From Paul's Security Weekly
Hack Naked News #175
Recorded May 29, 2018 at G-Unit Studios in Rhode Island!
- Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Ticket Sales are open for Social Engineering RI Conference. Saturday, June 6th at Salve Regina University in Newport RI. Go to - http://se-ri.org/ to register! We are giving away 2 tickets to this conference. Please send your best meme of Paul and Larry to email@example.com.
- How do you feel about User and Entity Behavior Analytics? What about your SEIM? Check out Logrhythm's webcast on June 14th at 3:00pm-4:00pm.
- Why Is Your Location Data No Longer Private? Krebs on Security - Great article from Brian, I like this part as it clarifies what is actually happening: When the FCC’s repeal of the net neutrality rules takes effect on June 11, 2018, broadband providers will once again be regulated by the Federal Trade Commission (FTC). That power was briefly shared with FCC when the agency under the Obama administration passed its net neutrality rules with the assumption that it could regulate broadband providers like telecommunications companies. It remains to be seen how, or if, the FTC will regulate ISPs.
- SSD Advisory QRadar Remote Command Execution SecuriTeam Blogs - Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change from unauthenticated to authenticated access, to running commands, and finally running these commands with root privileges. A patch has been issued by IBM, the link is in the article.
- Securing Mobile Devices During Summer Travel | US-CERT - As summer begins, many people will travel with their mobile devices. Although these devices—such as smartphones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. The guidelines include some basic advice, although noticeably missing is keeping your device up-to-date, in addition to all of your apps, making sure your phone is encrypted, using a secure messaging app like Signal, and protecting your device with a passcode/fingerprint/facial recognition.
- Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers - Even after Silicon Labs, the company who owns Z-Wave, made it mandatory for certified IoT devices to use the latest S2 security standard, millions of smart devices still support the older insecure version of pairing process, called S0 framework, for compatibility. And a research company found it could trick devices into falling back on the older, and less secure, protocol.
- Singapore ISP Leaves 1,000 Routers Open to Attack - Southeast Asian telcom giant Singapore Telecommunications Limited left approximately 1,000 customer routers wide open to a potential attack via an unprotected port. The flub occurred after the region’s largest ISP conducted remote maintenance on affected routers and failed to secure equipment when the work was complete, according to NewSky Security. Just making sure that this practice is still in play, and a note to ISPs NOT to do this, ever.
- French teens charged over Despacito hack - Two 18-year-old French citizens have been charged in Paris following a hack of popular music videos on YouTube. The hackers targeted a string of videos last year, including the hit song Despacito - the most-watched YouTube music video of all time. They did this through Vevo, a music hosting service, and reportedly is not the first time the company has been breached.
- FBI Recommends Router Reboots to Limit VPNFilter Malware Risk - In many cases, the reason why power-cycling or rebooting a system works is because it will remove non-stateful code that is running in a device's memory and return the device to a default status. When it comes to malware, there has been a growing trend in recent years for attacks to make use of what is known as "file-less malware"—malware that resides in memory and doesn't use a specific malware executable that is stored on disk in order to run. The vulnerabilities will, of course, still exist. And the VPNFilter malware exploits known vulnerabilities, so also make sure you patch your devices.
Guest: Daniel Lowrie, ITPro.TV