Security Weekly
Paul's Security WeeklySubscribe
Vulnerability Management, Data Security, Security Staff Acquisition & Development, Distributed Workforce, Email security

Sometimes, Computers Just Freak Out – PSW #675

Full Audio

View Show Index

Segments

1. Threat Actors & Recent Trends – Jamie Fernandes, Karsten Chearis – PSW #675

Jamie and Karsten join us for a discussion about recent attack trends, threat actors, and campaigns carried out by malicious threat actors. Everything from gift card scams to the latest techniques used by attacks for successful phishing campaigns!

This segment is sponsored by Mimecast.

Visit https://securityweekly.com/mimecast to learn more about them!

Sponsored By

Mimecast

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guests

Karsten Chearis
Product Manager at Mimecast

Karsten Chearis is a Product Manager, Web Threats and Shadow IT for Mimecast, a leading email security and cyber resilience company. Karsten works with Mimecast’s Global GTM (Go To Market) teams to achieve total product success, including enablement, deal support, and scaling the Web Threats and Shadow IT business. He also works with the Product and Engineering teams to help innovate and achieve new levels of success with their emerging offerings.

Previously, Karsten worked as a Senior Sales Engineer, supporting Mimecast’s Enterprise sales efforts. Prior to working at Mimecast, Karsten worked for various organizations in IT Operations and IT Operations Leadership, including O365 administration, systems administration, patch management, Enterprise Mobility Management, messaging security, and systems standardization.

Jamie Fernandes
Senior Director, Product Management at Mimecast

Jamie Fernandes is the Sr. Director, Product Management at Mimecast, where he leads Product Management for Security, including the Web and Cloud Security product lines. Jamie has spent 20 years in SaaS Product Development & Product Management, serving all segments from SMB to Large Enterprise, B2B andB2C, in Enterprise HCM, Enterprise Product Portfolio Management, and Cybersecurity. He’s had a significant amount of experience bringing new products and services to market during that time, creating new businesses and revenue streams for companies. Jamie holds a B.A from Brandeis University in American Studies & History and is listed as an inventor on two patents: Providing program and policy information to managers – Patent Issued Mar 30, 2004; US 2005/0228799 A1 Management and Delivery of Product Information – Patent Issued Jan9, 2001; US 9/757,376

Hosts

Principal Security Evangelist at Eclypsium
Professor at Roger Williams University
Sr. InfoSec Consultant at Online Business Sytems
Security Analyst at Black Hills Information Security
Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Understanding How Data Science Applies to Infosec – Michael Roytman – PSW #675

Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems.

This segment is sponsored by Kenna Security.

Visit https://securityweekly.com/kennasecurity to learn more about them!

Sponsored By

Kenna Security

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Guest

Michael Roytman
Chief Data Scientist at Kenna Security

Michael Roytman is a recognized expert in cybersecurity data science. At Kenna Security, Michael is responsible for building the company’s core analytics functionality focusing on security metrics, risk measurement, and vulnerability measurement. Named one of Forbes’ 30 Under 30, Michael’s strong entrepreneurship skills include founding organizations such as Dharma Platform, a cloud-based data management platform, and TruckSpotting, a mobile app for tracking food trucks. He also serves on the board of Cryptomove, a moving target data protection startup. In addition, Michael chairs the Board of Dharma Platform, is a board member and the program director at the Society of Information Risk Analysts (SIRA), and is a co-author of the Exploit Prediction Scoring System (EPSS). Michael is a frequent speaker at security industry events, including Black Hat, BSides, Metricon, RSA, SIRACon, SOURCE, and more. Michael holds a Master of Science in Operations Research degree from Georgia Institute of Technology.

