Bill and Gavin talk about yet another leak of hundreds of millions of personal details with the Baltimore City Ransomware attack.  The chaps are joined by Research Analyst, Claire Tills, to discuss how the media drive remediation efforts for popular vulnerabilities.

Baltimore City

https://www.welivesecurity.com/2019/05/17/eternalblue-new-heights-wannacryptor/

First American Title

https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

SandboxEscaper

1. https://kb.cert.org/vuls/id/119704/
2. https://www.bleepingcomputer.com/news/security/new-windows-10-zero-day-bug-emerges-from-bypassing-patched-flaw/ (this one has all the other bugs discovered)

ICS in Poland

https://medium.com/@woj_ciech/state-of-industrial-control-systems-in-poland-and-switzerland-656e2e363fe3

Old vulns and bad habits

• https://www.infosecurity-magazine.com/news/microsoft-warns-of-campaign-1/
• https://www.forbes.com/sites/daveywinder/2019/06/07/nsa-warns-microsoft-windows-users-update-now-or-face-devastating-damage/#6c0f5efb3aa0

1. Airbnb Superhost’s creepy spycam sniffed out by sleuthing infosec pro
2. SharePoint servers under attack through CVE-2019-0604
3. Open source bug poses a threat to sites running multiple CMSes
4. Dhound Chatbot: open domains, IP addresses
5. Unless you want your payment card data skimmed, avoid these commerce sites
6. EXPLOITING 10,000+ DEVICES USED BY BRITAIN’S MOST VULNERABLE

In this episode, Bill and Gavin talk easy-to guess-passwords, the Beapy Cryptojacking worm sweeping through Asia, as well as hungry cybercriminals leveraging credential-stuffing attacks.

• 10 most hacked passwords
  • https://www.foxbusiness.com/technology/most-hacked-passwords-2019
• The Chipotle Hack And The Troubling Trend Of Credential Stuffing
  • https://www.blog.themoneycloud.com/digital-currencies/the-chipotle-hack-and-the-troubling-trend-of-credential-stuffing/
• New zero-day vulnerability CVE-2019-0859 in win32k.sys
  • https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
• Beapy: Cryptojacking Worm Hits Enterprises in China
  • https://www.symantec.com/blogs/threat-intelligence/beapy-cryptojacking-worm-china

• Corporate giants want to help students, feds and themselves by offering cyber pros $75,000 in loan assistance
  • https://www.cyberscoop.com/workforce-cyber-talent-initiative-loan-assistance/
• Cool blog entry about building going "smart"
  • https://tisiphone.net
• Owning WPA3
  • https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/
• All about Man in the Middle Attacks
  • https://hackercombat.com/man-in-the-middle-mitm-attacks-an-introduction/ 
• Now you see Cancer, now you don't
  • https://www.youtube.com/watch?v=_mkRAArj-x0
• Chipzilla
  • https://www.theregister.co.uk/2019/04/11/intel_april_patch/
• Windows 3.1 installed where?
  • https://hackaday.com/2019/04/10/windows-3-1-in-my-bios-its-more-likely-than-you-think/
• The ubiquity of WordPress plugins
  • https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/
• Who is the group named Triton?
  • https://www.infosecurity-magazine.com/news/triton-group-found-inside-second-1/
• Ponemon Report (registration required)
  • https://lookbook.tenable.com/ponemonotreport/ponemon-OT-report
• Ted Gary's Blog Entry
  • https://www.tenable.com/blog/cybersecurity-pros-face-significant-challenges-with-ot-security-ponemon-report

In this episode, Bill tries to track merger and acquisition activity with children GPS devices. Gavin highlights the issues of hiding malware in BIOS, and Thom Langford from TL(2) joins to give a CISO's perspective.

Episode 6 story list:

Motherboard flaws can lead to hidden malware
https://www.theregister.co.uk/2019/04/03/razer_laptop_flaw/

Mar-a-lago physical security failure
https://www.theregister.co.uk/2019/04/02/trump_china_malware_usb_stick/

Game of Thrones torrents packing nasty surprises
https://thenextweb.com/insider/2019/04/03/game-of-thrones-torrents-are-packing-a-nasty-surprise/

Researcher prints PWNED! on hundreds of GPS watches
https://www.zdnet.com/article/researcher-prints-pwned-on-hundreds-of-gps-watches-maps-due-to-unfixed-api/

In this week's episode, Bill and Gavin discuss Cult of the Dead Cow, top ten vulnerabilities, supply chain attacks and leaky geolocation apps.

Episode 5 story list: 

Microsoft Office Dominates Most Exploited List

• https://www.darkreading.com/vulnerabilities---threats/microsoft-office-dominates-most-exploited-list/d/d-id/1334198

Beto O'Rourke Was Part of an Infamous '90s Hacker Group

• https://www.wired.com/story/beto-orourke-cult-of-the-dead-cow-hacking-group/

A family tracking app was leaking real-time location data

• https://techcrunch.com/2019/03/23/family-tracking-location-leak/?guccounter=1 

Two serious WordPress plugin vulnerabilities are being exploited in the wild — Ars Technica 

• https://apple.news/AWdmyqmhrSxWRIeKFWWp5ow

Hackers took over Asus auto update to deliver malware

• https://www.cnet.com/news/hackers-took-over-asus-updates-to-send-malware-researchers-found/

Apple patches 51 bugs with iOS 12.2 release

• https://www.bleepingcomputer.com/news/security/ios-122-patches-over-50-security-vulnerabilities/

Bill and Gavin discuss several stories which highlight the challenges around cyber hygiene. This episode also features a discussion on vulnerability prioritization with Tenable's Kevin Flynn.

• Developer Password Story - https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
• Ransomware stats dropping but it is as profitable as ever https://www.darkreading.com/endpoint/ransomwares-new-normal/d/d-id/1334172
• Decade old Vulnerability Found in WinRAR - https://arstechnica.com/information-technology/2019/03/nasty-winrar-bug-is-being-actively-exploited-to-install-hard-to-detect-malware/
• Firm is run out business after a breach- https://www.wired.com/story/exactis-data-leak-fallout/
• 20 Million stolen - https://www.wired.com/story/mexico-bank-hack/
• Wordpress Vulnerability https://www.theregister.co.uk/2019/03/14/wordpress_rce_vuln_v_5_1_0_previous/
• Carnegie Mellon CVSS Paper https://insights.sei.cmu.edu/cert/2018/12/towards-improving-cvss.html