PSW #738 – Michael Aminov & Marcus Sachs
Full Audio
View Show IndexSegments
1. Security Blind Spots: Are You Protected? – Michael Aminov – PSW #738
The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed.
In this session we'll discuss: Cyber attack trends in the collaboration channel ecosystem The (yet) unsolved challenges of email security – the main channel of targeted attacks The rising threat of cloud collaboration and the growing risk of content-borne attacks ...And we will walk three use cases, their challenges and their deployments.
Segment Resources: Request a demo and get a FREE coffee on us: https://hubs.la/Q0156lpK0
This segment is sponsored by Perception Point.
Visit https://securityweekly.com/perceptionpoint to learn more about them!
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Michael Aminov works with the Product, Marketing, and Sales teams to bring exceptional value to Perception Point’s customers. He aims to position Perception Point as the top solution for protecting digital communication channels. Michael was formerly the Chief Architect of CyActive, acquired by Paypal, and is a veteran of the Intelligence Corps of the IDF. Michael has spent the last 15 years in the cybersecurity industry and holds a BA in Computer Science from Ben-Gurion University of the Negev.
Hosts
2. Cryptography Collecting & Japanese Typewriters – Marcus Sachs – PSW #738
Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, joins to discuss his cryptography collection, service for the US Army & Government, Antique Typewriters, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Marcus (Marc) Sachs is the Deputy Director for Research at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. He also serves as the Chief Security Officer of Pattern Computer. He is a retired US Army Officer and was a White House appointee in the George W. Bush administration. His private sector experience includes serving as the Deputy Director of SRI International’s Computer Science laboratory, as the Vice President for National Security Policy at Verizon Communications, and as the Senior Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC) where he directed the Electricity Information Sharing and Analysis Center (E-ISAC). He was also the Director of the SANS Internet Storm Center and has co-authored several books on information security. He holds degrees in civil engineering, computer science and technology commercialization, and is an avid collector of mechanical cipher equipment.
Hosts
3. Silk Road Seizure, Psychic Signatures, Twitter Algorithms, & Linux Desktops – PSW #738
This week in the Security News: Java’s “psychic paper”, Musk’s plans for Twitter’s algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions, Silk Road Seizures, 0-Days, & more!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Major cryptography blunder in Java enables “psychic paper” forgeriesInteresting: “If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages. All using the digital equivalent of a blank piece of paper.”
- 2. Hackers are exploiting 0-days more than ever"Mandiant and Project Zero each have a different scope for the types of zero-days they track. Project Zero, for example, doesn't currently focus on analyzing flaws in Internet-of-things devices that are exploited in the wild. As a result, the absolute numbers in the two reports aren't directly comparable, but both teams tracked a record high number of exploited zero-days in 2021. Mandiant tracked 80 last year compared to 30 in 2020, and Project Zero tracked 58 in 2021 compared to 25 the year before. The key question for both teams, though, is how to contextualize their findings, given that no one can see the full scale of this clandestine activity."
- 3. Musk’s plans to make Twitter’s algorithms public raises disinformation conundrum“Another advantage of open source is that people can learn from the code,” said Wysopal. “Even if Twitter doesn’t implement improvements, it could lead to better social media algorithms on other or new platforms.” - This could also open up a cat and mouse game, as people figure out how to cheat the algorithms, Twitter then has to implement defenses, those defenses are open-source, rinse, lather and repeat.
- 4. Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?
- 5. The Nimbuspwn Linux Flaw Allows Root Access
- 6. 5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable
- 7. Zero-Day Vulnerabilities Are on the Rise – Schneier on Security
- 8. ‘Bossware is coming for almost every worker’: the software you might not realize is watching you
- 9. Atlassian fixes critical Jira authentication bypass vulnerability"The flaw is tracked as CVE-2022-0540 and comes with a severity rating of 9.9. It allows a remote attacker to bypass authentication by sending a specially crafted HTTP request to vulnerable endpoints." - just when I think there is a glimmer of hope...
