Psw669

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly Episode #669 - October 08, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Fast And Secure Web - 06:00 PM-06:45 PM


Announcements

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Deadline for CFP is 10/15/20 so get your submissions in! Visit securityweekly.com/unlocked to submit your speaking session and register for free!

Description

Tempesta FW is an open source hybrid of an HTTPS accelerator and a firewall aiming to accelerate web resources and protect them against DDoS and web attacks. The project is built into the Linux TCP/IP stack to provide performance comparable with the kernel bypass approaches (e.g. using DPDK), but still be well-integrated with the native Linux networking tools. We'll talk about Tempesta FW integration with IPtables/nftables to filter network traffic on all the layers and other tools to protect agains layer 7 DDoS and web attacks.


https://github.com/tempesta-tech/tempesta - the project source code.

https://netdevconf.info/2.1/session.html?krizhanovsky - Netdev conference paper and the talk video about motivation for the project and its description

https://netdevconf.info/0x14/session.html?talk-performance-study-of-kernel-TLS-handshakes - the latest our Netdev paper (the video will be uploaded later) about our research in the performance of TLS handshakes, including analyzing of performance and security of other TLS implementations, such as mbed TLS, OpenSSL, WolfSSL (during the work we reported an SCA vulnerability for WolfSSL).


Guest(s)

Alexander Krizhanovsky

Alexander is the CEO of Tempesta Technologies, Inc., and is the architect of Tempesta FW, a high performance open source Linux application delivery controller. Alexander is responsible for the design and performance of several products in the areas of network traffic processing and databases. He designed the core architecture of a Web application firewall, mentioned in the Gartner Magic Quadrant, and MariaDB temporal data tables. Alexander gave talks at Netdev 2.1, 0x12, and 0x14, SCALE 17x and 18x, MariaDB user conferences in 2017 and 2018, All Things Open '18 and '20, FOSDEM'17, Percona Live'16, IBM CASCON'14 and many other conferences.


Hosts

2. Assembling Your First Infosec Home Lab - 07:00 PM-07:45 PM


Announcements

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

Assembling an infosec home lab is great way to learn more about the ever-changing programs and systems in the cyber world. However, it can get complicated to figure out what you really need to get your own home lab assembled and running. In this segment Tony will go over the the things you need to think about and the resources he uses to build an infosec home lab.


https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html

https://github.com/tjnull


Guest(s)

Tony "tjnull" Punturiero

Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland.


Hosts

3. 10 Years Since Stuxnet, Rare Bootkit Discovered, & Thin Client Vulnerabilities - 08:00 PM-09:30 PM


Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet: Is Your Operational Technology Safe?



Guest(s)

Tony "tjnull" Punturiero

Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland.


Hosts

Doug White's Content:

Articles

Joff Thyer's Content:

Articles

Lee Neely's Content:

Articles

  1. New APT Group XDSpy Targets Belarus and Russian-Speakers XDSpy, also known as CLOCKJUMP, targeting select victims in Ukraine, Belarus, Moldova, and Russia.
  2. Emotet Emails Strike Thousands of DNC Volunteers A new, politically charged "Emotet" spear-phishing campaign, claiming to be from the DNC, is being conducted by TA542 has been spotting distributing emails to hundreds of organizations in the U.S. to steal credentials.
  3. Flaws in Leading Industrial Remote Access Systems Allow Disruption of Operations Six vulnerabilities (CVE-2020-11641, CVE-2020-11642, CVE-2020-11643, CVE-2020-11644, CVE-2020-11645, and CVE-2020-11646) affecting B&R Automation's SiteManager and GateManager industrial site access systems that could be exploited by attackers to prevent access to industrial production floors, hack corporate networks, alter data, and steal sensitive intellectual property (IP).
  4. US Govt Warns of Sanction Risks for Facilitating Ransomware Payments OFAC rules apply here. Mitigate punitive actions by not only reporting to and cooperating with law enforcement but also use a documented risk based approach on decisions to pay.
  5. SLOTHFULMEDIA RAT, a New Weapon in the Arsenal of a Sophisticated Threat Actor a new dropper dubbed "SLOTHFULMEDIA" that has been spotted being used in attacks targeting organizations in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine.
  6. Ransomware Vaccine Intercepts Requests to Erase Shadow Copies new ransomware vaccine dubbed "Raccine" that stops certain ransomware families that are leveraging "vssadmin.exe" from hindering data recovery and erasing shadow copies by making a registry key change and killing the parent process for anything running vssadmin.
  7. Boom! Hacked Page on Mobile Phone Website Is Stealing Customers’ Card Data Another instance of threat actors leveraging web skimmers (aka "sniffers") to target card-not-present (CNP) data. In this instance, the site was reportedly using PHP 5.6.40, a version that hasn’t been supported since January 2019.
  8. New HEH Botnet Wipes Devices Potentially Bricking Them Botnet dubbed "HEH" that is capable of wiping all data from infected Internet of Things (IoT) devices, routers, servers, and other devices has been spotted spreading via brute-force attacks against Internet-connected systems with SSH ports 23 and 2323 exposed online.
  9. Years-Long 'SilentFade' Attack Drained Facebook Victims of $4M Facebook has released details about a wide-spread Chinese ad-fraud cyber attack in which hackers have leveraged the "SilentFade" malware to steal some $4 million USD from users' advertising accounts since 2016.

