This is the first edition of a new series of podcasts we?re doing here at Risky.Biz that will focus on cyber policy issues. The Hewlett Foundation approached us a while back to see if we?d be interested in doing this series we jumped at the opportunity.
The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea is pretty simple: we can talk to some of Hewlett?s grant recipients or experts in its network about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policy people.
Our first cab off the rank is this interview with Jim Baker. He joined the Department of Justice in 1990 and rose through the ranks to become the FBI general counsel in January 2014, a position he held until December 2017. So of course he was running all things legal for the FBI during the Apple-FBI dispute over a locked iPhone 5C recovered from the gunman responsible for the San Bernardino shooting.
Baker was the US Government?s point man on all things encryption, taking stances that outraged technologists and reinvigorated a policy debate that had ? at least to a degree ? stagnated for years. These days, Jim Baker serves as Director of the R Street think tank?s National Security and Cybersecurity Program.
This interview focusses on the so-called encryption wars. The FBI and other law enforcement/intelligence agencies want better access to encrypted material, while technologists say that?s impossible to accomplish without introducing unacceptable risks into the technology ecosystem. Baker shares his view on the topic.
The Australian government law enforcement and intelligence agencies guide to the Assistance and Access Act, which is mentioned in the introduction to the podcast, can be found here. (Ironically enough, served over http!)
PLEASE NOTE: Jim Baker joined our meeting via a phone call, so the audio quality here isn?t up to our usual standards. Sorry about that!
On this week?s show Adam Boileau and Patrick Gray discuss the week?s news, including:CBP loses photo and license plate database Some Android phones shipped with backdoor Info on Google?s cloud outage USG ramps up ?defend forward? Trump and Mnuchin can?t get their stories straight on Huawei The latest from Baltimore, more on that RDP bug TalkTalk hacker sentenced Much, much more
This week?s show is brought to you by Remediant! Remediant CEO Tim Keeler will be along this week to have a chinwag. We?ll talk about how simple security tech is really en vogue these days and how that?s a good thing.CBP says hackers stole license plate and travelers' photos | ZDNet Hackers Breach Company That Makes License Plate Readers for U.S. Government - VICE Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online ? The Register Google confirms that advanced backdoor came preinstalled on Android devices | Ars Technica Two-thirds of iOS apps disable ATS, an iOS security feature | ZDNet How a Google Cloud Catch-22 Broke the Internet | WIRED Google Cloud Status Dashboard U.S. ramping up offensive cyber measures to stop economic attacks, Bolton says Trump and Mnuchin on Huawei, trade, national security Huawei executive labeled a 'moral vacuum' in heated UK hearing - CNN Russia and Iran Plan to Fundamentally Isolate the Internet | WIRED For two hours, a large chunk of European mobile traffic was rerouted through China | ZDNet Baltimore?s bill for ransomware: Over $18 million, so far | Ars Technica A botnet is brute-forcing over 1.5 million RDP servers all over the world | ZDNet Microsoft warns about email spam campaign abusing Office vulnerability | ZDNet SymCrypt Bug Would Let Attacker "Take Down Entire Windows Fleet" Senator asks Department of Justice if it can keep a lid on its software exploits 'You don't stand a chance': how the press freedom argument will go for Assange TalkTalk hacker Daniel Kelley sentenced to four years - BBC News A Push to Protect Campaigns from Hackers Hits an FEC Roadblock | WIRED Top voting machine maker reverses position on election security, promises paper ballots | TechCrunch Windows 10 zero-day details published on GitHub | ZDNet Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks New RCE vulnerability impacts nearly half of the internet's email servers | ZDNet Major HSM vulnerabilities impact banks, cloud providers, governments | ZDNet 'RAMBleed' Rowhammer attack can now steal data, not just alter it | ZDNet A backdoor in Optergy tech could remotely shut down a smart building ?with one click? | TechCrunch That push notification on your phone might be a phishing attempt New Spam Campaign Controlled by Attackers via DNS TXT Records Fortune 500 giant Tech Data exposed customer and billing data | TechCrunch FBI Issues Warning on ?Secure? Websites Used For Phishing Diebold Nixdorf warns customers of RCE bug in older ATMs | ZDNet Microsoft Blocks Some Bluetooth Devices Due to Security Risks Apple's 'Find My' Feature Uses Some Very Clever Cryptography | WIRED VLC 3.0.7 is Biggest Security Release Due to EU Bounty Program How to create an EVIL LTE Twin ? Adam Toscher ? Medium
On this week?s show Patrick and Adam talk through all the week?s security news, including:NYTimes story on EternalBlue and Baltimore is bunk An RDP worm is feeling kind of inevitable Iran is still getting Shadowbrokersed Intercept has a great feature on SID Today dumps Australian Federal Police crack down on national security journalism Phantom Secure CEO gets nine years and loses $80m Silk Road 2.0 admin must be an amazing snitch Another Bitcoin tumbler bites the dust Much, much more
This week?s sponsor interview is with Marco Slaviero of Thinkst Canary.
