Difference between revisions of "PSWEpisode650"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
Line 158: Line 158:
 
</gallery>
 
</gallery>
 
{{Template:PSW650NewsJeffMan}}
 
{{Template:PSW650NewsJeffMan}}
 +
#[https://www.securitymagazine.com/articles/92314-godaddy-confirms-data-breach---28000-customers-affected GoDaddy data breach shows why businesses need to better secure their customer data] That's a new thing?
 +
#[https://www.securitymagazine.com/articles/92324-iq-report-the-era-of-weaponized-data-breaches 4iQ Report: The Era of Weaponized Data Breaches]
 +
#[https://www.cpomagazine.com/cyber-security/accidental-internal-data-breaches-are-on-the-rise-heres-how-to-protect-your-business/ Accidental Internal Data Breaches Are on the Rise. Here’s How to Protect Your Business.]
 +
#[https://www.cpomagazine.com/cyber-security/hackers-breached-over-160000-nintendo-accounts-and-misused-payment-information-the-company-admits/ Hackers Breached Over 160,000 Nintendo Accounts and Misused Payment Information, the Company Admits]
  
 
==[https://twitter.com/@joff_thyer Joff Thyer]'s Content: ==
 
==[https://twitter.com/@joff_thyer Joff Thyer]'s Content: ==

Revision as of 22:03, 7 May 2020

Paul's Security Weekly Episode #650 - May 07, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Interview - Public Utility Security and National Guard Support - 06:00 PM-06:45 PM

Announcements

  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Public utilities are under fire from malicious actors now, more than ever. At the same time, authorities for National Guard units are expanding, allowing greater levels of support. However, this only works when relationships already exist.



Guest(s)

Chris Elgee

Chris Elgee is a Core NetWars Tournament design lead and penetration tester. At Counter Hack, he creates Holiday Hack and NetWars challenges designed to be fun, engaging, and (gasp!) educational for players of all skill levels. Through his work with SANS and the Army National Guard, Chris shares his love of cybersecurity to educate, prepare, and inspire students and soldiers alike. Outside of work, Chris enjoys volunteering, playing bass at church, and spending time with his wife and four kids.

Jim McPherson

Jim is a cyber security expert with over 15 years in the security industry in both government and private sectors, his current efforts see him participating in the national effort to secure and defend critical infrastructure from cyber attack. Prior to his work in cyber security Jim served in the US Army with the 10th Mount Division for 10 ½ years as an Army Ranger and Sniper serving in 3 combat tours.


Hosts

2. Technical Segment - Project Fantastic - Bringing The CLI to GUI Users - 07:00 PM-07:45 PM

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.

Description

Lots of IT and security professionals do not want to use the CLI, which has set them back. Fantastic exposes the same power as the CLI in an easy to use GUI that is more consistent and hopefully easier to navigate/use than the native GUI tools



Presenter(s)

Mick Douglas

Even when his job title has indicated otherwise, Mick Douglas has been doing information security work for over 10 years. He received a bachelor's degree in communications from Ohio State University. He is the managing partner for InfoSec Innovations. He is always excited for the opportunity to share with others so they do not have to learn the hard way! When he's not "geeking out" you'll likely find Mick indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.


Hosts

3. News - Security News - 08:00 PM-09:00 PM

Announcements

  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Description

Description TBD


Hosts

Jeff Man's Content:

Articles

  1. GoDaddy data breach shows why businesses need to better secure their customer data That's a new thing?
  2. 4iQ Report: The Era of Weaponized Data Breaches
  3. Accidental Internal Data Breaches Are on the Rise. Here’s How to Protect Your Business.
  4. Hackers Breached Over 160,000 Nintendo Accounts and Misused Payment Information, the Company Admits
  5. GoDaddy data breach shows why businesses need to better secure their customer data That's a new thing?
  6. 4iQ Report: The Era of Weaponized Data Breaches
  7. Accidental Internal Data Breaches Are on the Rise. Here’s How to Protect Your Business.
  8. Hackers Breached Over 160,000 Nintendo Accounts and Misused Payment Information, the Company Admits

