PSW #732 – G Mark Hardy, Lawrence Nunn, & Ricky Tan
Full Audio
View Show IndexSegments
1. From Hacker Jeopardy to CISO Tradecraft – G Mark Hardy – PSW #732
G Mark's Law states "Half of what you know about security will be obsolete in 18 months." But sometimes you have to let go to move forward. If you're the smartest person in the room, chances are you're not the boss. Let's talk about that and other dilemmas in our security career journey!
Segment Resources:
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
G. Mark Hardy is founder and president of National Security Corporation, providing cyber security expertise to government, military, and commercial clients for over 35 years. A retired U.S. Navy Captain, he was entrusted with nine command tours throughout his career. A co-host of the CISO Tradecraft podcast, Mr. Hardy has presented at hundreds of events world-wide providing thought leadership over a range of security fields. A graduate of Northwestern University, he holds a BS in computer science, a BA in mathematics, a master’s in business administration, a master’s in strategic studies, and holds the CISSP, CISM, GSLC, and CISA certifications.
Hosts
2. Making Cyber Accessible to Everyone – Lawrence Nunn, Ricky Tan – PSW #732
Teleseer makes cyberspace easy to see, just like watching security footage. It lets users builds interactive network maps in seconds with data they already have. We can inventory thousands of assets or protocols and show their connections in a multi-layer map. No installing agents, no scanning. Teleseer gives you the visibility to make smart cyber decisions faster.
Segment Resources: https://teleseer.com https://cyberspatial.com https://www.youtube.com/c/cyberspatial
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guests
Lawrence Nunn is a businessman, academic, and combat veteran. From 2018 to 2021, he led the United States’ Cyber Command’s operations to protect the country’s logistics and Defense Industrial Base. Lawrence has been involved in advancing technology at all levels of the military command for two decades. During his tenure at U.S. Cyber Command, he oversaw the implementation of new technologies, which resulted in significant improvements in operator performance. Lawrence previously led Army Cyber Command’s Special Projects directorate before joining Cyber Command. There, he developed and implemented a rapid reaction capability that answered one of the DoD’s most pressing cyber operational needs. Congress acknowledged the significance of this capacity and authorized an $173 million boost to the Army’s top line in 2018, which also indicated its approval for up to $200 million in out years to continue this effort. Lawrence’s effort was called “one of the greatest leadership achievements I’ve ever witnessed in my 29 years of military service” by a commander of the Cyber National Mission Force.
Ricky Tan has over 15 years of applied cybersecurity experience in various fields, to include penetration testing, digital forensics, network engineering, system administration, and security architecture.
He’s served in various activities within government, such as the Defense Advanced Projects Agency (DARPA), the Department of Defense, and the Intelligence Community.
Ricky is the host of Cyberspatial, a YouTube channel with over 140k subscribers, making cybersecurity more accessible for people.
Hosts
3. Ransomware Inc, Cracking Keys With Fermat, Neon Output, & Samsung Source Code – PSW #732
In the Security News: Secret Keys in Samsung Source Code, Conti (tries) to go legit, Cracking crypto keys with a 300 year old algorithm, CISA’s must patch list, FTC fines CafePress over Data Breach, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Thousands of Secret Keys Found in Leaked Samsung Source Code"GitGuardian’s analysis of the leaked Samsung source code led to the discovery of more than 6,600 secret keys, including private keys, usernames and passwords, AWS keys, Google keys, and GitHub keys." - Yikes.
- 2. Staff Think Conti Group Is a Legit Employer"In short, Conti group considers itself a legitimate company. Many of its employees don’t even know they’re working for a cybercriminal outfit. Some probably choose to look the other way, but the turnover is still high: When they figure it out, they tend to vamoose."
- 3. Google Attempts to Explain Surge in Chrome Zero-Day ExploitationThis could be a major factor: "Another reason for Chrome being increasingly targeted is related to the deprecation of Flash, as well as the web browser’s popularity. Specifically, threat actors often exploited Adobe Flash vulnerabilities in web attacks before the software was killed off, and now they are focusing more on the browser itself. "
- 4. Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22"It's exciting because most Linux kernel vulnerabilities are not going to be useful to exploit Android," Valentina Palmiotti, lead security researcher at security firm Grapl, said in an interview. The exploit "is notable because there have only been a few public Android LPEs in recent years (compare that to iOS where there have been so many). Though, because it only works on 5.8 kernels and up, it's limited to the two devices we saw in the demo."
