Difference between revisions of "PSWEpisode629"

From Security Weekly Wiki
Jump to navigationJump to search
Line 59: Line 59:
 
== Lee's Stories ==
 
== Lee's Stories ==
 
#[https://www.us-cert.gov/ncas/alerts/aa19-339a US-CERT AA19-339A: Dridex Malware] Consolidtaion of IOCs, information and recommendations about Dridex Malware - very useful reference.  
 
#[https://www.us-cert.gov/ncas/alerts/aa19-339a US-CERT AA19-339A: Dridex Malware] Consolidtaion of IOCs, information and recommendations about Dridex Malware - very useful reference.  
#[https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/ CyrusOne data centers infected by REvil (Sodinokibi) ransomware] New York area Managed Service Providers have outages due to encrypted devices. Co-location centers not impacted.#[https://www.theage.com.au/national/defecting-chinese-spy-offers-information-trove-to-australian-government-20191122-p53d1l.html Defecting Chinese Spy offers information trove to AU Government] Interesting release of data and confirmation of TTPs from defector Wang "William" Liqiang.
+
#[https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/ CyrusOne data centers infected by REvil (Sodinokibi) ransomware] New York area Managed Service Providers have outages due to encrypted devices. Co-location centers not impacted.
 +
#[https://www.theage.com.au/national/defecting-chinese-spy-offers-information-trove-to-australian-government-20191122-p53d1l.html Defecting Chinese Spy offers information trove to AU Government] Interesting release of data and confirmation of TTPs from defector Wang "William" Liqiang.
 
#[https://www.securityweek.com/twitter-facebook-user-data-improperly-accessed-malicious-sdks Twitter, Facebook user data improperly accessed via malicious SDKs] Data aggregators leverage SDKs on Android to access additional user data. Use caution with application permissions granted.
 
#[https://www.securityweek.com/twitter-facebook-user-data-improperly-accessed-malicious-sdks Twitter, Facebook user data improperly accessed via malicious SDKs] Data aggregators leverage SDKs on Android to access additional user data. Use caution with application permissions granted.
 
#[https://threatpost.com/iot-smartwatch-childrens-personal-gps-data/150656/ IoT Smartwatch exposes Kid's persona, GPS data] Shenzhen SMA M2 Smartwatch can be exploited to listen in on conversations, GPS data and other PII.
 
#[https://threatpost.com/iot-smartwatch-childrens-personal-gps-data/150656/ IoT Smartwatch exposes Kid's persona, GPS data] Shenzhen SMA M2 Smartwatch can be exploited to listen in on conversations, GPS data and other PII.

Revision as of 02:17, 6 December 2019

Recorded December 5, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Tyler Robinson
    Managing Director of Network Operations at Nisos, Inc .
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Eric Brown, LogRhythm - 6:00-6:30PM

    Eric Brownis the Sr. Security Analyst at LogRhythm

    Eric Brown is a disciplined professional with 20 years of service in the Air Force; with a wide range of responsibilities and experience as a system administrator of computer systems, networking, and security. Following his service, he held a ten year position as the Cybersecurity and Information Systems Security Officer (ISSO) for a business unit under General Dynamics.

    He is now a Senior Security Analyst and part of the Office of the Chief Information Security Officer team at LogRhythm. At LogRhythm, he maintains LogRhythm’s overall security posture by handling incident response, threat hunting and analysis, and response to phishing emails.

    Segment Topic:
    Outlook on Phishing in 2020

    Segment Description:

    • Phishing Trends
    • 2020 Outlook
    • Top 4 Types Eric is seeing: Exec Phish / Legit websites (Box/sites.google/OneDrive) / Fake O365 / HTML attachment
    • Use of/upload to VirusTotal
    • Value of Incident Response and Playbooks
    • Value of Training
    • baseStriker
    • Has it been patched? Or just now detectable?
    • Hunting Phish Kits


    Tech Segment: Micah Hoffman, Spotlight Infosec - 6:30PM-7:00PM

    Micah Hoffmanis the Principle Investigator at Spotlight Infosec

    Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

    Segment Topic:
    Open Source Intelligence (OSINT) in Cyber - My new non-profit https://osintcurio.us

    Segment Description:
    Looking to increase the publicity of using Open Source Intelligence (OSINT) in traditional cyber fields like pentest, DFIR, and cyber defense. Just created a new non-profit called The OSINT Curious Project (https://osintcurio.us) that is a clearinghouse for excellent OSINT information and resources.