Joff Thyer's Content:

Articles

Larry Pesce's Content:

Articles

  1. 8-year old IoT botnet on NAS devices….just for anime

Lee Neely's Content:

Articles COVID-19

  1. AA20-126A: APT Groups Target Healthcare and Essential Services CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. Bulletin shows targeting, activity, technical details and mitigations.
  2. Jio Security Lapse Exposes Millions of Medical Records A security flaw in the coronavirus symptom checker developed by Mumbai, Maharashtra, India-based telecommunication provider Reliance Jio has reportedly resulted in the exposure of a database containing "tens of millions" of records that include users' personally identifiable information (PII).
  3. Researchers have uncovered a malware called “Agent Tesla” which is being spread via COVID-19-themed phishing emails The malware abuses MS Office vulnerabilities to capture keystrokes, take screenshots, and dump browser passwords. The phishing mail attachment is titled ‘COVID 19 NEW ORDER FACE MASKS.doc.rtf.’
  4. Researchers at Bitdefender have discovered that cyber-criminals are more likely to attack during the work week, while many are teleworking due to COVID-19 restrictions. The team theorized that cyber-criminals has theorized that cyber-criminals are timing their attacks to avoid moments at which victims are most likely to be away from their computer.
  5. Apple, Google ban use of location tracking in contact tracing apps Apple Inc and Alphabet Inc’s Google on Monday said they would ban the use of location tracking in apps that use a new contact tracing system the two are building to help slow the spread of the novel coronavirus.
  6. Stolen Zoom logins were for sale on the dark Web Hackers put more than half a million login details for the teleconferencing app Zoom on the dark Web at about 1 pence (1.25 cents) each.
  7. State-backed hackers are targeting coronavirus responders A joint statement by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Britain’s National Cyber Security Centre (NCSC) did not identify which countries were responsible, but said hackers had targeted pharmaceutical companies, research organizations, and local governments.
  8. Coronavirus and cyberattacks: 2020 campaigns already being hacked, experts warn President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks. Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections. (Fox News)

Articles Other

  1. Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability Two critical vulnerabilities (CVE-2020-11651 and CVE-2020-11652) affecting the Salt configuration framework, are being leveraged by attackers in order to breach servers. Exploitation started rapidly after the flaws were disclosed. The flaws allow for privilege escalation on Salt minion and root servers.
  2. Sophisticated Phishing Kit Used by Multiple Groups to Target Executives Campaign dubbed "PerSwaysion" abuses the Microsoft Sway presentation application in order to compromise accounts. Sophisticated BEC attempt.
  3. Hackers Say They Stole Millions of Credit Cards from Banco BCR Maze Ransomware operators claim breach of Costa Rican state-owned bank BCR. maze operators claim they will leak the data.
  4. Kaiji, a New Linux Malware Targets IoT Devices in the Wild Kaiji is written in Go uses SSH brute-force attacks to compromise IoT devices.
  5. GoDaddy Reports Data Breach Involving SSH Access on Hosting Accounts GoDaddy breach in October 2019 coming to light. Concern is long notification/detection window. GoDaddy has reset account passwords and is urging customers to audit their hosting accounts. GoDaddy is also providing impacted customers with one year of its website security and malware removal service for free. GoDaddy takes seven months to discover data breach
  6. CAM4 Adult Streaming Site Leaks Data on Millions of Members 7TB misconfigured cloud database exposed contained 11 million email addresses and another 26.3 million records containing password hashes. Other PII exposed as well.
  7. Firm's MDM Server Abused to Deliver Android Malware to 75% of Its Devices Compromised MDM server used to deliver Cerberus Android malware. Secure the device and the MDM service. Cerebrus malware offers the users a fake seucrity update which primarily steals credentials and screenlock patterns.
  8. US Financial Industry Regulator Warns of Widespread Phishing Campaign FINRA cyber alerts are rare. This alert warns users to be on the alert for phishing campaign intended to steal Microsoft Office and SharePoint passwords. MFA publicly accessible services.

