Wednesday, May 12, 2021

7 Minute Security

7MS #466: Attacking and Defending Azure AD Cloud (CARTP)

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Welp, I need another security certification like I needed a bunch to the retinas, but even after all the fun (and pain) of CRTP I couldn't help but sign up for the maiden voyage of Attacking and Defending Azure AD Cloud - a.k.a. CARTP. This cert comes to us from our friends over at Pentester Academy, and is all about pwning things in Azure AD...

7MS #465: Cyber News – The FBI Might Be Getting Into the IR Biz Edition

Hey friends!  Today Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I talk about some of our favorite news stories, including:FBI removes hacker back doorsNSA: 5 security bugs under active nation-state cyberattackUbiquiti is accused of covering up a ‘catastrophic’ data breach — and it’s not denying it.  On a side note, enjoy our podcast about how we lost our love for Ubiquiti a while back: 7MS #460: Why I'm Throwing My UniFi Gear Into the OceanCodecov users warned after backdoor discovered in devops tool

Brakeing Down Security

Crypto-Gram

Crypto-Gram March 15, 2021

In this issue: National Security Risks of Late-Stage Capitalism More on the Chinese Zero-Day Microsoft Exchange Hack from the March 15, 2021 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage

Crypto-Gram February 15, 2021

In this issue: Cell Phone Location Privacy Presidential Cybersecurity and Pelotons from the February 15, 2021 Crypto-Gram Newsletter by Bruce Schneier read by Dan Henage

Cyber Security Interviews

#117 – Sara Avery: Go After What You Want

Sara Avery is a Regional Sales Manager at Zscaler. She has held various positions over the past 20 years in the Information Technology field and discovered her passion for information security 15 years ago. Her career has largely been spent in sales and account management with a laser focus on my customer's success. Sara's tenured experience in cybersecurity has given her a strong understanding of the complex technology and intelligence required to keep enterprises secure.From a young age, she was raised to be a strong female and leader. Her mother, along with other trailblazing women, campaigned to start the...

#116 – Jennifer Brown: This Is A Wakeup Call

Jennifer Brown is an award-winning entrepreneur, speaker, diversity and inclusion consultant, and author. As the successful founder, president, and CEO of Jennifer Brown Consulting, headquartered in New York City, Jennifer is responsible for designing workplace strategies that have been implemented by some of the biggest companies and nonprofits in the world. She has harnessed more than 14 years of experience as a world-renowned diversity and inclusion expert through consulting work, keynoting, and thought leadership.Jennifer has spoken at many top conferences and events such as the International Diversity Forum, the Global D&I Summit, the Forum for Workplace Inclusion, the NGLCC...

Darknet Diaries

92: The Pirate Bay

The Pirate Bay is a website, a search engine, which has an index of torrent files. A lot of copyrighted material is listed on the site, but the site doesn’t store any of the copyrighted material. It just points the user to where you can download it from. So for a while The Pirate Bay has been the largest places you can find pirated movies, music, games, and apps. But this site first came up 2003. And is still up and operation now, 18 years later! You would think someone would...

91: webjedi

What happens when an unauthorized intruder gets into the network of a major bank? Amélie Koran aka webjedi was there for one of these intrusions and tells us the story of what happened.You can find more talks from Amélie at her website webjedi.net.SponsorsSupport for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.This podcast is sponsored by Navisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. Visit Navisite.com/go.View all active sponsors.Sources https://www.foxnews.com/story/0,2933,435681,00.html https://w2.darkreading.com/risk-management/world-bank-(allegedly)-hacked/d/d-id/1072857 https://www.washingtonpost.com/nation/2020/05/18/missionary-pilot-death-coronavirus/ https://webjedi.net/

Defensive Security

Down The Security Rabbithole

DtSR Episode 446 – TPA AppSec Philosophy

Prologue When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are reading this have been in our profession. Joel knows a thing or two - so we discuss a thing or two. Philosophy, history, and some ugly truths come out in a conversation that can only happen in-person. Guest Joel Scambray LinkedIn: https://www.linkedin.com/in/joelscambray/

DtSR Episode 445 – TPA Non-Random Cyber Thoughts with Dave Marcus

Prologue I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot. Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise. Guest Dave...

Open Source Security

Episode 270 – Hello dark patterns my old friend

Josh and Kurt talk about dark patterns. A dark pattern is when a service tries to confuse a user into doing something they don't want to, like unknowingly purchasing a monthly subscription to something you don't need or want. The US Federal Trade Commission is starting to discuss dark patterns in webs sites and apps. Show Notes Dark Patterns Types of Dark Patterns FTC Bringing Dark Patterns to Light LTT Dell Warranty

Episode 269 – Do not experiment on the Linux Kernel

Josh and Kurt talk about the University of Minnesota experimenting on the Linux Kernel. There's a lot to unpack in this one, but the TL;DR is you probably don't want to experiment on the kernel. Show Notes Linux Bans University of Minnesota for Sending Buggy Patches in the Name of Research University of Minnesota security researchers apologize for deliberately buggy Linux patches The International Obfuscated C Code Contest

Episode 268 – Can we trust any 3rd parties?