Marco is joining us this week to talk about how he thinks web application-based deception techniques are kind of a waste of time right now. We talk about how deception approaches work best in privileged domains, then we talk about how security teams do better when they have a dedicated ops developer.Show notes Ruppersberger: NSA has no evidence EternalBlue was in Baltimore attack Sen. Van Hollen: Government sees no EternalBlue in Baltimore ransomware attack N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says - The New York Times Report: No ?Eternal Blue? Exploit Found in Baltimore City Ransomware ? Krebs on Security Baltimore ransomware perp pinky-swears he didn?t use NSA exploit | Ars Technica NSA points to two-year patching window in remarks about Baltimore incident Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough | WIRED Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708) | ZDNet New Iranian hacking tool leaked on Telegram | ZDNet Meltdown Showed Extent of NSA Surveillance ? and Other Tales From Hundreds of Intelligence Documents Federal police raid home of News Corp journalist Annika Smethurst | Australia news | The Guardian PressReader.com - Your favorite newspapers and magazines. CEO Who Sold Encrypted Phones to the Sinaloa Cartel Sentenced to Nine Years - VICE Silk Road 2.0 Admin May Only Be Prosecuted For Tax Crimes After Cooperating with Feds - VICE Bitcoin Blender Exits Cryptocurrency Mixing On Its Own Terms Rights groups probe investments in NSO Group?s private equity firm Lorenzo Franceschi-Bicchierai on Twitter: "In his new book, @josephmenn argues that Phineas Fisher, the hacktivist that breached FinFisher and Hacking Team, is perhaps a Russian intelligence front.? https://t.co/PgLPt369Sd" Much @Stake: The Band of Hackers That Defined an Era | WIRED Google Cloud goes down, taking YouTube, Gmail, Snapchat, and others with it | ZDNet China 'rigs' 5G test to favour Huawei - NZ Herald Russian military moves closer to replacing Windows with Astra Linux | ZDNet Maze Ransomware Says Computer Type Determines Ransom Amount Phishing Emails Pretend to be Office 365 'File Deletion' Alerts Unpatched Flaw Affects All Docker Versions, Exploits Ready Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch 0patch Blog: Another Task Scheduler 0day, Another Task Scheduler Micropatch (The SandboxEscaper Saga) Flipboard says hackers stole user details | ZDNet Google Is Finally Making Chrome Extensions More Secure | WIRED Westpac cyber atttack: PayID platform hack exposes private details on 100,000 Australians Terry Zhang on Twitter: "Received a 40,000$ bounty from @msftsecresponse through @Bugcrowd for a critical Auth Bypass i found on Microsoft Cloud.Also will join the team and talk about it on the BlackHat this year.Thanks for the great bounty and the opportunity sharing on a big stage.? https://t.co/mbzs41LfBf" New research shows personalized ads are just barely more efficient than dumb ads | ZDNet Stephen A. Ridley on Twitter: "It has been 10 years since we reverse engineered the MS08-67 patch and published the FIRST public vuln PoC (which was used by the Confiker Worm authors). BUT, it has only been about a year since we got an angry email blaming us for the Confiker worm. https://t.co/4Xalrh7okV? https://t.co/QPeMCZIHtc" Malware Sandbox Online | Free Trial Thinkst Canary
Adam Boileau couldn?t make it this week, but that?s ok because we?ve got former Facebook CSO and current Stanford adjunct professor Alex Stamos filling in for him in today?s show. He?ll be talking through all the week?s security news, including:NYTimes report blames Baltimore ransomware attack on leaked NSA exploit Assange to face espionage charges, extradition fight looming SanboxEscaper just keeps dropping those 0days Fury over Facebook?s response to doctored Pelosi video Much, much more
This week?s sponsor interview with David Warburton of F5 Networks. You know F5 as a blinky-light box manufacturer. Load balancers, SSL termination, that sort of stuff. Not exactly a growth industry at the moment, so they?re pivoting.
They?ve dropped $670m on NGINX ? f5 now owns the NGINX company ? and they?re making all sorts of moves in the appsec space. That interview is mostly about F5?s business, but I found it interesting because what do you do when you?re an $8bn company that makes data-centre equipment and that industry starts going into decline?In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times Thomas Rid on Twitter: "Meanwhile I feel rather uncomfortable about being quoted in said NYT story. Although the bigger point stands: whoever was behind Shadowbrokers must be held accountable, and USG should not get away with publicly ignoring this historic leak." Eternally Blue: Baltimore City leaders blame NSA for ransomware attack | Ars Technica Google bots shut down Baltimore officials? ransomware-workaround Gmail accounts | Ars Technica CyberSecPolitics: Baltimore is not EternalBlue Errata Security: A lesson in journalism vs. cybersecurity Intense scanning activity detected for BlueKeep RDP flaw | ZDNet Researcher publishes Windows zero-days for the third day in a row | ZDNet Cyber Command's latest VirusTotal upload has been linked to an active attack The Latest Julian Assange Indictment Is an Assault on Press Freedom | WIRED Here's How a Facebook Exec Defended Leaving Up That Fake Nancy Pelosi Video Facebook scrubbed 2.2 billion fake accounts in the first quarter of 2019, a new high U.S. Navy Creating a 350 Billion Record Social Media Archive A--Global Social Media Archive, 350 billion digital data records (text) - Federal Business Opportunities: Opportunities Amazon shareholders reject facial recognition sale ban to governments | TechCrunch Facial Recognition Has Already Reached Its Breaking Point | WIRED Android and iOS devices impacted by new sensor calibration attack | ZDNet Privacy Preserving Ad Click Attribution For the Web | WebKit German Minister Wants Secure Messengers To Decrypt Chats European police seize BestMixer, saying it helped launder $200 million worth of cryptocurrency Chinese military to replace Windows OS amid fears of US hacking | ZDNet First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records ? Krebs on Security Australian tech unicorn Canva suffers security breach | ZDNet Equifax is spending a ton of money on cybersecurity. Wall Street analysts don't like it. Democratic Party?s network security still lags behind GOP, researchers find | Ars Technica NSS ISSUES STATEMENT ? NSS Labs, Inc. CrowdStrike, NSS Labs resolve court battle over product testing | ZDNet Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers Malware Sandbox Online | Free Trial F5 Networks | Secure application delivery
This is not the regular Risky Business weekly show, the Soap Box series of podcasts that run on Risky.Biz are wholly sponsored. Everyone you hear in Soap Box paid to be here.
