PSWEpisode649

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode 649 - 2020-04-30

Episode Audio

Paul's Security Weekly Episode 649

Announcements

  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

Technical Segment - Defensive Strategies and Qualys VMDR

Description:

The crew talks about how to accomplish asset management, vulnerability management, prioritization of remediation, and the actual remediation steps! No small task! Then check out a deep dive demonstration of Qualys VMDR that includes, you guessed it, Asset Management, Vulnerability Management, Threat Detection & Prioritization, and Response! To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys


Guest: Bio:
Sumedh Thakar is Chief Product Officer at Qualys
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.

Content:

The crew talks about strategies to achieve the following:

Asset Management - Why it is important and how you might accomplish this in your organization. In the cloud? Containers? OT?

Vulnerability Management - Do we need to find ALL the vulnerabilities? What other tactics can be used to find vulnerabilities that tie into a full VM program?

Prioritization - How do we define what is important and what is not? What factors go into prioritizing vulnerabilities?

Patching - The above 3 activities really mean nothing unless the teams can fix the problems found. What do organizations do to ensure that patches actually get applied? How important is it to automate patching so IT and Security teams can focus on other things?

Following this discussion is a great demo from Sumedh Thakar of Qualys of VMDR, a complete solution for the items we discussed at the top of the segment! Qualys VMDR is an end-to-end solution that cuts across the entire hybrid environment and one that is real-time, accurate, easy to deploy and operate.


Jeff Man's Content:

Jeff Man 2-0.jpg


Template:PSW649Technical SegmentJeff Man

Lee Neely's Content:

Lee Neely-0.jpg


Template:PSW649Technical SegmentLee Neely

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:PSW649Technical SegmentPaul Asadoorian

Tyler Robinson's Content:

Tyler Robinson-0.png


Template:PSW649Technical SegmentTyler Robinson


Interview: Fighting the Cyber War With Battlefield Tactics - 6:00-6:45PM

Description:

Jeremy Miller, a retired Green Beret and current CEO of Lionfish Cyber Security, will discuss how mission set tactics used by Special Forces can be applied directly to the cyber war being waged today. These mission sets are very relevant for the front line of cybersecurity professionals, who are the next generation of Special Operation forces. These are the men and women that protect our country, our businesses and our families. Approaching the cyber war with this mindset, Miller is re-aligning how cybersecurity in small to medium sized businesses is structured. His team plans to be a force multiplier for SMBs by bundling resources and capabilities into an affordable security platform, making cyber security more a strength than a weakness for these organizations. Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/

Content:

Website: https://www.secopscyberinstitute.com/

Guest: Bio:
Jeremy Miller is CEO at Secops Cyber Institute]
Having served in the Army as a Green Beret in the Special Forces, in two wars during two seasons of his life Somalia-92 and after a 10-year break-in service, Afghanistan-09. Jeremy is no stranger to hard work, selfless service, and perseverance. He started and runs an application development company. He has become a seasoned real estate investor, including holding license a broker and level III tax assessor and general entrepreneurship recently started a company to do Cyber Security training and protection, he is honored to join the fight to protect our Country, Companies, and Families.
Guest: Bio:
Philip Niedermair is CEO at National Cyber Group]
As Managing Director of Strategic Alliances, Philip’s role is to develop and nurture high value relationships, building synergy and identifying opportunities in the marketplace for our firm’s clients, allies and friends. Through the added force of collaboration and strategic alliances large projects and significant opportunities can be won and influenced to benefit the clients we serve.

