Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/27/security-nation-jack-cable-on-ransomwhere/

In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker. They chat about how Cable came up with the idea, the role of cryptocurrency in tracking these payments, and how better data sharing can help combat the surge in ransomware attacks.

Stick around for our Rapid Rundown, where Tod and Jen talk about a remote code execution vulnerability that open-source forum provider Discourse experienced recently, which CISA released a notification about over the weekend. Tod highlights some of the many things Discourse is doing right with its security program.

Jack Cable

Jack Cable is a security researcher and student at Stanford University, currently working as a security architect at Krebs Stamos Group. Jack formerly served as an Election Security Technical Advisor at CISA, where he led the development and deployment of Crossfeed, a pilot to scan election assets nationwide. Jack is a top-ranked bug bounty hacker, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the US Department of Defense. After placing first in the Hack the Air Force challenge, Jack began working at the Pentagon’s Defense Digital Service. Jack was named one of Time Magazine’s 25 most influential teens for 2018. At Stanford, Jack is a research assistant with the Stanford Internet Observatory and Stanford Empirical Security Research Group and launched Stanford’s bug bounty program, one of the first in higher education.

Show notes

Interview Links

• Check out the Ransomwhere site.
• Listen to our previous episode with Jack on election security.

Rapid Rundown Links

• Read the CISA notification on the critical RCE vulnerability in Discourse.
• See Discourse’s announcement of the vulnerability on GitHub.
• Peruse Discourse’s technical blog post about it.
• Check out Discourse’s security program and policies.

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/13/security-nation-michael-daniel-on-the-cyber-threat-alliance/

In this episode of Security Nation, Jen and Tod chat with Michael Daniel, president and CEO of the Cyber Threat Alliance (CTA), as well as a co-chair on the IST’s Ransomware Task Force. After discussing Michael’s career in cybersecurity with the US government, they talk about what makes information sharing so hard in the security space and how the CTA has addressed this challenge in its efforts to promote better threat intelligence.

Stick around for the Rapid Rundown – with Tod on holiday (AKA vacation), Jen brings on Rapid7’s public policy guru Harley Geiger. They chat about the Cyber Incident Reporting Act, which is likely headed to a Senate floor vote and, if passed, would bring major changes to the reporting requirements around cybersecurity events for owners and operators of critical infrastructure.

Michael Daniel

Michael Daniel serves as the President and CEO of the Cyber Threat Alliance (CTA), a not-for-profit that enables high-quality cyber threat information sharing among cybersecurity organizations. Prior to CTA, Michael served for four years as US Cybersecurity Coordinator, leading US cybersecurity policy development, facilitating US government partnerships with the private sector and other nations, and coordinating significant incident response activities. From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the US Intelligence Community. Michael also works with the Aspen Cybersecurity Group, the World Economic Forum’s Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem. In his spare time, he enjoys running and martial arts.

Show notes

Interview links

• Follow Michael on Twitter @CyAlliancePrez
• Learn more about the Cyber Threat Alliance
• Check out the Ransomware Task Force, which Michael co-chairs
• Read Jen’s position piece on hack back

Rapid Rundown links

• Read the full text of the Cyber Incident Reporting Act
• Refresh your memory on the SolarWinds data breach
• See who’s on the House Homeland Security Committee

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/29/security-nation-rob-graham-on-mike-lindells-cyber-symposium/

In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell’s Cyber Symposium, where he claimed packet captures would reveal incontrovertible evidence of widespread fraud in the 2020 US presidential election. (Spoiler alert: Nothing resembling that description actually occurred at Lindell’s event.) An expert on packet captures, Graham recounts the Kafkaesque forensic logic behind the Cyber Symposium data — some of which was presented in a file type only known to a single living person — as well as the value of having real experts attend highly dubious events like this one.

Stick around for the Rapid Rundown, where Tod and Jen discuss Microsoft’s plan to turn off Basic Auth in Exchange Online next year and the Autodiscover bug that may have prompted the change.

Robert Graham

Rob Graham is a well-known cybersecurity expert. He created the BlackICE personal firewall, the first IPS, sidejacking, and masscan. He frequently speaks at conferences and blogs.

Show notes

Interview links

• Rob’s live Tweet thread
• Rob’s archive of the provided RTFs (hex decoded)
• Rob’s BLX Container Extractor
• All about Dennis Montgomery. Warning: this is a Wiki rabbit hole.
• A Torrent of several gives of data from the Cyber-Symposium is available at:

magnet:?xt=urn:btih:39a9590de21e77687fdf7eacee4dd743f2683d72&dn=cyber-symposium&tr=udp://9.rarbg.me:2780/announce

Rapid Rundown links

• The original Bleeping Computer story on Microsoft shutting off Basic Auth
• The related story about Amit’s Autodiscover bug finding that may have prompted the above
• A somewhat early reference to some WPAD bugs
• The earliest reference Tod could find about WPAD exploits… which happened to be written by the very same Tod back in 2009.

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/15/security-nation-craig-williams-of-cisco-talos-on-proxyware/

In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way. Along the way, they touch on the challenges of being a security communicator with an audience that extends beyond practitioners – and a few real-life stories of people who didn’t realize their cameras were spying on them.

Stick around for our Rapid Rundown, where Tod and Jen talk about the REvilware ransomware gang’s return from “retirement” and how lagging adoption of EMV is leading to high-profile cases of ATM fraud.

Craig Williams

Craig Williams has always had a passion for learning how things operate – and circumventing security measures. His deep interest in security technology began with research into vulnerabilities, threats, and network detection techniques. His research over the past decade has included running global threat intelligence teams, malware labs, and trying to outwit the very security products he has helped design.