With that disclaimer out of the way, this is actually a really interesting conversation. Carsten Willems is the co-founder and CEO of VMRay, a company that makes? well.. what do you call it? Is it an incident response tool? Is it a detection tool? Or is it just a good hypervisor-based sandbox that you can use to do both of those things?
I?m going to say it?s the third ? VMRay is a company that makes a great hyper-visor sandbox and has applied that technology to both response and detection.
In an ideal world you?d have a team of malware reversers on staff pulling apart every single binary that looks shady. But this isn?t a perfect world, so that?s never going to happen. So the original use case that Carsten and his team set out to solve was around automating malware reversing. They build a hyper-visor based sandbox that?s very hard to bypass, you can run your standard build on it, throw binaries and documents at it and see what blows up. That?s really the primary use case here.
But there is a second use case, which is detection. VMRay can give you a pretty decent risk score on samples, and they?ve entered into a few OEM arrangements with vendors to provide that extra level of detection.
I?d never met Carsten Willems before we prepared this podcast, but it?s safe to say we hit it off. This podcast basically turned into Carsten telling his story, the story of where VMRay came from and where he wants it to go. Enjoy!Show notes Malware Sandbox Online | Free Trial
On this week?s show Patrick and Adam talk through all the week?s security news, including:New executive order paved way for Huawei ban Google pulls service from Huawei No wait, that?s not right, it?s for new handsets The ban?s now reversed to allow them to continue the support that they didn?t have to discontinue? I?m so confused ¯_(?)_/¯ Israeli broadcaster fingers Hamas over Eurovision coverage hack New moves to regulate offensive cyber services Salesforce has a bad time Instagram influencers have a bad time (Hah!) OGUsers pwned Much, much more
This week?s show is brought to you by CMD Security. They make security software for Linux that does two things ? firstly it gives you visibility into what?s happening on your Linux workloads, which actions are being performed by which accounts, that sort of thing. The second thing it does is allow you to lock down accounts by action, rather than by traditional privilege. They?re funded by Google Ventures, among others, and although they?re a relatively small and new company I think they?re going to do really well.
Jake was just at a MITRE conference in Brussels that was all about the Attack Matrix. He?s joining me this week to have a bit of talk about his experience at that event, then we?ll be talking through some of the issues he?s seeing out there in Linux cloud workload land. Jake?s a great communicator and a very smart guy and that interview is a lot of fun.White House executive order sets path for ban on Huawei Exclusive: Google suspends some business with Huawei after Trump blacklist - source - Reuters Google's Huawei Android restrictions: what does it mean for you? [Updated] | TechRadar Trump grants temporary reprieve from Huawei ban | Financial Times Israel?s national broadcaster accuses Hamas of Eurovision hack | Jewish News Lawmakers seek probe on U.S. hacking services sold globally - Reuters U.S. lawmakers call on spy chief to rein in spread of hacking tools - Reuters Facebook bans Israeli company that's been sharing disinfo on West African politics Faulty database script brings Salesforce to its knees | ZDNet Millions of Instagram influencers had their private contact data scraped and exposed | TechCrunch Account Hijacking Forum OGusers Hacked ? Krebs on Security The Most Expensive Lesson Of My Life: Details of SIM port hack Chinese cyberspies breached TeamViewer in 2016 | ZDNet Baltimore ransomware nightmare could last weeks more, with big consequences | Ars Technica Ohio school sends students home because of Trickbot malware infection | ZDNet Google Will Replace Titan Security Key Over a Bluetooth Flaw | WIRED Bluetooth's Complexity Has Become a Security Risk | WIRED First official version of Tor Browser for Android released on the Play Store | ZDNet Root account misconfigurations found in 20% of top 1,000 Docker containers | ZDNet The Crowd, The Source? ? CTUS.IO New windows LPE from non-admin :) : AskNetsec How CSIRO Computers Were Secretly Used To Mine Bitcoin | 10 daily Company behind LeakedSource pleads guilty in Canada | ZDNet Bots Tampering with TLS to Avoid Detection - Akamai Security Intelligence and Threat Research Blog Hackers abuse ASUS cloud service to install backdoor on users? PCs | Ars Technica The radio navigation planes use to land safely is insecure and can be hacked | Ars Technica 1801 - Visual Voicemail for iPhone: Use-after-free in IMAP NAMESPACE processing - project-zero - Monorail Hackers Inject Magecart Card Skimmer in Forbes? Subscription Site Microsoft releases new version of Attack Surface Analyzer utility | ZDNet Cisco Upgrades Remote Code Execution Flaws to Critical Severity Additional mitigations for speculative execution vulnerabilities in Intel CPUs - Apple Support AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach - VICE Encryption fix may now be dead - InnovationsAus.com Request a live demo_
This isn?t our weekly news and current affairs show, this is a wholly sponsored podcast we do here at Risky Biz. The idea behind Soap Box is vendors pay to come on to the show and talk about the things they want to talk about.
Today?s Soap Box is brought to you by Signal Sciences. If you?re not familiar with them, they make web security software. If you operate a website and you?re looking to auto-block a lot of the common attacks and attack techniques that are likely to be directed against your website, then Signal Sciences are definitely worth a look.
Their whole pitch is really about making software that?s easy to deploy. You just drop it on your web server or run it as a WAF proxy, and bang, you?re done. Most of their clients run this software in full blocking mode out of the gate and don?t have any issues.
It?s really, really good at blocking stuff like cred stuffing and weird bot activity, as well as your typical OWASPY-style attacks.
Signal Sciences Trusted Appsec Advisor Phillip Maddux is our guest today. We spoke about a bunch of stuff really: the future of appsec, how the pivot to serverless is changing things. Then we talk about app-layer deception, and finally Phillip basically takes a dump on the bulk of RASP solutions out there.
