From Security Weekly Wiki
Jump to navigationJump to search

Recorded March 28, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.

  • Announcements

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Mary Beth Borgwing, Cyber Social Club - 6:00-6:30PM

    Mary Beth Borgwing
    is President and Founder of Cyber Social Club.

    Mary Beth works with companies and their technology and security management teams at all stages of growth, developing product, market fit with a "hands on strategy" for business development and revenue generation. Her prior roles as CEO, CFO, COO and being a sales leader for technology, security, and risk management provides Mary Beth a unique skill set for the companies she works with.
    Mary Beth worked in the technology and security sector in Boston, New York and DC, with companies launching new products to the tech and security market as well as companies such as MarshMMC, looking to understand cyber security and complex enterprise risk management. Her time in the insurance industry along with serving as an executive in tech companies is important today as companies look to understand cyber risk management and how it affects it workforce and bottom line.

    Tech Segment: Threat Hunting & AI Hunter, Active Countermeasures - 6:30 - 7:30PM

    Chris Brenton
    is the Chief Operating Officer Active Countermeasures.

    Hello, my name is Chris Brenton. I have been a leader in IT and security for over 20 years. I’ve written multiple books on networking and security including “Mastering Cisco Routers” and “Mastering Network Security”. I’ve been involved with a number of key security projects such as a founding member of the Honeynet Project (https://www.honeynet.org/), and an active contributor to the PCI special interest group responsible for the standards for credit card processing in public cloud environments (https://www.pcisecuritystandards.org/pdfs/pr_130205_Cloud_SIG.pdf). I’ve also developed security training, including complete courses for SANS where I served as a Fellow Instructor (https://www.sans.edu/bios/chris-brenton), and for the Cloud Security Alliance where I authored and presented all of their online training material (https://cloudsecurityalliance.org/education/white-papers-and-educational-material/courseware/). I currently run the day to day operations at Active Countermeasures (https://www.activecountermeasures.com/), where we provide inexpensive tools that that simplify the process of threat hunting your network.


    In this tech talk, Chris will discuss why threat hunting is the missing link between our protection tools and our response tools. He'll then go hands on with AI-Hunter, to show how the tool can be used to identify command and control channels.

    Slides: File:AI Hunter.pdf - **To open slides**: Click the link and then click the Adobe PDF Icon

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Algorithms can now find bugs in computer chips before they are made - Help Net Security
    2. Advanced Breach Protection Demystified Untold Truths On Security Beyond AV
    3. Quantum Computing and Code-Breaking
    4. Operation SaboTor Police arrested 61 vendors and buyers in the dark web
    5. Grindr Poses National Security Risk, U.S. Gov Says
    6. Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
    7. Microsoft Tackles IoT Security with New Azure Updates
    8. New Shodan Monitor service allows tracking Internet-Exposed devices

    Lee's Stories

    1. Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts Legacy access, IMAP, POP, SMTP are not protected by MFA and are default enabled result in a successful vector for password spraying attacks.
    2. Vietnam's OceanLotus Group Ramps up hacking car companies APT23 (aka OceanLotus) is aggressively targeting multinational auto manufacturers to get trace secrets and other sensitive information to augment their vehicle production capabilities.
    3. UC Browser violates Google Play Store Rules The very popular UC Mobile browser allows downloading executable content from the parent companies servers, bypassing the Google Play Store servers and update/vetting mechanisms.
    4. Russia is spoofing GPS Signals on a massive scale GPS Spoofing and jamming is purportedly to protect locations of sensitive people. The US Coast guard received 63 reports in 2018, and while the source is largely unexplained, as attribution is very difficult, C4ADS claims this impacted 1311 commercial ships in Russian waters since 2016.
    5. Pre-Installed Android Apps Face Little Oversight OEM installed Android Apps may have extra permissions and access to personal data, versus installing them after the fact. Which can result in benign/unrecognized data gathering.
    6. 61% of CIO's believe employees leak data maliciously Employees think they don't, IT leadership thinks they do. Root causes for intentional sharing include not having the needed collaboration tools. Unintended sharing comes from phishing and uneducated or uninformed workers. Unauthorized sharing also due to being rushed, stress, and tired workers.
    7. Apple releases multiple security updates Apple releases 51 iOS fixes, privilege escalation flaws in Windows products, Safari updates to stop arbitrary code execution, macOS updates focus on privilege escallation and kernal access flaws.

    Larry's Stories

    1. Huawei gear with epic flaws
    2. [https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/
    Cisco Systems issued 24 patches Wednesday tied to vulnerabilities in its IOS XE operating system and warned customers that two small business  routers (RV320 and RV325) are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated high severity by Cisco, with the others rated medium.]
    1. [https://www.infosecurity-magazine.com/news/microsoft-significant-disruption-1/

    "Unsealed court documents reveal the work of Microsoft’s Digital Crimes Unit (DCU) in targeting the Tehran-linked APT35 group, also known as Charming Kitten and Phosphorous]

    1. DLA Piper has become the latest big name to be denied a multimillion-dollar cyber insurance claim following major losses caused by the NotPetya
    2. [https://www.theregister.co.uk/2019/03/28/huawei_mirai_router_vulnerability/

    Huawei bungled its response to warnings from an ISP's code review team about a security vulnerability common across its home routers – patching only a subset of the devices rather than all of its products that used the flawed firmware.]

    1. [https://www.theregister.co.uk/2019/03/27/office_depot_support_com_fine_ftc/
    Office Depot and Support.com have coughed up $35m after they were accused of lying to people that their PCs were infected with malware in order to charge them cleanup fees]
    1. [https://www.infosecurity-magazine.com/news/microsoft-significant-disruption-1/

    Microsoft is claiming its attempts at disrupting a well-known Iranian state-sponsored APT group have had a “significant impact.”]

    1. Security researchers have come across a waterholing campaign that have compromised four South Korean websites by injecting fake login forms to steal user credentials.