- 1 Paul's Security Weekly Episode #668 - October 01, 2020
- 2 1. NGINX As An RTMP Proxy - 06:00 PM-06:45 PM
- 3 2. Intrusion Detection Honeypots: Detection Through Deception - 07:00 PM-07:45 PM
- 4 3. Ryuk Ransomware Attack, Windows XP Server Leak, & Potential Return to 'Hackers' - 08:00 PM-09:30 PM
Paul's Security Weekly Episode #668 - October 01, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. NGINX As An RTMP Proxy - 06:00 PM-06:45 PM
It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session and register for free!
Paul will discuss his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication.
Link to GitHub post: https://github.com/SecurityWeekly/rtmp-nginx
2. Intrusion Detection Honeypots: Detection Through Deception - 07:00 PM-07:45 PM
In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does.
Book TOC and Overview: https://chrissanders.org/2020/09/idh-release/
Chris Sanders is Founder at Applied Network Defense & Rural Technology Fund
Chris Sanders is a security instructor, author, and consultant. He is the founder of Applied Network Defense and the Director of the Rural Technology Fund. He is the author of Applied Network Security Monitoring and Practical Packet Analysis. His research is focused on the intersection of cognitive psychology and security investigations.
3. Ryuk Ransomware Attack, Windows XP Server Leak, & Potential Return to 'Hackers' - 08:00 PM-09:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director!
Jeff Man's Content:
- Shopify Internal Data Breach Exemplifies Insider Threat Trend I just had a PCI customer who uses Shopify. Hmmmm...
- Microsoft report shows increasing sophistication of cyber threats
- After breach, Twitter hires a new cybersecurity chief
- Free Cybersecurity Awareness Kits -courtesy Proofpoint PSA
- Kamala Harris Admits She Only Supports Biden Because She Hates Trump
- Mapping the MITRE ATT&CK® Framework to the PCI DSS yours truly is speaking at the PCI North American [Virtual] Community Meeting
Joff Thyer's Content:
Larry Pesce's Content:
- A fun realtime Shodan interface - Turn on the music
- UHS is fuuu... - also reports on reddit
- Pay that ransomware? - Nah, just get your shit leaked online instead]
- Hackers have infiltrated many of Washington state’s state agencies
- WinXP source code leak
Lee Neely's Content:
- The Windows XP Source Code Was Allegedly Leaked Online Largely previously released code. Make sure your XP/2003 systems are protected.
- CISA Says Federal Agency Compromised by Malicious Cyber Actor Cyber Hygiene has to be fundamental. MFA remote access!
- Government Software Provider Tyler Technologies Confirms Ransomware Attack Tyler is still putting itself back together, verify any connections from their services to yours.
- Microsoft Boots Apps Used by China-Sponsored Hackers Out of Azure Azure has an app store, like iTunes and Android. As such vetting of apps and removal of unacceptable apps needs to be SOP.
- Chrome Vulnerabilities Expose Users to Attacks Via Malicious Extensions Chrome 85 update addresses several high-severity vulnerabilities, including three "insufficient policy enforcement in extensions" vulnerabilities (CVE-2020-15961, CVE-2020-15963, and CVE-2020-15966).
- REvil Ransomware Deposits $1 Million in Hacker Recruitment Drive Sodinokibi ransomware operators have deposited 99 BTC (~$1.1 million USD) on a Russian-language hacker forum to recruit affiliates to distribute their ransomware.
- UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack Possibly one of the largest ransomware attacks to date. Hospitals in many states offline, redirecting emergency traffic.
- Nevada School District Refuses to Submit to Ransomware Blackmail, Hacker Publishes Student Data The current MO is exfiltrate then ransom, so unless you're watching for exfiltration, you'll miss the early warning. The likely target is PII.
- Flightradar24 Hit by Third Cyber-Attack in Two Days
- Cisco Fixes Actively Exploited Issues in IOS XR Network OS Cisco has released fixes for two memory exhaustion denial-of-service (DoS) vulnerabilities (CVE-2020-3566) affecting the IOS XR Network OS running on NCS 540 and 560, NCS 5500, 8000, ASR 9000 series. Low risk, apply the patch.
- China-Linked 'BlackTech' Hackers Start Targeting U.S. This APT also known as Palmerworm and TEMP.Overboard, historically focuses on Taiwan, has been seen using dual-use tools (e.g., Putty, PSExec, SNScan, and WinRAR) and new custom malware that includes the Consock, Waship, Dalwit, and Nomri backdoors.
Paul Asadoorian's Content:
- Use an NVIDIA GPU? Check whether you need security updates
- Thanos Ransomware Variant Fails to Overwrite MBR on Infected Devices
- Microsoft investigating Windows XP, Server 2003 source code leak
- Mac, Linux Users Now Targeted by FinSpy Variants
- How to Secure the Enterprise of Things
- Why Consumer IoT Security Vulnerabilities Threaten the Industry
- 13-year-old student arrested for hacking school computers
- Vulnerability in Wireless Router Chipsets Prompts Advisory
- Whos Behind Mondays 14-State 911 Outage? Krebs on Security
- Why Web Browser Padlocks Shouldn't Be Trusted
- Fortinet VPN Flaw Exposes 200K Businesses To MiTM Attacks
- Takeaways From the Shopify Hack | SecurityWeek.Com
- GitHub Tool Spots Security Vulnerabilities in Code
- Sysdig announces automated inline image scanning for AWS Fargate containers
- InfoSec Handlers Diary Blog
- Nmap Announce: Npcap 1.00 was just released and a new Nmap is on the way!
- Exclusive: A Return to 'Hackers' Is "Being Actively Considered," Says Director