Enjoy!Show notes Dear RASP: We Need to Talk About the Friction in Our Relationship
On this week?s show Patrick and Adam talk through all the week?s security news, including:NSO Group WhatsApp vuln coverage goes nuclear Activists targeted by NSO malware in hiding in west after CIA tipoffs Cisco Trust Anchor drags on sea floor Linux kernel bugs likely overhyped Adobe patches insane number of CVEs Microsoft patches rumoured GCHQ VEP?d RDP bug New hardware bugs affect Intel processors SHA-1 collisions become much more practical Major US anti-virus firms owned hard
This week?s sponsor interview with Ryan Kalember of Proofpoint. Ryan is a listener, and when he heard Adam talking about how password rotations actually result in crappy passwords, it hit a nerve with him. He says Proofpoint, via its CASBY product, is seeing a lot of targeted credential stuffing campaigns cycling through variations of passwords that have appeared in dumps.
Apparently the bad guys are hip to what a typical password rotation variation looks like and they?re using this knowledge to better direct their cred stuffing attempts.How Hackers Broke WhatsApp With Just a Phone Call | WIRED Israel gives 'Pegasus' spyware to countries like Saudi Arabia CIA Sent Warnings to 3 Khashoggi Associates About New Saudi Threats | Time WhatsApp Hack Shows End-to-End Encryption Is Pointless - Bloomberg The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research It?s Almost Impossible to Tell if Your iPhone Has Been Hacked - VICE Human rights groups to ask Israeli court to revoke NSO Group?s export license A Cisco Router Bug Has Massive Global Implications | WIRED Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution Security Updates Released for Adobe Flash Player, Reader, and Media Encoder Microsoft Patches ?Wormable? Flaw in Windows XP, 7 and Windows 2003 ? Krebs on Security Microsoft SharePoint vulnerability allows hackers to sift through servers, Saudi authorities warn Two years after WannaCry, a million computers remain at risk | TechCrunch Intel CPUs impacted by new Zombieload side-channel attack | ZDNet ZombieLoad attack lets hackers steal data from Intel chips - The Verge Patch status for the new MDS attacks against Intel CPUs | ZDNet SHA-1 collision attacks are now actually practical and a looming danger | ZDNet NVIDIA Patches High Severity Windows GPU Display Driver Flaws Keyloggers Injected in Web Trust Seal Supply Chain Attack Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond New Details Emerge of Fxmsp's Hacking of Antivirus Companies DOJ Says Chinese Hackers Attacked Anthem, but Not Why | WIRED ?RobbinHood? ransomware takes down Baltimore City government networks | Ars Technica Julian Assange to face revived rape investigation in Sweden Former NSA analyst charged in leak of classified documents to reporter New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web | ZDNet Jokeroo Ransomware as a Service Pulls an Exit Scam Nigerian BEC Scammers Shifting to RATs As Tool of Choice Mozilla offers research grant for a way to embed Tor inside Firefox | ZDNet Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence - VICE Microsoft recommends using a separate device for administrative tasks | ZDNet Unsecured server exposes data for 85% of all Panama citizens | ZDNet
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:IDF takes out Hamas cyber HQ (Features commentary from Bobby Chesney and Klon Kitchen) NYTimes mangles Symantec?s ?Buckeye? research Lots of dark web arrests SAP exploits not all they?re cracked up to be Magecart-style attacks spread to other platforms Tech-led crackdown on Chinese-muslims intensifies Japan to create ?defensive malware?
This isn?t the regular weekly risky biz news and current affairs show, this is the special podcast series we do here at Risky Biz HQ where we take that dirty, dirty vendor cash and let security companies tell the audience all about what they do. Think of it as show and tell for security vendors!
In this edition we?ve got three more vendors vying for your hard-earned bread. We?ll be hearing from Rapid7 on their InsightConnect product, that one used to be known as Komand. What can you automate and orchestrate with it? How does it work? Who?s using it? What are they doing with it?
Then we?ll be hearing from Trend Micro about their O365 mail security product, and this one is legit interesting for one very simple reason ? the deployment method. Most of the mail security firms basically make you route your mail through them.
In this case what Trend has done is create a mail security product that just fiddles with your mailboxes through the Microsoft O365 API. They have literally set up a demo account for an enterprise over a beer at a bar. So yeah, I suspect we?ll be seeing more mail security products deploying this way? and because it?s show and tell, Trend will be along to talk about some of the bells and whistles that come with that product.
Then finally we?ll be hearing from Cybermerc. This is a group based out of Canberra in Australia. They?ve done a lot of enterprise deception hybrid hardware/consulting, that?s something they?ve gotten very good at. They also do a lot of cyber cyber training, but now they?re trying to market a managed service towards small to medium businesses ? those with 50 to a few hundred seats. A managed honeypot, some internal vuln scans, and a partridge in a pear tree!Show notes Security Orchestration and Automation with InsightConnect | Rapid7 Email Security Smart Protection for Office 365 | Trend Micro Cybermerc
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:Docker Hub owned That Confluence bug we were talking about a couple of weeks ago got wormified Oracle WebLogic users also having a bad time Cloudflare faces investor pressure over providing services to Nazis Slack warns investors of possible nation-state attacks against it Norsk Hydro puts dollar value on ransomware incident Bloomberg publishes another ridiculous security story Much, much more!
This week?s sponsor interview is with Casey Ellis, the CTO and co-founder of Bugcrowd.
As most of you are probably aware, Bugcrowd announced its so-called ?next generation penetration testing? product last year, a move followed some months later by its competitor HackerOne. With others in the bounty space already offering these types of penetration testing packages, it looks like these efforts are here to stay.