    Segment Resources;


    Security News - 7:30-8:30PM

    Paul's Stories

    1. Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel | ZDNet
    2. Automated security tests with OWASP ZAP
    3. HackerOne Breach Leads to $20,000 Bounty Reward
    4. OpenBSD patches authentication bypass, privilege escalation vulnerabilities | ZDNet
    5. HackerOne breach lets outside hacker read customers private bug reports - Oops: , the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to. One must be careful when sharing information with a bunch of hackers.
    6. Hackers Find Ways Around a Years-Old Microsoft Outlook Fix - "We've been using Outlook Home Page attacks for several years in our red team engagements," says Dave Kennedy, TrustedSec's founder and CEO. "Our goal is to use real-world attacks and adversary capabilities against our customers, and Home Page attacks largely go unnoticed in almost every organization. When you have a Microsoft Office product making modifications to the Office Registry, it's very difficult for defenders to pick up on because it looks legitimate."
    7. Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet
    8. Mystery Server Found to Host Private Data in the Open for 1.2...
    9. Palo Alto Networks Employee Data Breach Highlights Risks Posed by Third Party Vendors - 3rd party risk management companies are loving this: After all, it wasn't their company which leaked the data and placed it on the internet. Instead, it was an external company, contracted to provide a service to Palo Alto Networks, which was careless with the sensitive information.
    10. Hacking robotic vehicles is easier than you might think - Help Net Security
    11. If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You - Huh? Backdoor through my router? "Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router." - An attacker still needs a way to get software on the TV to spy on you, maybe it's a backdoor in an app that is installed on the TV, perhaps a backdoor in the firmware, maybe intercepting domains the TV's use to call out to apply updates or get other data. Suggesting that we put tape over the cameras is just silly. How about we address the actual security vulnerabilities, rather than send people into a panic and have them do things that don't really fix the problem?
    12. New crypto-cracking record reached, with less help than usual from Moores Law
    13. Inside Mastercard's Push for Continuous Security | SecurityWeek.Com
    14. Screw Productivity Hacks: My Morning Routine Is Getting up Late

    Larry's Stories

    1. Injecting traffic into tunneled VPNs
    2. Auth bypass and privesc on OpenBSD
    3. CobaltStrike 4.0 released
    4. Disney+ "hacked"

    Joff's Stories

    Lee's Stories

    1. US-CERT AA19-339A: Dridex Malware Consolidtaion of IOCs, information and recommendations about Dridex Malware - very useful reference.
    2. CyrusOne data centers infected by REvil (Sodinokibi) ransomware New York area Managed Service Providers have outages due to encrypted devices. Co-location centers not impacted.
    3. Defecting Chinese Spy offers information trove to AU Government Interesting release of data and confirmation of TTPs from defector Wang "William" Liqiang.
    4. Twitter, Facebook user data improperly accessed via malicious SDKs Data aggregators leverage SDKs on Android to access additional user data. Use caution with application permissions granted.
    5. IoT Smartwatch exposes Kid's persona, GPS data Shenzhen SMA M2 Smartwatch can be exploited to listen in on conversations, GPS data and other PII.
    6. Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets Emissions indicate the presence of laptops, tablets, smartphones. Don't leave devices in vehicles in sleep mode.
    7. Church's Chicken Restaurants hit by Payment Card Breach Breach only impacted company owned restaurants, not franchised locations.
    8. Vistaprint left customer service database unprotected Calls, Chats, Emails exposed. The database is now offline, but the data it contained included sensitive data.



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+