Security Weekly
Paul's Security WeeklySubscribe
Data Security, Distributed Workforce, Security Staff Acquisition & Development, Vulnerability Management

IoT Cybersecurity Improvement Act, TCL Smart TV Flaw, & Popping Reverse Shells – PSW #675

In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Doug White
Doug White
Professor at Roger Williams University
  1. 1. Verizon proposes new DNS Security Features
  2. 2. IoT Cybersecurity Improvement Act is passed by the US Senate
  3. 3. LAPD bans Clearview AW for Facial Recognition
  4. 4. Unpatched Browsers don’t get patched
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems
  1. 1. Verizon Releases 2020 Cyber Espionage Report
  2. 2. Hackers Hit COVID-19 Biotech Firm, Cold Storage Giant with Cyberattacks
  3. 3. Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach
  4. 4. Pluto TV likely suffered a security breach affecting 3.2 million accounts
  5. 5. Luxottica Data Leaked by Hackers After Ransomware Attack, Breach
  6. 6. How to prevent expensive data breaches in the cloud
  7. 7. 27.7M Texas Drivers Affected by Third-Party Data Breach
  8. 8. Data breaches bring more bad news for the travel and leisure industry
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
  1. 1. Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer
    This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defense technologies.
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
  1. 1. Ransomware attack takes web hosting provider Managed.com servers offline
    Managed.com, one of the world's largest web hosting providers, has disclosed it was forced to shut down its entire web hosting infrastructure after being hit by a ransomware attack on Nov. 16 that also reportedly took down "a small number" of customer websites.
  2. 2. Hacking group exploits ZeroLogon in automotive, industrial attack wave
    The possibly Chinese government state-sponsored "Cicada" (APT10, Stone Panda, Cloud Hopper) advanced persistent threat (APT) group has been spotted leveraging the "Zerologon" vulnerability (CVE-2020-1472) in a worldwide attack campaign targeting businesses connected to Japan in order to access and exfiltrate sensitive information.
  3. 3. Microsoft fixes Windows Kerberos authentication issues in OOB update
    Microsoft has released out-of-band optional updates to fix a known issue that causes Kerberos authentication problems on enterprise domain controllers CVE-2020-17409. Low risk, high complexity and high priv level needed to exploit.
  4. 4. Australian government warns of possible ransomware attacks on health sector
    The Australian government has issued a security alert today urging local health sector organizations to check their cyber-security defenses, attacks targeting the health care sector with the "SDBBot" remote access Trojan (RAT), which is a known precursor to "Clop" ransomware infections.
  5. 5. Vertafore data breach exposed data of 27.7 million Texas drivers
    Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error. Vertafore announced that after an employee inadvertently stored three files containing the PII on an unsecured external storage service that was ultimately accessed by an unknown third party.
  6. 6. More than 200 systems infected by new Chinese APT ‘FunnyDream’
    A new Chinese state-sponsored hacking group "FunnyDream" has infected more than 200 systems across Southeast Asia. Activity leverages RIGHTSIDE and ENDRANT malware, among others.
  7. 7. Millions of Bumble users put at risk after online dating hack
  8. 8. Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak
    Misconfigured Amazon S3 bucket belonging to Canoga Park, Calif.-based used electronics reseller TronicsXchange exposed on the Internet containing more than 2.6 million files that included victims' personally identifiable information (PII) and biometric images
Tyler Robinson
Tyler Robinson
Founder & CEO at Dark Element

Related

Data Chaos MUST be Curbed, but how? – Jackie McGuire – ESW #338

There is little to no organization of data within companies in 2023. We're all guilty of this at some level. The download folders and desktops on our personal machines are a mess. File servers, and cloud storage services are a mess. In Microsoft's recent data leak, AI researchers even had PC backups stored along side machine learning models for wha...
Stop PII Exposure, Know Your Data Location, Cloud Threat Visibility – Ward Cobleigh, Reuben Moretz, Trace Woodbury – ESW #334

Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization. This segment is sp...