Â
Â
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Defensive Security is a weekly information security podcast which reviews recent high profile security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
Technology
Tech News
Business News
Defensive Security Podcast Episode 269
https://www.bleepingcomputer.com/news/security/cosmi...
more
Jul 31 2022 21m
Defensive Security Podcast Episode 268
Stories:
https://www.scmagazine.com/feature/i...
more
Jul 17 2022 32m
Chapter 1 59 sec
All right, here we go today. Sunday, July 17th. 2022. And this is episode 268. Of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew KellettChapter 2 59 sec
point, but the pictures are actually sound absorbing panelsChapter 3 59 sec
really interesting stuff in hereChapter 4 59 sec
CISO of solar winds describes that the attack didn& actually. Change their code base. So the attack wasn& against their code repository. It was actually against one of their build systemsChapter 5 59 sec
end of each of those, there& a comparison. And if they don& They don& match, if the. They call it a deterministic build. So there are like their security team does one, a dev ops team does another and the QA team does a third. And all buildingChapter 6 59 sec
resources to do so maybe it makes senseChapter 7 59 sec
dedicated red team who& focused on the build environment. I will say the one. Reservation I have is this kind of feels maybe a little bit like they& fighting the. The last war. And so all the stuff that they& describing is very focused on. Addressing the thing that failed last timeChapter 8 59 sec
Attack outcomesChapter 9 59 sec
I& drawing a blank. I think that& one of the hotel change. don& want to say the wrong name, but I I believe that there are. There are also instances. We& readily available. Where the contrast true. Like they just keep getting hacked over and overChapter 10 59 sec
stuff. They mentioned it here. I& sure that CrowdStrike appreciated that. Their own. Tier three SOC. They& got a lot of stuff and they also talking to that now their retention rates for customers are back up in the nineties, which is pretty, pretty good. So I don& know. Yeah. Clearly this is a PR thingChapter 11 59 sec
bureaucracy and checks and balances that must add tremendously to the costChapter 12 59 sec
help the rest of The rest of the industry learned, which is, by the way, like what we& trying to do here on the show. Kudos to themChapter 13 59 sec
NTSB or what have you. But they released this report last week, which describes. What happened in, or at least their analysis of what happened. In the log4j. Incident that happened last year. And. So I have mixed. Mixed emotionsChapter 14 59 sec
In the last I checked every single month for the past 20 plus years. Microsoft releasesChapter 15 59 sec
Combined into this commercial software. And the big challenge we had as an industry. Was figuring out where they, where all that stuff was. And then even after that Trying to beat on your vendorsChapter 16 59 sec
think there& a real appreciation for how pervasively, some of these things. Are being used. They do talk about in the recommendations about creating built in a better bill of material for software, which I think is good. But it& still, that& like coming at it the wrong wayChapter 17 59 sec
surprised when some enterprising researcher. Lifts up a rug that nobody& looked under before and realizes, oh gosh, there& this piece of code that was managed byChapter 18 59 sec
package. That does its job well that I can include in my software package. I could potentially save myself a lot of bugs andChapter 19 59 sec
talking about versus, Hey, that& a solved problem. I& just pull it off the shelf and move onChapter 20 59 sec
going to be in every fricking piece of commercial and open source software out thereChapter 21 59 sec
it becomes much easier to look across your environment and say, yep, I got it there and thereChapter 22 59 sec
open source components exist in, pervasively and what would be easy ishChapter 23 59 sec
are sending letters to unwitting. Employees at different companies. And I don& know how well targeted this is. There& really not a lot of discussion about that, but. In the example they cite they have a letterChapter 24 59 sec
It, the hypothesis is that it will lead to unsurprisingly a ransomware infection because they& install a remote access Trojan on your workstation. And then, use that, use that as a beachhead to get into yourChapter 25 59 sec
perilous to think that you can train it away, because then you start to think that when it happens, It& the failure of the person. And actually think that& the wrong way to think about it. If you have, Obviously. You want to do some level of training?Chapter 26 59 sec
on ourChapter 27 59 sec
the. Attacks involving macros has fallen away. So pretty effective control Microsoft last weekChapter 28 59 sec
problem. For at least 15 years with MicrosoftChapter 29 59 sec
that is the story for tonight. Just one little bit of editorial. I spend a lot of time during the week reading. Different stories, all kinds of Google alerts set up for For different security stories and whatnot to help pick what we talk about on these podcastsChapter 30 59 sec
And I don& mean to be that harsh about it. It& justChapter 31 59 sec
to have one of and if it& not one of these three, you don& get premium pricingChapter 32 59 sec
We proudly have I think we& cleared 10 years of no No vendor sponsorship. No sponsorship of any kind, other than a donationChapter 33 46 sec
entertained. And really proud of you when I found out that your voice. Was found to be one of the best tools to disperse crowds
Defensive Security Podcast Episode 267
Defensive Security Podcast Episode 267
jerry: [00:00...
