- 1 Paul's Security Weekly Episode #661 - August 06, 2020
- 2 1. SWVHSC: Observing Disinformation Campaigns - 07:00 PM-07:45 PM
- 3 2. SWVHSC: Netgear Flaws, Satellite Spying, & Stealing UltraLoq Keys - 08:00 PM-08:45 PM
- 4 3. Automating Your Vulnerability Management Program - 09:30 PM-10:15 PM
Paul's Security Weekly Episode #661 - August 06, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. SWVHSC: Observing Disinformation Campaigns - 07:00 PM-07:45 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy.
This segment is sponsored by DomainTools.
To learn more about the research, visit: http://domaintools.com/
Chad Anderson is Senior Security Researcher at DomainTools
Chad has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.
Jeff Man - Sr. InfoSec Consultant at Online Business Systems Joff Thyer - Security Analyst at Black Hills Information Security Larry Pesce - Senior Managing Consultant and Director of Research at InGuardians Lee Neely - Senior Cyber Analyst at Lawrence Livermore National Laboratory Matt Alderman - CEO at Security Weekly
2. SWVHSC: Netgear Flaws, Satellite Spying, & Stealing UltraLoq Keys - 08:00 PM-08:45 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw!
Jeff Man's Content:
- VPN security alert: 900 servers hit by huge data breach
- Blackbaud data breach: What you should know
- Capital One fined $80 million for data breach involving 100 million Americans
- Intel hacked, first wave of stolen chip data released in 20GB dump
- For DevOps, Application Programming Integration (API) Is A Major Security Vulnerability
Joff Thyer's Content:
Larry Pesce's Content:
- Blocking telemetry in Windows hosts filled now flagged by Windows Defender
- It appears Garmin paid the ransom
- Bitsight’s data on remote worker attack surface - From yesterday’s Summer camp preso, but amazing data too good not to share again]
- Arrested Coalfire Pentesters tell their tale
- Insecure satellite data interception
Lee Neely's Content:
- Iranian Hacker Group Becomes First Known APT to Weaponize DNS-over-HTTPS (DoH) "Oilrig" (APT34) group is the first to leverage DNS-over-HTTPS (DoH) to silently exfiltrate sensitive data from targeted networks. Using a new utility dubbed "DNSExfiltrator" and began using it as part of its intrusions into hacked networks.
- NSA Warns that Mobile Device Location Services Constantly Compromise Spies and Soldiers NSA has issued a new guide titled "Limiting Location Data Exposure" that provides advice for properly securing fitness trackers, smartphones, and tables that "store and share device geolocation data by design" and create a security risk for those working in defense and national security.
- Flaw in Popular NodeJS 'express-fileupload' Module Allows DoS Attacks and Code Injection
- Vermont Taxpayers Warned of Data Leak Over the Past Three Years Vermont Department of Taxes is warning taxpayers who filed property tax returns via its online filing site between Feb. 1, 2017, and July 2, 2020, that their personal information may have been leaked due to vulnerability in the system.
- EU Sanctions China, Russia, and North Korea for Past Hacks EU imposed first-of-their kind economic sanctions consisting of a travel ban and an asset freeze against China, North Korea, and Russia for conducting past cyber attacks that targeted EU business and citizens. Also a prohibition on EU citizens doing business with the three businesses and six individuals on the sanction list.
- Smart locks can be opened with nothing more than a MAC address In the case of the U-Tec $139.99 UltraLoq, marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Tripwire researchers have disclosed a misconfiguration error and other security issues that leaked data and allowed attackers to steal unlock tokens with nothing more than a MAC address.
Matt Alderman's Content:
- 29 Years Ago Today, The First Web Page Went Live
- 2019 Breach Leads to $80 Million Fine for Capital One
- Twitter hack teen's court date 'Zoombombed' with porn
- Researchers warn of an Achilles' heel security flaw for Android phones
Paul Asadoorian's Content:
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows
- How hackers could spy on satellite internet traffic with just $300 of home TV equipment
- Smart locks opened with nothing more than a MAC address
- Starting a Career in Information Security | Offensive Security
- 17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested - Graham Clark has reportedly been charged with 30 felonies of communications and organized fraud for scamming hundreds of people using compromised accounts.
- Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
- Trump says he will ban popular Chinese video app TikTok in the US
- Hackers can abuse Microsoft Teams updater to deliver malicious payloads
- Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
- Botnet abuses Docker servers & crypto blockchain to deliver Doki backdoor - The botnet attackers exploit their victims by scanning for misconfigured, openly accessible Docker API ports, and then establish their own malware-serving containers on the host. The malicious containers are based on abused images that are available through Docker hub.
- Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw - For instance, one such Modem Router that won’t receive an update, the AC1450 series, is as old as 2009. Other router models, while newer, have reached EOL: The R6200 and R6200v2 wireless routers reached EOL in 2013 and 2016, respectively; while the Nighthawk R7300DST wireless router reached EOL in the first half of 2017, said Henry.
- Twitter hack teen's court date 'Zoombombed' with porn
- Exploiting Google Cloud Platform With Ease
3. Automating Your Vulnerability Management Program - 09:30 PM-10:15 PM
Learn How to Create and Run a Conference, from some of the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
In this segment we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management.
For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys
Mehul Revankar is VP Product Management and Engineering, VMDR at Qualys
Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable.
Sumedh Thakar is President and Chief Product Officer at Qualys
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.