PSWEpisode651

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode #651 - May 14, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Interview - MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data - 06:00 PM-06:45 PM


Visit https://securityweekly.com/elastic for more information!


Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Description

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.

To learn more about Elastic Security, visit: https://securityweekly.com/elastic


To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2


Guest(s)

Mike Nichols

Mike leads Product Management at Elastic Security and is the former Vice President of Product Management at Endgame. He manages the PM team and ensures the product team is constantly listening to customers, researching the market, and deriving differentiated technology in order to choose the best strategic path for the company. Mike is also a Cybersecurity Strategy Instructor at Georgetown.


Hosts

2. Technical Segment - Securing Remote Access: Quarantines & Security - 07:00 PM-07:45 PM


Visit https://securityweekly.com/edgewise for more information!


Announcements

  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!

Description

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?

To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise



Presenter(s)

Harry Sverdlove

Harry Sverdlove, Edgewise’s Chief Technology Officer, was previously CTO of Carbon Black, where he was the key driving force behind their industry-leading endpoint security platform. Earlier in his career, Harry was principal research scientist for McAfee, Inc., where he supervised the architecture of crawlers, spam detectors and link analyzers. Prior to that, Harry was director of engineering at Compuware Corporation (formerly NuMega) and principal architect for Rational Software.


Hosts

3. News - Ramsay Malware, Top 10 CVE's, & Reverse RDP Attacks - 08:00 PM-09:30 PM


Announcements

  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!


Hosts

Jeff Man's Content:

Articles

  1. Top 10 Routinely Exploited Vulnerabilities CISA releases list of top 10 routinely exploited security vulnerabilities between 2016 and 2019
  2. 4 critical issues surrounding contact-tracing apps
  3. Chatbooks security breach. Users told to change their passwords
  4. Data Breach at U.S. Marshals Service Exposes Personal Data of 387,000 Prisoners
  5. Healthcare Giant Magellan Struck with Ransomware, Data Breach

Joff Thyer's Content:

Articles

Larry Pesce's Content:

Articles

Paul Asadoorian's Content:

Articles

  1. U.S. Cyber Command Shares More North Korean Malware Variants - Schneier comment Ref : It's interesting to see the US government take a more aggressive stance on foreign malware. Making samples public, so all the antivirus companies can add them to their scanning systems, is a big deal -- and probably required some complicated declassification maneuvering. Right, but they do the same to us, or we did it to ourselves? Do we still do it to ourselves?
  2. Cisco, others, shine a light on VPN split-tunneling - Sounds neat: CESA can monitor the corporate tunnel to identify traffic that could be safely moved to the split tunnel. Furthermore, CESA tracks the volume of traffic by application, protocol, port, software process, domain, source/destination, etc,” Pope stated. “This enables IT orgs to identify high volume applications and data sources and move them to the split tunnel first to make the largest impact on VPN performance with the least amount of effort and configuration.
  3. How to implement least privilege in the cloud - Help Net Security - Way too short of an article to truly explain this topic.
  4. Siemens Says Power Meters Affected by Urgent/11 Vulnerabilities | SecurityWeek.Com - FYI, the Urgent/11 vulnerabilities (Ref) were made public in July 2019: Urgent/11 is the name given to a series of vulnerabilities found by researchers at IoT security firm Armis in the Wind River VxWorks real time operating system (RTOS). VxWorks is used by a wide range of companies in their products, including in the aerospace, motor, industrial and medical industries. Armis estimated that hundreds of millions of devices were affected by the vulnerabilities at the time of disclosure.
  5. Researcher Spots New Malware Claimed to be 'Tailored for AirGapped Networks'
  6. New Cyber-Espionage Framework Dubbed Ramsay - The original research from ESET is here. Interesting stuff: Exfiltration of these artifacts is done via an external component that we haven’t been able to retrieve. However, based on the decentralized methodology Ramsay implements for storage of collected artifacts, we believe this component would scan the victim’s file system in search for the Ramsay container’s magic values, in order to identify the location of artifacts to exfiltrate.
  7. Update now! Windows gets another bumper patch update
  8. Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable - Even if you're patched, you're really not in some cases: Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes. Microsoft acknowledged the improper fix and re-patched the flaw in its February 2020 Patch Tuesday update earlier this year, now tracked as CVE-2020-0655
  9. The Top 10 Most-Targeted Security Vulnerabilities
  10. Palo Alto Networks Patches Many Vulnerabilities in PAN-OS - I've noticed some of the web vulnerabilities with a CVSS of 7.5 are fairly common (Reference: https://www.cvedetails.com/vulnerability-list/cvssscoremin-7/cvssscoremax-7.99/vulnerabilities.html). This one is an XEE, rated 7.5, but what files can it read? Doesn't say: https://security.paloaltonetworks.com/CVE-2020-2012. Many web vulnerabilities are deserving of a higher, or lower, score depending on the configuration. Also, throw into the mix any other vulnerabilities that can aid the 7.5 rated vulnerabilities into being more impactful.
  11. Zerodium will no longer acquire certain types of iOS exploits due to surplus - Discuss: We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.
  12. vBulletin fixes critical vulnerability, patch immediately! - CVE-2020-12720 has been defined as an incorrect access control issue, but no additional information has been shared. Charles Fol, a security engineer at Ambionics Security, discovered and reported the “critical” vulnerability and will be sharing details about it in early June at the SSTIC infosec conference. In the meantime, security researchers have been analyzing the changes made to the software’s code with the latest updates and trying to discover more about the fixed flaw(s). - Interesting, since its open-source, its not a secret when the fix is published what the vulnerabilities are, check this out: https://twitter.com/Zenofex/status/1258977918891503617/photo/1 (No need to hold back details in my opinion).
  13. STAMINA, a new approach to malware detection by Microsoft, Intel
  14. Thunderbolt Vulnerabilities Could Threaten Millions of PCs

Tyler Robinson's Content:

Articles

  1. Law Firm Representing Lady Gaga, Madonna, Bruce Springsteen, Others Suffers Major Data Breach A large media and entertainment law firm, appears to have been the victim of a cyberattack that resulted in the theft of an enormous batch of private information on dozens of celebrities, according to a data security researcher
  2. Tom Cruise working with NASA, SpaceX to film a movie on International Space Station I mean what could go wrong? Space station movie for real .... or tax write off your SpaceX ticket
  3. Celebrity Data Stolen in Ransomware Attack on NYC Law Firm Oh this can get juicy...Celebrity data stolen from law firm, ha...
  4. Hacker group floods dark web with data stolen from 11 companies Another day, another breach! Now which 11 companies?
  5. The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet Saved the Internet!