Security Weekly
Paul's Security WeeklySubscribe
Vulnerability Management, Leadership, Zero trust, Security Staff Acquisition & Development, Threat Management

Jingle the Keys – PSW #696

View Show Index

Segments

1. Polarity’s Power-up Sessions, Add an Ability in 15 Minutes – Paul Battista – PSW #696

Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability to automate search and save time. Examples include, how to write basic regular expressions, how to find exploit code faster, basics of cyberchef, or how to read a malware sandbox report.

Segment Resources:

Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA88dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8dfIeFy8

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Paul Battista
CEO & Founder at Polarity

Paul Battista is CEO and Co-Founder of Polarity.io. Prior to Polarity, Paul was an intelligence officer for the United States Government and participated in all elements of the intelligence cycle from planning operations through dissemination to senior policy makers in the White House. Before his government service, Paul was a senior engineer for Aetna Inc., a penetration tester, and incident responder for multiple fortune 100 customers.

Hosts

Principal Security Evangelist at Eclypsium
Product Security Research and Analysis Director at Finite State
Senior Cyber Advisor at Lawrence Livermore National Laboratory

2. Cybersecurity Canon – Rick Howard – PSW #696

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021.

Segment Resources:

https://icdt.osu.edu/cybercanon

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Guest

Rick Howard
CSO at The CyberWire

Rick is the Chief Analyst, Chief Security Officer, and Senior Fellow at The CyberWire, a cybersecurity podcasting network. His prior jobs include the Palo Alto Networks CSO, the TASC CISO, the iDefense GM (A commercial cyber threat intelligence service at Verisign,) the Counterpane Global SOC Director (one of the original MSSPs), and the Commander of the U.S. Army’s Computer Emergency Response Team where he coordinated network defense, network intelligence and network attack operations for the Army’s global network. He was one of the founding players that created the Cyber Threat Alliance (an ISAC for security vendors) and he also created and still runs the Cybersecurity Canon; a Rock & Roll Hall of Fame for cybersecurity books. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1993 to 1999. He has published many academic papers on technology, security, and risk and has contributed as an executive editor to two books: “Cyber Fraud: Tactics, Techniques and Procedures” and “Cyber Security Essentials.”

Hosts

Principal Security Evangelist at Eclypsium
Security Analyst at Black Hills Information Security
Product Security Research and Analysis Director at Finite State
Senior Cyber Advisor at Lawrence Livermore National Laboratory

3. M1 Chip Flaw, Boeing 747 Hacking, Don’t Blame the Intern, & John Deere – PSW #696

This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more!

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Principal Security Evangelist at Eclypsium
  1. 1. Cybersecurity leaders lacking basic cyber hygiene – Help Net Security
    This is interesting? - "48% of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%)."
  2. 2. Introducing Security By Design
    But what is the incentive? - "That’s why we’ve launched Security by Design on Google Play Academy to help developers identify, mitigate, and proactively protect against security threats. The Android ecosystem, including Google Play, has many built-in security features that help protect developers and users. The course Introduction to app security best practices takes these protections one step further by helping you take advantage of additional security features to build into your app."
  3. 3. nginx 1.20.0 DNS Resolver Off-By-One Heap Write
  4. 4. Bypassing Container Image Scanning
    This is awesome, and a simple little trick to lock down the container: "For example, try building RUN apt-get remove apt into the image after all of it’s essential packages have been installed. The packages will remain on the image, but the runtime scanner will be unable to query with apt list, therefore resulting in 0 vulnerabilities found." Of course, you should not be running as root anyhow. Ooooh and this: "If you know exactly where and how the runtime scanner binary gets injected, find a way to prevent it. For example in the microscanner case above, we know it will add the scanner binary at /microscanner . In this case, we can add a layer before the microscanner gets written that creates a symlink to /dev/null. Meaning at image build time the microscanner binary gets discarded instead of written to the filesystem."
  5. 5. Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
  6. 6. Kali Linux team releases Kaboxer, a tool for managing applications in containers – Help Net Security
  7. 7. “Unpatchable” vuln in Apple’s new Mac chip – what you need to know
    "According to Hector Martin, this register can be read from by userland programs running at EL0, though he doesn’t know what the register is actually used for, if anything. However, userland programs aren’t supposed to be able to write into it, given that it’s a system register and supposedly off-limits to EL0 programs. But Martin discovered that userland code can write to just two individual bits inside this register – bits that are apparently otherwise unused and therefore might be considered unimportant or even irrelevant… …and those bits can then be read out from any other userland program."
  8. 8. New Rowhammer Vulnerability Exploits Increasingly Smaller DRAM Chips
  9. 9. NASA identified 1,785 cyber incidents in 2020
  10. 10. Let’s Stop Blaming Employees for Our Data Breaches
  11. 11. Hackers used macOS 0-days to bypass privacy features, take screenshots
    "According to Jamf researchers Jamf researchers Jaron Bradley, Ferdous Saljooki, and Stuart Ashenbrenner, the malware controls legit applications that can capture screen records or screenshots without requiring user consent as soon as it infects the device."
  12. 12. CVE-2021-21551: Learning Through Exploitation
  13. 13. Bosses putting a ‘digital leash’ on remote workers could be crossing a privacy line
  14. 14. The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
    ". By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”"
  15. 15. M1RACLES: An Apple M1 Vulnerability
  16. 16. Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
  17. 17. Vulnerability in VMware product has severity rating of 9.8 out of 10
  18. 18. Bluetooth bugs open the door for attackers to impersonate devices
  19. 19. SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern – CyberScoop
    Backpedaling: "“What happened at the congressional hearings where we attributed it to an intern was not appropriate, and was not what we are about or is not what we are about,” he said. “We have learned from that and I want to reset it here by saying that we are a very safe environment, and we want to attract and retain the best talent.”" and this: "“As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said."
  20. 20. Bose Corporation discloses breach after ransomware attack. – CyberWorkx
  21. 21. Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities Discovered by Sick Codes, Kevin Kenney & Willie Cad
    Awesome write-up, down the rabbit hole we go: "Suddenly they had a private vulnerability disclosure program. It did not exist when we started. 24 hours later, I received the invitation to the program… I was the only researcher in the program The program was created that day Every single asset had no bounty The company does not allow public disclosure"
  22. 22. How to protect your Wi-Fi devices from new FragAttacks vulnerabilities
  23. 23. The Full Story of the Stunning RSA Hack Can Finally Be Told
  24. 24. Global Socket
    If you trust someone else's computers...
  25. 25. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
  26. 26. Getting a persistent shell on a 747 IFE
    This was neat. Windows NT!
Security Analyst at Black Hills Information Security
Product Security Research and Analysis Director at Finite State
  1. 1. FragAttacks + Antenna for Hire™: The Perfect Storm in Your Network Airspace
  2. 2. Can the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol
  3. 3. Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
  4. 4. Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners

Related

5G Hackathons – Casey Ellis – BTS #28

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!