- 1 Paul's Security Weekly Episode #673 - November 05, 2020
- 2 1. Abusing JWT (JSON Web Tokens) - 06:00 PM-06:45 PM
- 3 2. Proactive Security Using Runbooks - 07:00 PM-07:45 PM
- 4 3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - 08:00 PM-09:30 PM
Paul's Security Weekly Episode #673 - November 05, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Abusing JWT (JSON Web Tokens) - 06:00 PM-06:45 PM
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Link to view Sven's slide deck: https://securityweekly.com/psw-673-json-web-token-security-sven-morgenroth-netsparker/
Sven Morgenroth is Security Researcher at Netsparker
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.
2. Proactive Security Using Runbooks - 07:00 PM-07:45 PM
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.
This segment is sponsored by PlexTrac.
Visit https://securityweekly.com/plextrac to learn more about them!
Dan DeCloss is President / CEO at PlexTrac
Dan DeCloss is the Founder and CEO of PlexTrac and has over 15 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies including serving as a Principal Consultant for Veracode on the penetration testing team. Dan's background is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.
Joff Thyer - Security Analyst at Black Hills Information Security
3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - 08:00 PM-09:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!
In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!
Doug White's Content:
Joff Thyer's Content:
Lee Neely's Content:
- Infamous Hacking Network Shut Down by Microsoft Resurfaces in Time for US Presidential Election The infamous "TrickBot" hacking network taken down by Microsoft last month has reemerged just in time for the U.S. presidential election.
- Google Reveals a New Windows Zero-Day Bug It Says Is Under Active Attack CVE-2020-17087, exploited by attackers to elevate their level of user access in Windows, leveraging Google Chrome vulnerability (CVE-2020-15999). MS fix will be released November 10th.
- US Cyber Command Exposes New Russian Malware Six of the eight samples uploaded by CNMF to its VirusTotal account are for "Turla" group's ComRAT malware, and the other two samples are for APT28's Zebrocy malware.
- Hackers Stole Credit Card Data from JM Bullion Online Bullion Dealer Attack stole PII/card data. Data offered for sale on Dark Web. Customers need to secure their credit.
- REvil Ransomware Gang Claims over $100 Million Profit in a Year They assert they have netted more than $100 million USD from their ransomware campaigns and strive to make at least $2 billion USD from their ransomware service by adopting the most profitable approaches of infecting targeted organizations' systems, including ransomware as a service, and payments for exfiltrated data.
- About the security content of iOS 14.2 and iPadOS 14.2 Apple drops iOS & iPadOS 14.2, multiple CVEs addressed. Also Catalina 10.15.7, tvOS 14.2, watchOS 7.1
- Someone Just Emptied Out a $1 Billion Bitcoin Wallet leaving just $1.38 USD in the account. Alon Gal had been watching this wallet since 2015 and suspects the outgoing transaction was conducted by the original owner of the wallet or by someone who was able to crack the password.
- Apple fixes three iOS zero-days exploited in the wild iOS & iPadOS 14.2 address these exploits.
Paul Asadoorian's Content:
- WordPress Pushes Out Multiple Flawed Security Updates
- Ryuk ransomware behind one third of all ransomware attacks in 2020 - Help Net Security
- 6 Cybersecurity Lessons From 2020
- Changing Cybersecurity Culture
- Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows | SecurityWeek.Com
- What Keyboard Trackers Are For - Latest Hacking News
- Deception Technology: No Longer Only A Fortune 2000 Solution
- Git LFS vulnerability allows attackers to compromise targets' Windows systems (CVE-2020-27955) - Help Net Security
- Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
- California Proposition 24 Passes - Schneier on Security
- GitHub denies getting hacked | ZDNet
- Hackers are exploiting unpatched VoIP flaws to compromise business accounts | ZDNet
- Customers Are Demanding Privacy
- Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file
- Pornhub Has Been Blocked In Thailand, And People Arent Happy
- One Clear Message From Voters This Election? More Privacy
- Russian authorities make rare arrest of malware author | ZDNet
- Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data TechCrunch
- Back to Basics: Make Cocktails Normal Again - The Bulwark
- Google to GitHub: Time's up this unfixed 'high-severity' security bug affects developers | ZDNet
- New Chrome Zero-Day Under Active Attacks Update Your Browser
- Mark Cuban: The World's First Trillionaire Is Learning This Skill and Discovering How to Use It in Now Unimaginable Ways
- Windows 10 zero-day could allow hackers to seize control of your computer
- A Nameless Hiker and the Case the Internet Cant Crack
- Hacker group uses Solaris zero-day to breach corporate networks | ZDNet
- Google patches second Chrome zero-day in two weeks | ZDNet
Tyler Robinson's Content:
- 3 actively exploited 0-days on Apple iOS, so patch now/soon! Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google’s Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits—three against Chrome and a third against Windows. The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. The flaws are: CVE-2020-27930, a code-execution vulnerability that attackers can trigger using maliciously crafted fonts CVE-2020-27950, which allows a malicious app to obtain the locations in kernel memory, and CVE-2020-27932, a bug that allows code to run with highly privileged system rights. Apple has fixed the zero-days and other vulnerabilities with the release of iOS 14.2 earlier. Project Zero leader Ben Hawkes provided his own bare-bones disclosure here.
- Vladimir Marugov murder: Russian 'Sausage King' killed in sauna with a crossbow