- 1 Paul's Security Weekly Episode #657 - July 09, 2020
- 2 1. Technical Segment - IPv6 Tunneling - Joff Thyer - 06:00 PM-06:45 PM
- 3 2. Interview - Fighting IoT Insecurities - 07:00 PM-07:45 PM
- 4 3. News - RCE Chaos, Zoom 0-Day, & Banning TikTok - 08:00 PM-09:30 PM
- 4.1 Announcements
- 4.2 Description
- 4.3 Hosts
- 4.4 Doug White's Content:
- 4.5 Jeff Man's Content:
- 4.6 Joff Thyer's Content:
- 4.7 Larry Pesce's Content:
- 4.8 Lee Neely's Content:
- 4.9 Paul Asadoorian's Content:
- 4.10 Tyler Robinson's Content:
Paul's Security Weekly Episode #657 - July 09, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Technical Segment - IPv6 Tunneling - Joff Thyer - 06:00 PM-06:45 PM
- With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best - host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 - August 6, 2020. To reserve your slot now, visit: https://securityweekly.com/summercamp2020
In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6.
Joff Thyer is Security Analyst at Black Hills Information Security
Joff is a Security Analyst for Black Hills Information Security and has over 15 years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has experience with intrusion detection and prevention systems, penetration testing, engineering network infrastructure defense, and software development.
2. Interview - Fighting IoT Insecurities - 07:00 PM-07:45 PM
- Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties.
Arrest at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties.
Joff Thyer - Security Analyst at Black Hills Information Security
3. News - RCE Chaos, Zoom 0-Day, & Banning TikTok - 08:00 PM-09:30 PM
- We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- Register for our upcoming webcasts or virtual trainings by visiting https://securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps!
Doug White's Content:
- Creepy computer vendor who spied on customers by selling them used laptops arrested.
- Joe Biden is advertising for senior incident response analyst.
- 15 billion credentials for sale on forums.
- Apparently, seizing domains can somehow stop phishing attacks?
Jeff Man's Content:
- Swvl reveals security breach; names, email addresses and phone numbers of customers accessed by unauthorized party
- Magellan Health Data Breach Victim Tally Reaches 365K Patients
- Cybersecurity As We Know It Is About To Change
- Legal Notice – Equifax, Inc. Customer Data Security Breach Litigation
- Funko tweets Five Nights At Freddy's Security Breach characters and hints of a possible release date
Joff Thyer's Content:
Larry Pesce's Content:
- RCE in Windows Zoom client - Win7 and earlier...
- Restricting SMB lateral movement
- BIG-IP RCE CVE-2020-5902
- Citrix RCEs as well
- Oh, and command injection on PaloAldo Global Protect portal
- and so Juniper doesn’t feel left out…DoS in receipt of BGP
Lee Neely's Content:
- COVID-19 scammers kept posing as Microsoft to defraud people — so Microsoft got a court's permission to secretly seize their websites and shut them down The federal court's motion was sealed so as not to tip their hand, allows Microsoft to fight cyber attacks without enlisting federal prosecutors.
- Apple and T-Mobile are being hit with a class action lawsuit over a security flaw that exposed iMessages and FaceTime calls The issue is that the Apple ID is tied to the T-Mobile sim, and unless manually dis-associated remains so, allowing someone with that SIM to access on behalf of that Apple ID. Lesson: manually disassoicate Apple ID from device and SIM prior to decommission.
- New Windows 10 tool: This free Microsoft app helps you recover deleted or corrupted data Windows File Recovery tool allows recovery from local or removable (SD cards/USB drives) media. NTFS and FAT file systems supported.
- Anonymous Hackers Target TikTok, Urge Users to Delete 'Chinese Spyware' And now Anonymous hackers are targeting TikTok users urging them to "Delete TikTok now. If you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation."
- North Korean Hackers Behind Magecart Attacks Researchers say North Korean government-linked hacking group "Lazarus" (Hidden Cobra) has been breaching U.S. e-commerce sites since May 2019 and is responsible for at least several dozen recent attacks.
- Flaw Fixed in Hotels.com Generator as Tesco Clubcard Users Impacted Fraudsters were able to hijack vouchers for grocery store Tesco Clubcard members to be used on Hotels.com and put them up for sale online, allowing them to potentially steal millions of customers' Clubcard rewards.
- F5 Networks Warns of Critical Security Flaw in Networking Devices F5 Networks has disclosed the existence of a remote code execution (RCE) vulnerability (CVE-2020-5902) affecting the Traffic Management User Interface (TMUI). F5 has reportedly published a list of impacted BIG-IP versions and is urging users to immediately upgrade to patched versions.
