Data security, Device Security, Identity and access, Remote access, Careers, Compliance, Leadership, Network security, Emerging technology, Security awareness, Vulnerability management

Mood Lighting – PSW #727

This week, we start the show off with Brian Honan, the CEO of BH Consulting joins to discuss why Cybersecurity is Not Just a Technical Problem! In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto!! Next up, Qualys’ Wheel joins to discuss Uncovering a Major Linux PolicyKit security vulnerability: Pwnkit!

Segment Resources:

Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/

Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/

IoT security: Lessons we can learn from the evolution of road safety

https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Cybersecurity Is Not Just a Technical Problem – Brian Honan – PSW #727

We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In particular the airline safety and automobile safety industries have a lot that we can learn from. Things such as breach disclosures, accountability, root cause analysis with openly shared results, focused training, industry norms for checklists, certification of products, and regulations have all improved these industries.

Segment Resources:

Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/

Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosec_disasters_learning_op/

IoT security: Lessons we can learn from the evolution of road safety

https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Brian Honan
Brian Honan
CEO at BH Consulting

Brian Honan is CEO of the Cybersecurity and Data Protection firm BH Consulting and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies. Brian is the author of several books and regularly contributes to various publications. For his contribution to the cybersecurity industry Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. AR vs. VR, Hacking Mazdas, Risqué Latte Art, Crypto Wormholes, & Carding Forum Seized – PSW #727

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
  1. 1. Microsoft to block internet macros by default in five Office applications - "Microsoft said the decision to block VBA macros by default only affects Access, Excel, PowerPoint, Visio, and Word on Windows. Documents that contain VBA macros that have been created and obtained from inside an organization’s trusted network will still be allowed to execute."
  2. 2. Rapping FinanceTok Influencer and Husband Accused of Conspiracy to Launder $4.5 Billion in Crypto - So many talents, money laundering and: "She also apparently has something of a music career. Going by the rap moniker “Razzlekhan,” or RZK, Morgan is a verified artist on Spotify, where she describes herself as creating “sexy horror-comedy raps with an authentically awkward twang."
  3. 3. Russia arrests third hacking group, reportedly seizes carding forums - Russians are no joke: "Security researcher Soufiane Tahiri also discovered that the source code for the sky-fraud.ru seizure notice includes a hidden message for other Russian hackers, saying "??? ?? ??? ??????????" Translated into English, this warning says, "WHICH OF YOU IS NEXT?""
  4. 4. How $323M in crypto was stolen from a blockchain bridge called Wormhole
  5. 5. How cybercriminals are using malware to target Linux-based operating systems – Help Net Security - "More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly"
  6. 6. Russian researchers unlock Intel processors for reverse engineering - "A proof-of-concept published by Russian security vendor Positive Technologies comes with detailed instructions on how to unlock processors to gain access." and "It does this by exploiting a bug in the CPU that Intel has released an advisory on, and then unlocking the CPU to see the chip's internals through an interface known as JTAG. Developed by the Joint Testing Action Group, JTAG is a chip-level interface." - Github repo: https://github.com/ptresearch/IntelTXE-PoC
  7. 7. Detect active network reconnaissance with Microsoft Defender for Endpoint - "In our lab environment, Nmap has been configured to send probes to an individual IP address from an unauthenticated client. The results, albeit constrained to a specific scan type, return a plethora of information that can aid an attacker in building a profile about a discovered host. "
  8. 8. Low-Detection Phishing Kits Increasingly Bypass MFA - Which tool/technique is your favorite?
  9. 9. North Korea: Missile programme funded through stolen crypto, UN report says
  10. 10. Will the Metaverse Usher in a Universe of Security Challenges? - "Future malicious actors may figure out how to make their presences undetectable. From there, they could invisibly join meetings and listen in on business conversations. State actors and spy agencies, as well as industrial espionage actors, may devote enormous resources to figuring this out."
  11. 11. Critical Android 12 bug fixed in February security patches
  12. 12. CVE-2022-21882 - Easy to exploit (Reference: https://securityaffairs.co/wordpress/127377/hacking/cve-2022-21882-win-local-privilege-elevation.html)
  13. 13. x86matthew – CreateSvcRpc – A custom RPC client to execute programs as the SYSTEM user
  14. 14. CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. Rupert Murdoch’s News Corp hacked in cyber attack believed to be linked to China - Investigators say they believe that a Jan. 20, 2022, breach of Rupert Murdoch's News Corp, which resulted in the theft of data belonging to journalists working for variety of news outlets, was linked to China.
  2. 2. Wormhole cryptocurrency platform hacked to steal $326 million - Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred to another blockchain.
  3. 3. DHS Launches Cyber Safety Review Board to Analyze Major Vulnerability Events - The US Department of Homeland Security has named a 15-member Cyber Safety Review Board (CSRB) to assess significant cybersecurity events and recommend improvements - starting with the Log4J vulnerability.
  4. 4. Attackers Target Intuit Users by Threatening to Cancel Tax Accounts – The Cyber Post - The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software. Just in time for tax season, Intuit is warning customers of a phishing campaign that threatens to close user accounts if they don’t click on a malicious link.
  5. 5. Major Vulnerability Found in Argo CD - Security researchers at Apiiro have discovered a significant software supply chain zero-day vulnerability in the popular open-source continuous delivery platform, Argo CD. Argo CD is a tool that reads environment configurations (written as a helm chart, kustomize files, jsonnet or plain YAML files) from git repositories and applies it Kubernetes namespaces. The platform can manage the execution and monitoring of application deployment post-integration. The flaw (CVE-2022-24348) lets attackers access and exfiltrate sensitive information such as passwords and API keys. There is no workaround other than update to the fixed version
  6. 6. Russia arrests third hacking group, reportedly seizes carding forums - Russia arrested six people, allegedly part of a hacking group involved in the theft and selling of stolen credit cards. This marks the third arrest of cyber criminals by Russian authorities in 2022, following the reported arrests of actors associated with the REvil ransomware gang and Andrey Sergeevich Novak, the alleged administrator of the UniCC card shop and leader of the Infraud Organization. The recent law enforcement pressure on Russian cyber criminals could disincentivize threat actors from engaging in payment card theft and carding activities, resulting in a continued decrease in observed activity.
  7. 7. 2021 Trends Show Increased Globalized Threat of Ransomware - CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware. Advisory: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

3. Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit – Wheel – PSW #727

Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research.

Segment Resources:

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Announcements

  • CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!

Guest

. Wheel
. Wheel
Researcher at Qualys

“Wheel” is a member of the Qualys Research Team responsible for finding zero-days.

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad