PSW #735 – Sean Metcalf & Jay Beale
Full Audio
View Show IndexSegments
1. Identity Security Challenges – Active Directory, Azure AD, & Okta Oh My! – Sean Metcalf – PSW #735
Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence.
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Sean Metcalf is founder and CTO at Trimarc (TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) Active Directory certification, is a Microsoft MVP, and has presented on Active Directory, Azure AD, & Microsoft Cloud attack and defense at security conferences such as Black Hat, BSides, DEF CON, and DerbyCon.
Hosts
2. Hacking Kubernetes – Jay Beale – PSW #735
Jay comes on the show to talk about container and Kubernetes architecture and security (or lack thereof).
Segment Resources:
Peirates, a Kubernetes penetration testing tool: https://www.inguardians.com/peirates/
Free Kubernetes workshops: https://inguardians.com/kubernetes/
DEF CON Kubernetes CTF https://containersecurityctf.com/
Jay's Black Hat Kubernetes Attack and Defense Training https://www.blackhat.com/us-22/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-containers-26473
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Jay Beale (@jaybeale) works on Kubernetes and cloud native security, both as a professional threat actor and in his open source work. He’s the architect of the Peirates attack tool for Kubernetes & the @Bustakube CTF cluster. He created Bastille Linux and the CIS Linux scoring tool, used by hundreds of thousands. Since 2000, he has led training classes on Linux & Kubernetes security at the Black Hat, RSA, CanSecWest and IDG confs. An author and speaker, Beale has contributed to nine books, two columns and over 100 public talks. He is a co-founder and CEO of the infosec consulting company InGuardians.
Hosts
3. Teen Hackers, WTF Apple, Finding iPhones, & Getting Wise to Wyze – PSW #735
In the Security News for this week: Ransomware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iPhone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, ranking endpoint detection, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems"Nordex did not disclose technical details of the cyberattack, but the fact that it was forced to shut down part of its IT infrastructure suggests that it felt victim to a ransomware attack."
- 2. Electric Vehicle Chargers Hacked to Show PornGives a whole new meaning to a supply chain attack: "We are saddened to learn that a third-party web address displayed on our electric vehicle (EV) signage appears to have been hacked."
- 3. Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware – The Citizen Lab
- 4. GitHub Advanced Security: Introducing security overview beta and general availability of secret scanning for private repositoriesNice: "Expanded secret scanning’s pattern coverage to cover tokens from more than 35 partners, Added an API and webhooks for secret scanning alerts, Started sending notifications to commit authors (as well as admins) when they commit secrets"
- 5. Hackers have found a clever new way to steal your Microsoft 365 credentials
- 6. Cash App notifies 8.2 million US customers about data breach
- 7. Establishment of the Bureau of Cyberspace and Digital Policy – United States Department of State"The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom."
- 8. Ukrainians use ‘Find My iPhone’ to see where Russians took their stolen Apple devices"Thefts include technology, allowing Ukrainians to use Apple's 'Find My iPhone' feature to track troop movements. "Ukrainians are locating their devices on the territory of the Homiel region, Belarus, where part of the Russian army retreated" - You'd think that tech stolen by Russian troops would go into RF shielding bags/cases, but no, they are being tracked (thankfully).
- 9. Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina – The Mac Security BlogThis is why I run Linux (and no, not because it does not have vulnerabilities, but at least MOST security issues are out in the open and at least there if you look for them).
- 10. Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm EditionInteresting to see the results, Microsoft coming in at #6 especially.
- 11. Vulnerabilities Identified in Wyze Cam IoT DeviceIt seems like the authentication bypass has not yet been fixed, but the other two issues were addressed. But get this, Wyze did a terrible job handling the disclosure. Also, Bitdefender was generous and gave them like 18 months before they published. This is one hot mess for sure.
- 12. I’m done with Wyze
- 13. A Former Teen Hacker Explains Why It’s So Hard to Stop Teen HackersActually, he (Marcus Hutchins who is interviewed for this article) doesn't explain it at all but does provide some insights.
- 14. Critical GitLab vulnerability lets attackers take over accounts
- 15. Cybercriminals Fighting Over Cloud Workloads for Cryptomining