Mood Lighting – PSW #727
Full Audio
View Show IndexSegments
1. Cybersecurity Is Not Just a Technical Problem – Brian Honan – PSW #727
We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In particular the airline safety and automobile safety industries have a lot that we can learn from. Things such as breach disclosures, accountability, root cause analysis with openly shared results, focused training, industry norms for checklists, certification of products, and regulations have all improved these industries.
Segment Resources: Security Industry Failing to Establish Trust https://threatpost.com/security-industry-failing-to-establish-trust/128321/
Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal https://www.theregister.com/2017/11/24/infosecdisasterslearning_op/
IoT security: Lessons we can learn from the evolution of road safety https://www.helpnetsecurity.com/2018/08/09/iot-security-lessons/
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Brian Honan is CEO of the Cybersecurity and Data Protection firm BH Consulting and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies. Brian is the author of several books and regularly contributes to various publications. For his contribution to the cybersecurity industry Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.
Hosts
2. AR vs. VR, Hacking Mazdas, Risqué Latte Art, Crypto Wormholes, & Carding Forum Seized – PSW #727
In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Million in crypto stolen from the “Wormhole”, & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Microsoft to block internet macros by default in five Office applications"Microsoft said the decision to block VBA macros by default only affects Access, Excel, PowerPoint, Visio, and Word on Windows. Documents that contain VBA macros that have been created and obtained from inside an organization’s trusted network will still be allowed to execute."
- 2. Rapping FinanceTok Influencer and Husband Accused of Conspiracy to Launder $4.5 Billion in CryptoSo many talents, money laundering and: "She also apparently has something of a music career. Going by the rap moniker “Razzlekhan,” or RZK, Morgan is a verified artist on Spotify, where she describes herself as creating “sexy horror-comedy raps with an authentically awkward twang."
- 3. Russia arrests third hacking group, reportedly seizes carding forumsRussians are no joke: "Security researcher Soufiane Tahiri also discovered that the source code for the sky-fraud.ru seizure notice includes a hidden message for other Russian hackers, saying "??? ?? ??? ??????????" Translated into English, this warning says, "WHICH OF YOU IS NEXT?""
- 4. How $323M in crypto was stolen from a blockchain bridge called Wormhole
- 5. How cybercriminals are using malware to target Linux-based operating systems – Help Net Security"More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly"
- 6. Russian researchers unlock Intel processors for reverse engineering"A proof-of-concept published by Russian security vendor Positive Technologies comes with detailed instructions on how to unlock processors to gain access." and "It does this by exploiting a bug in the CPU that Intel has released an advisory on, and then unlocking the CPU to see the chip's internals through an interface known as JTAG. Developed by the Joint Testing Action Group, JTAG is a chip-level interface." - Github repo: https://github.com/ptresearch/IntelTXE-PoC
- 7. Detect active network reconnaissance with Microsoft Defender for Endpoint"In our lab environment, Nmap has been configured to send probes to an individual IP address from an unauthenticated client. The results, albeit constrained to a specific scan type, return a plethora of information that can aid an attacker in building a profile about a discovered host. "
- 8. Low-Detection Phishing Kits Increasingly Bypass MFAWhich tool/technique is your favorite?
- 9. North Korea: Missile programme funded through stolen crypto, UN report says
- 10. Will the Metaverse Usher in a Universe of Security Challenges?"Future malicious actors may figure out how to make their presences undetectable. From there, they could invisibly join meetings and listen in on business conversations. State actors and spy agencies, as well as industrial espionage actors, may devote enormous resources to figuring this out."
- 11. Critical Android 12 bug fixed in February security patches
- 12. CVE-2022-21882Easy to exploit (Reference: https://securityaffairs.co/wordpress/127377/hacking/cve-2022-21882-win-local-privilege-elevation.html)
- 13. x86matthew – CreateSvcRpc – A custom RPC client to execute programs as the SYSTEM user
- 14. CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
- 1. Rupert Murdoch’s News Corp hacked in cyber attack believed to be linked to ChinaInvestigators say they believe that a Jan. 20, 2022, breach of Rupert Murdoch's News Corp, which resulted in the theft of data belonging to journalists working for variety of news outlets, was linked to China.
- 2. Wormhole cryptocurrency platform hacked to steal $326 millionHackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred to another blockchain.
- 3. DHS Launches Cyber Safety Review Board to Analyze Major Vulnerability EventsThe US Department of Homeland Security has named a 15-member Cyber Safety Review Board (CSRB) to assess significant cybersecurity events and recommend improvements - starting with the Log4J vulnerability.
- 4. Attackers Target Intuit Users by Threatening to Cancel Tax Accounts – The Cyber PostThe usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software. Just in time for tax season, Intuit is warning customers of a phishing campaign that threatens to close user accounts if they don’t click on a malicious link.
- 5. Major Vulnerability Found in Argo CDSecurity researchers at Apiiro have discovered a significant software supply chain zero-day vulnerability in the popular open-source continuous delivery platform, Argo CD. Argo CD is a tool that reads environment configurations (written as a helm chart, kustomize files, jsonnet or plain YAML files) from git repositories and applies it Kubernetes namespaces. The platform can manage the execution and monitoring of application deployment post-integration. The flaw (CVE-2022-24348) lets attackers access and exfiltrate sensitive information such as passwords and API keys. There is no workaround other than update to the fixed version
- 6. Russia arrests third hacking group, reportedly seizes carding forumsRussia arrested six people, allegedly part of a hacking group involved in the theft and selling of stolen credit cards. This marks the third arrest of cyber criminals by Russian authorities in 2022, following the reported arrests of actors associated with the REvil ransomware gang and Andrey Sergeevich Novak, the alleged administrator of the UniCC card shop and leader of the Infraud Organization. The recent law enforcement pressure on Russian cyber criminals could disincentivize threat actors from engaging in payment card theft and carding activities, resulting in a continued decrease in observed activity.
- 7. 2021 Trends Show Increased Globalized Threat of RansomwareCISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware. Advisory: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
3. Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit – Wheel – PSW #727
Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research.
Segment Resources:
Announcements
CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!
Guest
“Wheel” is a member of the Qualys Research Team responsible for finding zero-days.
Host
