Defensive Security Podcast Episode 289

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a year-long supply chain attack that compromised 390,000 credentials, the U.S. government’s bounty for information on North Korean IT worker farms, and the alarming number of vulnerabilities found in software containers. They also delve into the implications of the False Claims Act for cybersecurity whistleblowers and the evolving landscape of AI in security.

 

Defensive Security Podcast Episode 288

In this episode of the Defensive Security Podcast, we discuss the anticipated rise of Mac malware, the economic implications of new top-level domains (TLDs) for phishing, innovative phishing techniques using corrupt documents, and the risks associated with open-source software. We also explore the concept of risk homeostasis in cybersecurity, examining how users’ perceptions of security can influence their behavior and risk-taking. The conversation emphasizes the importance of education, robust security measures, and the need for a deeper understanding of complex systems in the face of evolving threats.

If you would like to support this podcast, please consider donating here: https://www.patreon.com/defensivesec

Links:

  • https://appleinsider.com/articles/24/12/04/what-a-new-threat-report-says-about-mac-malware-in-2024
  • https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
  • https://www.bleepingcomputer.com/news/security/novel-phishing-campaign-uses-corrupted-word-documents-to-evade-security/
  • https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ and https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection

Defensive Security Podcast Episode 287

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various topics including their holiday plans, updates on their podcast, and significant cybersecurity incidents. They delve into a recent Wi-Fi breach involving Russian hackers, CrowdStrike’s IT outage and its implications for customer retention, and the discovery of malware exploiting vulnerable device drivers. The conversation emphasizes the importance of security practices such as multi-factor authentication and the challenges of managing cybersecurity risks in a rapidly evolving landscape. In this engaging conversation, Andrew Kalat and Jerry Bell explore various themes in cybersecurity, including the shift towards self-service IT solutions, the rise of phishing as a service, and the evolving landscape of multi-factor authentication. They discuss the implications of new threats like BootKitty and the challenges posed by firmware vulnerabilities. The conversation also touches on the future of cloud security and the often-overlooked role of marketing in cybersecurity threats, culminating in a light-hearted discussion about their pets.

You can support the Defensive Security Podcast through our Patreon site here: https://patreon.com/defensivesec

Links to the stories we discussed in this episode:

  • https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
  • https://www.cybersecuritydive.com/news/crowdstrike-retains-customers/734203/
  • https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html?m=1
  • https://securityaffairs.com/171532/cyber-crime/rockstar-2fa-phaas.html
  • https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/

 

Defensive Security Podcast Episode 286

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the launch of their new podcast, Getting Defensive. They delve into a CISA report on exploited vulnerabilities, highlighting the concerning trend of zero-day vulnerabilities being exploited. The conversation also covers a GitHub incident involving malicious commits aimed at framing a researcher, Microsoft’s new Windows resiliency initiative, and insights from a CISA red team assessment of a critical infrastructure organization. We emphasize the importance of consent in security assessments and the challenges organizations face in managing risks associated with outdated software.
Takeaways
  • The launch of the new podcast ‘Getting Defensive’ aims to explore deeper cybersecurity topics.
  • CISA’s report indicates a troubling trend of zero-day vulnerabilities being exploited more frequently.
  • Organizations must prioritize patching and mitigating controls to address vulnerabilities effectively.
  • The GitHub incident highlights the risks of malicious commits and the importance of code review.
  • Microsoft’s Windows resiliency initiative introduces new features to enhance security and system integrity.
  • Consent is crucial in penetration testing and security assessments.
  • Organizations often accept risks associated with outdated software, which can lead to vulnerabilities.
  • Effective monitoring and detection are essential to mitigate potential attacks.
  • Ransomware is not the only threat; organizations must be aware of various attack vectors.
  • The CISA red team assessment provides valuable insights into the security posture of critical infrastructure.

 

Links:

  • https://www.darkreading.com/cyberattacks-data-breaches/zero-days-wins-superlative-most-exploited-vulns
  • https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
  • https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html?m=1
  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

Defensive Security Podcast Episode 285

In this episode of the Defensive Security Podcast, we discuss the theft of cloud credentials, the exploitation of SharePoint vulnerabilities, evolving malware techniques, and the importance of cyber due diligence for suppliers. They reflect on the challenges of managing secrets, the implications of auto-updates, and the need for robust risk management practices in the face of increasing cyber threats.

Links:

  • https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/
  • https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/
  • https://thehackernews.com/2024/11/5-most-common-malware-techniques-in-2024.html
  • https://www.theregister.com/2024/11/06/windows_server_2025_surprise/
  • https://databreaches.net/2024/11/08/nist-publishes-guide-on-due-diligence-for-cyber-supply-chain-risk-management/

Defensive Security Podcast Episode 284

Delta’s Lawsuit, SEC Penalties, and Fortinet’s Zero-Day Exploit In this episode, hosts Jerry Bell and Andrew Kellett discuss current cybersecurity issues, starting with Delta Air Lines’ $500 million lawsuit against CrowdStrike over an IT outage and data breach. They explore SEC penalties imposed on tech companies for downplaying the SolarWinds hack’s impact, followed by an analysis of the Black Basta ransomware group’s new method of posing as IT support via Microsoft Teams. The discussion concludes with concerns about the exploitation of a zero-day vulnerability in Fortinet’s firewall manager, highlighting the need for transparency and timely communication from vendors.