But where do crowdsourced penetration tests sit in the wider penetration testing market? Are they coming after the Insomnia and Atredis Partners type firms? The NCCs? The shonky nessus-scan ?penetration testers?? Well, not surprisingly Casey argues that this is a new sub-niche in the market and he makes a pretty compelling case to support that argument.Docker Hub hack exposed data of 190,000 users | ZDNet two-factor authentication · Issue #358 · docker/hub-feedback · GitHub Slack warns investors of a high risk of cyber-attacks impacting stock performance | ZDNet Vulnerable Confluence Servers Get Infected with Ransomware, Trojans Recent Oracle WebLogic zero-day used to infect servers with ransomware | ZDNet Norsk Hydro: Attack Cost $50M « isssource.com The SIM Swap Fix That the US Isn't Using | WIRED California synagogue shooting casts harsh light on mutual-fund darling Cloudflare - Reuters Sleeping Giants on Twitter: "REMINDER: 8Chan, where the anti-Semitic shooter from today AND the New Zealand shooter posted manifestos and their fans cheer the killings, is protected by @Cloudflare and their CEO @eastdakota, who doesn?t have any regrets about it at all.? https://t.co/8XKghBMW94" Catalin Cimpanu on Twitter: "Today in infosec news: Another low-quality Bloomberg article where the reporter converts a random 10-year-old long-time-patched vulnerability into a national security threat.... because Bloomberg reporters get paid for "market-shifting news" ....which means "horrendous clickbait"? https://t.co/3IOoj08g0Q" Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone ? The Register Man who allegedly leaked CIA hacking tools says he's been tortured and is owed $50 billion Hackers Steal and Ransom Financial Data Related to Some of the World?s Largest Companies - Motherboard NSA's Russian cyberthreat task force is now permanent DNS hacks are attacks on critical infrastructure, senior U.S. diplomat says New DHS order pushes agencies to quickly patch vulnerabilities Microsoft is considering dropping its Windows password expiration policy | TechCrunch Microsoft Outlook Email Breach Targeted Cryptocurrency Users - Motherboard Chinese dev jailed and fined for posting DJI's private keys on Github ? The Register Probable Russian Navy covert camera whale discovered by Norwegians | Ars Technica CARBANAK Week Part Four: The CARBANAK Desktop Video Player « CARBANAK Week Part Four: The CARBANAK Desktop Video Player | FireEye Inc Port Scanning, Spoofing & Blacklists ? notdan ? Medium Bat bomb - Wikipedia Project Pigeon - Wikipedia Next Gen Pen Testing
On this week?s show Patrick Gray and Adam Boileau discuss the week?s security news, including:Marcus Hutchins faces his milkshake duck moment Iranian APT crew gets Shadowbrokersed DNS interference campaign is actually two large-scale actors UK to use some Huawei components in 5G build French Government launches comms app for politicians, it doesn?t go well More detail on CCleaner/ASUS crew Carbanak source found on VT (lol) Wall Street Market exit scams BEC costing US firms $1.3bn PA Much MOAR!
This week?s show is brought to you by Signal Sciences, their CEO Andrew Peterson will be along in this week?s sponsor interview to have a bit of a chat about how a lot of traditional enterprises are running serious business web app shops these days.Marcus ?MalwareTech? Hutchins Pleads Guilty to Writing, Selling Banking Malware ? Krebs on Security filsy on Twitter: "The whole internet loves MalwareShake Duck, a lovely duck that saved the internet. *12 months later* We regret to inform you that the duck was the author of malware that stole your grandmothers lifesavings." A Mystery Agent Is Doxing Iran's Hackers and Dumping Their Code | WIRED Patrick Gray on Twitter: "This development raises serious questions, like: 1. When will SIGINT agencies start publishing zines? 2. Which nation state actors will produce the best defacement art and smack talk?" Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNS Hijacking Abuses Trust In Core Internet Service Talos Blog || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: DNSpionage brings out the Karkoff Wipro Intruders Targeted Other Major IT Firms ? Krebs on Security The Weather Channel goes off the air for 90 minutes after ransomware infection | ZDNet Manufacturing giant Aebi Schmidt hit by ransomware | TechCrunch Huawei will help build Britain?s 5G network, despite security concerns - The Verge U.S. and British Intelligence Agencies Downplay Disagreement Over Huawei 5G Huawei frustration boils over as CIA allegedly shows the goods | Telecoms.com French government releases in-house IM app to replace WhatsApp and Telegram use | ZDNet Congress sends letter to Google for details on Sensorvault location tracking database | ZDNet Supply Chain Hackers Snuck Malware Into Videogames | WIRED Source code of Carbanak trojan found on VirusTotal | ZDNet A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions | WIRED Another dark web marketplace bites the dust --Wall Street Market | ZDNet FBI: US companies lost $1.3 billion in 2018 due to BEC scams | ZDNet Security flaw lets attackers recover private keys from Qualcomm chips | ZDNet Security flaw in EA?s Origin client exposed gamers to hackers | TechCrunch RCE in EA's Origin Desktop Client ? Underdog Security ? Our blog... More Security Endpoint Tech Isn't Always Better | Decipher Chaos on Twitter: "last week i got to witness an engineering department lose a full day's work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you're forced to rebase master, like you should NEVER DO. this was of course referred to as The Emojiency" Australian Lime Scooters Hacked To Say Sexual Things To Riders | Gizmodo Australia Demand More from Your Web Application Security | Signal Sciences
On this edition of Snake Oilers you?ll be hearing from three vendors offering what I believe to be excellent security technology. I haven?t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You?ll see. Or hear. You know what I mean.
