Difference between revisions of "Episode608"

From Paul's Security Weekly
Jump to: navigation, search
m (Lee's Stories)
(Hosts)
Line 15: Line 15:
 
{{Template:Paul}}
 
{{Template:Paul}}
 
{{Template:Larry}}
 
{{Template:Larry}}
 +
{{Template:Jeff}}
 
{{Template:LeeNeely}}
 
{{Template:LeeNeely}}
 
{{Template:Joff}}
 
{{Template:Joff}}

Revision as of 15:11, 13 June 2019

Recorded June 13, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Register for one of our upcoming webcasts with Bryce Shroeder and Barbara Kay of ServiceNow, Kevin O'Brien of GreatHorn, or Steve Laubenstein of Core Security (or all of them!) by going to securityweekly.com -> Click the webcast dropdown & Select Registration! If you have missed any of our previously recorded webcasts, you can find our on-demand library by selecting on-demand from the webcast drop down! If you attend any of our webcasts, you will receive 1 CPE credit per webcast!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • The new Security Weekly website is officially live! Visit securityweekly.com to check out all of our new sorting and filtering functionality! Please let us know if you find any issues or have any feedback by sending to website@securityweekly.net
    • Paul will be providing his insights & predictions in the information & cyber security space at a local (ISC)2 RI Chapter Meeting on Monday, November 18th @ Gregg's Restaurant in Providence. If you would like to join us, go to securityweekly.com/isc2ri

    Interview: Peter Smith, Edgewise - 6:00-6:30PM

    Peter Smithis the Founder & CEO of Edgewise
    Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike. Most recently, Peter was on the founding team at Infinio Systems where he led product and technology strategy.


    Tech Segment: Corey Thuen, Gravwell - 6:30 - 7:30PM

    Corey Thuen
    is the Co-Founder at Gravwell.
    Corey Thuen co-founded Gravwell to enable log management of every data type an organization might need for success -- analyzing binary packets alongside syslog with a dash of business KPIs enables analytics that improve the entire organization, not just reduce security risk. Prior to founding Gravwell, Corey conducted security assessments on anything from power equipment to vehicle computers to over-engineered juicers while working for companies such as IOActive, Digital Bond, and Southfork Security. Before that Corey did cybersecurity work for the US Department of Energy at Idaho National Laboratory and the FBI.

    Topic: Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.

    Description:
    • This week Mark Russinovich released an update to sysmon that adds DNS logging to the popular (and free) endpoint monitoring tool. In this segment, Corey will talk about sysmon use cases and deployment, crack open the new DNS events, conduct some endpoint DNS analytics, and then incorporate threat feeds to stand up DNS monitoring (time permitting).
    • Obviously this all hinges on the tool actually going out. As of June 8, that's still the plan: https://twitter.com/markrussinovich/status/1137466538322042880



    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Black Hat Q&A: Defending Against Cheaper, Accessible 'Deepfake' Tech
    2. The Rise of 'Purple Teaming'
    3. World's Largest Beer Brewer Sets Up Cybersecurity Team
    4. Report: No Eternal Blue Exploit Found in Baltimore City Ransomware Krebs on Security
    5. Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
    6. Critical Flaw Reported in Popular Chrome Extension from Evernote Users
    7. UP Specifications
    8. Some Raspberry Pi compatible computers
    9. Interesting JavaScript Obfuscation Example - SANS Internet Storm Center
    10. UPDATE: Sysdig Falco v0.15.1 - PenTestIT
    11. Advanced Linux backdoor found in the wild escaped AV detection
    12. Remote attack flaw found in IPTV streaming service | ZDNet
    13. Warnings of world-wide worm attacks are the real deal, new exploit shows - Unfortunately, these tasks often take place in mission-critical environments such as hospitals, factories, and industrial settings. While patching is by far the most effective way to prevent exploits, there are a variety of workarounds that can be deployed. Chief among them is enabling Network Level Authentication (NLA) for Remote Desktop Services, although this defense is ineffective in the event that attackers have compromised the NLA credentials. It may also be possible to at least partially defeat NLA defenses using a remote desktop protocol weakness disclosed Tuesday. So, for these mission critical applications in those environments, where they can't go down, can't be rebooted, and they are so important that patching is out of the question, WHY THE HELL DID YOU CHOOSE WINDOWS? Isn't there a better solution? Is this the fault of the provider? This isn't even a security argument, can't we help fix this problem with better design choices?
    14. Microsoft Warns of Email Attacks Executing Code Using an Old Bug
    15. Radiohead sells recordings to public after hacker threatens to leak them
    16. Microsoft Patches Critical Vulnerabilities in NTLM | SecurityWeek.Com
    17. Jumpboxes: How to avoid storing SSH keys
    18. This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already - With Debian and some other Linux distros, .vimrc ships with modelines already disabled by default, hence those versions are not vulnerable out of the box, though it is still a good idea to update your copy of Vim or Neovim to the latest version.
    19. Google expert disclosed details of an unpatched flaw in SymCrypt library - According to Microsoft, SymCrypt is the primary library for implementing symmetric cryptographic algorithms in Windows 8, it also implements asymmetric cryptographic algorithms starting with Windows 10 version 1703.Ormandy discovered that it is possible to trigger the flaw to cause an infinite loop when making specific cryptographic operations.
    20. Tomorrow's Cybersecurity Analyst Is Not Who You Think
    21. Cognitive Bias Can Hamper Security Decisions

    Larry's Stories

    Lee's Stories

    1. Firm Tech Data Leaks 264gb of data Security settings are now fixed, another store of unsecured data in the cloud. Studies are emerging showing cloud data leak root causes are customer configuration.
    2. GoldBrute botnet targets RDP GoldBrute Botnet brute-forces exposed RDP services. 1.5M nodes compromised, not necessarily using Bluekeep. This underscores risks of exposed RDP services.
    3. Mystery signal was shutting down keyless fobs in an Ohio Neighborhood Home-brew security device was transmitting on 315Mhz, covered by FCC Part 15 rules, disrupting keyless entry devices.
    4. HSM Vulnerabilities disclosed, allows remote exploit Researchers publish paper on exploiting weakness in unnamed HSM vendor's product to allow remote takeover of HSM. Unnamed vendor has released a patch.
    5. Gaming site Emuparadise breach of 1.1M accounts Emuparadise used to host gaming ROMs for emulators. Suffered breach in April 2018, database of accounts was distributed June 9th.
    6. Rhode Island RFP has a long list of Blockchain uses Rhode Island RFP is looking for multiple Blockchain solutions across multiple state agencies. They are looking to the private sector for help being the first state to implement. Exciting and concerning.
    7. RAMBleed Rowhammer Attack RAMBleed is an updated Rowhammer attack that can not-only alter data but also steal it.
    8. Lake City Fl. Hit by Ransomware City services are offline, water and utility payment systems reverted to paper, infected systems isolated to prevent spread; Public Safety systems were already isolated and encrypted for protection. Ideas to take home?

    Joff's Stories