Thursday, June 1, 2023
7 minute security

7MS #573: Securing Your Mental Health – Part 4

Today we're talking about reducing anxiety by hacking your mental health with these tips: Using personal automation to text people important reminders Using Remind to create a personal communication "class" with your family members Using Smartsheet (not a sponsor) to create daily...
7 minute security

7MS #572: Protecting Your Domain Controllers with LDAP Firewall

https://youtube.com/watch?v=x9TWNl2oiVc Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against SharpHound enumeration, LAPS password enumeration, and the noPac attack.
7 minute security

7MS #571: Simple Ways to Test Your SIEM – Part 2

Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit...
7 minute security

7MS #570: How to Build a Vulnerable Pentest Lab – Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! https://youtube.com/watch?v=1sgC8Bk7ggA In today's episode we staged an...
7 minute security

7MS #569: Interview with Jim Simpson of Blumira

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like...
7 minute security

7MS #568: Lets Play With the 2023 Local Administrator Password Solution!

https://youtube.com/watch?v=Gysf-385rok Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesome, it's a necessary blue team...
7 minute security

7MS #567: How to Build an Intentionally Vulnerable SQL Server

https://youtube.com/watch?v=dJYe_wqJIoA Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode: Download SQL Server here Install SQL via config .ini file Or, install SQL via pure command line Deploy SQL with...
7 minute security

7MS #566: Tales of Pentest Pwnage – Part 47

https://youtube.com/watch?v=6HMQdStLuj0 Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to...
7 minute security

7MS #565: How to Simulate Ransomware with a Monkey

https://youtube.com/watch?v=hHUwmqGsJtA Hey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way to show your team and execs just how quick and deadly an infection can be to your...
7 minute security

7MS #564: First Impressions of OVHcloud Hosted vCenter

Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR: It runs on vCenter, my first and only virtualization love! Unlimited VM "powered on" time and...
7 minute security

7MS #563: Cracking and Mapping and Execing with CrackMapExec – Part 2

https://youtube.com/watch?v=ImQMd1dt1DE Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover: # Enumerate where your user has local admin rights: cme smb x.x.x.x/24 -u user -p password # Set wdigest...
7 minute security

7MS #562: Cracking and Mapping and Execing with CrackMapExec

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! https://youtube.com/watch?v=cmpALy-wHgk Hey friends, today we covered many...
7 minute security

7MS #561: Interview with Chris Furner of Blumira

Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today...
7 minute security

7MS #560: 7MOOCH – Dolphin Rides Are Done Dude

Hey friends, I took a mental health break this week and pre-podcasted this episode of a new series called 7MOOCH: 7 Minutes of Only Chuckles. In today's story, we unpack a situation in Hawaii that made me exclaim...
7 minute security

7MS: #559: Tales of Pentest Pwnage – Part 46

https://youtube.com/watch?v=WtW_kSQZmnQ Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this...
The Register

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine

Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick! America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily...
The Register

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...