- Tech Giants Suspend Hong Kong Co-Operation Following Security Law Facebook, LinkedIn, Telegram, Twitter, WhatsApp, and Zoom have announced they all plan to stop processing data requests related to Hong Kong users issued by the Special Administrative Region (SAR) of China after authorities introduced a regressive national security law.
- Palo Alto Networks fixes another severe flaw in PAN-OS devices Follow on from June fix for CVE-2020-2031, this addresses CVE-2020-2034 which allows unauthenticated remote attackers to execute arbitrary OS commands with root privileges on unpatched devices.
- Malicious App in Google Play Used to Deliver Cerberus Banking Trojan Cerberus Android malware has been observed since June 2019. It leverages features of other RATs to take complete control of devices, overlay attacks to take over banking apps, intercepts SMS, accesses contact lists and more.
- Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products Affected devices should be patched. Attacks require access to vulnerable devices to exploit. Targeting the management interface using XSS can lead to compromise. Virtual IPs could also be used to initiate a DOS attack or internal network scan.
- Google launches Android 11 Beta 2 with final APIs and behaviors Beta 2 is Android 11’s Platform Stability milestone, which means that the APIs and behaviors have been finalized. As a result, developers can make final compatibility updates and focus solely on testing their apps and games. Android 11 is slated for release in Q3, around September 8th.
Paul Asadoorian's Content:
- Solving Uninitialized Kernel Pool Memory on Windows - Microsoft Security Response Center - Really nerdy reading, start with #2 below which talks about stack-based uninitialized memory.
- Solving Uninitialized Stack Memory on Windows - Microsoft Security Response Center
- Vulnerability Management Maturity Model | SANS Institute - I'd really have to study this to figure out what each of these truly means, such as: Manual testing or review processes include focused testing based on historical test data and commonalities or threat intelligence.
- Cisco Small Business Smart and Managed Switches Session Management Vulnerability - The title here is too broad "Session management" does not indicate whether or not the attacker has to have an authenticated session and use that to take over another authenticated session. In this case, you brute force the session key as an *unauthenticated* attacker and take over an existing session. Of course, its all explained here: https://nvd.nist.gov/vuln/detail/CVE-2020-3297. 9.1 from NVD and 8.1 from Cisco. Basically Cisco believes the attack complexity is high, and NVD says its low, hence the difference in the scores. Do you split the difference? Does this take into account that someone has to be logged in already?
- Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment - Well, this is pretty easy: https://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html https://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html
- Cisco Talos discloses technicals details of Chrome, Firefox flaws
- Google open-sources Tsunami vulnerability scanner | ZDNet
- Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw
- Half a Million IoT Passwords Leaked - Schneier on Security - Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT.
- Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says
- Notorious Hacker Fxmsp Outed After Widespread Access-Dealing
- Trump administration looking into ban on TikTok, other Chinese apps - In June, researchers found that TikTok was collecting clipboard data from iOS users. All kinds of sensitive information, including account passwords, often reside on a device's clipboard after users copy it from one field to paste it somewhere else. - It is up to Google and Apple to decide what software can reside on its platforms. If TikTok is in fact abiding by the rules for apps in the respective app stores, should we let the Government tell us what software is safe and what is not?
- Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS | SecurityWeek.Com - the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.
- Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688 - InfoSec Handlers Diary Blog
- Pen Testing ROI: How to Communicate the Value of Security Testing
- 6 Tips for Getting the Most From Nessus - This article is very basic, not all that interesting.
- Zoom zero-day flaw allows code execution on victim's Windows machine - Help Net Security
- How to build a cyber threat intelligence program while cutting through the noise
Tyler Robinson's Content:
https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked https://www.nytimes.com/2020/07/05/world/middleeast/iran-Natanz-nuclear-damage.html https://www.nytimes.com/2020/06/27/technology/ebay-silicon-valley-security-reputation.html https://www.wsj.com/articles/facebook-takes-downs-a-network-of-accounts-tied-to-roger-stone-11594246632 https://www.vice.com/en_us/article/qj43xq/cops-seize-blueleaks-ddosecrets-server?mod=djemCybersecruityPro&tpl=cy https://arstechnica.com/tech-policy/2020/07/fbi-nabs-nigerian-business-scammer-who-allegedly-cost-victims-millions/ https://www.justice.gov/usao-ndwv/pr/berkeley-county-woman-admits-willful-retention-top-secret-national-defense-documents https://www.reuters.com/article/us-iran-nuclear-natanz-idUSKBN2441VY https://www.nytimes.com/2020/06/27/technology/ebay-silicon-valley-security-reputation.html https://www.wsj.com/articles/whatsapp-to-suspend-processing-law-enforcement-requests-for-user-data-in-hong-kong-11594034580 https://www.thedailybeast.com/right-wing-media-outlets-duped-by-a-middle-east-propaganda-campaign