PSWEpisode648

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode 648 - 2020-04-23

Episode Audio

Paul's Security Weekly Episode 648

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 - June 22nd-24th now at Disney's Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

News - iOS Mail Hijack, Hacking Satellites, & 0-Days for Days

Description:

In the Security News, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, Wanna hack a Satellite? The Navy will let you…, IBM 0-day released for days after notification - IBM said “won’t fix!”, Zoom Dropped by Big Business Despite Addressing Security Flaws, Android Users Beware: Google Just Banned These Devious Apps With 69 Million Installs, NSA shares list of vulnerabilities commonly exploited to plant web shells, German Government Loses 'Tens of Millions' in COVID-19 Phishing Attack, and more!



Jeff Man's Content:

Jeff Man 2-0.jpg


  1. Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis
  2. iOS Mail application suffers from a serious security breach
  3. Gamers report unauthorized access to their Nintendo accounts
  4. SBA data breach compromises business owners’ data
  5. Are a lot of CISOs fleecing their companies and delivering little value? don't register - I'm just intrigued by the title
  6. With Cognizant attack, Maze ransomware finds its way into IT services supply chain
  7. Incident Of The Week: How Hackers Are Taking Advantage of Coronavirus
  8. Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus
  9. Private Contact Tracing Protocols Compared: DP-3T and CEN
  10. Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again
  11. 8 video chat apps compared: Which is best for security?

Larry Pesce's Content:

Larry headshot-0.jpg


  1. iOS no-click e-mail 0-day
  2. Wanna hack a Satellite? The Navy will let you…
  3. IBM 0-day released for days after notification - IBM said “won’t fix!”
  4. CVSS 10.0 fof VMware vCenter - and the PoC code
  5. FCC approves 6Gig access for indoor WiFi use as WiFi6E
  6. Android Bluetooth no-clock 0-day, Bluefrag

Lee Neely's Content:

Lee Neely-0.jpg


News

  1. New Coronavirus screenlocker malware is extremely annoying New coronavirus malware locks you out of windows while making annoying sounds
  2. Almost 8,000 Could Be Affected by Federal Emergency Loan Data Breach information belonging to small businees owners applying for the Small Business Administration's (SBA) Economic Injury Disaster Loans (EIDL) program was exposed March 25.
  3. German Government Loses 'Tens of Millions' in COVID-19 Phishing Attack Strongly authenticate applicants, verify details before initiating funds transfers.
  4. New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Articles

  1. Zoom Dropped by Big Business Despite Addressing Security Flaws - Yet how many of these very same companies still use 1) Outdated versions of Internet Explorer 2) Adobe Flash 3) PHP 4) Vulnerable Apache Tomcat 5) Run Windows versions prior to 10. This is a lame PR attempt to make the public think they are being proactive about security. "Oh look at us, we won't run vulnerable software" is not as impactful as you may think to the effectiveness of a security program.
  2. Android Users Beware: Google Just Banned These Devious Apps With 69 Million Installs
  3. Zoom releases 5.0 update with security and privacy improvements - Still no end-to-end encryption, but Zoom is also now enabling passwords by default for most customers, and IT admins can define the password complexity for Zoom business users. Zoom’s waiting room feature is also now on by default for basic, single-license Pro, and education accounts.
  4. Ubuntu 20.04 arrives with Linux 5.4 kernel and WireGuard VPN | ZDNet - [Kernel Self-Protection https://www.kernel.org/doc/html/latest/security/self-protection.html] is one of the features, which makes me wonder how easy/difficult this is to bypass. Also skeptical of KLM (Kernel Lockdown Mode) When enabled, the new "lockdown" feature will restrict some kernel functionality, even for the root user, making it harder for compromised root accounts to compromise the rest of the OS.. Certainly, these two new features will help reduce the attack surface.
  5. Finding Zoom Meeting Details in the Wild | /dev/random - The password seems to help reduce unauthorized guests, not prevent all unauthorized access. But cool stuff, YARA rules to look for passwords in ICS files.
  6. Vulnerability Finding Using Machine Learning - Schneier on Security Check this out: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn't just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning. Since 2001 Microsoft has collected 13 million work items and bugs. We used that data to develop a process and machine learning model that correctly distinguishes between security and non-security bugs 99 percent of the time and accurately identifies the critical, high priority security bugs, 97 percent of the time.
  7. CFAA latest: Supremes to tackle old chestnut of what 'authorized use' of a computer really means in America
  8. Egregious Cloud Security Vulnerabilities
  9. Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch
  10. NSA shares list of vulnerabilities commonly exploited to plant web shells | ZDNet
  11. Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak - Not a great track record: Valve continues to face security issues over the years. In March 2019, a proprietor of a Counter-Strike gaming server promotion service used multiple zero-days in the Counter-Strike client to create a large botnet, made up of fake game servers for the popular online multiplayer game. Also last year, a researcher dropped two zero-day vulnerabilities that affect the Steam game client for Windows, after Valve said it wouldn’t fix it.

