Paul's Security WeeklySubscribe
Compliance Management, Security Staff Acquisition & Development, Vulnerability Management, Cloud Security, Asset Management

The Wrong Lawyer – PSW #697

View Show Index

Segments

1. Attack Surface Discovery and Enumeration – Dan Tentler – PSW #697

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before.

Segment Resources:
phobos.io/orbital

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

Guest

Executive Founder at Phobos Group

Dan Tentler is the executive founder of Phobos Group, a boutique information services and products company focused on shifting the overton window from compliance to actual measurable security.

Hosts

Principal Security Researcher at Eclypsium
Sr. InfoSec Consultant at Online Business Sytems
Product Security Research and Analysis Director at Finite State
Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Digital Transformation’s Impact On IT Asset Visibility – Sumedh Thakar – PSW #697

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility.

Segment Resources:

View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38

Read our CEO’s blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security

Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management

This segment is sponsored by Qualys.

Visit https://securityweekly.com/qualys to learn more about them!

Sponsored By

Qualys

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Guest

CEO at Qualys

As CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. Since 2014, he has served as Chief Product Officer at Qualys, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24×7 follow-the-sun product team.

Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Hosts

Principal Security Researcher at Eclypsium
Sr. InfoSec Consultant at Online Business Sytems
Product Security Research and Analysis Director at Finite State
Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins – PSW #697