more
Jul 10 2022 35m
Chapter 1 59 sec
Alright, here we go. Today is Sunday, July 10th, 2022. And this is episode 267 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always. Is Mr. Andrew KellettChapter 2 59 sec
jerry: Yeah. I & been back for a month from my beach place. And I think today& the first day that we& not had a heat advisoryChapter 3 59 sec
All right. Couple of really interesting stories crossed my desk. Recently and the first one comes from the US department of justice of all places. And the title here is Aerojet, Rocketdyne agrees to pay $9 million to resolve false claims act allegationsChapter 4 59 sec
lawsuit is successful, the person making the allegation, basically it& a whistleblower kind of arrangement. The person making the allegation gets a cut of the settlement. And so in this particular case the whistleblower received $2.61 million dollars of the $9 millionChapter 5 59 sec
know seven figure rangeChapter 6 59 sec
go and I cause. I was very curious about this and did do a bunch of searching and found some summaries of the case and some of the legal documentations, and it looks like. The best I was able to get into is there was a matrix of 56 security controls. Or something around those lines, don& quote me on that and that the company only had satisfactory coverage of five to 10 of themChapter 7 59 sec
understanding is that the scope of this may make increaseChapter 8 59 sec
from CISA the cybersecurity and infrastructure security agency. I hate the name. I really wish they come up with a different name. It& the word security way too many times. Anyway that the title here is North Korea state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sectorsChapter 9 59 sec
organization or a person or entity in North Korea, you can be subject to penalties from the U S governmentChapter 10 59 sec
privileged communications to hide it. At least allegedly in some previous stories we& covered. But that& an interesting problem. Yeah. I can see how that would be a challenge. Maybe if you only paid the ransomware, like in bulk wheat shipmentsChapter 11 59 sec
of them are interesting and things that you haven& seen a lot of recommended before. But a lot of them are just the normal run of the mill platitudes. Only use secured networks and avoid using public wifi networks. Consider you using an installing a VPNChapter 12 59 sec
advisory here. This particular Maui ransomware is actually pretty manual. It actually has to be, apparently be launched. By hand. With the command line. So whoever is whoever the threat actor is, they found some way into the system and you can infer. Assuming that the CISA actually has that kind of insight. You can infer by reading through their recommendations, how they think the north Koreans are getting in there using RDP that& exposed to the internet and then moving laterally using user credentials who have administrative rights and so on. So you can infer based on what they& saying not to do to see probably how it& being propagated, but sometimes it& a little difficult to understand, with these kinds of recommendations how much of it is the result of actual observations and just yeah, we have this listChapter 13 59 sec
of good hygiene practices. And we think this is what you should be doingChapter 14 59 sec
coming through ChinaChapter 15 59 sec
admitChapter 16 59 sec
technically feasible. We& going to have to shift to quantum resistant. Crypto, which is going to be interesting because there it& you going out on a limb and saying thatChapter 17 59 sec
Correct. Conceivably a. A well. In properly skilled quantum computer could. Take a, contemporary. Public key crypto and break it, in, in very short timeChapter 18 59 sec
isChapter 19 59 sec
quantum safe algorithms? Like we were like hypothesizing, how. Quantum computing is going to evolve once it theChapter 20 59 sec
software and software as a service companies and in and whatnot. Because if you do that you you can not just attack one company you can conceivably, with one attack yetChapter 21 59 sec
I& kidding. Of course. Yeah, it& a tough. It& a tough problem. There& so much inherent trust that you establish if we& look back at solar winds and Yeah how many times have you and I said, Hey, upgrades and patches are important. And then that became the attack. Vector. Let& just hope that becomes a rarityChapter 22 59 sec
