Difference between revisions of "Psw660"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
 
(4 intermediate revisions by the same user not shown)
Line 14: Line 14:
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 +
 +
<center>{{#ev:youtube|YlkYKoT0Hqk }}</center>
  
  
Line 20: Line 22:
 
<ul style="margin-left: 50px;">
 
<ul style="margin-left: 50px;">
  
<li> <p>Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!</p></li>
+
<li> <p>Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: &#8220;20SecWeekbh&#8221; Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 &#8211; August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!</p></li>
  
 
</ul>
 
</ul>
  
 
=== Description ===
 
=== Description ===
 +
 +
The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell.
 +
 +
Visit https://securityweekly.com/gravwell to learn more about them!
  
  
Line 71: Line 77:
 
<ul style="margin-left: 50px;">
 
<ul style="margin-left: 50px;">
  
<li> <p>Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting <a href="https://securityweekly.com/subscribe" rel="nofollow">https://securityweekly.com/subscribe</a> and clicking the button to join the list!</p></li>
+
<li> <p>Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!</p></li>
  
 
</ul>
 
</ul>
  
 
=== Description ===
 
=== Description ===
 +
 +
MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.
 +
 +
Check out MIDAS at https://github.com/Stream-AD/MIDAS
  
  
Line 110: Line 120:
 
</gallery>
 
</gallery>
  
= 3. Security News - 08:00 PM-09:30 PM  =
+
= 3. GNU GRUB2 Vulnerability, 'BootHole' Secure Boot Threat, & Garmin Ransomware Hack - 08:00 PM-09:30 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 +
 +
<center>{{#ev:youtube|t8utJrA7d54 }}</center>
  
  
Line 120: Line 132:
 
<ul style="margin-left: 50px;">
 
<ul style="margin-left: 50px;">
  
<li> <p>Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting <a href="https://securityweekly.com/guests" rel="nofollow">https://securityweekly.com/guests</a> and completing the form! We review suggestions monthly and will reach out to you once reviewed!</p></li>
+
<li> <p>Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!</p></li>
  
<li> <p>Learn how to keep your “internet self” safe in our next webcast on August 13th! Register for our upcoming webcasts or virtual trainings by visiting <a href="https://securityweekly.com/webcasts" rel="nofollow">https://securityweekly.com/webcasts</a>. Or visit <a href="http://securityweekly.com/ondemand" rel="nofollow">securityweekly.com/ondemand</a> to view our previously recorded webcasts!</p></li>
+
<li> <p>Visit https://securityweekly.com/webcasts to see what we have coming up! Learn about Rapid7&#8217;s Findings from the National Internet Cloud Exposure Report on August 13th and How to Create and Run a Conference, from the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, <span class="caps">SIGR</span>ed and <span class="caps">SMB</span>leed&#8230;Best Practices To Prioritize And Remediate Now! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!</p></li>
  
 
</ul>
 
</ul>
  
 
=== Description ===
 
=== Description ===
 +
 +
A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories!
  
  

Latest revision as of 00:34, 5 August 2020

Paul's Security Weekly Episode #660 - July 30, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Gravwell Big Bang Release - 06:00 PM-06:45 PM


Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell.

Visit https://securityweekly.com/gravwell to learn more about them!



Guest(s)

Corey Thuen

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.


Hosts

2. MIDAS - 07:00 PM-07:45 PM


Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

Description

MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.

Check out MIDAS at https://github.com/Stream-AD/MIDAS



Guest(s)

Siddharth Bhatia

Siddharth Bhatia is a PhD student at National University of Singapore. Siddharth's research is supported by a Presidents Graduate Fellowship and he has been recognized as a Young Researcher in the ACM Heidelberg Laureate Forum. Siddharth has done breakthrough work in streaming anomaly detection. His research, MIDAS, finds anomalies or malicious entities in real-time. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS also provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.


Hosts

3. GNU GRUB2 Vulnerability, 'BootHole' Secure Boot Threat, & Garmin Ransomware Hack - 08:00 PM-09:30 PM


Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Visit https://securityweekly.com/webcasts to see what we have coming up! Learn about Rapid7’s Findings from the National Internet Cloud Exposure Report on August 13th and How to Create and Run a Conference, from the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories!


Hosts

Doug White's Content:

Articles

Jeff Man's Content:

Articles

  1. New Malware Samples Identified in Point-of-Sale Compromise Visa Security Alert

Larry Pesce's Content:

Articles

  1. 275 remotely exploitable w/o auth Oracle Vulns from July... - ... The Dutch Central Bank has their own version of Oracle Financial Services
  2. Drone takeover with a limeSDR and commodity gear
  3. ShinyHunters with some stolen data from interesting sites like ProctorU…

Lee Neely's Content:

Articles

  1. CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. Fix - see QNAP Security Advisory. Suspect devices should be factory wiped prior to firmware update.
  2. Russia's GRU Hackers Hit US Government and Energy Targets Fancy Bear (APT28) from 12/18 to 5/20 attempted to access Mail Servers, Office 365 and VPN servers.
  3. New Security Flaw Affecting China's DJI Drones Reportedly, in addition to an update mechanism that bypasses Google Play Store, DJI's Go 4 Android app requests extensive permissions, collects personal data (e.g., IMSI, IMEI, and SIM Card serial number), and includes anti-debug and encryption techniques to hamper analysis.
  4. 5 D-Link Router Vulnerabilities disclosed, patch now Patch or replace out-of-support devices.
  5. FBI Warns of New DDoS Attack Vectors: CoAP, WS-DD, ARMS, and Jenkins These newly discovered DDoS vectors are network protocols essential to IoT devices, smartphones, Macs, and other devices on which they are being used, device makers likely will not remove or disable them, making a new wave of DDoS attacks highly likely.
  6. Cerberus Android Malware Source Code Offered for Sale for $100,000 For a flat price of $100,000 USD, the buyer will receive everything from customers lists, source code, installation guides, scripts, servers, and the admin panel.
  7. Cosmetics Giant Avon Leaks 19 Million Records Elasticsearch database hosted on an Azure server containing 19 million customer records was left publicly exposed on the Internet without a password.
  8. Major Hedge Fund Sees Customers' Personal Data Stolen by Hackers SEI Investments disclosed that systems belonging to one of its vendors, Atlanta, Ga.-based M.J. Brunner Inc., suffered a ransomware attack in May.
  9. North Korean Hackers Are Stepping Up Their Ransomware Game, Kaspersky Finds North Korean state-backed hackers associated with the "Lazarus Group" have been spotted leveraging the little-known "VHD" ransomware in two attacks targeting a business in France and another in Asia in order to steal money.
  10. How to Tell If Your Apps Are Spying on You Ideas for finding out, and correcting, which applications have the camera and microphone enabled.
  11. Three Idaho State Websites are vandalized by hackers The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site homepages each displayed the same content: a black background with the text “Hacked by Ghost Squad Hackers” displayed in blue text. “Free Julian Assange! Journalism is not a crime!” reads a message displayed underneath a GIF of V, the Guy Fawkes mask-wearing vigilante from the 2005 film “V for Vendetta.”
  12. Organizations with poor privacy practices 80% more likely to suffer data breach The average company shares its data with 730 different vendors, and according to the Internal Auditors Research Foundation IAA Study, third parties were responsible for two out of every three data breaches.

Paul Asadoorian's Content:

Articles

  1. DIY: Hunting Azure Shadow Admins Like Never Before
  2. Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
  3. CVE-2020-8163
  4. Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
  5. Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
  6. Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
  7. GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
  8. Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
  9. Offensive Security Acquires Cybersecurity Training Project VulnHub
  10. 11 Tips And Tricks To Write Better Python Code
  11. Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
  12. The Age of Mass Surveillance Will Not Last Forever - I kinda agree: Meanwhile, the corporations of the world digested the realization that their darkest shame—their willful complicity in crimes against the public—had not been punished. Rather, these collaborators had been actively rewarded, with either explicitly retroactive immunity or informal guarantees of perpetual impunity. They became our latest Big Brother, striving to compile perfect records of private lives for profit and power. From this emerged the contemporary corruption of our once-free internet, called surveillance capitalism.
  13. BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
  14. Hackers Broke Into Real News Sites to Plant Fake Stories - Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. GRU? NO evidence, but why not mention them: While FireEye has made no such claims that the Ghostwriter news site compromises were the work of the GRU, Hultquist argues that the incidents in Poland and the Baltics should nonetheless serve as a warning.
  15. New tool detects shadow admin accounts in AWS and Azure environments
  16. The Garmin Ransomware Hack Is Horrifying - So opt-out, and all the features go bye-bye (* shaking my head): While most Garmin smartwatches do not connect to the internet natively and store workout information on the devices themselves, the Garmin Connect app does not allow users to transfer their workout information to the app without storing it on Garmin’s servers. Garmin allows users to “Opt Out” of sharing workout information with the company, but opting out makes the app essentially useless
  17. New Features in Python 3.9

Tyler Robinson's Content:

Articles

  1. https://www.nytimes.com/video/opinion/100000006210828/russia-disinformation-fake-news.html?playlistId=video/opinion
  2. https://www.nytimes.com/2020/07/23/us/politics/pentagon-ufo-harry-reid-navy.html
  3. https://www.nytimes.com/2020/07/24/opinion/china-dna-police.html
  4. https://www.cnbc.com/2020/07/21/mark-cuban-backed-cultivate-find-american-made-products-on-amazon.html
  5. https://www.cyberscoop.com/chinese-hackers-vatican-christians-church/
  6. https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
  7. https://www.vice.com/en_in/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying
  8. https://apnews.com/3acb089e6a333e051dbc4a465cb68ee1
  9. https://cloud.google.com/blog/products/infrastructure/announcing-googles-grace-hopper-subsea-cable-system
  10. https://www.safetydetectives.com/blog/avon-leak-report/
  11. https://www.businessinsider.com/software-source-code-leaked-microsoft-nintendo-2020-7?utm_source=reddit.com
  12. https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/microsoft-told-employees-to-work-from-home-one-consequence-was-brutal/
  13. https://www.bbc.com/news/world-us-canada-53534941
  14. https://www.zdnet.com/article/slack-credentials-abundant-on-cybercrime-markets-but-little-interest-from-hackers/
  15. https://advances.sciencemag.org/content/6/30/eabb5824.full
  16. https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online
  17. https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-alexa-investment-fund-11595520249
  18. https://www.vice.com/en_us/article/pkyqvb/deepfake-audio-impersonating-ceo-fraud-attempt