Paul Asadoorian's Content:

Articles

  1. GitHub Takes Aim at Open Source Software Vulnerabilities
  2. Naikon APT Hid Five-Year Espionage Attack Under Radar - “Naikon’s primary method of attack is to infiltrate a government body, then use that body’s contacts, documents and data to launch attacks on others, exploiting the trust and diplomatic relations between departments and governments to increase the chances of its attack succeeding,” said researchers.
  3. PoC Exploit Released for DoS Vulnerability in OpenSSL | SecurityWeek.Com
  4. Designing Firmware Resilience for 3 Top Attack Vectors - Great article, not your everyday IoT insecurity article!
  5. New Kaiji Botnet Targets IoT, Linux Devices
  6. New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers
  7. ILOVEYOU Virus - Schneier on Security - LOL: He also created a title for the email attachment that would have global appeal, tempting people across the world to open it. "I figured out that many people want a boyfriend, they want each other, they want love, so I called it that," he said.
  8. Facebook Launches 'Discover,' A Secure Proxy to Browse the Internet for Free
  9. Is CVSS the Right Standard for Prioritization? - One thing that jumped out at me (the rest I am still trying to figure out what the conclusion is) is that for CVSS 3.1 from 2016 until now, there are far fewer low scores than medium, high and critical. This tells me most lows are going un-reported. Which means those information-gathering tactics are still in play, because even if they were reported, likely they would not be fixed.
  10. Ransomware Attack Takes Down Toll Group Systems, Again - Not Again! - “This is unrelated to the ransomware incident we experienced earlier this year. Toll has no intention of engaging with any ransom demands, and there is no evidence at this stage to suggest that any data has been extracted from our network.” Nefilim was only recently discovered. According to researchers, it is most likely spread through Remote Desktop Protocol (RDP), similar to other ransomware families such as Nemty, Crysis and SamSam. “The actors behind Nefilim primarily gain access through vulnerable RDP servers, though there are unverified reports of them expanding their attack repertoire,” Allan Liska, threat intelligence analyst with Recorded Future, told Threatpost. “This is a pretty common development path for new ransomware actors: They start with open or vulnerable RDP servers and then expand to other attack methods.”
  11. Hacker buys old Tesla parts on eBay, finds them full of user data - Examples included phone books from connected cell phones, call logs containing hundreds of entries, recent calendar entries, Spotify and W-Fi passwords stored in plaintext, locations for home, work, and all places navigated to, and session cookies that allowed access to Netflix and YouTube (and attached Gmail accounts).
  12. Attacks on WordPress Sites Surge
  13. Another Stuxnet-Style Vulnerability Found in Schneider Electric Software | SecurityWeek.Com
  14. Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
  15. Pandemic Could Accelerate Passwordless Authentication
  16. 900,000 WordPress sites attacked via XSS vulnerabilities | SC Media - Attackers can use XSS vulnerabilities to gain privileged access to a website and plant malicious JavaScript code that can steal user data, spread malware or hijack users to nefarious sites. Such techniques have been used to launch Magecart attacks against thousands of e-commerce sites resulting in the theft of millions of credit card numbers Details: https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
  17. Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats - The Keybase acquisition is part of Zoom's plan to create a secure, private, and scalable video communications tool that businesses need as more employees work remotely. Keybase, founded in 2014, has spent six years building a secure messaging and file-sharing service. Users can chat and share with team members and communities knowing that messages are end-to-end encrypted.
  18. Cisco Patches High Severity Vulnerabilities in Security Products | SecurityWeek.Com - Files that are deleted abusing this flaw are restored when the device is reloaded after exploitation. “The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files,” Cisco explains.
  19. Samsung Patches Critical 0-Click Vulnerability in Smartphones | SecurityWeek.Com

Tyler Robinson's Content:

Articles

  1. Russian coronavirus doctors are mysteriously falling out of windows
  2. Captured American Mercenaries Captured During Venezuelan Coupe
  3. State Sponsored Hackers Targeting US Responders
  4. Spy Planes over Baltimore
  5. Chinese XIAOMI recording millions of people phone usage
  6. Zoom acquires Keybase
  7. Godaddy Data Breach