- 1 Paul's Security Weekly Episode #671 - October 22, 2020
- 2 1. Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism - 06:00 PM-06:45 PM
- 3 2. Hackers Hitting Below The Belt - 07:00 PM-07:45 PM
- 4 3. Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw - 08:00 PM-09:30 PM
Paul's Security Weekly Episode #671 - October 22, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism - 06:00 PM-06:45 PM
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit.
This segment is sponsored by Gravwell.
Visit https://securityweekly.com/gravwell to learn more about them!
Corey Thuen is Co-Founder at Gravwell
Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.
2. Hackers Hitting Below The Belt - 07:00 PM-07:45 PM
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices.
This segment is sponsored by Eclypsium.
Visit https://securityweekly.com/eclypsium to learn more about them!
Scott Scheferman is Principal Cyber Strategist at Eclypsium
Scott Scheferman is a mission-driven 20+ year cyber security industry veteran with a strong reputation for effective leadership, exceptional public speaking, candid thought leadership, and the proven ability to shape and shift industry outlook. Scott keeps a hyper-current beat on the threat landscape and how it continues to fundamentally change business/mission cyber risk dynamics. Battle-hardened from years of incident response and cyber consulting, and having served as the technical lead and final security risk determination for the Navy’s Certification Authority (thousands of systems per year, with over 800 validators and 30 risk analysts feeding these risk determinations), he draws his perspective from significant real-world high-stakes (multi-billion dollar programs and Fortune 10 enterprise) experience, and strives to help fellow leaders determine best strategies to address today's threat landscape.
3. Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw - 08:00 PM-09:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
In our webcast on November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Learn how to thwart attackers using deception in our November 19th technical training! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert!
- [https://www.instapaper.com/read/1354318368 Donald Trumps says "nobody gets hacked"
Doug White's Content:
- Donald Trump says "nobody gets hacked" - Yes, it bugged me.
Jeff Man's Content:
- NSA publishes list of top vulnerabilities currently targeted by Chinese hackers some vulns date back to 2015...
- the actual list
- The encryption war is on again, and this time government has a new strategy
- Massive US Voters and Consumers Databases Circulate Among Hackers
- Welcome to the Data Care Industry! if it's too hard to understand cybersecurity - we can just change the name
- Barnes & Noble Alerted Customers of Data Breach That Leaked Personal and Transaction Information
- Voter Websites In California And Florida Could Be Vulnerable To Hacks, Report Finds
- President Trump’s Twitter accessed by security expert who guessed password ‘maga2020!’
- The Radar Covid ‘app’ has had a security breach since its launch
Larry Pesce's Content:
- We Hacked Apple for 3 Months: Here’s What We Found
- Dutch Ethical Hacker Logs into Trump’s Twitter Account - the password was "maga2020!" #facepalm
- NSS Labs Shuttered
- US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit
- When 'code rot' becomes a matter of life or death, especially in the Internet of Things
- 'Dumb mistake’ exposed Iranian hand behind fake Proud Boy U.S. election emails
Lee Neely's Content:
- Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135
- Dickey's Barbecue Pit Investigating Possible Breach Affecting 3M Payment Cards
- New Emotet campaign uses a new ‘Windows Update’ attachment
- Albion Online game maker discloses data breach
- Discord desktop app vulnerability chain triggered remote code execution attacks
- US charges six Russian intelligence officers with hacking Ukraine, 2018 Olympics, and Skripal investigation
- VoIP Firm Broadvoice Leaks 350 Million Customer Records An unsecure, Elasticsearch database cluster belonging to Los Angeles, Calif.-based VOIP provider Broadvoice was found exposed online on Oct. 1 containing more than 275 million Broadvoice XBP customers' full names, identification numbers, phone numbers, and states and cities of residence.