Hosts

Jeff Man - Sr. InfoSec Consultant at Online Business Systems
Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory
Paul Asadoorian - Founder & CTO at Security Weekly
Tyler Robinson - Managing Director of Network Operations at Nisos, Inc

Fullaudio - None

Description:

This week, we welcome Jeremy Miller, CEO of the SecOps Cyber Institute, and Philip Niedermair, CEO of the National Cyber Group, to talk about Fighting the Cyber War with Battlefield Tactics! In our second segment, we talk Security News, discussing How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, how Cybercriminals are using Google reCAPTCHA to hide their phishing, the NSA shares a list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, and how Half a Million Zoom Accounts were Compromised by Credential Stuffing and Sold on the Dark Web! In our final segment, the crew talks accomplishing asset management, vulnerability management, prioritization of remediation, with a Deep Dive demonstration of the Qualys VMDR end-to-end solution!

To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



Jeff Man's Content:

Jeff Man 2-0.jpg


Template:PSW649FullaudioJeff Man

Lee Neely's Content:

Lee Neely-0.jpg


Template:PSW649FullaudioLee Neely

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Template:PSW649FullaudioPaul Asadoorian

Tyler Robinson's Content:

Tyler Robinson-0.png


Template:PSW649FullaudioTyler Robinson


News - Python Pickling, Sophos 0-Day, & AWS RDS MySQL

Description:

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more!



Jeff Man's Content:

Jeff Man 2-0.jpg


  1. Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web weekly Zoom update
  2. Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks
  3. Most Firms Have Some Cyber Insurance But Gaps in Coverage Remain Also checkout Security & Compliance Weekly #SCW24 - Parts 1&2
  4. Cybersecurity Maturity Model Certification: An Idea Whose Time Has Not Come And Never May also SCW#23 Parts 1&2
  5. Former Moore cell phone shop employee uncovers massive nationwide security breach
  6. Etana, a fiat funding provider for Kraken, reports data security breach
  7. Chegg Confirmed Data Breach of Employee Records

Lee Neely's Content:

Lee Neely-0.jpg


COVID-19 Stories

  1. Scammers pounce as stimulus checks start flowing Be vigilant - Scammers are on the lookout for scammers looking to access the COVID-19 related relief checks - IBM claims 6000 percent rise in phishing email.
  2. COVID-19 outbreak may dely audits for DOD's cyber certification Audits to support claims of secure ongoing operation are necessary, remote validation anyone?
  3. Isralei court takes step to halt phone tracking amid virus Israel's Supreme Court on Sunday ordered the Shin Bet security agency to halt its use of phone-surveillance technology in the battle against the coronavirus, unless parliament begins legislating guidelines for the practice.
  4. Agencies That Bought Cloud Services in Response to COVID-19 Need to Review Security Duties In otherwords did you implement the required security and get an ATO?
  5. Two men in California were arrested for a coronavirus wire fraud scheme where they sought to resell 40 million respirator masks at double or triple the purchase price The two men ran a company that falsely claimed to be working with global traders, medical institution and general supply companies for five years.
  6. UPS and CVS will soon deliver prescriptions to a retirement community in Florida by drone. Starting next month, residents of The Villages in central Florida can receive same-day delivery from a local CVS pharmacy via Matternet’s M2 UAV.
  7. Most Americans are not willing or able to use an app tracking coronavirus infections. That’s a problem for Big Tech’s plan to slow the pandemic. Nearly 3 in 5 Americans say they are either unable or unwilling to use the infection-alert system under development by Google and Apple, suggesting that it will be difficult to persuade enough people to use the app to make it effective against the coronavirus pandemic, a Washington Post-University of Maryland poll finds.

In Other News

  1. NSA shares list of vulnerabilities commonly exploited to plant web shells NSA & ASD publish guidance on looking for web shells.
  2. Use Permissions to keep Scammy Apps off your Android Look for extra app permissions, use Play Store, enable Play Protect...
  3. AA20-120A: Microsoft Office 365 Security Recommendations CISA publishes updated security recommendations for Office 365 with remote workers
  4. Lack of Basic Security Measures on Sheffield’s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers They took immediate actions to secure the site/app.
  5. Hackers Mount Zero-Day Attacks on Sophos Firewalls Sophos XG Firewalls targeted, Sophos reportedly released a hotfix for CVE-2020-12271 this week.
  6. NSA: Selecting and Safely Using Collaboration Servicesfor Telework NSA lists the security features of telework/collaboration services.

