- 1 Paul's Security Weekly Episode #656 - July 02, 2020
- 2 1. Interview - Work From Home Cyber Security - 06:00 PM-06:45 PM
- 3 2. Interview - OSINT Scraping with Python - 07:00 PM-07:45 PM
- 4 3. News - Netgear RCE, Guacamole Flaws, & 'Lucifer' DDoS Botnet - 08:00 PM-09:30 PM
Paul's Security Weekly Episode #656 - July 02, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Interview - Work From Home Cyber Security - 06:00 PM-06:45 PM
- With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best - host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 - August 6, 2020. To reserve your slot now, visit: securityweekly.com/summercamp2020
Hackers know that more people are working from home now and accessing/ sending/ sharing sensitive company data through their home networks. How can businesses help employees secure their home networks?
1. What is the best way to separate the family and entertainment devices from people's work computers at home? 2. While many focus on blocking incoming traffic, which is important, what can we block egress in the home to improve security? 3. How does one block ads and balance security with usability given that there are many false positives with ad blocking systems? 4. What are the best methods today to prevent family members from consuming inappropriate content within an application or website (e.g. YouTube)? 5. How can we best monitor IoT devices, determine if they are vulnerable and remmediate the vulnerabilities in our home networks?
Jerry Chen is Co-Founder at Firewalla
Before founding Firewalla, Jerry spent nearly 20 years working at Cisco Systems, where he was a senior manager and ran many projects in Security Technology Group, Core Routing Group, and Consumer Business Unit. He was also a member of the Cisco InfoSec Team, focusing on data protection. "I invented Firewalla after my daughter's baby camera was hacked, and my goal is to prevent such things from happening to other families. " Jerry graduated from University of California at Santa Barbara with MS and BS in Electrical Engineering.
2. Interview - OSINT Scraping with Python - 07:00 PM-07:45 PM
- In our first July webcast, you will learn how to stitch and enrich flow data for security with VIAVI Solutions! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the use of python and a handful of other opensource tools such as Recon-NG, Amass, and others.
Ryan Hays is Offensive Security Manager at RSA Security
Ryan has 15 years of experience in the IT field, he has worked in a variety of capacities, currently specializing in offensive security and threat emulation techniques. During his career, he has worked with a multitude of Fortune 500 and 1000 companies, along with various U.S. Government Intelligence agencies on both sides of the field in offensive and defensive capacities. Ryan takes pride in giving back to the infosec community by presenting at multiple conferences as well as providing training and mentorship to people across the globe.
Joff Thyer - Security Analyst at Black Hills Information Security
3. News - Netgear RCE, Guacamole Flaws, & 'Lucifer' DDoS Botnet - 08:00 PM-09:30 PM
- Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
- We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how The Internet is too unsafe, and why We need more hackers!
Doug White's Content:
- Facial Recognition fails 96% of the time per Detroit Police Chief.
- New Senate Bill Attempts to circumvent Encryption with almost no oversight.
Jeff Man's Content:
- Getting Familiar With Cyber Insurance For First-Time Buyers
- $185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit
- South Africa’s Postbank Replaces 12 Million Bank Cards After Internal Security Breach Exposes Master Key I know what you're thinking, "do they even have PCI in South Africa?"
- Inadequate Security, Policies Led to LifeLabs Data Breach of 15M Patients
- Possible Click2Gov security breach under investigation
- 133m records for sale as fruits of data breach spree keep raining down
Joff Thyer's Content:
Lee Neely's Content:
- New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits Lucifer’s exploits CVE-2019-9081 along with other vulnerabilites to increase chances of infection. Keeping systems patched is the best mitigation.
- Developer of DDoS Botnets Based on Mirai Code Sentenced to Prison Vancouver, Wash., resident 22-year-old Kenneth Currin Schuchman has been sentenced to an undisclosed prison term and 18 months of community confinement following his release from prison for his role in developing several botnets and using them to compromise systems, and then selling access to those systems to paying customers.
- How hackers extorted $1.14m from University of California, San Francisco Netwalker criminal gang attacked UCSF and extorted $1,140,895 - it's hoped the data will not be shared further. Proofpoint's Ryan Kalember said: "Universities can be challenging environments to secure for IT administrators."
- São Paulo Subway Facial Recognition System Slammed over User Data Security and Privacy Consumer rights groups claim that Brazil's Metro operator neglects to protect user's PII as they upgrade surveillance system to include facial recognition.
- What Is a Cyber Attack, What Are the Targets and Who Is Behind Them? Inside the Hacking Attacks Bombarding Australia Some insight around the ongoing attacks in Australia. The Australian Cyber Security Center released an advisory on June 19 detailing tactics, techniques, and procedures, as well as numerous IOCs.