- 5. CISA Adds 14 Windows Vulnerabilities to ‘Must-Patch’ ListBegs the question, how is, or should, this be shaping vulnerability management?
- 6. New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J FlawThis should be pretty easy to spot if you are looking at your DNS traffic: "Bot sends the stolen sensitive information, command execution results, and any other information that needs to be delivered, after hiding it using specific encoding techniques, to C2 as a DNS request; After receiving the request, C2 sends the payload to the Bot side as a response to the DNS request. In this way, Bot and C2 achieve communication with the help of DNS protocol."
- 7. Severe Vulnerability Patched in CRI-O Container Engine for Kubernetes
- 8. Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA ProtocolsI mean use MFA, but then there is this: "The actors also modified a domain controller file, c:windowssystem32driversetchosts, redirecting Duo MFA calls to localhost instead of the Duo server [T1556]. This change prevented the MFA service from contacting its server to validate MFA login—this effectively disabled MFA for active domain accounts because the default policy of Duo for Windows is to “Fail open” if the MFA server is unreachable. Note: “fail open” can happen to any MFA implementation and is not exclusive to Duo."
- 9. Largest-ever cyberattack on Israel takes down government sites
- 10. Building Password Purgatory with Cloudflare Pages and WorkersThis is amazing: "The idea of the Password Purgatory service is that it's an API designed to take a password, find something wrong with it and send that back in the response. It'll start out gentle (for example, minimum length) and get increasingly bizarre. A separate service will log each attempt the spammer makes to satisfy the inane criteria and once they've finally given up in agony (fingers crossed), I'll share the results publicly. " - Also, really neat walkthrough of the development process and architecture, love it, learned some things.
- 11. FTC to fine CafePress for cover up of massive data breachThis is good, right? "The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users' data and attempting to cover up a significant data breach impacting millions."
- 12. Researcher uses 379-year-old algorithm to crack crypto keys found in the wildWho said we wouldn't use Math in daily life: "Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643. Fermat's algorithm was based on the fact that any odd number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart."
- 1. US spy agency probes sabotage of satellite internetWestern intelligence agencies are investigating a cyber attack by unidentified hackers that disrupted broadband satellite internet access in Ukraine. The attack reportedly began on Feb. 24 as Russian forces began attacking major Ukrainian cities, including Kyiv.
- 2. Denso’s German network hit by cyberattackToyota revealed that a second parts supplier, Kariya, Aichi, Japan-based Denso Automotive Deutschland GmbH, was hit by a ransomware attack during which attackers gained unauthorized access to its systems. According to reports, the attack was allegedly conducted by the "Pandora" cyber crime gang.
- 3. Anonymous sent a message to Russians: “remove Putin”Anonymous has published a new message for Russian citizens inviting them to remove Putin that is sacrificing them and killing Ukrainians.
- 4. Exclusive: Ukraine has started using Clearview AI’s facial recognition during warUkraine's defense ministry on Saturday began using Clearview AI’s facial recognition technology, which offered to reveal Russian attackers, counter misinformation campaigns, and identify those killed during the invasion.
- 5. CISA updates Conti ransomware alert with nearly 100 domain namesCISA Alert AA21-265A adds 100 new domains for Conti IOCs. Conti is one of the most successful ransomware groups who possess linkage to Russia’s intelligence agency apparatus. CISA Alert: https://www.cisa.gov/uscert/ncas/alerts/aa21-265a
- 6. Exclusive: Ukraine halts half of world’s neon output for chipsUkraine's two leading suppliers of neon, which produce about half the world's supply of the key ingredient for making chips, have halted their operations as Moscow has sharpened its attack on the country, threatening to raise prices and aggravate the semiconductor shortage.
- 7. Germany warns against using Kaspersky software, citing ‘considerable’ cyber risk after Russia’s invasionGermany’s Federal Office for Information Security (comparable to our country’s CISA) has issued a stern warning about a popular antivirus software application. Russian antivirus company Kaspersky has been one of the world’s most popular antivirus applications for a long time.