Difference between revisions of "Episode605"

From Security Weekly Wiki
Jump to navigationJump to search
Line 78: Line 78:
#[https://www.bbc.com/news/business-48364204 Laptop full of malware for sale high bit $1.1M] A laptop deliberately infected with six notorious strains of malware, including WannaCry and ILoveYou, is being auctioned in the US as an art project. Currently air-gapped, will be shipped with Internet disabled.
#[https://www.bbc.com/news/business-48364204 Laptop full of malware for sale high bit $1.1M] A laptop deliberately infected with six notorious strains of malware, including WannaCry and ILoveYou, is being auctioned in the US as an art project. Currently air-gapped, will be shipped with Internet disabled.
== Jeff's Stories ==
#[https://www.nytimes.com/2019/05/23/us/politics/assange-indictment.html Assange Indicted Under Espionage Act, Raising First Amendment Issues] latebreaking news
#[https://www.cio.com/article/3395858/12-dark-secrets-of-encryption.html 12 Dark Secrets of Encryption] ooohhh...I wonder what they are
== Patrick's Stories ==
== Patrick's Stories ==
#[https://www.washingtonpost.com/politics/2019/05/18/hack-hack-hack-someone-added-scores-strokes-trumps-official-golf-scores/?utm_term=.cfc6e43c974c Someone Hacked Trump's Golf Scores]
#[https://www.washingtonpost.com/politics/2019/05/18/hack-hack-hack-someone-added-scores-strokes-trumps-official-golf-scores/?utm_term=.cfc6e43c974c Someone Hacked Trump's Golf Scores]
#[https://www.theregister.co.uk/2019/05/23/uk_will_hack_other_countries_say_ministers/ UK Prepares to Hack Back]
#[https://www.theregister.co.uk/2019/05/23/uk_will_hack_other_countries_say_ministers/ UK Prepares to Hack Back]
#[https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124?sk=4c29b27bacb2eff038ec8fe4d40cd615 Sim Swap Attack Costs Him $100,000 overnight]
#[https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124?sk=4c29b27bacb2eff038ec8fe4d40cd615 Sim Swap Attack Costs Him $100,000 overnight]

Revision as of 22:03, 23 May 2019

Recorded May 23, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Patrick Laverty
    is a Pentester for Rapid7

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Matthew McMahon, Salve Regina University - 6:00-6:30PM

    Matthew McMahonis the Head of Security Analytics at Salve Regina University

    Matt McMahon developed and teaches Cybersecurity and Resiliency in Healthcare & Cybersecurity and Healthcare Policy at Salve Regina University in Newport, RI as a Graduate Adjunct Professor. Both courses are requirements for the cybersecurity track of the Healthcare Administration Master’s program. Matt is also a Product Security Expert for a large medical device manufacturer where he leads the organization’s cybersecurity training initiative.

    1. How did you get your start in information security?
    2. How do we balance patient care with medical device security?
    3. How can vulnerabilities in medical devices impact patient care?
    4. What types of training do you perform internally to your organization and why?
    5. What, in your opinion, will be one of the major turning points in healthcare security? Either a turn for the worst or the best?
    6. How do we balance policy with practice in healthcare security? It's one thing to say something will be secure, and usually a completely different story in practice.
    7. What are medical device manufacturers doing to better secure their products? Are they taking on some, or most, of the responsibility?
    8. What are some cool techniques for monitoring and implementing security measures that don't get in the way of healthcare operations?

    Tech Segment: How Does DNS Fit Into A Secure Architecture? - Justin Murphy, CISCO - 6:30 - 7:30PM

    Justin Murphy
    is the Cloud Security Engineer at CISCO.

    Justin Murphy, Consulting Systems Engineer for Cloud Security at Cisco, has over 10 years of experience in Networking and Security. He has worked across industries as Lead Data Center Engineer at Virginia Commonwealth University, in Security Operations at Capital One and covering the entire Cisco portfolio to build solutions for public sector customers. Now he focuses on the Cloud Security practice at Cisco, working with customers to architect and extend security to their cloud environments and to their evolving mobile workforce. His breadth of knowledge and experience across industries gives him unique insight into how the public and private sector is adopting cloud technologies, where gaps in security are forming around their cloud environments, and how to best approach the solutions necessary to fill in these gaps.

    Topic: How does DNS fit into a secure architecture?

