Paul's Security Weekly (Audio)

This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver’ techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry. Segment Resources: https://www.huntress.com/blog/the-hackers-in-the-arena-the-huntress-ctf-retrospective https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-845

Kayla Williams, Chief Security Information Officer at Devo and advocate for SOC analyst wellness, tackles the pressing issue of burnout affecting 83% of IT professionals. She highlights how AI can alleviate stress for security teams. Additionally, Mandy Logan joins the conversation, adding her expertise on AI's role in enhancing cybersecurity measures. They explore the need for improved mental health support within the industry and proactive strategies for fostering analyst engagement, ultimately advocating for AI as a helpful partner in cybersecurity efforts.

Tod Beardsley, Vulnerability Analysis Lead at CISA, offers deep insights into the Known Exploited Vulnerabilities catalog. He explains its creation and practical usage in enhancing cybersecurity. The conversation also touches on the resurgence of pagers for secure communications, the implications of Android TV malware, and the complexity of supply chain vulnerabilities. Additionally, the group humorously explores the quirks of cryptography and the evolution of network security tools, blending technical analysis with engaging anecdotes.

Lee Kim, a cybersecurity and privacy officer at HIMSS, joins the discussion alongside regular contributors Mandy Logan, Sam Bowne, and Lee Neely. They delve into the ramifications of the EU Cyber Resilience Act on product security and the legal complexities arising from recent Supreme Court rulings. The team also addresses cybersecurity breach disclosure laws and the challenges facing security researchers under current regulations. Additional highlights include insights on SEC mandates and the evolving landscape of digital threats, emphasizing the importance of legal knowledge in tech.

Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader. Mark's journey spans decades, marked by a commitment to uncovering vulnerabilities and understanding the ever-changing threat landscape. As a prominent figure in the cybersecurity community, he has contributed significantly to the field, sharing insights, research findings, and expertise. Join us in this podcast interview as Mark reflects on his experiences, discusses the evolution of cybersecurity challenges, and shares his perspectives on emerging trends. With a deep understanding of both offensive and defensive security, Mark brings a unique perspective to the conversation, offering valuable insights into the strategies and tactics employed by cybersecurity professionals. As a respected voice in the industry, Mark Loveless has not only witnessed the evolution of cybersecurity but has actively shaped its trajectory through his contributions to research, writing, and speaking engagements. This episode provides a rare opportunity to gain knowledge from a cybersecurity veteran and explore the nuances of an ever-expanding digital landscape. Tune in to discover the wisdom and experiences that have defined Mark Loveless's career and gain a deeper understanding of the complexities and challenges inherent in the world of cybersecurity. Show Notes: https://securityweekly.com/vault-psw-12

Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk within. Segment Resources: Community efforts on AIBOM topic: https://github.com/aibom-squad This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux malware, call this number, finding all the Wordpress plugin vulnerabilities! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-841

Josh Bressers, a knowledgeable figure in vulnerabilities and exploits, dives into the complexities of patch management. He discusses the limitations of tools like MITRE ATT&CK and CVSS in accurately prioritizing vulnerabilities. The conversation emphasizes the importance of context in patching decisions and addresses the challenges of tracking incidents that lack CVEs. Bressers shares insights on the balance between urgent patches and asset criticality, highlighting personal anecdotes that shed light on navigating the evolving cybersecurity landscape.

Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are users really the weakest link? Are cybersecurity vendors truly incentivized to provide better security? Do we agree on what cybersecurity really means? - Do not miss this segment! This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new chips and are not without controversy, lasers that can steal your passwords, it was a regex, Larry updates us on some IoT research, attackers have your SSN, and more updates from last week's hacker summer camp! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-839

This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit! Learn what is most interesting at hacker summer camp this year! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-838

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-837