From Paul's Security Weekly
Recorded June 13, 2019 at G-Unit Studios in Rhode Island!
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!
- Have you been trying your hardest to get a ticket to DerbyCon FinishLine?! We know that tickets sold out almost immediately, as they do almost every year, and we have an exciting announcement: Security Weekly is giving away 7 tickets to DerbyCon! Here's what you need to do - subscribe to the Security Weekly YouTube channel and send an email to email@example.com with either a written or video testimonial about what Security Weekly means to you! That's it, it's really that simple! First 7 people to complete this will receive a ticket to DerbyCon! You will also be invited to participate in our Security Weekly DerbyCon interview series that Sam and Mark will be running at the conference!
Interview: Peter Smith, Edgewise - 6:00-6:30PM
Tech Segment: Corey Thuen, Gravwell - 6:30 - 7:30PM
Topic: Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.
- This week Mark Russinovich released an update to sysmon that adds DNS logging to the popular (and free) endpoint monitoring tool. In this segment, Corey will talk about sysmon use cases and deployment, crack open the new DNS events, conduct some endpoint DNS analytics, and then incorporate threat feeds to stand up DNS monitoring (time permitting).
- Obviously this all hinges on the tool actually going out. As of June 8, that's still the plan: https://twitter.com/markrussinovich/status/1137466538322042880<br.
Security News - 7:30PM-8:30PM
- Black Hat Q&A: Defending Against Cheaper, Accessible 'Deepfake' Tech
- The Rise of 'Purple Teaming'
- World's Largest Beer Brewer Sets Up Cybersecurity Team
- Report: No Eternal Blue Exploit Found in Baltimore City Ransomware Krebs on Security
- Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
- Critical Flaw Reported in Popular Chrome Extension from Evernote Users
- UP Specifications
- Some Raspberry Pi compatible computers
- UPDATE: Sysdig Falco v0.15.1 - PenTestIT
- Advanced Linux backdoor found in the wild escaped AV detection
- Remote attack flaw found in IPTV streaming service | ZDNet
- Warnings of world-wide worm attacks are the real deal, new exploit shows - Unfortunately, these tasks often take place in mission-critical environments such as hospitals, factories, and industrial settings. While patching is by far the most effective way to prevent exploits, there are a variety of workarounds that can be deployed. Chief among them is enabling Network Level Authentication (NLA) for Remote Desktop Services, although this defense is ineffective in the event that attackers have compromised the NLA credentials. It may also be possible to at least partially defeat NLA defenses using a remote desktop protocol weakness disclosed Tuesday. So, for these mission critical applications in those environments, where they can't go down, can't be rebooted, and they are so important that patching is out of the question, WHY THE HELL DID YOU CHOOSE WINDOWS? Isn't there a better solution? Is this the fault of the provider? This isn't even a security argument, can't we help fix this problem with better design choices?
- Microsoft Warns of Email Attacks Executing Code Using an Old Bug
- Radiohead sells recordings to public after hacker threatens to leak them
- Microsoft Patches Critical Vulnerabilities in NTLM | SecurityWeek.Com
- Jumpboxes: How to avoid storing SSH keys
- This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already - With Debian and some other Linux distros, .vimrc ships with modelines already disabled by default, hence those versions are not vulnerable out of the box, though it is still a good idea to update your copy of Vim or Neovim to the latest version.
- Google expert disclosed details of an unpatched flaw in SymCrypt library - According to Microsoft, SymCrypt is the primary library for implementing symmetric cryptographic algorithms in Windows 8, it also implements asymmetric cryptographic algorithms starting with Windows 10 version 1703.Ormandy discovered that it is possible to trigger the flaw to cause an infinite loop when making specific cryptographic operations.
- Tomorrow's Cybersecurity Analyst Is Not Who You Think
- Cognitive Bias Can Hamper Security Decisions
- HaveIBeenPwned up for sale
- NTLM fixes, open up flaws for RCE - here is more and even more….holy crap.
- using NTLM MIC bypass against EPA (Enhanced Protection for Authentication) against webapps that use WIA (Windows Integrated Authentication)
- RCE in vim - some have said that this is a good argument for using emacs. Those folks should be sacked.
- Why Hackers Ignore Most Security Flaws Article about an interesting study
- Improving Vulnerability RemediationThrough Better Exploit Prediction The actual study
- Hackers Grabbed Security Camera Images Taken At Border Crossing, CBP Says
- Congress Gives 'Hack Back' Legislation Another Try Make 'hacking back' legal? What could possibly go wrong
- 15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure If only water utilities accepted credit cards for payment then they'd be subject to PCI and they'd already be doing all of this
- Evite e-invite website admits security breach
- Firm Tech Data Leaks 264gb of data Security settings are now fixed, another store of unsecured data in the cloud. Studies are emerging showing cloud data leak root causes are customer configuration.
- GoldBrute botnet targets RDP GoldBrute Botnet brute-forces exposed RDP services. 1.5M nodes compromised, not necessarily using Bluekeep. This underscores risks of exposed RDP services.
- Mystery signal was shutting down keyless fobs in an Ohio Neighborhood Home-brew security device was transmitting on 315Mhz, covered by FCC Part 15 rules, disrupting keyless entry devices.
- HSM Vulnerabilities disclosed, allows remote exploit Researchers publish paper on exploiting weakness in unnamed HSM vendor's product to allow remote takeover of HSM. Unnamed vendor has released a patch.
- Gaming site Emuparadise breach of 1.1M accounts Emuparadise used to host gaming ROMs for emulators. Suffered breach in April 2018, database of accounts was distributed June 9th.
- Rhode Island RFP has a long list of Blockchain uses Rhode Island RFP is looking for multiple Blockchain solutions across multiple state agencies. They are looking to the private sector for help being the first state to implement. Exciting and concerning.
- RAMBleed Rowhammer Attack RAMBleed is an updated Rowhammer attack that can not-only alter data but also steal it.
- Lake City Fl. Hit by Ransomware City services are offline, water and utility payment systems reverted to paper, infected systems isolated to prevent spread; Public Safety systems were already isolated and encrypted for protection. Ideas to take home?