    1. What is being done on the public infrastructure, e.g. root DNS server, to prevent attacks against DNS?
    2. When providing DNS resolvers (recursive queries) what protections should be put in place? Specifically, does it make sense to encrypt the request between the client and the DNS resolver?
    3. When the local DNS resolver reaches out to an Internet DNS server, how can that be validated and encrypted? What are the benefits?
    4. Should your recursive DNS servers reach out directly to the root DNS servers or use another DNS server such as Google, Cloudflare or Cisco Umbrella?
    5. For a hybrid cloud environment what is the best way to implement DNS such that it offers the best performance and security?
    6. What are your recommendations for monitoring and capturing all of the DNS queries for security analysis?
    7. What types of DNS anomalies are most commonly created by attackers?

    Security News - 7:30PM-8:30PM

    Doug's Stories

    1. https://nakedsecurity.sophos.com/2019/05/23/the-city-of-baltimore-is-being-held-hostage-by-ransomware/
    2. https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-bug-in-windows-10-task-scheduler/
    3. https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=00906a438725b28e1fe0958213b604e9

    //discussion about Google and Huawei//

    1. https://theweek.com/articles/842837/googles-huawei-ban-exposes-alarming-app-store-duopoly
    2. https://theweek.com/speedreads/841493/report-trump-expected-sign-executive-order-that-block-huawei-from
    3. https://www.xda-developers.com/google-revoke-huawei-android-ban-blacklist/

    Lee's Stories

    1. Sensitive Data for 2.25 Million Russians exposed online
    2. Unsecured Survey Databases exposes infor from 8 Million Marketing data gathered from surveys, free sample requests, etc.
    3. Slack for Windows Vulnerability Slack for Windows 3.3.7 weakness can allow attackers to manipulate where user's files are stored to a hacker file share. Low risk, fixed in version 3.4.0.
    4. Salesforce still hasn't recovered Flaw in Salesforce script resulted in all permissions being granted to every profile, primarily EU and North America customers, service degraded until issue resolved.
    5. 20,000+ Linksys routers leaking information Bug is from 2014. Fix: apply latest firmware and enable firewall. These devices are marketed to home users, perhaps better to replace that 5 year old router?
    6. Several chip companies stop supplying Huawei Qualcomm, Intel, Xilinx and Broadcom are reportedly no longer supplying Huawei after Trump adminstration blacklist. Expect delays in 5G rollout, and carriers impacted replacing Huawei equipment already purchased.
    7. DHS warns of 'Strong Concerns' that Chinese-made drones are stealing data In short the drone manufacturers are obligated to turn over data to the Chinese government on demand. One of the biggest Chinese drone manufacturers is DJI.
    8. Instagram Influencer Account information captured/leaked Information on 49 million users was captured and stored in an open access database.
    9. MuddyWater BlackWater campaign using Anti-Detecion Techniques This is a new PowerShell-based downloader leveraging POWERHELLO which replaces POWERSTATS. While highly targeted it is interesting to see new techniques to avoid detection.
    10. Future Windows 10 updates will block some Wi-Fi Future Windows 10 updates will discontinue support for WEP or TKIP. Move to WAP2 or 3.
    11. New Bill Requires Propbable Cause to Search Electronic Devices at The Border Currently, CBP can search someone's phone and send the information to DHS without a warrant. CNET reports 30,000 devices searched at The Border last year.
    12. ARM Reportedly tells employees to suspend all business with Huawei The ban is due to ARM being US origin technology, and therefore covered by the US Restrictions.
    13. Google cuts of Huawei phones from future Android Updates Google says that it will restrict Huawei's access to futureAndroid OS updates, Google Play store, tick-tock..
    14. All the companies that have cut ties with Huawei Intel, Panasonic, Qualcomm, Xilinix, Broadcom no longer supplying Huawei after blacklist. See also Several Chip companies reportedly stopped supplying Huawei after ban
    15. Laptop full of malware for sale high bit $1.1M A laptop deliberately infected with six notorious strains of malware, including WannaCry and ILoveYou, is being auctioned in the US as an art project. Currently air-gapped, will be shipped with Internet disabled.

    Jeff's Stories

    1. Assange Indicted Under Espionage Act, Raising First Amendment Issues latebreaking news
    2. 12 Dark Secrets of Encryption ooohhh...I wonder what they are

    Patrick's Stories

    1. Someone Hacked Trump's Golf Scores
    2. UK Prepares to Hack Back
    3. Sim Swap Attack Costs Him $100,000 overnight