First up we?ll be hearing from CMD, they make killer software for Linux that lets you lock down account actions. Not permissions, actions. Do all the default and service accounts you have to run on your Linux fleet terrify you? Well, this is a solution for that. There?s a visibility component there, too.
Then we?ll be hearing from AlphaSOC. When we last spoke to them they were just doing domain-based analytics, but they?ve expanded their tech and now offer IP-based and http request-based analytics. You can deploy AlphaSOC as a Splunk app or hook up to their API any other way you want. They?re offering free trials, but even when you?re on the paid service it?s actually pretty affordable.
The brain behind AlphaSOC is Chris McNab who used to run incident response at NCC Group. He?s seen how the planes crash into the mountains and he has created a product that performs eminently sensible analysis on your traffic and metadata to alert you to badness.
Then finally we?ll be hearing from Nucleus. This is a new company and if your job is managing vulnerabilities and vuln scanners in your org then straight up, just skip to the Nucleus interview immediately. They?ve created a web app that normalises vulnerability scanning information. It?ll take the outputs from Snyk, Rapid7, Checkmarx, Netsparker, OpenVAS, Twistlock, Fortify, Burp Suite, Nessus, Qualys, Acunetix AND others.
It ingests all of this data, normalises it, then plumbs these alerts through to the right people through a multitude of different ticketing systems. If your?e stuck in the 7th layer of Sharepoint or Spreadsheet vulnerability management hell, this is a solution to your problems. You will weep salty tears of joy when you hear this one. Free trials of Nucleus are also available.
Links to the companies featured are below!Show notes Cmd ? Defense in depth for Linux AlphaSOC Overview > Nucleus Security
On this week?s show Adam Boileau and Patrick Gray discuss the week?s security news:Julian Assange arrested, likely to be extradited to the USA Krebs: Breach at outsourcing firm Wipro WordPress 0day drama causing serious headaches Silk Road 2?s ?DPR2? sent to slammer More from Kaspersky SAS
This week?s show is brought to you by Thinkst Canary! Thinkst founder Haroon Meer will be along in this week?s show to talk about the effect venture capital is having on the security ecosystem. He thinks VC money often makes weak ideas look strong, and in a market where it?s quite difficult to make informed purchasing decisions, that?s not a good thing.Breaking Down the Julian Assange Hacking Case | WIRED Experts: Breach at IT Outsourcing Giant Wipro ? Krebs on Security Silk Road 2 Founder Dread Pirate Roberts 2 Caught, Jailed for 5 Years - Motherboard Chinese woman arrested at Mar-a-Lago 'up to something,' denied bail: judge - Reuters A security researcher with a grudge is dropping Web 0days on innocent users | Ars Technica Mailgun hacked part of massive attack on WordPress sites | ZDNet PPD-20 successor has yielded ?operational success,? Federal CISO says A Peek Into the Toolkit of the Dangerous 'Triton' Hackers | WIRED DHS, FBI say election systems in all 50 states were targeted in 2016 | Ars Technica Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign Patrick Gray ? on Twitter: "Great scoop from @Commsday Looks like @ASDGovAu is going to rip up its contract with @Cloudflare because they host Nazi forums.? https://t.co/uhqC2EIVbY" Dragonblood vulnerabilities disclosed in WiFi WPA3 standard | ZDNet Confluence Security Advisory - 2019-03-20 - Atlassian Documentation A New Breed of ATM Hackers Gets in Through a Bank?s Network | WIRED Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years | WIRED Kaspersky: 70 percent of attacks now target Office vulnerabilities | ZDNet EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification | ZDNet DHS alerts industry to insecure enterprise VPN apps Shimo VPN service contains six unpatched vulnerabilities, Talos discovers ?Land Lordz? Service Powers Airbnb Scams ? Krebs on Security Hackers publish personal data on thousands of US police officers and federal agents | TechCrunch Former Senate IT intern admits to doxing US senators on Twitter and Wikipedia | ZDNet A hacker has dumped nearly one billion user records over the past two months | ZDNet Google DLP Makes It Easier to Safeguard Sensitive Data Troves | WIRED Microsoft Email Hack Shows the Lurking Danger of Customer Support | WIRED Fortinet settles charges of selling intentionally mislabeled Chinese-made tech to U.S. military Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers Thinkst Canary
In this week?s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:Chinese woman arrested at Mar-a-Lago being very shady The ASUS supply chain attack Flame-related malware lived on longer than expected boostrap-sass Ruby gem backdoored Latest on Norsk Hydro and other victims of the same crew More trouble at Toyota Huawei spanked by UK oversight panel Exodus govvie malware affects Android and iOS Plus much, much more
This week?s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it?s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don?t fit the user profile, action can be taken.
