From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode #663 - August 20, 2020

Subscribe to all of our shows and mailing list by visiting:

1. Protecting Critical Infrastructure In Hybrid Clouds - 06:00 PM-06:45 PM

Visit for more information!


  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting and clicking the button to join the list!


Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection.

This segment is sponsored by Edgewise Networks. Visit to learn more about them!


Dan Perkins

Dan is the product manager focused on building the Zscaler Workload Protection (Edgewise) platform into the best microsegmentation control on the market. His background is in virtualization systems, storage, and cybersecurity.

Harry Sverdlove

Harry Sverdlove, Chief Technologist for Secure Workload Communication, Zscaler, Inc. (formerly Co-Founder and Chief Technology Officer of Edgewise Networks), was previously CTO of Carbon Black, where he was the key driving force behind their endpoint security platform. Earlier in his career, Harry was principal research scientist for McAfee, Inc. (formerly Chief Scientist of SiteAdvisor), where he supervised the architecture of crawlers, spam detectors and link analyzers. Prior to that, Harry was director of engineering at Compuware Corporation (formerly NuMega), and principal architect for Rational Software, where he designed the core automation engine for Rational Robot.


2. Voice Phishers, 'SpiKey' Lock Picking, & Coffee Cup Hackers - 07:00 PM-08:30 PM


  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit to see what we have coming up! Or visit to view our previously recorded webcasts!


New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup!


Doug White's Content:


  1. Crimson Rat and Transparent Tribe.
  2. FritzFrog Botnet revealed by Guardicore.
  3. AirBnB bans all house parties world wide.
  4. IBM DB2 shared memory flaw allows read and write access directly.
  5. AWS credential stealing worm by TeamTNT uses unencrypted files to gather creds.

Joff Thyer's Content:


Lee Neely's Content:


  1. Ritz London suspects data breach, fraudsters pose as staff in credit card data scam "Staffers" called guests to confirm credit-card details.
  2. For Six Months, Security Researchers Have Secretly Distributed an Emotet Vaccine Across the World Thanks t James Quinn of BDS, a registry key used to facilitate persistence was discovered and a powershell script (EmoCrash) deployed that takes advantage of this, creating a malformed key, causing Emotet to crash with identifiable crash log ID's of 1000/1001.
  3. Maze Ransomware Gang Leaked Canon USA's Stolen Files Marketing plan and supporting content released. Question: what else do they have and is it worth the ransom?
  4. Threat Actor Leaked Data for U.S. Gun Exchange Site on Hacking Forum Leaked data included email addresses, login names and hashed passwords.
  5. Marriott faces London lawsuit over vast data breach After the 2018 data breach of 300M records, 7M are British guests. The London class action has been filed in the High Court after a landmark Court of Appeal decision last October that allowed a similar, opt-out lawsuit to be served against Internet giant Google.
  6. Unfolding Cyberthreats on Aerospace and Military Sectors Cyberthreats against aerospace and military sectors are rising manifold as critical infrastructures increasingly get connected over the internet. Two goals: To steal intellectual property related to advanced aerospace and defense capabilities and produce technologies for sale on the dark market. To collect high-level intelligence data and subvert other nations’ defense systems and capabilities.
  7. US firm accused of secretly installing location tracking SDK in mobile apps SDK, when incorporated into mobile app, allows for "anonymous" tracking of location data. The anonymous ID is easily mapped to the real device. Mobile App EULAs don't show direct tie to Anomaly Six, who incentivizes use of their SDK.
  8. US Army report says many North Korean hackers operate from abroad US Army says many North Korean hackers are actually located outside the hermit kingdom, in countries like Belarus, China, India, Malaysia, and Russia. U.S. Army Report includes information used to train hat details military tactics, weapons arsenal, command structure, troop types, logistics, and electronic warfare capabilities used by the Korean People's Army (KPA)
  9. Hackers target the world’s biggest cruise operator with ransomware Carnival cruise lines, P&O and Princess Cruise Line parent company says it expects that cyber criminals accessed the personal data of guests and employees.

