Psw660

From Security Weekly Wiki
Revision as of 21:02, 30 July 2020 by Paul Asadoorian (talk | contribs) (Added By Paul's Craptastic PPWorks Code)
Jump to navigationJump to search

Paul's Security Weekly Episode #660 - July 30, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Gravwell Big Bang Release - 06:00 PM-06:45 PM

Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

Guest(s)

Corey Thuen

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.


Hosts

2. MIDAS - 07:00 PM-07:45 PM

Announcements

Description

Guest(s)

Siddharth Bhatia

Siddharth Bhatia is a PhD student at National University of Singapore. Siddharth's research is supported by a Presidents Graduate Fellowship and he has been recognized as a Young Researcher in the ACM Heidelberg Laureate Forum. Siddharth has done breakthrough work in streaming anomaly detection. His research, MIDAS, finds anomalies or malicious entities in real-time. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS also provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions.


Hosts

3. Security News - 08:00 PM-09:30 PM

Announcements

Description

Hosts

Doug White's Content:

Articles

Jeff Man's Content:

Articles

  1. New Malware Samples Identified in Point-of-Sale Compromise Visa Security Alert

Larry Pesce's Content:

Articles

  1. 275 remotely exploitable w/o auth Oracle Vulns from July... - ... The Dutch Central Bank has their own version of Oracle Financial Services
  2. Drone takeover with a limeSDR and commodity gear
  3. ShinyHunters with some stolen data from interesting sites like ProctorU…

Lee Neely's Content:

Articles

  1. CISA Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP. Fix - see QNAP Security Advisory. Suspect devices should be factory wiped prior to firmware update.
  2. Russia's GRU Hackers Hit US Government and Energy Targets Fancy Bear (APT28) from 12/18 to 5/20 attempted to access Mail Servers, Office 365 and VPN servers.
  3. New Security Flaw Affecting China's DJI Drones Reportedly, in addition to an update mechanism that bypasses Google Play Store, DJI's Go 4 Android app requests extensive permissions, collects personal data (e.g., IMSI, IMEI, and SIM Card serial number), and includes anti-debug and encryption techniques to hamper analysis.
  4. 5 D-Link Router Vulnerabilities disclosed, patch now Patch or replace out-of-support devices.
  5. FBI Warns of New DDoS Attack Vectors: CoAP, WS-DD, ARMS, and Jenkins These newly discovered DDoS vectors are network protocols essential to IoT devices, smartphones, Macs, and other devices on which they are being used, device makers likely will not remove or disable them, making a new wave of DDoS attacks highly likely.
  6. Cerberus Android Malware Source Code Offered for Sale for $100,000 For a flat price of $100,000 USD, the buyer will receive everything from customers lists, source code, installation guides, scripts, servers, and the admin panel.
  7. Cosmetics Giant Avon Leaks 19 Million Records Elasticsearch database hosted on an Azure server containing 19 million customer records was left publicly exposed on the Internet without a password.
  8. Major Hedge Fund Sees Customers' Personal Data Stolen by Hackers SEI Investments disclosed that systems belonging to one of its vendors, Atlanta, Ga.-based M.J. Brunner Inc., suffered a ransomware attack in May.
  9. North Korean Hackers Are Stepping Up Their Ransomware Game, Kaspersky Finds North Korean state-backed hackers associated with the "Lazarus Group" have been spotted leveraging the little-known "VHD" ransomware in two attacks targeting a business in France and another in Asia in order to steal money.
  10. How to Tell If Your Apps Are Spying on You Ideas for finding out, and correcting, which applications have the camera and microphone enabled.
  11. Three Idaho State Websites are vandalized by hackers The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site homepages each displayed the same content: a black background with the text “Hacked by Ghost Squad Hackers” displayed in blue text. “Free Julian Assange! Journalism is not a crime!” reads a message displayed underneath a GIF of V, the Guy Fawkes mask-wearing vigilante from the 2005 film “V for Vendetta.”
  12. Organizations with poor privacy practices 80% more likely to suffer data breach The average company shares its data with 730 different vendors, and according to the Internal Auditors Research Foundation IAA Study, third parties were responsible for two out of every three data breaches.