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Principal Security Researcher at Eclypsium
  1. 1. Vulnerability Management is the Key to Stopping Attacks
    "Virtually anything could become a security vulnerability, from applications containing legacy components, old software versions and outdated OS to even employees and users. In the fast-changing IT environment with several moving parts, third-party components and services, it is easy to miss updates, and this creates new vulnerabilities"
  2. 2. Overcoming Compliance Issues in Cloud Computing
    "data security is always YOUR responsibility."
  3. 3. 9 Ransomware Early Warning Signs To Monitor In Your District’s Systems
  4. 4. 5 Devastating Endpoint Attacks: Lessons Learned – Security Boulevard
  5. 5. Attack on meat supplier came from REvil, ransomware’s most cutthroat gang
    "REvil and its affiliates account for about 4 percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims."
  6. 6. Agile security testing?—?pentest and automate
    "I explore the idea of agile security testing, where penetration testing is performed first and test cases are automated after that. Agile security testing would be made in iterations of 1) test case execution, 2) penetration testing, and 3) creation of new test cases. The iterative approach naturally leads to constantly updating tests, which addresses the problem of evolving threat landscape."
  7. 7. WordPress Plugins Are Responsible for 98% of All Vulnerabilities – Latest Hacking News
    "Like WordPress, WordPress Plugins are vulnerable to hacking. Why? For two reasons: (i) not all plugins follow the security protocol, and (ii) we can see the codes of the plugins. Hackers always analyze the code to find vulnerabilities in them. If you use a plugin, and the plugin is vulnerable to hacking, or you have not updated to the latest version, your website is then easily hackable. Since WordPress is open source, hackers know what the endpoints (URL) are, what data to use, and how to inject the scripts. "
  8. 8. The Vulnerabilities of the Past Are the Vulnerabilities of the Future
  9. 9. A Supreme Court ruling limits the reach of a landmark hacking law – CyberScoop
    "The Supreme Court issued a 6-3 ruling Thursday determining that improper use of a computer system by someone allowed to use it does not fall under the Computer Fraud and Abuse Act, the nation’s landmark hacking law."
  10. 10. White House calls for companies to address ransomware threat 2021
  11. 11. Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
  12. 12. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
  13. 13. Supreme Court narrows Computer Fraud and Abuse Act: Misusing access not quite the same as breaking in
  14. 14. Security Aspects to consider for a React Native Application
  15. 15. Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors
  16. 16. A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets
  17. 17. Cyber Security Researchers have Disclosed Two new Attack Techniques in PDF. – CyberWorkx
  18. 18. Intrusion Detection System – Have they become useless?
Sr. InfoSec Consultant at Online Business Sytems
Product Security Research and Analysis Director at Finite State
  1. 1. Supreme Court narrows scope of CFAA computer hacking law
  2. 2. Establishing Confidence in IoT Device Security: How do we get there?
  3. 3. FireEye to sell products unit to Symphony-led group for $1.2B – TechCrunch
  4. 4. NortonLifeLock Unveils Norton Crypto
  5. 5. Major meat producer JBS USA hit by cyberattack, likely from Russia
  6. 6. Ransomware attack disrupts Massachusetts ferries
  7. 7. My RCE PoC walkthrough for (CVE-2021–21974) VMware ESXi OpenSLP heap-overflow vulnerability
  8. 8. MOSI/MISO and 140 Years Of Wrong
Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory
  1. 1. Army wants teleworkers to switch off smart IoT devices — FCW
    The Army informed its teleworking workforce that they must immediately remove Internet of Thing (IOT) devices from their teleworking workspaces that possess the capability to listen for keywords that would automatically activate them.
  2. 2. Exclusive: Alibaba’s Huge Browser Business Is Harvesting The ‘Private’ Web Activity Of Millions Of Android And iPhone Users
    UC Browser promised that with its “incognito” mode, no web browsing or search history would be recorded. Researcher discovers on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they’re in incognito mode or not, is sent to servers owned by UCWeb.
  3. 3. JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit: experts
    The White House stated the attack against the world’s largest meat-packer was likely conducted by Russian hackers; several U.S. government agencies are assisting the Brazilian company with cyber assistance.
  4. 4. Australian meat processor JBS Foods hit by cyber attack
    Meat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in Australia, US and other locations.
  5. 5. A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely
    Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be leveraged by attackers to obtain remote access to protected areas of memory, allowing them to perform unrestricted and undetected code execution.
  6. 6. Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery – CyberScoop
    Cozy Bear (APT29) group was spotted just days ago leveraging an election fraud-related lure document attached to a phishing email that purports to originates from the U.S. Agency for International Development (USAID) in attacks targeting government agencies, research institutions, and non-governmental organizations (NGO) in the U.S. and Europe.
  7. 7. Feds Warn DarkSide May Not Stay Dark
    U.S. government cybersecurity and counterintelligence officials have revealed that the DarkSide cybercrime gang responsible for the Colonial Pipeline ransomware attack may soon reemerge, if it ever stopped operating at all.
  8. 8. US Pipelines Ordered to Increase Cyber Defenses After Hack
    TSA has issued a directive mandating that U.S. pipeline owners and operators hire a cybersecurity coordinator, conduct regular cybersecurity assessments, and report any and all cyber incidents to the U.S. federal government.
  9. 9. APT actors exploiting Fortinet vulnerabilities to gain access to local governments
    APT actors recently exploited old vulnerabilities affecting Fortinet firewalls and breached a web server hosting the domain belonging to a local U.S. government, and then moved laterally through the compromised network and created new domain controller, server, and workstation user accounts mimicking already existing accounts in order to exfiltrate or encrypt data and perform other malicious activities.
  10. 10. Researchers find four new malware tools created to exploit Pulse Secure VPN appliances
    Mandiant Threat Intelligence says it has spotted four new malware samples (Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse) that were specifically created to target Pulse Secure VPN appliances and are being used in attacks targeting defense, government, and financial organizations.
  11. 11. Russia’s FSB reports ‘unprecedented’ hacking campaign aimed at government agencies
    Foreign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication.
  12. 12. Japanese government offices hacked
    The Japanese government has disclosed it suffered a data beach after hackers accessed Fujitsu's "ProjectWEB" information-sharing software, which is widely used by public offices and business in Japan, and gained access to data related to air traffic control.
  13. 13. French police seized dark web marketplace Le Monde Parallèle
    Last week, French authorities have seized the dark web marketplace Le Monde Parallèle and arrested two of the platform's administrators following a months-long investigation.
  14. 14. Plaintext Passwords of 8.3 Million Users Leaked in a DailyQuiz Data Breach
    Researchers say they found an unsecured, exposed database belonging to DailyQuiz containing some 13 million users' PII and plaintext passwords.
  15. 15. Chip shortage will lead to higher PC prices as Dell, HP, and Lenovo pass on higher costs
    PC prices are likely to move higher in the second quarter and rest of 2021 as vendors pass along higher component and logistics costs amid strong demand.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

The Top-Down Approach in Cybersecurity and Compliance Isn’t Working – What’s Next? – Justin Beals – ESW #384

Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn...

You can skip this ad in 5 seconds