Talkin' Bout [Infosec] News

Originally Aired on July 19, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-19 02:18 – Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm 13:15 – Story # 2: https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/ 16:00 – Story # 3: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ 34:41 – Story # 4: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html 42:36 – Story # 5: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html 53:13 – [Post]Show Banter™ — Can’t Get Lumber Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,639 other subscribers Email Address Subscribe (00:00) - BHIS | Talkin' Bout News 2021-07-20 (02:18) - Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm (13:15) - Story # 2: https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/ (16:00) - Story # 3: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ (34:41) - Story # 4: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html (42:36) - Story # 5: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html (53:13) - [Post]Show Banter™ — Can't Get Lumber

Originally Aired on July 12, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-12 01:56 – Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ 03:09 – Russia’s R.A.R.E. Program 03:54 – Story # 2: https://www.securityweek.com/solarwinds-confirms-new-zero-day-flaw-under-attack 05:33 – Story # 3: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html 08:44 – Story # 4: https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html 11:53 – Story # 5: https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ 15:31 – Story # 6: https://www.microsoft.com/security/blog/2021/07/12/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work/ 18:42 – Story # 7: https://threatpost.com/lazarus-engineers-malicious-docs/167647/ 29:02 – Story # 8: https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/ 35:21 – Story # 9: https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html 46:19 – Story # 10: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/ 48:16 – Story # 11: https://www.securityweek.com/morgan-stanley-hit-accellion-hack-through-third-party-vendor 49:37 – PDF Doc Details: https://www.doj.nh. (00:00) - BHIS | Talkin' Bout News 2021-07-12 (01:56) - Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ (03:09) - Russia's R.A.R.E. Program (Fan Graphic) (03:54) - Story # 2: https://www.securityweek.com/solarwinds-confirms-new-zero-day-flaw-under-attack (05:33) - Story # 3: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html (08:44) - Story # 4: https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html (11:53) - Story # 5: https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ (15:31) - Story # 6: https://www.microsoft.com/security/blog/2021/07/12/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work/ (18:42) - Story # 7: https://threatpost.com/lazarus-engineers-malicious-docs/167647/ (29:02) - Story # 8: https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/ (35:21) - Story # 9: https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html (46:19) - Story # 10: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/ (48:16) - Story # 11: https://www.securityweek.com/morgan-stanley-hit-accellion-hack-through-third-party-vendor (49:37) - PDF Doc Details: https://www.doj.nh.gov/consumer/security-breaches/documents/morgan-stanley-20210702.pdf

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it all work. Wouldn’t it be nice if you had a playbook of how to set everything up to save time and prevent mistakes? What if we coded this playbook so we could share this with others and modify our tactics when things change? In this Black Hills Information Security (BHIS) webcast, we’re going to do just that. We will take a top-down look at how a phishing engagement is designed. Then we will work through coding this design, so we don’t have to keep building a phish. Lastly, we will touch on how to fly under the radar and how coding TTP’s help save time and guarantee accuracy. Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – FEATURE PRESENTATION: How to Build a Phishing Engagement – Coding TTP’s 01:06 – About Ralph May 01:58 – Disclaimers 03:19 – Overview 03:56 – Phishing is Hard 06:33 – Infrastructure 07:12 – Operational Security 08:39 – Designing a Phish 13:18 – Phishing Emails 15:48 – 1st Tool: EVILGINX2 17:30 – EVILGINX IOC’s 18:20 – 2nd Tool: GoPhish 19:08 – GoPhish IOC’s 20:52 – 3rd Tool: NGINX (00:00) - FEATURE PRESENTATION: How to Build a Phishing Engagement - Coding TTP's (01:02) - About Ralph May (01:51) - Disclaimers (03:06) - Overview (03:43) - Phishing is Hard (06:20) - Infrastructure (06:59) - Operational Security (08:26) - Designing a Phish (13:01) - Phishing Emails (15:29) - 1st Tool: EVILGINX2 (17:10) - EVILGINX IOC's (18:00) - 2nd Tool: GoPhish (18:48) - GoPhish IOC's (20:31) - 3rd Tool: NGINX (21:45) - 4th Tool: Digital Ocean Cloud Provider (22:10) - 5th Tool: Mailgun Email Service (22:52) - 6th Tool: CDN-Azure (23:33) - Coding a Phish – 1st Tool: Ansible (26:09) - 2nd Tool: Terraform (28:36) - 3rd Tool: Docker (30:22) - Combining Ansible and Terraform (32:14) - Ansible Secrets (34:04) - DEMO: Executing a Phishing Engagement (41:57) - What's Next (43:19) - QnA (56:03) - PostShow Banter™ — Ohs and Ahs

Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – 2021-04-01 – PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ 05:29 – You’re So Vanity 08:39 – Let’s Talk About Florida Man 11:27 – Kellon is here – Intro Sec Con Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,588 other subscribers Email Address Subscribe (00:00) - 2021-04-01 - PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ (08:28) - Let's Talk About Florida Man (11:12) - Kellon is here - Intro Sec Con

Originally Aired on July 6, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-06 02:32 – Story # 1 – CISA self-assessment audit tool – https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 – Story # 2 – Insurance rates up 32% – https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 – Story # 3 – 0 Day for Windows OS PrintNightmare – https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 – Story # 4 – Kaseya Indicators of Compromises – https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 – Story # 5 – Dotnet Core for PowerShell – https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 – Story # 6 – Intuit shares data with Equifax – https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 – Alissa Torres’ Shout Outs (see description for links) 52:00 – Story # 7 – The Audacity of Spyware – https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: * https://www.dianainitiative.org/event-schedule/* https://dfrws.org/conferences/dfrws-usa-2021/* https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/* https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/ Check out our Cyber Range, not just a place to work through challenges and play,

Articles discussed in this episode: 00:00 - BHIS | Talkin’ Bout News 2021-07-06 02:32 - Story # 1 - CISA self-assessment audit tool - https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 - Story # 2 - Insurance rates up 32% - https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 - Story # 3 - 0 Day for Windows OS PrintNightmare - https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 - Story # 4 - Kaseya Indicators of Compromises - https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 - Story # 5 - Dotnet Core for PowerShell - https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 - Story # 6 - Intuit shares data with Equifax - https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 - Alissa Torres’ Shout Outs ( see description for links ) 52:00 - Story # 7 - The Audacity of Spyware - https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: https://www.dianainitiative.org/event-schedule/ https://dfrws.org/conferences/dfrws-usa-2021/ https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/ https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/

Originally Aired on June 28, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Way West Recap06:38 – Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/12:58 – Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware19:41 – Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html29:27 – Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/44:27 – Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/45:43 – Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/52:56 – Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/55:38 – Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,555 other subscribers Email Address Subscribe

00:00 - PreShow Banter™ — Way West Recap 06:38 - Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/ 12:58 - Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware 19:41 - Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html 29:27 - Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/ 44:27 - Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/ 45:43 - Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/ 52:56 - Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/ 55:38 - Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/

https://youtu.be/ZXNzG8ilfiw 00:00 - Talkin’ Bout Ransomware 01:26 - Story 1: https://nypost.com/2021/06/06/texas-mom-arrested-after-posing-as-her-13-year-old-daughter-at-middle-school/ 06:26 - Story 2: https://cyberworkx.in/2021/06/07/worlds-first-known-malware-targeting-windows-containers-to-compromise-cloud-environments/ 10:42 - Story 3: https://threatpost.com/revil-spill-details-us-attacks/166669/ 22:27 - Story 4: https://www.eff.org/deeplinks/2021/06/van-buren-victory-against-overbroad-interpretations-cfaa-protects-security 24:43 - Story 5: https://cyberworkx.in/2021/06/05/microsoft-teams-is-getting-better-security-end-to-end-encryption-for-voice-calls-from-july/ 30:33 - Story 6: https://lock.cmpxchg8b.com/passmgrs.html Join the BHIS Community Discord: https://discord.gg/bhis

Originally Aired on June 1, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Fishing Attacks 02:40 – Story 1: https://m1racles.com/ 05:33 – Story 2: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ 11:26 – Story 3: https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps 15:29 – Story 4: https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 23:44 – Story 5: https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ 26:26 – Story 6: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,444 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — Fishing Attacks (02:40) - Story 1 : https://m1racles.com/ (05:33) - Story 2 : https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ (11:26) - Story 3 : https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps (15:29) - Story 4 : https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 (23:44) - Story 5 : https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ (26:26) - Story 7 : https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/