It?s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That?s an interesting chat.Feds: Woman arrested at Mar-a-Lago had hidden-camera detector | Miami Herald Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard ASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNet Researchers publish list of MAC addresses targeted in ASUS hack | ZDNet Nation-state hacking kit ?Flame? had a second life, researchers say Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem | Snyk Norsk Hydro ransomware incident losses reach $40 million after one week | ZDNet Norsk Hydro will not pay ransom demand and will restore from backups | ZDNet Arizona Beverages knocked offline by ransomware attack | TechCrunch Ransomware Forces Two Chemical Companies to Order ?Hundreds of New Computers? - Motherboard Toyota announces second security breach in the last five weeks | ZDNet Huawei's Problem Isn't Chinese Backdoors. It's Buggy Software | WIRED HCSEC_OversightBoardReport-2019.pdf In issuing 5G recommendations, E.U. spurns U.S. hardline on Huawei Bezos? Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief?s Private Data NSO Group Says It Didn?t Hack Jeff Bezos On Behalf of Saudi Arabia - Motherboard 'Exodus' Spyware Posed as a Legit iOS App | WIRED Former NSA spies hacked BBC host, Al Jazeera chairman for UAE Lazarus rises in Israel with attempted hack of defense company, researchers say Defense Ministry rebukes Israeli spy tech company for unlawful exports | The Times of Israel Islamic State's collapse hastened with help of Australian cyber spies - ABC News (Australian Broadcasting Corporation) Company sues worker who fell for email scam - BBC News Utah Just Became a Leader in Digital Privacy | WIRED Office Depot rigged PC malware scans to sell unneeded $300 tech support | Ars Technica Microsoft warns Windows 7 users of looming end to security updates | TechCrunch Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated] | Ars Technica Warfare Plugins on Twitter: "WE ARE AWARE OF A ZERO-DAY EXPLOIT AFFECTING SOCIAL WARFARE CURRENTLY BEING TAKEN ADVANTAGE OF IN THE WILD. Our developers are working to release a patch within the next hour. In the meantime, we recommend disabling the plugin. We will update you as soon as we know more." Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses Two serious WordPress plugin vulnerabilities are being exploited in the wild | Ars Technica Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison Report deems Russia a pioneer in GPS spoofing attacks | ZDNet Above Us Only Stars - Exposing GPS Spoofing in Russia and Syria - Association of Old Crows Researchers find 36 new security flaws in LTE protocol | ZDNet AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls | ZDNet Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years ? Krebs on Security Third-Party Apps Exposed Over 540 Million Facebook Records | WIRED Man Behind Fatal ?Swatting? Gets 20 Years ? Krebs on Security Top dark web marketplace will shut down next month | ZDNet Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million | ZDNet China Considers Ban On Cryptocurrency Mining Because It's A Stupid Waste Of Energy | Gizmodo Australia Vigilantes Counter Christchurch Manifesto with Weaponized Version RedTeam Pentesting on Twitter: "We were also quite surprised to find this /etc/nginx.conf in 188.8.131.52? https://t.co/ymjjLM3eP7" Announcing QueryCon 2019 | Trail of Bits Blog PaperCall.io - QueryCon 2019 QueryCon 2019 ? Hosted by Trail of Bits, with Kolide and Carbon Black Tickets, Thu, Jun 20, 2019 at 9:00 AM | Eventbrite
This is a wholly sponsored podcast brought to you by Duo Security.
WebAuthn is a new multifactor authentication standard for the web that is all rooted in very smart encryption tech. Some of you would already be using similar authentication standards in apps without even thinking about it, like doing biometric authentication in your banking apps. You want to log in via your app and it scans your face to auth you, that sort of thing. WebAuthn makes those types of authentication actions available to users through the browser.
It?s now an official W3C standard supported by most browsers. It?s the future of auth on the Web.
Duo Security has been involved a little bit with the standards process and in this edition of the Soap Box podcast you?re going to hear a nearly hour long conversation between myself, Nick Steele and James Barclay who are Duo?s resident Webauthn dudes at Duo Labs.
I hope you enjoy this conversation.Show notes Touch ID and Beyond: Duo?s Plans for WebAuthn | Duo Security WebAuthn.io Guide to Web Authentication GitHub - duo-labs/android-webauthn-authenticator: A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification. Web Authentication: An API for accessing Public Key Credentials Level 1
In this week?s show Patrick Gray and Alex Stamos discuss the week?s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.
News:Norsk Hydro ransomwared Huawei ban gets more and more political APT40 hitting USA hard Cyber Command?s Euro road-trip Kremlin interference in EU elections extremely likely US Senators seek information on breaches targeting them Cloudflare won?t pull service from 8chan in wake of NZ attack Beto O?Rourke was cDc member New Mirari variant 150 million Android devices hosed by new malware Much, much more
This week?s show is brought to you by Chronicle Security! We?ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they?re going to pop in to tell us about some near future plans they have for their Backstory product.Norsk Hydro Ransomware Attack Is `Severe' But All Too Common - Bloomberg Antivirus scan for c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15 at 2019-03-19 12:37:54 UTC - VirusTotal When Facebook Goes Down, Don't Blame Hackers | WIRED U.S. Campaign to Ban Huawei Overseas Stumbles as Allies Resist - The New York Times Navy, Industry Partners Are ?Under Cyber Siege? by Chinese Hackers, Review Asserts - WSJ Tim Watts MP on Twitter: "In a rambling and incoherent Op-Ed today, Barnaby Joyce, our former Deputy Prime Minister make a unilateral attribution of the recent incursions into Australia?s Parliamentry IT systems. The Morrison govt has not publicly attributed these incursions. https://t.co/lvaM0mjPnS? https://t.co/btgLqCdFBo" March for something that?s truly under threat: Western democracy Cyber Command?s midterm election work included trips to Ukraine, Montenegro, and North Macedonia Kremlin interference in EU vote is likely, says Estonian spy agency Report: Tech Company In Steele Dossier May Have Been Used To Support DNC Hack US senators want to know how many times they've been hacked | ZDNet After The New Zealand Terror Attack, Here?s Why 8chan Won?t Be Wiped From The Web How Right-Wing Social Media Site Gab Got Back Online | WIRED Parliament TV and Radio - New Zealand Parliament Facebook trolls and scammers from Kosovo are manipulating Australian users - ABC News (Australian Broadcasting Corporation) Optus, Telstra, Vodafone Block 8chan, 