Josh and Kurt talk about what 3rd party means in the current world. From 5G suppliers, to the Codecov and Solarwinds breaches. Is there anyone we can trust? Show Notes Europe and 5G Codecov Codecov Reuters story Red Hat OpenSSH advisory

OWASP 24/7

The Cyber Defense Matrix Project with Sounil Yu

In 2020, Security Magazine listed Sounil Yu as one of the most Influential People in Security in 2020, in part because of his work on the Cyber Defense Matrix, a framework for understanding and navigating your cybersecurity environments. The Cyber Defense Matrix started as a project when Sounil was the Chief Security Scientist at Bank of America. The initial problem he focused on with the matrix was how to evaluate and categorize vendors and the solutions they provided. The Cyber Defense Matrix is a structured framework that allows a company to understand who their vendors are, what they...

2021 OWASP Top 10 with Andrew van der Stock

The Top 10 is considered one of the most important community contributions to come out OWASP. In 2003, just two years after organization was started, the OWASP Top 10 was created. The purpose of the project was to create an awareness document, highlighting the top ten exploits security professionals should be aware of. Since that time, innumerable organizations have used it as a guideline or framework for creating security programs. The current Top 10 list was released four years ago, in 2017. As part of a 2021 initiative at OWASP, the OWASP Top 10 is in the process of...

Purple Squad Security

Special Episode – EliteCast Episode 1

Episode Notes Here's the first episode of my new podcast, EliteCast! This is intended to be a less technical podcast aimed at business leaders and decision-makers to help explain the importance of information security (or cybersecurity as it's normally called by the target audience). I'm a bit rusty, but I'll get there. Apparently, a 9-month hiatus does that to a man. I hope you enjoy it and you choose to subscribe. It...

Risky Business

Risky Business #623 — Ransomware threatens US energy security

On this week’s show Patrick Gray, Adam Boileau and Chris Krebs discuss the week’s security news, including: An analysis of the Colonial pipeline ransomware attack More ransomware news UK and US expose APT29’s preferred exploits (again) IntrusionTruth drops a new post 128m Apple devices were hit by XCodeGhost Much, much more This week’s sponsor interview is with Aaron Parecki, a Senior Security Architect at Okta. He’s...

Risky Business #622 — GitHub weighs exploit ban

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: GitHub weighs banning exploits Ransomware galore Belgian government crippled in DDoS attack Intrusion Truth Twitter account suspended More Pulsesecure victims identified Much, much more This week’s show is brought to you by ExtraHop networks, and they’ll pop along in this week’s sponsor interview to float a really, really good idea. The...

SANS ISC

Security Now

SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary

Picture of the week. TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers" Huh Google? Tor's Exit Nodes. 21 Nails in Exim's coffin. Project Hail Mary: A Novel. Closing the loop. SpinRite update. News from the Darkside. We invite you to read our show notes at https://www.grc.com/sn/SN-818-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever...

SN 818: News From the Darkside – Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary

Picture of the week. TsuNAME - "DNS Configuration Flaw Lets Attackers Take Down DNS Servers" Huh Google? Tor's Exit Nodes. 21 Nails in Exim's coffin. Project Hail Mary: A Novel. Closing the loop. SpinRite update. News from the Darkside. We invite you to read our show notes at https://www.grc.com/sn/SN-818-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever...

Security Weekly

Net Neutrality Redux, Elon Musk, Colonial Pipeline, & Lemon Duck Botnet – SWN #121

This week in the Security Weekly News: Elon, Jerry Lee Lewis, Colonial Pipeline, Net Neutrality redux, Lemon Duck, Rico, & Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn121 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Talking Heads – ASW #150

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emerging solution. This Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries, a maturity model for k8s,...

Shared Security

World Password Day, Tesla Hacking via Drone, Ipsos Screenwise Panel

Do we still need World Password Day? Hacking a Tesla via a drone, and a privacy warning about the Ipsos Screenwise panel. ** Links mentioned on the show ** World password day – May 6th https://www.darkreading.com/vulnerabilities—threats/will-2021-mark-the-end-of-world-password-day-/a/d-id/1340911 Tesla Car Hacked Remotely From Drone via Zero-Click Exploit https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit What is this Ipsos/Google Screenwise Panel? (Tom received a letter randomly in the mail with a real dollar bill attached. The panel gives Google access to everything your family does on the Internet through a wifi router that they control...

Remembering Dan Kaminsky, Apple AirDrop Vulnerability

Remembering Dan Kaminsky who was one of the greatest security researchers of our time plus details on a new Apple Airdrop vulnerability. ** Links mentioned on the show ** Remembering Dan Kaminsky https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby https://thehackernews.com/2021/04/apple-airdrop-bug-could-leak-your.html https://www.komando.com/security-privacy/apple-airdrop-security-flaw/787628/ ** Watch this episode on YouTube ** https://youtu.be/N6T6qcRfTBA ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you...

