Leadership, Remote access, Identity and access, Social engineering, Vulnerability management

Have a Couple Beers on the Lawnmower – PSW #721

This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability!

Segment Resources:

www.holidayhackchallenge.com

www.counterhack.com

www.sans.edu

Barracuda research on Ransomware trends and remote code execution vulns:

https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/

https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/

Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. All Your Holiday Hack Challenge Belong To Us – Ed Skoudis – PSW #721

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.

Segment Resources:

www.holidayhackchallenge.com

www.counterhack.com

www.sans.edu

Announcements

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

Guest

Ed Skoudis
Ed Skoudis
President of SANS Technology Institute, Director of Holiday Hack Challenge at SANS Institute & Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

2. What to Expect in 2022 – PSW #721

Since it is Dec 15 - might make sense to have a discussion on what might be coming in 2022 in terms of security - topics could span Ransomware, and other threats as well as technology segments like Zero Trust and SASE, etc.

Segment Resources:

Barracuda research on Ransomware trends and remote code execution vulns:

https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/

https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/

This segment is sponsored by Barracuda Networks.

Visit https://securityweekly.com/barracuda to learn more about them!

Sponsored By

Barracuda Networks

Announcements

  • Throughout 2022, CRA's Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

Guest

Sinan Eren
Sinan Eren
VP, Zero Trust Access • ZTNA Engineering at Barracuda Networks

Sinan Eren is the VP of Zero Trust Access at Barracuda. Sinan was formerly the Founder & CEO at Fyde, acquired by Barracuda in November of 2020.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

3. Printing Shellz, Block Chain For C2, WordPress Theft, & Log4j Who? – PSW #721

This week in the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability?

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery - "Kevin Breen, director of cyber-threat research at Immersive Labs, explained that the bug “allows an attacker to create a malicious package file and then modify it to look like a legitimate application, and has been used to deliver Emotet malware, which made a comeback this year."
  2. 2. WooCommerce Credit Card Stealer Found Implanted in Random Plugins - "As elaborated, the malware didn’t precisely run as a script on the infected web page. Instead, the malware ran on the backend. Hence, upon inspecting logs, the researchers noticed that the malware mainly exploited a WordPress plugin running on the website." Original research: https://blog.sucuri.net/2021/12/woocommerce-credit-card-swiper-injected-into-random-plugin-files.html
  3. 3. Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released - "Dealing with CVE-2021-44228 has shown the JNDI has significant security issues," Ralph Goers of the ASF explained. "While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it."
  4. 4. A List of Vulnerable Products to the Log4j
  5. 5. How Cybercriminals Are Using Bitcoin’s Blockchain to Make Botnets Stronger Than Ever - " instead of hard-coding web domains into the malware, they hard-coded three Bitcoin wallet addresses into it. With these addresses, Glupteba has managed to set up an infallible interface between its bot herds and its C2 infrastructure via a little-known function known as the “OP_Return.” The OP_Return is a controversial feature of Bitcoin wallets that allows for the entry of arbitrary text into transactions. It basically functions as the crypto equivalent of Venmo’s “memo” field. Glupteba has taken advantage of this feature by using it as a communication channel. "
  6. 6. CVE-2021-42287/CVE-2021-42278 Weaponisation
  7. 7. Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package
  8. 8. CVE-2021-44515: ZoHo Patches ManageEngine Zero-Day Exploited in the Wild - Wow: "On December 3, ZoHo issued a security advisory and patches for CVE-2021-44515, an authentication bypass vulnerability in its ManageEngine Desktop Central product that has been exploited in the wild. In addition, a patch was released for CVE-2021-44526, another authentication bypass vulnerability in ServiceDesk Plus, a help desk and asset management application. This follows months of reports and alerts regarding active exploitation of two other vulnerabilities in ManageEngine products, CVE-2021-44077 and CVE-2021-40539. The attacks exploiting these vulnerabilities have been linked to advanced persistent threat (APT) groups."
  9. 9. Important Message: Security vulnerability in Java Edition
  10. 10. 1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs
  11. 11. Google pushes emergency Chrome update to fix zero-day used in attacks - Groundhog day: "The zero-day bug fixed today, tracked as CVE-2021-4102, was reported by an anonymous security researcher and is a use after free weakness in the Chrome V8 JavaScript engine."
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. Statement from CISA Director Easterly on “Log4j” Vulnerability - CISA director Jen Easterly said, “We have added this vulnerability to our catalog of known exploited vulnerabilities, which compels federal civilian agencies -- and signals to non-federal partners -- to urgently patch or remediate this vulnerability." CVE-2021-44228 or Log4Shell has us all busy.
  2. 2. Apple Releases Security Updates for Multiple OSs - Apple has released updates for multiple operating systems, including macOS, iOS, watchOS, iPadOS, and tvOS. The new iOS and iPadOS updates address 42 CVEs and adding new features including Apple Music Voice Plan, “App Privacy Report” and new “communication safety” settings intended to notify parents when their children receive or send photos that contain nudity.
  3. 3. Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird - Mozilla this week released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities, including several bugs.
  4. 4. Google pushes emergency Chrome update to fix zero-day used in attacks - As part of its Chrome 96.0.4664.110 release for Linux, Mac, and Windows, Google has issued a fix to address a high-severity use-after-free vulnerability (CVE-2021-4102) affecting the Google Chrome V8 JavaScript engine that has already been actively exploited in the wild.
  5. 5. ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware - Researchers say the financially motivated "Karakurt" threat group, which is focused on data exfiltration and follow-up extortion, has already targeted some 40 victims since September 2021 but has shown no interest in deploying ransomware on targeted systems or taking high-profile targets down. Rather than deploying Cobalt Strike, the group "persisted within the victim's network via the VPN IP pool or installed AnyDesk to allow external remote access to compromised devices. Threat group claims that it "… do[es] not try to harm your processes, delete your data, destroy your business, at least until you yourself give us a reason.”
  6. 6. China continues to exploit US universities to bolster military modernization: Report - The Foundation for Defense of Democracies released a report asserting that China is exploiting its existing relationship with U.S. universities to steal sensitive data and technology that it will ultimately use to "achieve military dominance." China operates more than 200 talent recruitment plans, the most prominent of which is the Thousand Talents Plan (TTP) established in 2008.
  7. 7. University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes - Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021. Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns.
prestitial ad