4chan For Christc... | 10 daily Dutton Wants To Rehash The Video Game Violence Debate After The NZ Attack Facebook failed to block 20% of uploaded New Zealand shooter videos | TechCrunch Beto O?Rourke?s secret membership in America?s oldest hacking group 'Make money work for me': Sydney man charged with stealing $100,000 via phone porting A huge trove of medical records and prescriptions found exposed | TechCrunch New Mirai malware variant targets signage TVs and presentation systems | ZDNet Microsoft releases Application Guard extension for Chrome and Firefox | ZDNet North Korean diplomats in Spain: CIA implicated in attack on North Korean embassy in Madrid | In English | EL PAÍS Dissidents behind raid on N.Korea Madrid embassy: US paper - The Local Almost 150 million users impacted by new SimBad Android adware | ZDNet Most Android Antivirus Apps Are Garbage | WIRED Nasty WinRAR bug is being actively exploited to install hard-to-detect malware | Ars Technica Proof-of-concept code published for Windows 7 zero-day | ZDNet Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware | ZDNet ?Yelp, but for MAGA? turns red over security disclosure, threatens researcher | Ars Technica Local privilege escalation via the Windows I/O Manager: a variant finding collaboration ? Security Research & Defense iblue on Twitter: "So, that's CVE-2019-5418. Accept: ../../../../../../../../../etc/passwd (And we might see more fun involving the PathResolver in the future :))? https://t.co/JT2hxnCaM4" CVE?-2019-7644: How Does this Happen? Chronicle Security - Careers
On this week?s show Adam Boileau and Patrick Gray discuss the week?s news:Chelsea Manning back in jail Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently. Huawei politics get messy EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam) Much, much more
This week?s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week?s sponsor guest. He stops by to explain CDR tech.Chelsea Manning jailed after refusing to testify about WikiLeaks - CNNPolitics Citrix discloses security breach of internal network | ZDNet Citrix investigating unauthorized access to internal network | Citrix Blogs Iranian-backed hackers stole data from major U.S. government contractor Deacon Blues on Twitter: "Have about closed the loop on who is behind Resecurity, the mysterious company attributing the Citrix hack to Iran. It seems to be the work of one man, Andrey Andreevich Komarov, aka Andrew Komarov.? https://t.co/9fbWuEwqdL" US ambassador in Berlin urges Germany to cut ties with Huawei Pompeo warns allies Huawei presence complicates partnership with U.S. | Reuters Huawei?s 5G equipment is a manageable risk, British intelligence claims - The Verge UN report links North Korean hackers to theft of $571 million from cryptocurrency exchanges China database lists 'breedready' status of 1.8 million women | World news | The Guardian 800+ Million Emails Leaked Online by Email Verification Service - Security Discovery Releasing the NSA?s Previously Classified Tool ?Ghidra? For Free Is a ?Game Changer? - Motherboard Facebook Suit: Ukrainian Hackers Used Quizzes to Take Data from 60,000 Users A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates | Ars Technica The Prototype iPhones That Hackers Use to Research Apple?s Most Sensitive Code - Motherboard Google reveals Chrome zero-day under active attacks | ZDNet Pipes on Twitter: "Google TAG have run down and identified iOS, Chrome and Windows 0days in the last few weeks. @ShaneHuntley Are we going to get some insight on which group you folk are pulling apart later? Sounds like fun times ?" Russia blocks encrypted email provider ProtonMail | TechCrunch Tufts expelled a student for grade hacking. She claims innocence | TechCrunch Lamborghini-driving bitcoin trader charged with drug trafficking Cryptocurrency entrepreneur pleads guilty in 'Bitcointopia' fraud - Los Angeles Times Car alarms with security flaws put 3 million vehicles at risk of hijack | TechCrunch Silencing Cylance: A Case Study in Modern EDRs ? MDSec Glitching Trezor using EMFI Through The Enclosure ? Colin O?Flynn Extracting BitLocker keys from a TPM WDS bug lets hackers hijack Windows Servers via malformed TFTP packets | ZDNet Cisco tells Nexus switch owners to disable POAP feature for security reasons | ZDNet Auth0 Security Bulletin CVE-2019-7644 Votiro Disarmer Takes Cyber Security to the Next-Generation Senetas announces $8m investment in Votiro Disarmer
On this week?s show Adam Boileau and Patrick Gray discuss the week?s news:The NSA isn?t that interested in phone metadata anymore More Chinese mass surveillance data leaks Chelsea Manning, David House subpoenaed over Wikileaks Quadriga cold wallets were actually empty at time of founder?s death NSA deployed ?rm -rf / shark? at Internet Research Agency HackerOne follows Bugcrowd into pentesting NSA releases Ghidra Much, much more!
This week?s sponsor interview is with Chris Kennedy, AttackIQ?s CISO and VP of customer success. And we?ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing House aide: NSA has shut down phone call record surveillance | Ars Technica China?s ?democracy? includes mandatory apps, mass chat surveillance | Ars Technica China claims detained Canadians formed spy link As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times WikiLeaks Veteran: I ?Cooperated? With Feds ?in Exchange for Immunity? Mystery as Quadriga crypto-cash goes missing - BBC News NSA?s top policy advisor: It?s time to start putting teeth in cyber deterrence | Ars Technica US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet Vulnerability exposes location of thousands of malware C&C servers | ZDNet Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard Coinbase Says Ex-Hacking Team Members Will ?Transition Out? After Users Protest - Motherboard HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View Ghidra Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely ????.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7" Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.? https://t.co/HRXh1Vr5pt" W3C finalizes Web Authentication (WebAuthn) standard | ZDNet Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn
In this edition of the show we?re playing a small part in Chronicle?s launch of its flagship product, Backstory.
Chronicle is of course the security spinoff of Google?s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it?s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.
I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I?m going to characterise it in a way that Chronicle probably won?t like, but it?s basically a cloud-SIEM, albeit a very good one.
Backstory ingests logs from a bunch of data sources ? DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts ? and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That?s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you?ve submitted.
So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.Show notes Chronicle launches Backstory