Smashing Security

226: Cryptocrazies and NFTs

How did the SCAM cryptocurrency become a success? Why is Google allowing government rip-off ads to still appear on search results? And why on earth is everyone suddenly spending millions of dollars on NFTs? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David McClelland. Visit https://www.smashingsecurity.com/226 to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our...

225: Master of your domain, gripe sites, and John Deere Farmergeddon

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley. Visit https://www.smashingsecurity.com/225 to check out this episode’s show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult...

Sophos

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug

We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it. We investigate a recent security bug that threatened the PHP ecosystem. https://nakedsecurity.sophos.com/apple-products-hit-by-fourfecta-of-zero-day-exploits https://nakedsecurity.sophos.com/naked-security-live-beware-flubot-the-home-delivery-scam https://nakedsecurity.sophos.com/php-community-sidesteps-its-third-supply-chain-attack With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep30: AirDrop worries, Linux pests and ransomware truths

We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise. We review the latest Sophos Ransomware Report and uncover uncomfortable truths about paying up. https://nakedsecurity.sophos.com/apple-airdrop-has-significant-privacy-leak https://nakedsecurity.sophos.com/linux-team-in-public-bust-up-over-fake-patches https://nakedsecurity.sophos.com/ransomware-dont-expect-a-full-recovery With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

S3 Ep29: Anti-tracking, rowhammer problems and IoT vulns

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker "name:wreck". https://nakedsecurity.sophos.com/firefox-88-patches-bugs https://nakedsecurity.sophos.com/serious-security-rowhammer-is-back https://nakedsecurity.sophos.com/iot-bug-report-claims-at-least-100m With Kimberly Truong, Doug Aamoth and Paul Ducklin. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Southern Fried Security

The CyberJungle

The CyberWire

Ransomware: DarkSide, Avaddon, and Baduk. 5G threat vectors. Crytpojacking unpatched Exchange Servers. Bogus Chrome app. An espionage trial approaches sentencing.

Updates on the DarkSide ransomware attack on Colonial Pipeline. Other ransomware strains, including Avaddon and Babuk are out, and dangerous. Guidelines on 5G threat vectors. Lemon Duck cryptojackers are looking for vulnerable Exchange Server instances. A bogus, malicious Chrome app is circulating by smishing. Ben Yelin examines an online facial recognition...

Ransomware disrupts pipeline operations in the Eastern US. Other ransomware attacks reported by US municipal and Tribal governments. UK-US advisory on SVR TTPs. SolarWinds...

Colonial Pipeline shuts down some systems after a ransomware attack, disrupting refined petroleum product delivery in the Eastern US. We’ll check in with Sergio Caltagirone from Dragos for his analysis. Other ransomware attacks hit city and Tribal governments. Joint UK-US alert on SVR tactics issued, and the SVR may have changed...

The Silver Bullet

The Social-Engineer

Threatpost

Troy Hunt Weekly

Weekly Update 242

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.A fairly hectic week this one, in a large part due to chasing down really flakey network issues that are causing devices (namely Shelly relays) to be inaccessible. I suspect it's ARP related and as of now, it's still not fully resolved. You know how much shit breaks in a connected house when devices become inaccessible? Lots. But hey, at least I've finally automated my aircon!ReferencesI've had a heap of issues with my Shellys on my Ubiquiti...

Weekly Update 241

Presently sponsored by: CrowdSec - The open-source massively multiplayer firewall: respond to attacks & share signals across the community. Download it for free.What. A. Week. Heaps of data breaches, heaps of law enforcement and gov stuff and somehow, I still found time to put even more IP addresses into the house courtesy of even more IoT. I'm not sure if the latter gives me a break from the more professional tech stuff or just compounds the amount of stuff I've already got on my plate, but I'm having fun doing it anyway 😊 All that and more in this...

Unsupervised Learning

News & Analysis | No. 280

Oil Pipeline Ransomware, NSA OT Warning, Deepfake Uptick, Insurer Stops Ransomware Payouts, Google Automatic 2FA, AI-powered Cameras in Banks, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.

News & Analysis | No. 279

FBI and CISA release SVR (Cozy Bear) TTPs, CISA releases an RTOS advisory around ICS, a task force has a plan for the Biden administration to counter ransomware, there's a vulnerability in the ipaddress library in Python, Krebs says Experian leaked credit scores, Censys found 1.93 million online databases, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.

News & Analysis | No. 278

New Logo, CISA Pulse Secure VPN Orders, Ransomware Gangs + Stock Shorter Scams, Japanese NASA Hacked by China, Dan Kaminsky, LinkedIn Brittons and China/Russia, Codecov Fallout, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.