Tyler Robinson's Content:

Tyler Robinson-0.png


  1. [ios attacks happening in wild via mobilemail https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/]
  2. [Facebook hacked and 267 Million records for sale https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/]
  3. [FBI research around coronavirus foreign state hackers https://www.reuters.com/article/us-health-coronavirus-cyber/foreign-state-hackers-target-u-s-coronavirus-treatment-research-fbi-official-idUSKBN21Y3GL]
  4. [Magic Leap lays-off half staff https://pitchbook.com/news/articles/magic-leap-lays-off-half-of-staff-seeks-funding-amid-economic-decline]


Interview: Layer8 Conference & WorkshopCon - 6:00-6:45PM

Description:

Patrick Laverty created and co-organizes the Layer 8 Conference with Lea Snyder. This year will be the 3rd annual conference that solely focuses on social engineering and OSINT topics. Ori Zigindere is an offensive security professional with a background in software engineering. He works with a wide range of companies in all major industries to help them improve their security posture against day to day threats. Patrick and Ori join us today to talk about the Layer8 Conference, and WorkshopCon! To sign up for the Layer8 Conference, please visit: https://layer8conference.com/

Guest: Bio:
Ori Zigindere is Co-founder at WorkshopCon
Ori Zigindere is an offensive security professional with a background in software engineering. He works with a wide range of companies in all major industries to help them improve their security posture against day to day threats. Ori believes in the value of privacy and security and helps both individuals and organizations to improve their understanding of these topics. In his spare time, he runs WorkshopCon, a company he co-founded, which helps bring together information security students and trainers for world class quality, low cost training.
Guest: Bio:
Patrick Laverty is Conference Organizer at Layer 8 Conference
Patrick created and co-organizes the Layer 8 Conference with Lea Snyder. This year will be the 3rd annual conference that solely focuses on social engineering and OSINT topics.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Larry Pesce - Senior Managing Consultant and Director of Research at InGuardians
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc

Fullaudio - None

Description:

This week, we welcome Steven Bay, Director of Security Operations at Security On-Demand, to talk about Insider Threats! In our second segment, we welcome Patrick Laverty, Conference Organizer at Layer8 Conference, and Ori Zigindere, Co-Founder of WorkshopCon, to discuss all things Layer8 Conference and WorkshopCon! In the Security News, Zoom releases 5.0 update with security and privacy improvements, Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones, NSA shares list of vulnerabilities commonly exploited to plant web shells, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, & the Top 10 In-Demand Cybersecurity Jobs in the Age of Coronavirus!

To sign up for the Layer8 Conference, please visit: https://layer8conference.com/ To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw

Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



Jeff Man's Content:

Jeff Man 2-0.jpg


Template:PSW648FullaudioJeff Man

Larry Pesce's Content:

Larry headshot-0.jpg


Template:PSW648FullaudioLarry Pesce

Lee Neely's Content:

Lee Neely-0.jpg


Template:PSW648FullaudioLee Neely

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:PSW648FullaudioPaul Asadoorian

Tyler Robinson's Content:

Tyler Robinson-0.png


Template:PSW648FullaudioTyler Robinson


Interview: The Insider Threat - 6:00-6:45PM

Description:

Steven Bay has over 16 years of cybersecurity experience, spanning the military, government, consulting, and enterprise security. For 10 of those years he supported the National Security Agency both as a member of the military and a contractor. In 2013 he hired Edward Snowden to a contract position in Hawaii and was his manager when Snowden fled the country with top secret NSA data. Following this he moved into commercial cybersecurity where he provide IR and Threat Intelligence services to Fortune 500 companies, served as a CISO, and today is the Director of Security Operations at Security On-Demand. He also is keynote speaker where shares his story and lessons learned from his Snowden experience at industry groups, corporate events, and student groups. To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw

Guest: Bio:
Steven Bay is Director, Security Operations at Security On-Demand]
Steven Bay has over 16 years of cybersecurity experience, spanning the military, government, consulting, and enterprise security. For 10 of those years he supported the National Security Agency both as a member of the military and a contractor. In 2013 he hired Edward Snowden to a contract position in Hawaii and was his manager when Snowden fled the country with top secret NSA data. Following this he moved into commercial cybersecurity where he provide IR and Threat Intelligence services to Fortune 500 companies, served as a CISO, and today is the Director of Security Operations at Security On-Demand. He also is keynote speaker where shares his story and lessons learned from his Snowden experience at industry groups, corporate events, and student groups.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Larry Pesce - Senior Managing Consultant and Director of Research at InGuardians
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc