- 1 Paul's Security Weekly Episode #660 - July 30, 2020
- 2 1. Gravwell Big Bang Release - 06:00 PM-06:45 PM
- 3 2. MIDAS - 07:00 PM-07:45 PM
- 4 3. Security News - 08:00 PM
Paul's Security Weekly Episode #660 - July 30, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Gravwell Big Bang Release - 06:00 PM-06:45 PM
Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we’re bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell. Visit <a href="https://securityweekly.com/gravwell" rel="nofollow">https://securityweekly.com/gravwell</a> to learn more about them!
Corey Thuen is Co-Founder at Gravwell
Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.
2. MIDAS - 07:00 PM-07:45 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting <a href="https://securityweekly.com/subscribe" rel="nofollow">https://securityweekly.com/subscribe</a> and clicking the button to join the list!
MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions. Check out MIDAS at <a href="https://github.com/Stream-AD/MIDAS" rel="nofollow">https://github.com/Stream-AD/MIDAS</a>
Siddharth Bhatia is PhD student at National University of Singapore
Siddharth Bhatia is a PhD student at National University of Singapore. Siddharth's research is supported by a Presidents Graduate Fellowship and he has been recognized as a Young Researcher in the ACM Heidelberg Laureate Forum. Siddharth has done breakthrough work in streaming anomaly detection. His research, MIDAS, finds anomalies or malicious entities in real-time. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS also provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.
3. Security News - 08:00 PM
Paul Asadoorian's Content:
- DIY: Hunting Azure Shadow Admins Like Never Before
- Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
- Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
- Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
- Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
- GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
- Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
- Offensive Security Acquires Cybersecurity Training Project VulnHub
- 11 Tips And Tricks To Write Better Python Code
- Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
- The Age of Mass Surveillance Will Not Last Forever - I kinda agree: Meanwhile, the corporations of the world digested the realization that their darkest shame—their willful complicity in crimes against the public—had not been punished. Rather, these collaborators had been actively rewarded, with either explicitly retroactive immunity or informal guarantees of perpetual impunity. They became our latest Big Brother, striving to compile perfect records of private lives for profit and power. From this emerged the contemporary corruption of our once-free internet, called surveillance capitalism.
- BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
- Hackers Broke Into Real News Sites to Plant Fake Stories - Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. GRU? NO evidence, but why not mention them: While FireEye has made no such claims that the Ghostwriter news site compromises were the work of the GRU, Hultquist argues that the incidents in Poland and the Baltics should nonetheless serve as a warning.
- New tool detects shadow admin accounts in AWS and Azure environments
- The Garmin Ransomware Hack Is Horrifying - So opt-out, and all the features go bye-bye (* shaking my head): While most Garmin smartwatches do not connect to the internet natively and store workout information on the devices themselves, the Garmin Connect app does not allow users to transfer their workout information to the app without storing it on Garmin’s servers. Garmin allows users to “Opt Out” of sharing workout information with the company, but opting out makes the app essentially useless
- New Features in Python 3.9