Difference between revisions of "PSWEpisode623"

From Security Weekly Wiki
Jump to navigationJump to search
 
(8 intermediate revisions by 4 users not shown)
Line 2: Line 2:
  
 
==Episode Audio==
 
==Episode Audio==
<!-- <div align="center">
+
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=496965687
+
|id=698626099
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 10: Line 10:
 
|visual=false
 
|visual=false
 
}}
 
}}
</div> -->
+
</div>
  
 
=== Hosts ===
 
=== Hosts ===
Line 16: Line 16:
 
{{Template:Larry}}
 
{{Template:Larry}}
 
{{Template:LeeNeely}}
 
{{Template:LeeNeely}}
 +
{{Template:Joff}}
  
 
<br><br>
 
<br><br>
Line 27: Line 28:
 
*https://plextrac.com
 
*https://plextrac.com
 
*https://www.youtube.com/channel/UCDV3gtGanV1CkbhLiuKbFFQ
 
*https://www.youtube.com/channel/UCDV3gtGanV1CkbhLiuKbFFQ
 +
*https://plextrac.com/writing-a-killer-penetration-test-report/
 +
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
<br>
 
<br>
Line 33: Line 36:
  
 
== Paul's Stories ==
 
== Paul's Stories ==
{{Template:PSWPaul622}}
+
{{Template:PSWPaul623}}
  
 
== Larry's Stories ==
 
== Larry's Stories ==
 +
#[https://threatpost.com/d-link-home-routers-unpatched/148941/ D-Link routers remote exploit to remain unmatched]
 +
#[https://news.hitb.org/content/fbi-warns-about-attacks-bypass-multi-factor-authentication-mfa FBI Warns of MFA bypass with SIM porting]
 +
#[https://www.darkreading.com/vulnerabilities---threats/android-0-day-seen-exploited-in-the-wild/d/d-id/1335999?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Android Privesc in the wild.]
 +
#[https://www.theregister.co.uk/2019/10/09/ken_thompsons_old_unix_password_cracked/ Father of Unix Ken Thompson’s password finally cracked]
 +
#[https://www.darkreading.com/mobile/usb-drive-security-still-lags/d/d-id/1336047?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple USB device security still lacking]
 +
#[https://www.pcworld.com/article/3315197/free-wi-fi-hotspots-can-track-your-location-even-when-you-arent-connected.html Free WiFi tracks your location even when you are not connected]
 +
#[https://slate.com/technology/2019/10/consequential-computer-code-software-history.html 36 pieces of consequential code]
 +
 +
== Joff's Stories ==
  
 
== Lee's Stories ==
 
== Lee's Stories ==
 +
#[https://qz.com/1723855/an-irs-employee-stole-identities-went-on-spending-spree/ An IRS employee stole identities and went on a 2-year spending spree] An IRS employee stole multiple people's identities, and used them to open illicit credit cards to fund vacations and shop for shoes and other goods, according to a complaint unsealed last week in federal court. The complaint accuses the 35-year-old federal worker of racking up almost $70,000 in charges over the course of two years
 +
#[https://securityaffairs.co/wordpress/92227/hacking/d-link-router-models-flaw.html D-Link router models affected by RCE issue] Older D-Link DIR-655, DIR-866L, DIR-652 & DHP-1565 families of routers will not be patched.
 +
#[https://www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/ HildaCrypt Ransomware developer releases Decryption Keys] When variant discovered, developer decided to relesae master private key.
 +
#[https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/ White-hat hacks Mushtick ransomware gang and released Decryption Keys] Targets QNAP NAS devices. German developer Tobias Frömel paid ransom, analyzed the code, then hacked the gang's server.
 +
#[https://thehackernews.com/2019/10/unix-bsd-password-cracked.html UNIX Co-Founder Ken Thompson's BSE Password has finally been Cracked] 39 year old BSD password finally cracked. BSD 3 passwords protected by DES-based crypt(3) finally cracked.
 +
#[https://cointelegraph.com/news/crypto-sextortionists-turn-to-litecoin-to-avoid-detection-report Crypto “sextortionists” turn to Litecoin to avoid detection] As non-obfuscated Bitcoin links are triggers to block potential Ransomware, other less known option such as Litecoin are starting to crop up.
 +
#[https://www.bbc.com/news/technology-50042379 China’s “Great Nation” app Enable Spying on mobile devices] This required (for diplomats, etc.) app uses excessive privileges to provide access to device information. Apple states iOS security will not allow this level of access.
 +
#[https://www.bbc.com/news/technology-50080586 Any fingerprint unlocks Galaxy S10] Once a fingerprint is registered, any fingerprint will unlock. Don't enable function for now, or physically protect device. Software update will fix. 
 +
#[https://www.infosecurity-magazine.com/news/major-carding-forum-briansclub/ Major Carding Forum BrainsClub Suffers Data Breach] Forum with 26 million stolen credit cards are themselves compromised. Valid card data estimated at $500 each.
 
