Wednesday, April 21, 2021
SANS ISC

ISC StormCast for Wednesday, April 21st, 2021

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
Security Now

SN 815: Homogeneity Attacks – Is FLoC All That Bad?, Humble Bundle For Programmers, Chrome 90

Club TWiT details. Picture of the Week. The Vivaldi Project's take on FLoC. Chrome continues to be THE high-value target. We're at Chrome v90. Exchange Server Web Shells removed, with DOJ Permission. WordPress joins the "FLoC No!" chorus. It's Humble Bundle Book Time. Closing the Loop. A quick...
DtSR Podcast

DtSR Episode 443 – TPA Addressing AppSec Tech Debt

Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we...
Security Weekly

Codecov Attack, Major BGP Leak, Lazarus APT, Discord Ransomware, & GEICO Breach – SWN #115

This week, Dr. Doug talks naughty vaccines, Air frying is not frying, BGP is leaking, Codecov, Lazarus, Google Alerts, Nitro Ransomware, & we're joined once more for expert commentary by Jason Wood!   Show Notes: https://securityweekly.com/swn115 Visit https://www.securityweekly.com/swn for...
The CyberWire Podcast

Codecov supply chain attack update. Babuk’s victim service. Catphishing in LinkedIn. Sanctioned company responds. SolarWinds, Exchange compromise TFs stand down. 5 Eyes notes. IoT risk.

Update on the Codecov supply chain attack. The Babuk gang says they’ve debugged their decryptor. MI5 warns of “industrial scale” catphishing in LinkedIn. Positive Technologies responds to US sanctions. The US...
Security Weekly

That Will Bite Ya – ASW #147

This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an...
SANS ISC

ISC StormCast for Tuesday, April 20th, 2021

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability
risky.biz

Snake Oilers: Greynoise! MergeBase! Votiro!

In this edition of Snake Oilers we’ll be hearing from three...
The CyberWire Podcast

Codecov may have sustained a supply chain attack. Natanz sabotage update. Big data gangs. Protecting ransomware gangs. Counterretaliation in the SolarWinds affair.

Another supply chain incident surfaces. The Natanz sabotage seems to have landed a punch, but not a knock-out blow against Iran’s nuclear program (and it appears to have been a bomb)....
Unsuperivsed Learning Podcast

News & Analysis | No. 277

CISA FBI and NSA Release Five APT29 Targeted Vulnerabilities, FBI Benign Hacking, The US Sanctioned Russia and Expelled Diplomats, Google's Cookie Replacement Not Going Well, NERC says 1/4 of Their Customers Sharing Data Downloaded Solarwinds Hack, Technology News, Human...
The Shared Security Podcast

Data Breaches vs. Data Leaks, FBI Exchange Server Controversy

This week Tom and Kevin are back with an all new episode! Data breaches vs. recent data leaks, and the controversy over the FBI operation conducted to remove web shells from compromised Microsoft Exchange servers. ** Links mentioned on the...
SANS ISC

ISC StormCast for Monday, April 19th, 2021

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project
Open Source Security Podcast

Episode 267 – Does 0day still mean 0day?

Josh and Kurt talk about 0day security vulnerabilities. What are they? What were they? And why the name has taken on a new meaning, and that's OK. Show Notes Hacker History Podcast Chrome 0day NTFS Documentation
The CyberWire Podcast

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the...

Weekly Update 239

Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel?Geez I'm glad the Facebook stuff was the week before this one! With that (mostly) out of the way, we headed...
The CyberWire Podcast

Social engineering: MINEBRIDGE RAT embedded to look like job résumés. [Research Saturday]

Guest Deepen Desai joins Dave to talk about Zsaler's research "Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures." In Jan 2021, Zscaler ThreatLabZ discovered new instances of...
The CyberWire Podcast

International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.

The European Union expresses solidarity with the US over the SolarWinds incident. The UK joins the US in attributing the incident to Russia. Russia objects to US sanctions and hints strongly...

S3 Ep28.5: Hacking back – is attack an acceptable form of defence?

Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI’s recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath. With Paul Ducklin and Chester Wisniewski https://nakedsecurity.sophos.com/fbi-hacks-into-hundreds-of-infected-us-servers Original music...
SANS ISC

ISC StormCast for Friday, April 16th, 2021

Why and How You Should be Using an Internal Certificate
The CyberWire Podcast

Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.

The US announces a broad range of retaliatory actions designed to “impose costs” on Russia for its recent actions in cyberspace, prominently including both the SolarWinds supply chain compromise and attempts...
The Hacker News

3 Zero-Day Exploits Hit SonicWall Enterprises Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary...
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...