Paul Asadoorian's Content:

Paul Asadoorian-0.png


Articles

  1. Using Pythons pickling to explain Insecure Deserialization
  2. Critical Vulnerability in Salt Requires Immediate Patching | SecurityWeek.Com
  3. How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss - Yikes! Danger! Allow MySQL port from 0.0.0.0 and open your database to the internet. This approach is a lot easier and with this case, the RDS_HOSTNAME can be used without a problem. But keep in mind that opening database access to the internet is not the ideal solution from the security perspective, so use this method at your own risk.
  4. Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies - PerSwaysion operations were orchestrated by scammers from Nigeria and South Africa who used a Vue.js JavaScript framework-based phishing kit, evidently, developed by and rented from Vietnamese speaking hackers. Which likely means that both hacking groups have your creds...
  5. Brute forcing RDP credentials on the rise | SC Media
  6. Experts found critical flaws in 3 popular e-Learning WordPress Plugins
  7. Cybercriminals are using Google reCAPTCHA to hide their phishing... - As the researchers explain, criminals are using reCAPTCHA walls to block the content of their phishing pages from being scanned by URL scanning services.
  8. Keybase - FYI: https://www.shielder.it/blog/1-click-rce-on-keybase/ (It's been fixed).
  9. Hackers abuse Sophos Firewall Zero Day Vulnerability - hackers attacked Sophos XG Firewall devices whose administration or user portal control panel were exposed on the internet. The hackers used the SQL Injection Vulnerability in XG firewall devices and downloaded a play-load on the device to steal data like passwords and usernames for the firewall device admin, portal admins, and user accounts for remote access, the firewall's license and serial number.
  10. With Now 400 Million Monthly Active Users Telegram Announces Video Calling Service
  11. Microsoft patches .gif file vulnerability in Teams - a two-fold attack that hinges on the successful takeover of a vulnerable subdomain, coupled with an exploitation of specific behaviours in the Microsoft Teams authentication system, pertaining to how authentication tokens for images within Teams are created. By sending the target user a malicious .gif file, CyberArk found that attackers could get hold of this authentication token and take over the victim’s account by sending the token to the compromised subdomain. CyberArk found two of these at Microsoft, both of them now locked down. The .gif would not have had to be shared, merely seen, making the exploit particularly dangerous.
  12. Protecting Critical Infrastructure from Zero Day Cybersecurity Attacks: An Interview With Michael Hylton of OPSWAT - CTOvision.com
  13. Labtainers - Center for Cybersecurity and Cyber Operations - Naval Postgraduate School - The list of labs is really awesome, I have not gotten the environment running yet. Its based on a paper from 2017, however the documentation was dated 4/21/2020, so it is being maintained. Something to check out!
  14. Faster Python in Docker - The tradeoff between security and performance...
  15. Payloads All The Things
  16. RhinoSecurityLabs/ccat: Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. - Starting with compromised AWS credentials, the attacker enumerates and explores ECR repositories. Then, the attacker found that they use NGINX Docker image and pulled that Docker image from ECR. Furthermore, the attacker creates a reverse shell backdoor into the target Docker image. Finally, the attacker pushes the backdoored Docker image to ECR.
  17. 9 Skills That Separate Beginners From Intermediate Python Programmers - Great point: As a beginner, you might work for days on a small snippet of code. If that code suddenly works, you might feel a sense of relief and just run over to the next part of the code. That’s one of the worst things you can do. Accepting that it works without understanding why is probably more dangerous than not understanding why the code does not run.
  18. Hackers are exploiting a Sophos firewall zero-day | ZDNet
  19. Getting Started With AppLocker - Black Hills Information Security

Tyler Robinson's Content:

Tyler Robinson-0.png


Template:PSW649NewsTyler Robinson