- Indian Government Bans TikTok and 50+ Chinese Apps 59 apps identified for data collection and espionage concerns. Beware of added functionality in downloaded apps.
- Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It
- A Hacker Gang Is Wiping Lenovo NAS Devices and Asking for Ransoms The hack is characterized as easy. Block these from direct internet access, secure them and replace them.
- US Local Government Services Targeted by New Magecart Credit Card Skimming Attack Click2Gov payment software targeted again. Best option may be to replace Click2Gov.
- Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL Payment processers need to update to maintain PCI DSS compliance.
- 'GoldenSpy' Malware Uninstaller Delivered to Victims Following Public Exposure Just three days after details about the "GoldenSpy" malware operation were released, the Aisino Intelligent Tax product containing the malware was identified silently pushing a file named "AWX.exe" that was specifically designed to remove GoldenSpy and all evidence of compromise before deleting itself from the system.
- Microsoft releases urgent patch for high-risk Windows 10 flaws Microsoft has released out-of-band patches to address two serious remote code execution vulnerabilities (CVE-2020-1425 and CVE-2020-1457) affecting codecs found in Windows 10 and Windows Server 2019.
Paul Asadoorian's Content:
- Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software | CISA - Proof of concept code that is currently available results in high CPU usage on the affected device. To recover the device, a power cycle needs to occur.
- Apache Releases Security Advisory for Apache Tomcat | CISA
- The man behind Cardplanet credit card market sentenced to 9 years in prison
- Python Arbitrary File Write Prevention: The Tarbomb - As an example of how this could work, imagine you’re on your MacBook trying to open a file you just downloaded from your email, accounts_2020_06.tar.gz. From your downloads folder, you would expect the archive to be extracted into a new folder named accounts_2020_06. However, what if the archive contained a file with the path ../.bash_profile and contained a modified version of a bash profile that opened a backdoor on your system? If taken literally, this malicious file would overwrite your valid bash profile and you wouldn’t even know it. Luckily, the macOS archive utility and many other decompression tools check for these scenarios. However, not all do, case in point — tarfile, part of the python standard library, is vulnerable to this type of attack when used out of the box.
- Unpatched Wi-Fi Extender Opens Home Networks to Remote Control
- The Internet is too unsafe: We need more hackers
- Remote employees encounter 59 risky URLs per week - Help Net Security
- How To Build A Secure Browser For Organizations - Lots of stuff here, but I want more details on this: Our idea is to create an Active Policy Agent AI Agent in the Broker module, one ideally updated by private blockchain like the one in BETA at Oasis Labs. The policies in the browser could be updated from a reliable source in real-time while the AI module makes decisions about safety based on derived variants of the threats before they are found by threat researchers. He also mentions one of our sponsors, ExtraHop (the author does not work for ExtraHop).
- Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems | SecurityWeek.Com
- Researchers Show How Hackers Can Target ICS via Barcode Scanners | SecurityWeek.Com
- Things that happen every four years: Olympic Games, Presidential elections, and now new Mac ransomware - Malwarebytes director of Mac and Mobile Thomas Reed said in one sample he analyzed, the malware posed as an installer for the legit, and highly useful, network monitoring tool Little Snitch. EvilQuest has also been spotted pretending to be music-making suite Ableton Live and tuning software Mixed in Key. K7 threat researcher Dinesh Devadoss also reported discovering the ransomware masquerading as a Google software update.
- Firefox 78 is out with a mysteriously empty list of security fixes - This is bad: At the moment [2020-07-01T11:00Z], the security fixes in the new version are a mystery! The release notes directed us to the official security fixes page, but there wasn’t any entry for Firefox 78.
- Securing the International IoT Supply Chain - Schneier on Security - The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.
- Netgear is releasing fixes for ten issues affecting 79 products - All around the world its the same song, er vulnerability: Multiple Netgear devices contain a stack buffer overflow in the httpd web server’s handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges.
- Microsoft fixes two RCE flaws affecting Windows 10 machines - Help Net Security - What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
- Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking - The attacks stem one of the two possible ways the gateway can be taken over: either by a compromised machine inside the corporate network that leverages an incoming benign connection to attack the Apache gateway or a rogue employee who uses a computer inside the network to hijack the gateway.
- 'GoldenSpy' Malware Targets Businesses Operating in China | SecurityWeek.Com
- Running nmap as an unprivileged user - SecWiki
- Exploring Kernel Networking: BPF Hook Points, Part 1
- Exploring Kernel Networking: BPF Hook Points, Part 2 - Say "hello" to my little friend! - Articles for Developers Building High Performance Systems
- New A Shared File System for Your Lambda Functions | Amazon Web Services