Psw659

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode #659 - July 23, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Affects of COVID-19 on Web Applications - 06:00 PM-06:45 PM


Announcements

Description

Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.

Visit <a href="https://securityweekly.com/signalsciences" rel="nofollow">https://securityweekly.com/signalsciences</a> to learn more about them!



Guest(s)

Zane Lackey

Zane Lackey is the Co-Founder / Chief Security Officer at Signal Sciences and the Author of Building a Modern Security Program (O’Reilly Media). He serves on multiple public and private advisory boards and is an investor in emerging cybersecurity companies. Prior to co-founding Signal Sciences, Zane lead a security team at the forefront of the DevOps/Cloud shift as CISO of Etsy. He has been featured in notable media outlets such as the BBC, Wall Street Journal, Associated Press, Forbes, Wired, and CNET. A frequent speaker at top industry conferences such as BlackHat, RSA, Velocity, OWASP, DevOpsDays, and has also given invited lectures at Facebook, Goldman Sachs, IBM, Microsoft, Carnegie Mellon University, and the Federal Trade Commission.


Hosts

2. The Power of the Cloud Platform: One Single Agent, One Global View - 07:00 PM-07:45 PM


Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response. This segment is sponsored by Qualys.

Visit <a href="https://securityweekly.com/qualys" rel="nofollow">https://securityweekly.com/qualys</a> to learn more about them!



Guest(s)

Sumedh Thakar

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.


Hosts

3. Cisco Security Flaw, Million Dollar Bounties, & Jackpotting ATMs - 08:00 PM-09:30 PM


Announcements

Description

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts’ private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!


Hosts

Doug White's Content:

Articles

  1. Twitter Hack.
  2. BadPower sets chargers on fire.
  3. Exposed ElasticSearch Server
  4. Emotet Returns.

Jeff Man's Content:

Articles

  1. Alleged Cypriot Hacker Extradited to US to Face Charges
  2. Multiple vulnerabilities found in CDATA OLTs
  3. First Charges Filed Under New York’s Cyber Reg Involve First American Data Leak
  4. Twitter Latest Security Breach Reveals the Value of a Proactive Compliance Program I figured we had enough twitter articles, but this one mentions compliance!

Joff Thyer's Content:

Articles

Paul Asadoorian's Content:

Articles

  1. Twitter says hackers viewed 36 accounts' private messages - Holy boiler plate Batman: "We've implemented safeguards to improve the security of our internal systems and are working with law enforcement as they conduct their investigations," it said. "We understand our responsibilities and are committed to earning the trust of all our stakeholders with our every action, including how we address the security issue. "We will continue to be transparent in sharing our learnings and remediations."- We want more details, and assurance that Twitter accounts are now safer from attacks?
  2. SMB12 Information Gathering Packet Storm - SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).
  3. Hacking a Power Supply - Schneier on Security - Meh: by hacking the fast charging firmware built into a power adapter, Xuanwu Labs demonstrated that bad actors could potentially manipulate the power brick into sending more electricity than a phone can handle, thereby overheating the phone, melting internal components, or as Xuanwu Labs discovered, setting the device on fire.
  4. Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities | SecurityWeek.Com - An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems. The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers. The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.
  5. Security Posture Fatigue | SecurityWeek.Com - Okay, but I want to know more: There is a lot to be learned from how CSPM has advanced the visibility and manageability of security posture management and business risk reduction of enterprise workloads within public cloud environments. The challenge ahead is to gain similar capabilities across the full estate of enterprise operating environments.
  6. Can You Automate Bug Bounties With Wfuzz? - Basic overview, be neat to see how this is incorporated into a CI/CD pipeline as part of the testing phases and automated before you have to pay out a bug bounty.
  7. Fun with PowerShell Payload Execution and Evasion
  8. Cybersecurity teams are struggling with a lack of visibility into key security controls - Help Net Security
  9. Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware - Poor opsec: It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek’s phone number and his Munich address at the time, and the servers were apparently operated from Germany.
  10. Thieves Are Emptying ATMs Using a New Form of Jackpotting - The new variation uses a device that runs parts of the company’s proprietary software stack. Attackers then connect the device to the ATM internals and issue commands. Successful attacks can result in a stream of cash, sometimes dispensed as fast as 40 bills every 23 seconds. The devices are attached either by gaining access to a key that unlocks the ATM chassis or by drilling holes or otherwise breaking the physical locks to gain access to the machine internals.
  11. Simple Blocklisting with MISP & pfSense
  12. Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS - When security monitoring goes silent: Its intrusion detection and prevention system (IDS/IPS) feature on its gateway hardware fetched a set of rules from an outside source that were broken, and rather than ignore the invalid data and fall back to known-valid data, it simply silently stopped working. Thus users were none the wiser the network security mechanism had failed, and was no longer doing its job of alerting folks to malicious activity, in the case of IDS, or blocking it, in the case of IPS. The IDS/IPS functionality is said to be built on the open-source Suricata tool, and is branded by Ubiquiti as its Threat Management.
  13. 8 Cybersecurity Themes to Expect at Black Hat USA 2020 - The list, er damn slideshow even, is pretty uneventful and what you'd expect and have heard already. However, I am so happy this made the list (albeit last!!!): ERP security has come a long way since Black Hat started highlighting a lot of research in this area half a decade ago. Nevertheless, it's a work in progress, and this year researchers Pablo Artuso and Yvan Genuer of Onapsis will dig into another piece of research around the SAP ecosystem that's we;; worth a gander for those charged with securing enterprise software environments. The duo will be presenting their work to audit the security weaknesses of SAP Solution Manager (SolMan), which is at the administrative heart of every SAP deployment. They will show that it was possible to compromise all systems in an SAP environment through unauthenticated HTTP access.
  14. Researchers Disclose New Methods for Replacing Content in Signed PDF Files | SecurityWeek.Com
  15. Apple Offers Hackable iPhones to Security Researchers | SecurityWeek.Com - Don't get too excited: Security researchers looking to identify iOS vulnerabilities on SRD iPhones will enjoy shell access and the possibility to run the tools they want. The caveat is that the iPhones were meant for use in a controlled setting, that they are the property of Apple, offered on a 12-month renewable basis to participating researchers, and that they “must remain on the premises of program participants at all times.” So you don't own it, but you can pwn it. Ha! I make myself laugh sometimes...
  16. Ongoing Meow attack has nuked >1,000 databases without telling anyone why - Just for fun? “I think that in most [of the latter] cases, malicious actors behind the attacks do it just for fun, because they can, and because it is really simple to do,” Diachenko told me. “Thus, it is another wake-up call for the industry and companies which ignore cyber hygiene and lose their data and data of their customers in a blink of an eye.”
  17. PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack - Research is here: https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
  18. Cisco Network Security Flaw Leaks Sensitive Data - I think the same developer(s) write the HTTP servers and web apps for network gear and IoT devices, as they all seem to have this vulnerability: “An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device,” according to a Wednesday advisory from Cisco. “A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.”

Tyler Robinson's Content:

Articles

  1. https://www.cnbc.com/2020/07/22/us-orders-china-to-close-consulate-in-houston-texas.html
  2. https://www.vice.com/en_us/article/m7jp43/nso-group-pitched-its-spyware-to-the-secret-service
  3. https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge
  4. https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-alexa-investment-fund-11595520249
  5. https://www.vice.com/en_us/article/pkyqvb/deepfake-audio-impersonating-ceo-fraud-attempt
  6. https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html?smid=tw-share
  7. https://arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/
  8. https://www.hackread.com/vpn-firm-zero-logs-policy-leaks-20-million-user-logs/
  9. https://arstechnica.com/science/2013/11/secrets-revealed-of-the-dash-cam-meteorite-that-rocked-russia/
  10. https://www.technadu.com/hacker-selling-access-to-the-entire-moscow-traffic-camera-network/137030/
  11. https://www.vice.com/en_us/article/m7jp43/nso-group-pitched-its-spyware-to-the-secret-service
  12. https://www.cnbc.com/2020/07/22/us-orders-china-to-close-consulate-in-houston-texas.html
  13. https://www.wsj.com/articles/academic-project-used-marketing-data-to-monitor-russian-military-sites-11595073601?
  14. https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/
  15. https://m.investing.com/news/cryptocurrency-news/justin-sun-offers-1-million-bounty-in-exchange-for-twitter-hackers-2230730
  16. https://www.nytimes.com/2020/07/16/us/politics/vaccine-hacking-russia.html
  17. https://www.zdnet.com/article/iranian-cyberspies-leave-training-videos-exposed-online/
  18. https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
  19. https://www.theregister.com/2020/07/21/twilio_javascript_sdk_code_injection/