Hosts

Principal Security Evangelist at Eclypsium
Professor at Roger Williams University
Sr. InfoSec Consultant at Online Business Sytems
Security Analyst at Black Hills Information Security
Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. IoT Cybersecurity Improvement Act, TCL Smart TV Flaw, & Popping Reverse Shells – PSW #675

In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Principal Security Evangelist at Eclypsium
  1. 1. CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024 – Security Boulevard
    We might need more than this: "Organizations need a way to harden their industrial assets to avoid the costs of an industrial cybersecurity incident both in terms of corporate fees and personal liability to CEO and board members. Organizations must leverage frameworks like ISA/IEC62443, NERC CIP, and MITRE to strengthen their OT assets’ security and select industrial cybersecurity solutions that help create a reliable cyber operational resilience program."
  2. 2. The Most Common API Vulnerabilities
    This is one of my favorites: " This occurs when an API is not designed to prohibit future requests after a first untrustworthy request was recognized and rejected." You should fix it, but then I will have to adjust my attack code ;)
  3. 3. macOS Big Sur 11.0.1 Patches 60 Vulnerabilities
  4. 4. Hackers can use just-fixed Intel bugs to install malicious firmware on PCs
    "The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevent unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. "
  5. 5. Windows 10 update problem: We’re fixing Kerberos authentication bug, says Microsoft
    "Microsoft addressed the vulnerability by changing how the KDC validates service tickets used with the Kerberos Constrained Delegation (KCD) because there was a bypass issue in the way KDC determines if a service token can be used for KCD delegation. Microsoft explains there are three registry setting values – 0, 1, and 2 – for PerformTicketSignature to control it, but admins might encounter different issues with each setting."
  6. 6. Hacked Security Software Used in Novel South Korean Supply-Chain Attack
    "In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera. The software, called Wizvera VeraPort, is used by South Korean government websites and requires visitors to use a VeraPort browser plug-in for identity verification. “To understand this novel supply-chain attack, you should be aware that South Korean internet users are often asked to install additional security software when visiting government or internet banking websites,” ESET wrote."
  7. 7. Citrix SD-WAN Bugs Allow Remote Code Execution
    Well, that right there is your problem: "The Citrix SD-WAN infrastructure runs on Apache with CakePHP2 as the framework. Researchers at Realmode found a hole in the way the CakePHP2 framework handles URLs. For that, Citrix uses the function “_url in CakeRequest.php”." Who thought it was a good idea to implement this in PHP?
  8. 8. JWT Authentication With Spring Boot’s Inbuilt OAuth2 Resource Server
  9. 9. Approach to Hardening Web Servers
  10. 10. Expert publicly discloses PoC code for critical RCE issues in Cisco Security Manager
  11. 11. How do I select a security assessment solution for my business? – Help Net Security
  12. 12. Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs
  13. 13. Hackers Steal 46 Million Animal Jam Account Records, Dating Back…
  14. 14. IoT Cybersecurity Improvement Act Passes Senate
  15. 15. We infiltrated an IRC botnet. Here’s what we found
    Vintage! But apparently an active botnet today, and the conversations had with botnet owners are HILARIOUS.
  16. 16. New Proposed DNS Security Features Released
  17. 17. Microsoft hopes Windows PCs protection with Pluton security chip
  18. 18. The effectiveness of vulnerability disclosure and exploit development – Help Net Security
  19. 19. Cisco Webex bugs allow attackers to join meetings as ghost users
  20. 20. Inside the Cit0Day Breach Collection
  21. 21. How to Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers
    "What we can't see in the GIF is the Netcat connection being made to the attacker's system when fake_video.mp4 opens. The target believes fake_video.mp4 is legitimate and has no idea the operating system was just compromised." Turns out you can execute commands inside the .desktop file, neat trick. Not sure if there is a fix, which makes this even neater.
  22. 22. Why unplugging your router every month is actually good for your Wi-Fi
    This is the worst article I've read all year: "Rebooting the router could do any number of things that will benefit it. Sometimes, computers just freak out. Perhaps there's a bug that's causing the CPU to overheat. Or, perhaps the system is heavy trouble managing your router's memory. Whatever the issue, turning your router off and then back on again will likely fix it." Just poorly written, and so many statements in this article are simply not true.
  23. 23. Trump says he fired top cybersecurity official Christopher Krebs
    https://flip.it/ms4Oo6
  24. 24. Microsoft Defender for Linux adds new security feature
    https://flip.it/VUlfyD
  25. 25. Be Very Sparing in Allowing Site Notifications — Krebs on Security
    https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/
  26. 26. 29 Addresses to Analyze Malware Faster – LetsDefend Blog
    https://letsdefend.io/blog/29-addresses-to-analyze-malware-faster/
  27. 27. Report: Researchers Find ‘Backdoor’ Security Flaw in TCL Smart TVs
    A three-month investigation from security researcher "Sick Codes" and Shutterstock application security engineer John Jackson discovered that it's possible to access a TCL smart TV file system over Wi-Fi via an undocumented TCP/IP port, and then collect, delete, or overwrite files without the need for any sort of password or security clearance. The problem does not affect Roku-based TCL TVs. Original research here: https://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/
  28. 28. Apple released a new MacBook Air and I’m disheartened
    Just ignore everything else, the big complaint here is that the new Air looks just like the old Air: "Yet here were the words "new" and "future" and the same basic design and color choices on what looks like the same old Air." Nevermind all of the awesome things introduced with the M1 chip, and also potential security risks (I'm just waiting for the first vulnerabilities in Rosetta 2). Oh, and the incompatibilities since its ARM, not x86.
Professor at Roger Williams University
  1. 1. Verizon proposes new DNS Security Features
  2. 2. IoT Cybersecurity Improvement Act is passed by the US Senate
  3. 3. LAPD bans Clearview AW for Facial Recognition
  4. 4. Unpatched Browsers don’t get patched
Sr. InfoSec Consultant at Online Business Sytems
  1. 1. Verizon Releases 2020 Cyber Espionage Report
  2. 2. Hackers Hit COVID-19 Biotech Firm, Cold Storage Giant with Cyberattacks
  3. 3. Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach
  4. 4. Pluto TV likely suffered a security breach affecting 3.2 million accounts
  5. 5. Luxottica Data Leaked by Hackers After Ransomware Attack, Breach
  6. 6. How to prevent expensive data breaches in the cloud
  7. 7. 27.7M Texas Drivers Affected by Third-Party Data Breach
  8. 8. Data breaches bring more bad news for the travel and leisure industry
Security Analyst at Black Hills Information Security
  1. 1. Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer
    This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defense technologies.
Senior Cyber Advisor at Lawrence Livermore National Laboratory
  1. 1. Ransomware attack takes web hosting provider Managed.com servers offline
    Managed.com, one of the world's largest web hosting providers, has disclosed it was forced to shut down its entire web hosting infrastructure after being hit by a ransomware attack on Nov. 16 that also reportedly took down "a small number" of customer websites.
  2. 2. Hacking group exploits ZeroLogon in automotive, industrial attack wave
    The possibly Chinese government state-sponsored "Cicada" (APT10, Stone Panda, Cloud Hopper) advanced persistent threat (APT) group has been spotted leveraging the "Zerologon" vulnerability (CVE-2020-1472) in a worldwide attack campaign targeting businesses connected to Japan in order to access and exfiltrate sensitive information.
  3. 3. Microsoft fixes Windows Kerberos authentication issues in OOB update
    Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers CVE-2020-17409. Low risk, high complexity and high priv level needed to exploit.
  4. 4. Australian government warns of possible ransomware attacks on health sector
    The Australian government has issued a security alert today urging local health sector organizations to check their cyber-security defenses, attacks targeting the health care sector with the "SDBBot" remote access Trojan (RAT), which is a known precursor to "Clop" ransomware infections.
  5. 5. Vertafore data breach exposed data of 27.7 million Texas drivers
    Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that after an employee inadvertently stored three files containing the PII on an unsecured external storage service that was ultimately accessed by an unknown third party.
  6. 6. More than 200 systems infected by new Chinese APT ‘FunnyDream’
    A new Chinese state-sponsored hacking group "FunnyDream" has infected more than 200 systems across Southeast Asia. Activity leverages RIGHTSIDE and ENDRANT malware, among others.
  7. 7. Millions of Bumble users put at risk after online dating hack
  8. 8. Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak
    Misconfigured Amazon S3 bucket belonging to Canoga Park, Calif.-based used electronics reseller TronicsXchange exposed on the Internet containing more than 2.6 million files that included victims' personally identifiable information (PII) and biometric images
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

Why Is Your TV & NAS On The Internet? – PSW #824

Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless.