Enterprise Security WeeklySubscribe
Vulnerability Management, Patch/Configuration Management, Black Hat

Patchless patching, IPv6-enabled RCE, room searches at DEF CON, and Moon GPS – ESW #372

This week, we discuss a marketing campaign that caught Darwin's eye at the Black Hat expo: patchless patching. Then, Darwin recounts his experiences at the Innovators and Investors Summit.

We discuss the potential impact of a critical Windows vulnerability that supposedly allows RCE via IPv6 packets!

Microsoft continues to stumble, deepening trust issues with its customers. The issues, as always, seem to stem from Microsoft prioritizing time-to-market over quality or safety.

Trend Micro looks for a buyer, while Dell and Cisco announce layoffs, hot on the tail of news that Intel will be letting over 15000 employees go.

We also discuss the legality and privacy implications of mandatory room searches at DEF CON, and MOON GPS.

Full episode and show notes

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. ACQUISITIONS: Fortinet Strengthens Its Top-Tier Unified SASE Solution with Acquisition of Enterprise Data Security Company Next DLP
  2. 2. ACQUISITIONS: OPSWAT Acquires InQuest, Strengthening Federal Go-to-Market Strategy, Network Detection, and Threat Intelligence Capabilities – OPSWAT
  3. 3. ACQUISITIONS: EQT to acquire a majority stake in Acronis, Acronis continues to expand its platform for MSPs
  4. 4. ACQUISITION RUMORS: Trend Micro explores sale, sources say

    This would be momentous. Trend Micro is one of the last remaining big OG security vendors started in the 1980s, along with F-Secure (now WithSecure). The Japanese market seems to be hurting them pretty bad right now though (they used to be on the NASDAQ, but are now public in Tokyo)

  5. 5. ACQUISITION RUMORS: CrowdStrike eyes Action1 for $1B amid fallout from Falcon update mishap
  6. 6. NEW FEATURES: “Patchless Patching” for Zero Days: Qualys Advances Vulnerability Management

    Darwin has some thoughts on this one, I think.

    Adrian's question: how is this different from virtual patching, which was a thing 20+ years ago! Also, I've been using 0Patch for years (inserts virtual patches into running processes). Other approaches (like Cyvera, acquired by PANW in 2014) block known exploit attempts rather than creating virtual patches that need to be exploit/vuln-specific.

  7. 7. ESSAYS: BlackHat Innovators & Investors Quick Hits
  8. 8. ESSAYS: Let’s get real: there is no such thing as “gatekeeping” in cybersecurity

    A very controversial-sounding title that ends up not being all that controversial once he qualifies the statement with "with regards to entry-level folks trying to find their first job in cybersecurity."

  9. 9. ESSAYS: Software’s Iron Triangle: Cheap, Fast and Good – Pick Two

    From Chris Hughes

    At Black Hat, Jen Easterly dropped a few instantly iconic quotes.

    “We don’t have a cybersecurity problem. We have a software quality problem.”

    I mean, of course this is an oversimplification of cybersecurity's problems, but I think it's even worse than that. I think this applies to a subset of IT and most third party vendors, but even if you have no in-house dev team, you still have some pretty serious cybersecurity concerns. I think our software quality problem is just a small part of our system-level design and engineering problem.

    She also said,

    “We have a multi-billion dollar cybersecurity industry because for decades, technology vendors have been allowed to create defective, insecure, flawed software.”

    Which I think is fair.

  10. 10. STANDARDS: NIST Releases First 3 Finalized Post-Quantum Encryption Standards

    We interviewed Vadim Lyubashevsky, one of the authors of these quantum safe algorithms, back in episode 315, check it out here!

  11. 11. VULNERABILITIES: Windows TCP/IP Remote Code Execution Vulnerability

    A critical vulnerability that is RCE and exploitable via IPv6. The only options seem to be to disable IPv6 or patch! This one could get VERY spicy in the near future if exploits emerge.

  12. 12. VULNERABILITIES: Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
  13. 13. DUMPSTER FIRES: Here are the Hacker Tools a DEF CON Hotel is Hunting For
  14. 14. DUMPSTER FIRES: Azure outages should spark new urgency for a multi-cloud approach
  15. 15. LAYOFFS: Cisco to lay off thousands more in second job cut this year, sources say

    Also heard that Dell is laying off over 10,000 employees, yikes!!!

  16. 16. STUNT HACKING: Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

    Just because it's stunt hacking doesn't mean it's not fun!

  17. 17. HOT TAKES: Pramod Gosavi on LinkedIn: Gartner cancels SOAR, calling it obsolete…
  18. 18. SQUIRREL: What Time Is It on the Moon?
Lead Product Manager at Monad
Product Marketer and Content Strategist at OX Security

Related

Fortinet, Palo Alto, VMWare – PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and ...