HNNEpisode164

From Paul's Security Weekly
Jump to: navigation, search

Hack Naked News #164

Recorded March 6, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Annoucements:

    • Today’s determined attackers easily bypass even the most advanced network defenses. Trying to ramp up staff to detect their backdoors can cost thousands of dollars and take months, even years. With Active Countermeasures AI-Hunter we enable even junior analysts to detect even the most advanced backdoors in a matter of hours. Sign up for a demo and purchase our product today by visiting activecountermeasures.com/hnn. Active Countermeasures: Make every analyst a hunter!
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW89AEE2 to get a $100 discount!
    • Security Weekly listeners save $100 off their registration for a full Conference Pass. Go to www.secureworldexpo.com and use the discount code SecurityWeekly, and join us at SecureWorld Boston!
    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.

    News

    1. Run 'Kali Linux' Natively On Windows 10 Just Like That! - Now you can download and install Kali Linux directly from the Microsoft App Store on Windows 10 just like any other application. You have to enable the WSL (Windows Subsystem for Linux) to make this work. However, this version of Kali does not come pre-bundled with a whole bunch of tools and you have to cautious about you AV eating up your tools. Of course, you can also run Kali in a VM, in the cloud or using Docker. Its nice to have options!
    2. Bug in HP Remote Management Tool Leaves Servers Open to Attack - Relax, its just a DoS: Hewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) is rated “high severity”, with a CVSS base score of 8.6, and was discovered by Rapid7 researchers in September. HPE publicly reported the bug on Feb. 22 and has made patches available.
    3. LTE security flaws could be used for spying, spreading chaos | Ars Technica - As ZDNet’s Zack Whittaker reports, researchers at Purdue University and the University of Iowa conducting tests of 4G LTE networks have uncovered 10 new types of attacks. They made this discovery as part of their evaluation of a proof-of-concept 4G LTE penetration testing toolset, called LTEInspector. Combined with nine previously known attack methods that [the researchers] also identified as still being usable against many carrier networks, the collection of exploits could be used to track device owners, eavesdrop on texts and other sensitive data, and even pose as them on cellular networks and spoof location and other data.
    4. ISC Releases Security Advisories for DHCP, BIND - The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
    5. Red Hat Releases Security Guidance for Memcached - Red Hat has released security recommendations to address potential Distributed Denial of Service attacks using Memcached. This misconfiguration could allow an attacker to exploit Memcached services as a reflection and amplification vector, causing unexpected volumes of traffic to be sent to targeted systems and networks.
    6. Last week's DDoS attack on GitHub included a ransom demand embedded in the payload - News this week was all about the 1.7 Tbs DDoS attack against Github, which used an amplification method that increased traffic more than 50,000 times and was more than double the previously recorded DDoS attempts. cybersecurity firm Cybereason reports that analysis of the data payload revealed a ransom note. The message was embedded within a line of Python code that was delivered by the compromised machines. It demanded GitHub hand over 50 XMR (Monero cryptocurrency). This amounts to about $15,000 US.
    7. Spotify cracks down on free users that steal Premium service - Spotify may have 159 million active users, but only 71 million of those are paid subscribers. It makes sense that the company would want to maximize the number of paying customers, especially in light of the company's recent moves to go public. Now, it appears that Spotify is cracking down on free users that take advantage of hacked apps in order to remove the restrictions of unpaid accounts, according to TorrentFreak. Apparently the code in the client controls whether or not you are a paid user. Not a really smart move to validate the paying users. If you are using a hacked Spotify app, you have likely received a message that your account may be terminated, because, well, theft.

    Commentary

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+