Paul Asadoorian's Content:

Articles

  1. Malware exploiting XML-RPC vulnerability in WordPress
  2. HP Printer Bug Bounty Expands To Include Cartridge Security - I could not easily find references to existing research on hacking the firmware on printer cartridges...
  3. 10 Years Since Stuxnet: Is Your Operational Technology Safe? - I'd still say "NO", the article recommends some things, but I think we can do better with recommendations. Based on how the Stuxnet attacks were conducted, I don't believe some of the recommendations are thorough enough: Make security a priority: Unfortunately, many OT systems were built without security in mind or have often been neglected when it comes to security updates or regular patches. These weak points of entry have given hackers direct access to manufacturing systems, robots, fire alarms, access control systems, and even whole power grids that can keep a city dark without a paid ransom — as we saw with the attack against a power grid in Kiev, which left part of the Ukrainian capital without power for an hour in 2016. Since criminals are adapting and learning, companies should do the exact same to understand and address any known or unknown threats, as well as conduct regular updates and security scans to help protect from the cybercriminals that prey on their weaknesses.
  4. Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated, researchers say
  5. Microsoft Paid Out Over $374,000 for Azure Sphere Vulnerabilities - Some research that resulted: https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-prisoner-of-azure-kaban.pdf https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html
  6. trident Automated Password Spraying Tool - Looks like a newer tool, released just last month: https://github.com/praetorian-inc/trident
  7. HP Device Manager vulnerabilities may allow full system takeover - The details from the researcher, Java RMI anyone? https://nickbloor.co.uk/2020/10/05/hp-device-manager-cve-2020-6925-cve-2020-6926-cve-2020-6927/
  8. Hackers exploit Windows Error Reporting service in new fileless attack - Research post: https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
  9. Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs - Rare maybe, but not out of the realm of possibility. I believe we really need to start paying attention to UEFI and other firmware attacks NOW. HackingTeam itself got hacked and doxed five years ago, and much of its code, including that of a UEFI rootkit, is now living on GitHub for researchers and attackers alike to experiment with. "There was actually no evidence of the HackingTeam rootkit's usage in the wild" until now, Lechtik said.
  10. Open Source Threat Intelligence Searches for Sustainable Communities
  11. Working from a hotel? Beware the dangers of public WiFi - With the COVID-19 pandemic forcing an increasing number of companies to shift to remote work, employees working from home have been struggling to find a quiet, distraction-free environment for work. The hospitality industry has also been impacted by the pandemic, with more and more hotels across the United States offering their empty rooms as daytime makeshift offices for remote workers seeking to work in peace.
  12. Cisco Fixes High-Severity Webex, Security Camera Flaws
  13. Microsoft Azure Flaws Open Admin Servers to Takeover
  14. Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
  15. HEH, a new IoT P2P Botnet going after weak telnet services
  16. Code Execution Vulnerability Found In Facebook for Android
  17. K8s on a plane! US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms' - Given that once you tell the world your shiny new bomber programme runs Kubernetes, your adversaries know where to focus their security research.
  18. Almost every major anti-malware product has some kind of security flaw - Research blog post: https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
  19. McAfee software creator jailed in Spain, sources say
  20. A Security Flaw Could Send Your Dick to Jail Forever
  21. Apple's T2 Chip Has Unpatchable Security Flaw, Claims Researcher
  22. Suspected Chinese Hackers Unleash Malware That Can Survive OS Reinstalls
  23. NTDEV - Compiling Windows 2003
  24. Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part

Tyler Robinson's Content:

Articles

  1. Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic
  2. The IRS Is Being Investigated for Using Location Data Without a Warrant The IRS used smartphone location data from a contractor to try and track Americans without a warrant.
  3. Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.