- NSA Publishes List of Top Vulnerabilities Currently Targeted by Chinese NSA has released an in-depth report discussing the top 25 vulnerabilities that are currently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups to gain access to targeted networks and steal sensitive information
- MobileIron Enterprise MDM Servers Under Attack from DDoS Gangs, Nation-States Threat actors have been spotted exploiting CVE-2020-15505, CVE-2020-15506, and CVE-2020-15507, which affects MobileIron MDM servers. CVE-2020-15505 allows for RCE and is a high risk vulnerability.
- Montreal's STM Public Transport System Hit by Ransomware Attack STM suffered a "RansomExx" ransomware attack on Oct. 19 that impacted its services and online systems and resulted in an outage of its customer support system, IT systems, and website.
Paul Asadoorian's Content:
- 5 things you can do to secure your home office without hiring an expert - Kinda bogus, I think the router recommendations are sound (I like Firewalla for this use-case), and then I would include stuff the article didn't really get into such as auto-update everything, use some kind of URL filtering software, password vault, segment your network, MFA...
- Why Would You Use POST Instead of GET for a Read Operation?
- Cyber Security Threats in the Cannabis Industry - Latest Hacking News
- IoT Security Foundation unveils online platform to help IoT vendors report and manage vulerabilities - Help Net Security
- Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000 | SecurityWeek.Com
- Security Testing Company NSS Labs Ceases Operations | SecurityWeek.Com - “Due to Covid-related impacts, NSS Labs ceased operations on October 15th,” a message on the company’s website reads.
- Apache Struts 2 Remote Code Execution - Exploitalert - Was this post showing an example of a live target! https://seclists.org/fulldisclosure/2013/Oct/96
- Hackers are targeting CVE-2020-3118 flaw in Cisco devices
- Tiki Wiki CMS Groupware 21.1 Authentication Bypass - Keep brute-forcing until the admin password gets set to blank: https://github.com/S1lkys/CVE-2020-15906 (And I can't make heads or tails of this: http://dev.tiki.org/Login-documentation LOL)
- Ransomware group donates $20,000 in BTC to 2 charities
- Google patches Chrome zeroday under attack | WeLiveSecurity - Details about the zero-day remain sparse, although Google did disclose that the memory-corruption flaw causes heap buffer overflow in FreeType.
- WordPress sites receive update to security plugin after vulnerability discovered - Oops: Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to log into a Loginizer-protected website with a carefully-crafted username. Vulnerable versions of Loginizer did not properly validate and sanitise the username to prevent SQL injection and Cross-Site Scripting (XSS) attacks. Researcher's post: https://wpdeeply.com/loginizer-before-1-6-4-sqli-injection/
- Snowden Granted Permanent Residency in Russia | SecurityWeek.Com - Hrm: Kucherena said it was "natural" that Snowden wanted to return to the United States but will only do so when the case against him is closed. Earlier this year, US President Donald Trump said he would "take a look" at pardoning Snowden but has not made further comment on the matter. A 2015 petition calling on then president Barack Obama to pardon the whistleblower and privacy advocate was rejected by the White House.
- FDA Approves Use of New Tool for Medical Device Vulnerability Scoring | SecurityWeek.Com - Ahh, I get it now: “[The vulnerability] was not scored as high severity because you could not execute remote code, or remotely access information, just remotely alter limited specific functionality,” Luz explained. “The problem is — when you look at the medical aspect of this — those remote functions altered might just be the most severe thing to compromise on this device, so this must be expressed for anyone doing a risk assessment for it.”
- Cyberattacks against machine learning systems are more common than you think - Microsoft Security - Interesting: https://github.com/mitre/advmlthreatmatrix/blob/master/pages/adversarial-ml-threat-matrix.md#adversarial-ml-threat-matrix
- 8 New and Hot Cybersecurity Certifications for 2020 - I think there is a place for this, and also not a place for this: "For example, if I need a new security engineer to work on vulnerabilities or cloud security, I look for certifications or years of experience operating solutions in those disciplines. I find the empirical knowledge of how to use tools better than a paper certification."