- 10. Docker servers hacked in ongoing cryptomining malware campaign
- 11. These hackers showed just how easy it is to target critical infrastructure
- 12. AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
- 13. Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System
- 14. Elon Musk to Acquire Twitter
- 15. A $3 Billion Silk Road Seizure Will Erase Ross Ulbricht’s Debt"Last year, prosecutors quietly signed an agreement with Ulbricht stipulating that a portion of a newfound trove of Silk Road bitcoins, seized from an unnamed hacker, will be used to cancel out the more than $183 million in restitution Ulbricht was ordered to pay as part of his 2015 sentence, a number calculated from the total illegal sales of the Silk Road based on exchange rates at the time of each transaction."
- 1. How a new generation of IoT botnets is amplifying DDoS attacks
- 2. VMWare Identity Manager Attack: New Backdoor Discovered
- 3. CVE-2022-21449: Psychic Signatures in Java
- 4. Brave’s browser can automatically bypass Google’s AMP pages
- 5. Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
- 6. ESET uncovers vulnerabilities in Lenovo laptops
- 7. Cory Doctorow on Twitter
- 1. What Google is getting wrong about expired domains – TechCrunchExpired domains are being leveraged to lure users from legitimate backlinks to the prior legitimate site.
- 2. Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilitiesDHS is drinking their own Kool-AId. VDP participation, per BOD 21-01, is now complete for their internet facing sites, and they are now hiring vetted researchers to test them.
- 3. Static SSH host key in Cisco Umbrella allows stealing admin credentialsCisco has addressed a high-severity vulnerability (CVE-2022-20773) affecting its Umbrella Virtual Appliance (VA) that could be exploited by attackers to remotely steal administrator credentials.
- 4. Docker servers hacked in ongoing cryptomining malware campaignThe operators of the "Lemon_Duck" botnet have been spotted conducting a large-scale Monero crypto-mining campaign in which they are exploiting misconfigured Docker systems in order to hide their wallets behind proxy pools.
- 5. Atlassian Patches Critical Authentication Bypass Vulnerability in JiraAtlassian has patched a critical authentication bypass vulnerability (CVE-2022-0540) in the Jira and Jira Service Management "Seraph" web authentication framework and could be exploited by attackers to bypass authentication and authorization by sending a specially crafted HTTP request. ==> Patch your Jira environment
- 6. T-Mobile confirms Lapsus$ had access its systemsT-Mobile has confirmed that the "Lapsus$" extortion group managed to breach its network in March 2022, giving the gang access to its systems. Team chat messages show LAPSUS$ members continuously targeted T-Mobile employees, whose access to internal company tools could give them everything they needed to conduct hassle-free 'SIM swaps'
- 7. Organizations Warned of Attacks Exploiting WSO2 VulnerabilityWSO2's API Manager, Identity Server, Enterprise Integrator, and Open Banking products are impacted by an arbitrary file upload vulnerability (CVE-2022-29464) that has already been exploited in the wild. Time to roll the update.
- 8. Group behind Emotet botnet malware testing new methods to get around Microsoft securityThose behind the "Emotet" botnet have been spotted altering their existing methods and testing new attack approaches on a "very small and limited scale," related to Microsoft actions taken in February to block macros that facilitated malware execution.
- 9. One-third of employees who quit their jobs take company IP with them?More bad security news from the Great Resignation: Code42’s new research on Wednesday said that when employees quit their jobs, there’s now a 37% chance the organization will lose intellectual property. The research also adds that some 96% of all companies surveyed say they have experienced challenges in protecting corporate data from insider risks.
- 10. Auction of Dorsey tweet NFT—listed at $48M—closes at high of $280The cryptocurrency entrepreneur who bought a NFT of Twitter founder Jack Dorsey’s first tweet was hoping to sell it for $48 million, more than 16 times the $2.9 million he paid for it. But after an auction that lasted a week, the highest bid offered was a mere $280.