Supply chain risks happened because you have no choice, but to have a massive amount of trust granted to someChapter 23 59 sec
popular well-knownChapter 24 59 sec
article the super famous. I guess infamous story about the Las Vegas casino that was hacked through theirChapter 25 59 sec
withChapter 26 59 sec
legitimate. We, as humans. Have evolved to trust our senses. And identify people visually and audibly. Withreat level. Like we don& have any built in skepticism that we just inherently trust itChapter 27 59 sec
jerry: Well, you& gonna have to have a multifactor, like you& I think we& going to get to a point. you just can& trustChapter 28 59 sec
of discipline and bureaucratic red tape, but. Otherwise, I just it& going to get too trivially easy. To fake a phone call from the CEOChapter 29 59 sec
malware, probably moving into firmwareChapter 30 59 sec
to move Linux into kind of a windows windows mode of operation. And so I think like the next plan. Like order 66Chapter 31 59 sec
tomorrow. Is the skills crisisChapter 32 59 sec
that& what& To be honest, like one, one of the ways to look at this is, a lot of organizations areChapter 33 59 sec
probably a lot of bad practices. And failure to follow best practices for various reasons that were. Compensating for, with other security controls, as opposed to just. things more inherently secureChapter 34 59 sec
Apparently lotsChapter 35 59 sec
devices. Not. Not not like green-screen terminals but less so in less a wave. Or less general computing and more. Specialized, which I think are easier to secure. That just shifts. A lot of the complexity into other parts of the environment your infrastructureChapter 36 41 sec
the show for today. Thank you all for for listening. Sorry. It& been so long. Life continues. To get in the way of making podcasts. And I, every time I think it& going to level out and I will be less busy. Something happens
Defensive Security Podcast Episode 266
https://www.csoonline.com/article/3660560/uber-cisos...
more
Jun 12 2022 31m
Defensive Security Podcast Episode 265
Google Exposes Initial Access Broker Ties With Ranso...
more
Mar 27 2022 56m
Defensive Security Podcast Episode 264
Adafruit discloses data leak from ex-employee’...
more
Mar 13 2022 30m
Defensive Security Podcast Episode 263
https://www.govinfosecurity.com/data-breach-exposes-...
more
Feb 20 2022 39m
Defensive Security Podcast Episode 262
https://www.darkreading.com/edge-threat-monitor/most...
more
Feb 7 2022 39m
Defensive Security Podcast Episode 261
https://www.bleepingcomputer.com/news/security/hacke...
more
Jan 31 2022 51m
Defensive Security Podcast Episode 260
https://www.csoonline.com/article/3647209/why-you-sh...
more
Jan 17 2022 31m
Defensive Security Podcast Episode 258
https://arstechnica.com/gadgets/2021/07/malicious-py...
more
Aug 15 2021 49m
Defensive Security Podcast Episode 257
https://therecord.media/using-vms-to-hide-ransomware...
more
Jul 25 2021 41m
Defensive Security Podcast Episode 256
https://www.csoonline.com/article/3623760/printnight...
more
Jul 11 2021 42m
Defensive Security Podcast Episode 255
https://www.reuters.com/technology/us-sec-official-s...
more
Jun 27 2021 40m
Defensive Security Podcast Episode 253
https://www.securityinformed.com/news/intruder-resea...
more
Jul 15 2020 46m
Defensive Security Podcast Episode 252
https://www.bankinfosecurity.com/capital-one-must-tu...
more
May 31 2020 26m
Defensive Security Podcast Episode 251
https://www.securityweek.com/recent-salt-vulnerabili...
more
May 4 2020 28m
Defensive Security Podcast Episode 250
https://www.zdnet.com/article/dhs-cisa-companies-are...
more
May 3 2020 44m
Defensive Security Podcast Episode 249
https://www.tomsguide.com/news/zoom-security-privacy...
more
Apr 5 2020 56m
Defensive Security Podcast Episode 248
Be well, be safe, take care of yourselves, and take ...
more
Mar 28 2020 56m
Defensive Security Podcast Episode 247
https://www.securityweek.com/state-sponsored-cybersp...
more
Mar 22 2020 42m
Defensive Security Podcast Episode 246
https://www.darkreading.com/risk/cybercriminals-swap...
more
Feb 23 2020 42m