Paul Asadoorian's Content:


  1. Xcode becomes vector for new Mac malware attack
  2. Tesla is finally fixing this major security flaw
  3. InfoSec Handlers Diary Blog - ISC Blocked
  4. InfoSec Handlers Diary Blog - Using API's to Track Attackers - Turns out attackers are also bad at key management!
  5. Critical Jenkins Server Vulnerability Could Leak Sensitive Information
  6. Are CSRF Tokens Necessary?
  7. Secret Service reportedly paid to access phone location data
  8. Telehealth is the future of healthcare, but how secure is it? - Help Net Security - But, but, none of these articles about the security of Telehealth tell us anything interesting or useful: “However, the first step is to assess how the data is encrypted and who is authorized to access this data. From there, IT teams should work closely with leadership to fill in the security gaps on telehealth solutions that protect patients while also providing the convenience.”
  9. New Microsoft Defender ATP Capability Blocks Malicious Behaviors - Called “endpoint detection and response (EDR) in block mode,” the capability is meant to provide post-breach blocking of malware and other malicious behaviors, by taking advantage of Microsoft Defender ATP’s built-in machine learning models, Microsoft says.
  10. The Sounds a Key Make Can Produce 3D-Printed Replica
  11. Voice Phishers Targeting Corporate VPNs - “For a number of reasons, this kind of attack is really effective,” said Allison Nixon, chief research officer at New York-based cyber investigations firm Unit 221B. “Because of the Coronavirus, we have all these major corporations that previously had entire warehouses full of people who are now working remotely. As a result the attack surface has just exploded.”
  12. FritzFrog Botnet Attacks Millions of SSH Servers
  13. Google fixes major Gmail bug seven hours after exploit details go public
  14. 6 Ingenious Ways Hackers Break Into the Worlds Most Secure Computers
  15. CVE Turns 21: How it Made it to This Milestone
  16. Disrupting a power grid with cheap equipment hidden in a coffee cup - “Without touching the solar inverter, without even getting close to it, I can just place a coffee cup nearby and then leave and go anywhere in the world, from which I can destabilize the grid,” Al Faruque said. “In an extreme case, I can even create a blackout.” Solar inverters convert power collected by rooftop panels from direct to alternating current for use in homes and businesses. Often, the sustainably generated electricity will go into microgrids and main power networks. Many inverters rely on Hall sensors, devices that measure the strength of a magnetic field and are based on a technology that originated in 1879.
  17. Out-of-Band Update Patches Privilege Escalation Flaws in Windows 8.1, Server 2012
  18. CVE-2020-3446 default credentials bug exposes Cisco ENCS, CSP Appliances to hack
  19. IBM finds vulnerability in IoT chips present in billions of devices - As IBM notes, the role that machines with EHS8 modules fill makes this a critical security flaw. Medical devices that an attacker penetrates could be manipulated to cover up concerning vital signs, create false panic situations, overdose patients, or cut off essential life-saving functions. In the energy and utilities sector, a compromised EHS8 module could be used to manipulate smart meter readings, shut down meters to cut off power, or damage the power grid itself.

Tyler Robinson's Content:


  1. [1]phone-spear-phishing-twitter-crime-wave
  2. [2]two-us-drones-collide-and-crash-over-idlib-syria-defense-official-says
  3. [3]former-cia-officer-arrested-and-charged-with-spying-for-china
  4. [4]a-princess-is-making-google-to-forget-her-drunken-rant-about-killing-muslims
  5. [5]cryptocurrency-terrorism-financing-al-qaeda-al-qassam-brigades-bitcointransfer
  6. [6]secret-service-phone-location-data-babel-street
  7. [7]private-us-contractors-part-of-kill-chain-in-anti-terrorist-operations
  8. [8]us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen

3. SWVHSC Micro Interviews: Gravwell & Rapid7 - 08:30 PM-09:15 PM


What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit to learn more about them! Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit:

Deral Heiland, Principal Security Research IoT at Rapid7 will focus on the subject of IoT security and hacking, IoT testing and testing methods and related research topics. This segment is sponsored by Rapid7. Visit to learn more about them!

Rapid7 Segment Resources:

To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit:


Corey Thuen

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.

Deral Heiland

Deral Heiland, CISSP, has over 20 years of experience in IT. Over the last 8+ years, he has focused on security research, security assessments, pen testing, and consulting.