Amazon rolls out encryption for Ring doorbells"This is done with Amazon's Video End-to-End Encryption (E2EE). If you decide to install this optional privacy feature, you'll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair. In English, the foundation is pretty darn secure."
- 4. Review of dnsx – a multi-purpose DNS toolkit – Latest Hacking News
- 5. White House Announces Ransomware Task Force"The White House is also taking into account the possibility of new partnerships with cybersecurity providers and critical infrastructure companies so that businesses and the government can share information about ransomware attacks faster." - There seems to be more focus on information sharing than prevention and disruption, which is sad.
- 6. For years, a backdoor in popular KiwiSDR product gave root to project developer" A few lines of code allow the developer to remotely access any device by entering its URL in a browser and appending a password to the end of the address. From there, the person using the backdoor can make configuration changes not only to the radio device but, by default, also to the underlying computing device it runs on. "
- 7. 10 Mistakes Companies Make In Their Ransomware Responses
- 8. Stop Huffing About Cyber Retaliation
- 9. Absolute funniest quotes about cyber security & tech in 2021“I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions….” —Brian Krebs
- 10. How I Would Hack You and Attack You
- 11. Google: four zero-day flaws have been exploited in the wild
- 12. 5 Security Pillars Required For All AWS Cloud Deployments
- 13. The Code Red worm 20 years on – what have we learned?"In the Code Red days, […] if you could find a stack buffer overflow, it was often very, very little work, maybe half an afternoon’s work, to weaponise it, to use the paramilitary terminology that cybersecurity seems to like, and turn it into a workable exploit that could basically break in on any similar Windows sytem."
- 14. US government launches plans to cut cybercriminals off from cryptocurrency – CyberScoop
- 15. iOS zero-day let SolarWinds hackers compromise fully updated iPhones
- 16. Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
- 17. Microsoft fixes Windows Hello authentication bypass vulnerability
- 18. Cube0x0 on Twitter
- 19. BIOPASS RAT New Malware Sniffs Victims via Live Streaming
- 1. Trickbot Malware Returns with a new VNC Module to Spy on its VictimsCybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware. Trickbot is using the updated tvncDLL module to monitor and collect intelligence on selected high-profile targets.
- 2. Kaseya patches VSA vulnerabilities used in REvil ransomware attackKaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Network and functionality changes as well.
- 3. Kaseya claims SaaS restoration going swimminglySign in All Off-Prem Edge + IoT Channel PaaS + IaaS SaaS All On-Prem Servers Storage Networks HPC Personal Tech All Software AI + ML Applications Databases
- 4. New Trojan malware steals millions of login credentialsCybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.
- 5. Morgan Stanley discloses data breach after the hack of a third-party vendorMorgan Stanley has disclosed it suffered a data breach in March 2021, after an Accellion FTA server belonging to third-party vendor GuideHouse was compromised, resulting in attackers accessing data belonging to Morgan Stanley stock plan participants.
- 6. Hackers accessed Mint Mobile subscribers’ data and ported some numbersMint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.
- 7. China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacksMicrosoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322.
- 8. Cl0p ransomware gang leaks sensitive data from 6 US universitesIn a recent update, the infamous Cl0p ransomware group claimed to gain access to financial documents and passport information that allegedly belonged to students and staff from six top universities in the United States.
- 9. US charges close to 500 individuals for COVID-19 fraud, criminal activityThe US Department of Justice (DoJ) has charged 474 individuals for participating in COVID-19 scams and fraudulent activity.
- 10. Mitsubishi Electric Patches Vulnerabilities in Air Conditioning SystemsMitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
- 11. Quantum computers are coming. Get ready for them to change everythingSave-On-Foods has become an unlikely pioneer, using quantum technology to improve the management of in-store logistics. In collaboration with quantum computing company D-Wave, Save-On-Foods is using a new type of computing, which is based on the downright weird behaviour of matter at the quantum level.
- 12. Two cyber insurance industry initiatives grapple with rise of ransomware – CyberScoopSeven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry.
- 13. Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds – CyberScoopAn audit of the cybersecurity of the U.S. Department of Defense's (DoD) "Additive Manufacturing (AM) Systems" conducted by the DoD's Office of Inspector General (OIG) has revealed that the office handling the U.S. military's 3D printing left defense technology designs vulnerable to theft by attackers.