<br>
 
<br>
 +
 
= Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM =
 
= Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM =
[[File:PeterKruse.jpg|right|250px|thumb|<center>'''[https://twitter.com/peterkruse Bryson Bort]'''is the Founder of [https://www.csisgroup.com/ CSIS Security Group]</center>]] Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.<br>Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.<br><br>'''Segment Topic:'''<br>Cybercrime, threat hunting, APT, spear phishing and tactics etc<br><br>'''Segment Description:'''<br>"Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."
+
[[File:PeterKruse.jpg|right|250px|thumb|<center>'''[https://twitter.com/peterkruse Peter Kruse]'''is the Founder of [https://www.csisgroup.com/ CSIS Security Group]</center>]] Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.<br>Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.<br><br>'''Segment Topic:'''<br>Cybercrime, threat hunting, APT, spear phishing and tactics etc<br><br>'''Segment Description:'''<br>"Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."
 
<br>
 
<br>
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Latest revision as of 16:53, 4 November 2019

Recorded October 17, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Daniel DeCloss, PlexTrac - 6:00-6:30PM

    DeClossis the President and CEO of PlexTrac

    Dan is the Founder and CEO of PlexTrac and has over 14 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies including serving as a Principal Consultant for Veracode on the penetration testing tesm. Dan's background and expertise is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem – a Fortune 40 health insurance firm. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program.

    Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.

    Segment Topic:
    What makes a good pentest report?

    Segment Description:
    The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.

    Segment Resources:


    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
    2. Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
    3. Vulnerability found and fixed in HP bloatware | ZDNet
    4. 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
    5. Cybercrime Tool Prices Bump Up in Dark Web Markets
    6. Pen testers find mystery black box connected to ships engines
    7. Using Machine Learning to Detect IP Hijacking - Schneier on Security
    8. Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
    9. Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
    10. Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
    11. Critical and high-severity flaws addressed in Cisco Aironet APs
    12. ISC Releases Security Advisories for BIND | CISA
    13. Older Amazon Devices Subject to Old Wi-Fi Vulnerability

    Larry's Stories

    1. D-Link routers remote exploit to remain unmatched
    2. FBI Warns of MFA bypass with SIM porting
    3. Android Privesc in the wild.
    4. Father of Unix Ken Thompson’s password finally cracked
    5. USB device security still lacking
    6. Free WiFi tracks your location even when you are not connected
    7. 36 pieces of consequential code

    Joff's Stories

    Lee's Stories

    1. An IRS employee stole identities and went on a 2-year spending spree An IRS employee stole multiple people's identities, and used them to open illicit credit cards to fund vacations and shop for shoes and other goods, according to a complaint unsealed last week in federal court. The complaint accuses the 35-year-old federal worker of racking up almost $70,000 in charges over the course of two years
    2. D-Link router models affected by RCE issue Older D-Link DIR-655, DIR-866L, DIR-652 & DHP-1565 families of routers will not be patched.
    3. HildaCrypt Ransomware developer releases Decryption Keys When variant discovered, developer decided to relesae master private key.
    4. White-hat hacks Mushtick ransomware gang and released Decryption Keys Targets QNAP NAS devices. German developer Tobias Frömel paid ransom, analyzed the code, then hacked the gang's server.
    5. UNIX Co-Founder Ken Thompson's BSE Password has finally been Cracked 39 year old BSD password finally cracked. BSD 3 passwords protected by DES-based crypt(3) finally cracked.
    6. Crypto “sextortionists” turn to Litecoin to avoid detection As non-obfuscated Bitcoin links are triggers to block potential Ransomware, other less known option such as Litecoin are starting to crop up.
    7. China’s “Great Nation” app Enable Spying on mobile devices This required (for diplomats, etc.) app uses excessive privileges to provide access to device information. Apple states iOS security will not allow this level of access.
    8. Any fingerprint unlocks Galaxy S10 Once a fingerprint is registered, any fingerprint will unlock. Don't enable function for now, or physically protect device. Software update will fix.
    9. Major Carding Forum BrainsClub Suffers Data Breach Forum with 26 million stolen credit cards are themselves compromised. Valid card data estimated at $500 each.


    Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM

    Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.
    Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.

    Segment Topic:
    Cybercrime, threat hunting, APT, spear phishing and tactics etc

    Segment Description:
    "Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+