Links:

  • https://www.cnbc.com/2024/10/25/delta-suit-against-crowdstrike-after-it-outage-caused-cancellations.html
  • https://go.theregister.com/feed/www.theregister.com/2024/10/22/sec_fines_four_tech_firms/
  • https://www.bleepingcomputer.com/news/security/black-basta-ransomware-poses-as-it-support-on-microsoft-teams-to-breach-networks/
  • https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/

Defensive Security Podcast Episode 283

“They Can’t All Be Winners”
In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat explore several pressing cybersecurity topics as of October 2024. The discussion begins by addressing the rapid increase in vulnerability exploitation speeds, with a highlight that 70% of exploitable flaws in 2023 were zero-days, now being exploited within just five days. They stress the importance of effective patch management and prioritization tactics using tools like the CISA KEV list and Tenable’s Viper score. The episode also touches on the evolving nature of automated and targeted exploits, the critical role of timely patching, and the balance between production disruptions and security risks. The conversation broadens to include evolving endpoint security challenges, ransomware trends, and the need for vigilance in adapting to new threats. Additionally, the hosts discuss innovative ways to counter sophisticated attacks, such as leveraging more secure token-based authentication methods over SMS-based MFA. Lastly, the episode delves into how North Korean IT operatives infiltrate companies to steal sensitive data, the implications for remote work, and the importance of robust identity verification processes in hiring. Throughout, the focus remains on adapting to the dynamic threat landscape and continuous reassessment of security strategies.
00:00 Introduction and Casual Banter
00:41 Current Job Market Challenges
02:02 Cybersecurity Landscape Overview
02:20 Google’s Zero-Day Vulnerability Report
04:03 Importance of Patch Management
05:04 Trends in Exploitation Timelines
11:24 Strategies for Mitigating Vulnerabilities
20:03 Red Team Tool: EDR Silencer
26:52 Microsoft’s Ransomware Defense
27:25 Ransomware Attacks: A Decrease Despite the Increase
28:13 The Role of Unmanaged Devices in Cyber Attacks
28:39 Multi-Factor Authentication: Effectiveness and Adaptation
30:07 The Arms Race in Cybersecurity
30:49 The Importance of Phishing-Resistant MFA
32:11 The Rise of SIM Cloning in Ransomware
32:44 Challenges in Adopting Advanced Security Measures
36:46 North Korean IT Workers: A New Threat
40:50 The Future of Remote Hiring and Verification
49:03 Conclusion and Final Thoughts

 

Links:

  • https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
  • https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
  • https://www.theregister.com/2024/10/15/microsoft_ransomware_attacks/
  • https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/

Defensive Security Podcast Episode 282

Episode 282: Exploiting Trust in Cybersecurity Practices In episode 282 of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kallett discuss several cybersecurity topics. They highlight a phishing attack outlined by Microsoft, where cybercriminals leverage file-hosting services like OneDrive and Dropbox to exploit trust and compromise identities. The episode also explores concerns about AI systems, like Grammarly sharing company confidential info, and emphasizes the growing need for well-defined governance policies. They touch on a cyberattack affecting American Water’s billing systems and the potential implications for OT systems. The final discussion surrounds Kaspersky’s decision to replace its software on US systems with Ultra AV, raising alarms over cyber responsibilities and government influence over IT.

 

Links:

  • https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
  • https://www.tenable.com/blog/cybersecurity-snapshot-employees-are-oversharing-work-info-with-ai-tools-cybersecurity
  • https://go.theregister.com/feed/www.theregister.com/2024/10/07/american_water_cyberattack/
  • https://www.theregister.com/2024/09/24/ultraav_kaspersky_antivirus/

Defensive Security Podcast Episode 281

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity events and issues. The episode opens with discussion on the recent weather impacts affecting Asheville and lessons for disaster preparedness in the security industry. A significant portion of the episode is dedicated to CrowdStrike’s recent Capitol Hill testimony, examining the fallout from their admitted testing failures and the implications of needed kernel access for security software. The hosts also explore an ongoing GDPR violation by Meta related to storing user passwords in plain text, and a hyped but less-critical-than-expected Linux vulnerability in the CUPS printing system. Finally, they delve into potential risks associated with AI systems like ChatGPT and the increasing need for security in OT and ICS environments. The episode concludes with a reminder about the essential nature of cybersecurity fundamentals.

Links:

  • https://www.cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986/
  • https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/
  • https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1
  • https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/
  • https://industrialcyber.co/cisa/cisa-alerts-ot-ics-operators-of-ongoing-cyber-threats-especially-across-water-and-wastewater-systems/

Defensive Security Podcast Episode 280

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kellett delve into key cybersecurity topics. They discuss a recent statement by CISA director Jen Easterly on holding software manufacturers accountable for product defects rather than vulnerabilities, and the need for derogatory names for threat actors to deter cybercrime. The episode also covers Disney’s decision to ditch Slack following a data breach, and the impact of valid account misuse in critical infrastructure attacks. Additionally, they explore new tough cyber regulations in the EU under NIS2, and a Google security flaw from a Black Hat presentation concerning dependency confusion in Apache Airflow. The hosts share their thoughts on industry responses, regulations, and how enterprises can improve their security posture.
00:00 Introduction and Podcast Setup
00:59 First Story: CISA Boss on Insecure Software
03:26 Debate on Software Security Responsibility
11:12 Open Source Software Challenges
15:20 Cloud Imposter Vulnerability
22:22 Disney’s Data Breach and Slack
27:37 Slack Data Breach Concerns
29:26 Critical Infrastructure Vulnerabilities
35:21 EU’s New Cyber Regulations
43:42 Global Regulatory Challenges
48:42 Conclusion and Sign-Off

Links:

  • https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
  • https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
  • https://www.cnbc.com/2024/09/19/disney-to-ditch-slack-after-july-data-breach-.html
  • https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225/
  • https://www.cnbc.com/amp/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html