- 1 Paul's Security Weekly Episode #659 - July 23, 2020
- 2 1. Affects of COVID-19 on Web Applications - 06:00 PM-06:45 PM
- 3 2. The Power of the Cloud Platform: One Single Agent, One Global View - 07:00 PM-07:45 PM
- 4 3. Cisco Security Flaw, Million Dollar Bounties, & Jackpotting ATMs - 08:00 PM-09:30 PM
Paul's Security Weekly Episode #659 - July 23, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Affects of COVID-19 on Web Applications - 06:00 PM-06:45 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting <a href="https://securityweekly.com/guests" rel="nofollow">https://securityweekly.com/guests</a> and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.
Zane Lackey is Chief Security Officer at Signal Sciences
Zane Lackey is the Co-Founder / Chief Security Officer at Signal Sciences and the Author of Building a Modern Security Program (O’Reilly Media). He serves on multiple public and private advisory boards and is an investor in emerging cybersecurity companies. Prior to co-founding Signal Sciences, Zane lead a security team at the forefront of the DevOps/Cloud shift as CISO of Etsy. He has been featured in notable media outlets such as the BBC, Wall Street Journal, Associated Press, Forbes, Wired, and CNET. A frequent speaker at top industry conferences such as BlackHat, RSA, Velocity, OWASP, DevOpsDays, and has also given invited lectures at Facebook, Goldman Sachs, IBM, Microsoft, Carnegie Mellon University, and the Federal Trade Commission.
2. The Power of the Cloud Platform: One Single Agent, One Global View - 07:00 PM-07:45 PM
Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response. This segment is sponsored by Qualys.
Sumedh Thakar is President and Chief Product Officer at Qualys
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.
Joff Thyer - Security Analyst at Black Hills Information Security
3. Cisco Security Flaw, Million Dollar Bounties, & Jackpotting ATMs - 08:00 PM-09:30 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting <a href="https://securityweekly.com/subscribe" rel="nofollow">https://securityweekly.com/subscribe</a> and clicking the button to join the list!
Learn how to keep your “internet self” safe in our next webcast on August 13th! Register for our upcoming webcasts or virtual trainings by visiting <a href="https://securityweekly.com/webcasts" rel="nofollow">https://securityweekly.com/webcasts</a>. Or visit <a href="http://securityweekly.com/ondemand" rel="nofollow">securityweekly.com/ondemand</a> to view our previously recorded webcasts!
Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts’ private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!
Doug White's Content:
Jeff Man's Content:
- Alleged Cypriot Hacker Extradited to US to Face Charges
- Multiple vulnerabilities found in CDATA OLTs
- First Charges Filed Under New York’s Cyber Reg Involve First American Data Leak
- Twitter Latest Security Breach Reveals the Value of a Proactive Compliance Program I figured we had enough twitter articles, but this one mentions compliance!
Joff Thyer's Content:
Paul Asadoorian's Content:
- Twitter says hackers viewed 36 accounts' private messages - Holy boiler plate Batman: "We've implemented safeguards to improve the security of our internal systems and are working with law enforcement as they conduct their investigations," it said. "We understand our responsibilities and are committed to earning the trust of all our stakeholders with our every action, including how we address the security issue. "We will continue to be transparent in sharing our learnings and remediations."- We want more details, and assurance that Twitter accounts are now safer from attacks?
- SMB12 Information Gathering Packet Storm - SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).
- Hacking a Power Supply - Schneier on Security - Meh: by hacking the fast charging firmware built into a power adapter, Xuanwu Labs demonstrated that bad actors could potentially manipulate the power brick into sending more electricity than a phone can handle, thereby overheating the phone, melting internal components, or as Xuanwu Labs discovered, setting the device on fire.
- Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities | SecurityWeek.Com - An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems. The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers. The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.
- Security Posture Fatigue | SecurityWeek.Com - Okay, but I want to know more: There is a lot to be learned from how CSPM has advanced the visibility and manageability of security posture management and business risk reduction of enterprise workloads within public cloud environments. The challenge ahead is to gain similar capabilities across the full estate of enterprise operating environments.
- Can You Automate Bug Bounties With Wfuzz? - Basic overview, be neat to see how this is incorporated into a CI/CD pipeline as part of the testing phases and automated before you have to pay out a bug bounty.
- Fun with PowerShell Payload Execution and Evasion
- Cybersecurity teams are struggling with a lack of visibility into key security controls - Help Net Security
- Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware - Poor opsec: It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek’s phone number and his Munich address at the time, and the servers were apparently operated from Germany.
- Thieves Are Emptying ATMs Using a New Form of Jackpotting - The new variation uses a device that runs parts of the company’s proprietary software stack. Attackers then connect the device to the ATM internals and issue commands. Successful attacks can result in a stream of cash, sometimes dispensed as fast as 40 bills every 23 seconds. The devices are attached either by gaining access to a key that unlocks the ATM chassis or by drilling holes or otherwise breaking the physical locks to gain access to the machine internals.
- Simple Blocklisting with MISP & pfSense
- Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS - When security monitoring goes silent: Its intrusion detection and prevention system (IDS/IPS) feature on its gateway hardware fetched a set of rules from an outside source that were broken, and rather than ignore the invalid data and fall back to known-valid data, it simply silently stopped working. Thus users were none the wiser the network security mechanism had failed, and was no longer doing its job of alerting folks to malicious activity, in the case of IDS, or blocking it, in the case of IPS. The IDS/IPS functionality is said to be built on the open-source Suricata tool, and is branded by Ubiquiti as its Threat Management.
- 8 Cybersecurity Themes to Expect at Black Hat USA 2020 - The list, er damn slideshow even, is pretty uneventful and what you'd expect and have heard already. However, I am so happy this made the list (albeit last!!!): ERP security has come a long way since Black Hat started highlighting a lot of research in this area half a decade ago. Nevertheless, it's a work in progress, and this year researchers Pablo Artuso and Yvan Genuer of Onapsis will dig into another piece of research around the SAP ecosystem that's we;; worth a gander for those charged with securing enterprise software environments. The duo will be presenting their work to audit the security weaknesses of SAP Solution Manager (SolMan), which is at the administrative heart of every SAP deployment. They will show that it was possible to compromise all systems in an SAP environment through unauthenticated HTTP access.
- Researchers Disclose New Methods for Replacing Content in Signed PDF Files | SecurityWeek.Com
- Apple Offers Hackable iPhones to Security Researchers | SecurityWeek.Com - Don't get too excited: Security researchers looking to identify iOS vulnerabilities on SRD iPhones will enjoy shell access and the possibility to run the tools they want. The caveat is that the iPhones were meant for use in a controlled setting, that they are the property of Apple, offered on a 12-month renewable basis to participating researchers, and that they “must remain on the premises of program participants at all times.” So you don't own it, but you can pwn it. Ha! I make myself laugh sometimes...
- Ongoing Meow attack has nuked >1,000 databases without telling anyone why - Just for fun? “I think that in most [of the latter] cases, malicious actors behind the attacks do it just for fun, because they can, and because it is really simple to do,” Diachenko told me. “Thus, it is another wake-up call for the industry and companies which ignore cyber hygiene and lose their data and data of their customers in a blink of an eye.”
- PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack - Research is here: https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
- Cisco Network Security Flaw Leaks Sensitive Data - I think the same developer(s) write the HTTP servers and web apps for network gear and IoT devices, as they all seem to have this vulnerability: “An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device,” according to a Wednesday advisory from Cisco. “A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.”
Tyler Robinson's Content: