Security News w/ Ed Skoudis – PSW #676

Announcements

• SCYTHE is offering a FREE purple team workshop where attendees get hands-on in an isolated enterprise environment for three hours! It is scheduled for December 9th (the day before Security Weekly Unlocked!) Register for this free workshop now: https://securityweekly.com/purpleteamsw

• Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Ed Skoudis

President of SANS Technology Institute, Director of Holiday Hack Challenge at SANS Institute & Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

Doug White

Professor at Roger Williams University

https://securedigitallife.com/

1. 1. PowerPepper back door is DeathStalker’s new tool
2. 2. Trickbot returns with UEFI capability
3. 3. Salesforce will buy Slack for 27.7 billion

Jeff Man

Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems

https://www.obsglobal.com/

1. 1. COVID-19 and Cybersecurity: ‘Catastrophic Attack on Our Technology Systems’
   Ransomware attacks shut down school systems in Baltimore and Chicago.
2. 2. The ‘smartest man in the room’ has joined Sidney Powell’s team
   Someone sent me this link and asked me if the guy is a big deal in our industry...I think this is fake news! But how can you be reasonably sure?

Joff Thyer

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/joff-thyer/

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

1. 1. Thousands of unsecured medical records were exposed online
2. 2. An iOS zero-click radio proximity exploit odyssey
3. 3. Call Fraud Operator Ordered to Pay $9M to Victims
4. 4. Evilginx-ing into the cloud: How we detected a red team attack in AWS – Expel
5. 5. Hackers are trying to disrupt the COVID-19 vaccine supply chain

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

1. 1. Carrefour Handed $3.7m GDPR Fine
   France-based retailer Carrefour and its banking division have been fined more than €3 million EUR (~$3.6 million USD) by the French Commission nationale de l’informatique et des libertés (CNIL) for multiple data breaches that violated the EU's GDPR.
2. 2. Talos reported WebKit flaws in WebKit that allow Remote Code Execution
   Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites. Consider this medium-risk due to the potential to execute arbitrary code, offset by the user interaction required for exploitation.
3. 3. Palo Alto researchers said Baidu apps could have tracked users ‘over their lifetime’
   According to Palo Alto Networks, the Baidu apps were collecting user data such as MAC addresses, carrier information, and IMSI numbers stored on SIM cards from victims' phones.
4. 4. This critical software flaw is now being used to break into networks – so update fast
   The U.K.'s National Cyber Security Centre (NCSC) has issued a warning about a critical remote code execution vulnerability (CVE-2020-15505) affecting the MobileIron mobile device management (MDM) software that is reportedly being used by state-backed hackers and organized crime groups to access and steal data from government, healthcare provider, and other networks.
5. 5. Advanced Persistent Threat Actors Targeting U.S. Think Tanks
6. 6. Vietnam-Linked Cyberspies Use New macOS Backdoor in Attacks
   Trend Micro’s security researchers say they believe the Vietnamese advanced persistent threat (APT) group "OceanLotus" (APT-C-00, APT32) has been leveraging a new macOS backdoor in attacks designed to steal sensitive data from government and corporate organizations throughout Southeast Asia.
7. 7. Industrial computer manufacturer Advantech hit with a ransomware attack – SiliconANGLE
   Advantech received a ransom demand for 750 Bitcoin ($13.8 million), but publication of stolen data by Conti operators indicates that the company has at least so far refused to make the payment.
8. 8. Digitally Signed Bandook Malware Once Again Targets Multiple Sectors
   The "Dark Caracal" cyber espionage group, which is suspected to have ties to the Kazakh and Lebanese governments, has been spotted leveraging a re-tooled version of the 13-year-old "Bandook" Windows Trojan, also known as HAIRBALL, in attacks targeting various sectors in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the U.S.
9. 9. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever
   Really cool hack. Be sure to read the linked white paper from Ian Beer.

Tyler Robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

trob#6466

http://darkelement.io/