Paul Asadoorian's Content:

Articles

  1. DIY: Hunting Azure Shadow Admins Like Never Before
  2. Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection - Interesting: using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks.
  3. CVE-2020-8163
  4. Companies Respond to 'BootHole' Vulnerability - The vulnerability is a buffer overflow related to how GRUB2 parses its grub.cfg configuration file. An attacker with admin privileges on the targeted system can modify this file so that their malicious code is executed in the UEFI environment before the OS is loaded.
  5. Bug in widely used bootloader opens Windows, Linux devices to persistent compromise - Help Net Security
  6. Vulnerability Allowed Brute-Forcing Passwords of Private Zoom Meetings
  7. GNU GRUB2 Vulnerability - Original research from Eclypsium: https://eclypsium.com/wp-content/uploads/2020/07/Theres-a-Hole-in-the-Boot.pdf
  8. Python Developers: Prepare!!! - People all for sudden forgot that preparing SQL statements is a thing. I think the problem is in part that Python makes it so easy to mix up prepared/not-prepared. I think an ORM helps A TON with these types of problems.
  9. Offensive Security Acquires Cybersecurity Training Project VulnHub
  10. 11 Tips And Tricks To Write Better Python Code
  11. Source code from 50+ companies, including Nintendo, Microsoft and Adobe, published online - The published code from Nintendo is gaining much of the attention online because it gives an inside look at the source code behind a range of classic games including Mario, Mario Kart, Zelda, F-Zero and Pokemon series. The Nintendo code also includes pre-release art, fully playable prototypes of some games and even references to projects that were never completed. Looks like poor source code version/repo controls.
  12. The Age of Mass Surveillance Will Not Last Forever - I kinda agree: Meanwhile, the corporations of the world digested the realization that their darkest shame—their willful complicity in crimes against the public—had not been punished. Rather, these collaborators had been actively rewarded, with either explicitly retroactive immunity or informal guarantees of perpetual impunity. They became our latest Big Brother, striving to compile perfect records of private lives for profit and power. From this emerged the contemporary corruption of our once-free internet, called surveillance capitalism.
  13. BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10
  14. Hackers Broke Into Real News Sites to Plant Fake Stories - Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. GRU? NO evidence, but why not mention them: While FireEye has made no such claims that the Ghostwriter news site compromises were the work of the GRU, Hultquist argues that the incidents in Poland and the Baltics should nonetheless serve as a warning.
  15. New tool detects shadow admin accounts in AWS and Azure environments
  16. The Garmin Ransomware Hack Is Horrifying - So opt-out, and all the features go bye-bye (* shaking my head): While most Garmin smartwatches do not connect to the internet natively and store workout information on the devices themselves, the Garmin Connect app does not allow users to transfer their workout information to the app without storing it on Garmin’s servers. Garmin allows users to “Opt Out” of sharing workout information with the company, but opting out makes the app essentially useless
  17. New Features in Python 3.9

Tyler Robinson's Content:

Articles

  1. https://www.nytimes.com/video/opinion/100000006210828/russia-disinformation-fake-news.html?playlistId=video/opinion
  2. https://www.nytimes.com/2020/07/23/us/politics/pentagon-ufo-harry-reid-navy.html
  3. https://www.nytimes.com/2020/07/24/opinion/china-dna-police.html
  4. https://www.cnbc.com/2020/07/21/mark-cuban-backed-cultivate-find-american-made-products-on-amazon.html
  5. https://www.cyberscoop.com/chinese-hackers-vatican-christians-church/
  6. https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
  7. https://www.vice.com/en_in/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying
  8. https://apnews.com/3acb089e6a333e051dbc4a465cb68ee1
  9. https://cloud.google.com/blog/products/infrastructure/announcing-googles-grace-hopper-subsea-cable-system
  10. https://www.safetydetectives.com/blog/avon-leak-report/
  11. https://www.businessinsider.com/software-source-code-leaked-microsoft-nintendo-2020-7?utm_source=reddit.com
  12. https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/microsoft-told-employees-to-work-from-home-one-consequence-was-brutal/
  13. https://www.bbc.com/news/world-us-canada-53534941
  14. https://www.zdnet.com/article/slack-credentials-abundant-on-cybercrime-markets-but-little-interest-from-hackers/
  15. https://advances.sciencemag.org/content/6/30/eabb5824.full
  16. https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online
  17. https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-alexa-investment-fund-11595520249
  18. https://www.vice.com/en_us/article/pkyqvb/deepfake-audio-impersonating-ceo-fraud-attempt