Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption – PSW #702

Announcements

• Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

• Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Hosts

Paul Asadoorian

Principal Security Researcher at Eclypsium

@0offset

https://securitypodcaster.com

1. 1. Microsoft just blew up the only reason you can’t use a Linux desktop
   This is the year of the Linux desktop! Or maybe next year...
2. 2. Bug bounties: Here’s how much Microsoft paid out to security researchers last year
   The math is interesting: "Microsoft has revealed it awarded 341 researchers a total of $13.6 million during the past year for reporting security vulnerabilities in its bug bounty programs. The awards were issued between July 1, 2020 and June 30, 2021 and is slightly less than what it paid out in 2019. That year, Microsoft tripled the awards from the previous year. " If MS were to hire researchers, they'd fall short of 341 FTEs for that price...
3. 3. Amazon rolls out encryption for Ring doorbells
   "This is done with Amazon's Video End-to-End Encryption (E2EE). If you decide to install this optional privacy feature, you'll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair. In English, the foundation is pretty darn secure."
4. 4. Review of dnsx – a multi-purpose DNS toolkit – Latest Hacking News
5. 5. White House Announces Ransomware Task Force
   "The White House is also taking into account the possibility of new partnerships with cybersecurity providers and critical infrastructure companies so that businesses and the government can share information about ransomware attacks faster." - There seems to be more focus on information sharing than prevention and disruption, which is sad.
6. 6. For years, a backdoor in popular KiwiSDR product gave root to project developer
   " A few lines of code allow the developer to remotely access any device by entering its URL in a browser and appending a password to the end of the address. From there, the person using the backdoor can make configuration changes not only to the radio device but, by default, also to the underlying computing device it runs on. "
7. 7. 10 Mistakes Companies Make In Their Ransomware Responses
8. 8. Stop Huffing About Cyber Retaliation
9. 9. Absolute funniest quotes about cyber security & tech in 2021
   “I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions….” —Brian Krebs
10. 10. How I Would Hack You and Attack You
11. 11. Google: four zero-day flaws have been exploited in the wild
12. 12. 5 Security Pillars Required For All AWS Cloud Deployments
13. 13. The Code Red worm 20 years on – what have we learned?
    "In the Code Red days, […] if you could find a stack buffer overflow, it was often very, very little work, maybe half an afternoon’s work, to weaponise it, to use the paramilitary terminology that cybersecurity seems to like, and turn it into a workable exploit that could basically break in on any similar Windows sytem."
14. 14. US government launches plans to cut cybercriminals off from cryptocurrency – CyberScoop
15. 15. iOS zero-day let SolarWinds hackers compromise fully updated iPhones
16. 16. Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
17. 17. Microsoft fixes Windows Hello authentication bypass vulnerability
18. 18. Cube0x0 on Twitter
19. 19. BIOPASS RAT New Malware Sniffs Victims via Live Streaming

Jeff Man

Sr. InfoSec Consultant at Online Business Sytems

https://www.obsglobal.com/

Lee Neely

Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory

1. 1. Trickbot Malware Returns with a new VNC Module to Spy on its Victims
   Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware. Trickbot is using the updated tvncDLL module to monitor and collect intelligence on selected high-profile targets.
2. 2. Kaseya patches VSA vulnerabilities used in REvil ransomware attack
   Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Network and functionality changes as well.
3. 3. Kaseya claims SaaS restoration going swimmingly
   Sign in All Off-Prem Edge + IoT Channel PaaS + IaaS SaaS All On-Prem Servers Storage Networks HPC Personal Tech All Software AI + ML Applications Databases
4. 4. New Trojan malware steals millions of login credentials
   Cybersecurity researchers have revealed a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites.
5. 5. Morgan Stanley discloses data breach after the hack of a third-party vendor
   Morgan Stanley has disclosed it suffered a data breach in March 2021, after an Accellion FTA server belonging to third-party vendor GuideHouse was compromised, resulting in attackers accessing data belonging to Morgan Stanley stock plan participants.
6. 6. Hackers accessed Mint Mobile subscribers’ data and ported some numbers
   Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.
7. 7. China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks
   Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322.
8. 8. Cl0p ransomware gang leaks sensitive data from 6 US universites
   In a recent update, the infamous Cl0p ransomware group claimed to gain access to financial documents and passport information that allegedly belonged to students and staff from six top universities in the United States.
9. 9. US charges close to 500 individuals for COVID-19 fraud, criminal activity
   The US Department of Justice (DoJ) has charged 474 individuals for participating in COVID-19 scams and fraudulent activity.
10. 10. Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems
    Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
11. 11. Quantum computers are coming. Get ready for them to change everything
    Save-On-Foods has become an unlikely pioneer, using quantum technology to improve the management of in-store logistics. In collaboration with quantum computing company D-Wave, Save-On-Foods is using a new type of computing, which is based on the downright weird behaviour of matter at the quantum level.
12. 12. Two cyber insurance industry initiatives grapple with rise of ransomware – CyberScoop
    Seven top insurance companies formed CyberAcuView, a company to combine their data collection and analysis powers in a bid to strengthen risk mitigation in the cyber insurance industry.
13. 13. Pentagon office left military designs for body armor, vehicle gear open to hackers, watchdog finds – CyberScoop
    An audit of the cybersecurity of the U.S. Department of Defense's (DoD) "Additive Manufacturing (AM) Systems" conducted by the DoD's Office of Inspector General (OIG) has revealed that the office handling the U.S. military's 3D printing left defense technology designs vulnerable to theft by attackers.