Show notes

Interview Links

• Craig is on Twitter, but his OpSec is pretty tight so good luck getting that follow back.
• You can read up on Cisco Talos, and check their most recent on proxyware here.

Rapid Rundown Links

• Check out the Bleeping Computer story on the ATM robbers.
• Back in 2016, Rapid7’s Weston Hecker demonstrated some EMV attacks.
• But that doesn’t matter because about half of all U.S. gas stations still don’t operate with EMV payment.

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/01/security-nation-jill-fraser-deborah-blyth/

In this episode of Security Nation, we chat with Deborah Blyth, CISO of the State of Colorado, and Jill Fraser, CISO for Jefferson County, Colorado. They tell Jen and Tod about their experience securing Colorado’s cyber infrastructure at a state-wide level, breaking down silos across the various local governments to come together on an integrated, long-term plan. They go through some of the challenges of funding, collaboration, and generating buy-in — as well as how the recent national focus on election security has impacted the state and local levels.

Stick around for the Rapid Rundown, where Tod and Jen discuss Firefox’s new feature blocking insecure downloads.

Jill Fraser

Jill Fraser is the Chief Information Security Officer for Jefferson County in Colorado where she has worked for 9 years. Jill is responsible for managing the county’s enterprise cybersecurity program, which includes policy and procedure guidance, continuous improvement of incident response capabilities, end user awareness training, and risk management. She concentrates on ensuring the county’s security program is a business enabler by maintaining a sound cybersecurity strategy that supports county productivity, growth, and innovation.

Jill is an advocate for cross-organizational collaboration. She was one of the founding members of the Colorado Threat Intelligence Sharing (CTIS) network and is an active partner in the Whole of State cybersecurity program in Colorado (cooperatives formed to improve cybersecurity in Colorado-by-Colorado). Additionally, she participates in a locals-only mentoring group that serves as mechanism of peer support. She is the Chair of Colorado’s Homeland Security Senior Advisory Committee’s Cyber Subcommittee, and she is a member of the Multi-State Information Sharing and Analysis Centers (MS-ISAC) Executive committee.

Jill is an advocate for development of programs that will improve local government’s ability to secure their data and services within the limited budgets and staffing constraints most locals face. Jill has been in the information technology field for over 20 years and is a Certified Information Systems Security professional (CISSP*) as well as a Certified Chief Information Security Officer (C-CISO*).

Deborah Blyth

Deborah Blyth is Colorado’s Chief Information Security Officer (CISO), with over 25 years technology background and 15 years leading information security programs. As the CISO, she serves as the point of contact for all information security initiatives in Colorado, informing the state Chief Information Officer and executive agency leadership on security risks and impacts of policy and management decisions on IT-related initiatives. Deborah is responsible for determining the strategic and tactical security direction for executive branch agencies, to meet established objectives.

Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech (5 years) and Travelport (3 years). Deborah is a Colorado native and graduated Summa cum Laude with a Bachelor of Science degree from Regis University.

Show notes

Interview links

• National Cyber Security Center
• Colorado Cyber Resource Center
• Cybersecurity HSAC Subcommittee

Rapid Rundown links

• Firefox follows Chrome and prepares to block insecure downloads by Catalin Cimpanu
• hxxp://smart4alarm.com/ is the website Tod ran into that plops an APK right in your Downloads with no clicks. Is this okay?

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/18/security-nation-daniel-crowley/

On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron (a title that delights Jen Ellis’s British sensibilities). Daniel tells Jen and Tod all about his team’s security research internship program, which gets undergrad and grad students involved in pentesting and other forms of research in real-world environments through a series of bootcamps. He also divulges some research project ideas for those looking to uncover vulnerabilities in hidden places — including your calendar invites.

Stick around for the Rapid Rundown, where Jen and Tod talk about DEF CON highlights, the Cyber Symposium non-findings, and — you guessed it — ransomware.

Daniel Crowley

Daniel is the primary author of the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. In the security industry since 2004, he is a frequent speaker at conferences like Black Hat, DEF CON, Shmoocon and SOURCE. Daniel also holds the noble title of Baron in the Principality of Sealand.

Show notes

Interview Links:

• The original Watchfire paper on HTTP Request Smuggling from 2005
• HTTP request smuggling reborn by James Kettle
• HTTP/2 Request Smuggling from DEF CON 2021
• Free TCP/IP bugs
• Free ICS bugs
• Snyk’s Zip Slip research

Rapid Rundown Links:

• All the DEF CON videos
• Tempest Radio Station Presentation by Paz Hameiri
• Tempest Radio Station paper
• How to get started in cybersecurity AMA on Reddit
• Rob Graham’s Live Tweeting of the Cyber Symposium

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/04/security-nation-richard-kaufmann/

In this episode of Security Nation, we’re joined (for the second time!) by Richard Kaufmann, CISO at Amedisys, a leading provider of home healthcare. He’ll tell us how his company’s aim to heal people at home coincided with hospitals filling up with COVID-19 patients — and how his role as CISO can help (cyber) secure that growing shift into home healthcare.  

And stick around for our Rapid Rundown, where Tod spins a supply chain risk tale for Jen, specifically the drama surrounding the PyPI repository bug.

Richard Kaufmann

“It is now safe to turn off your computer.”  For most of us, this simple message in the late 90’s was a reminder that the operating system processes had stopped and the circuits carrying all of the ‘1’s and ‘0’s were ready to be powered off. For me, it was my first foothold into the information-security arena. Starting at defacing that iconic .JPEG and advancing into running information-security teams across finance, healthcare, and manufacturing organizations, I’ve tried to remove a little bit of entropy in the world via simple solutions to complex problems.

A problem well defined is a problem half solved. In an environment where threat landscapes, frameworks, and shareholder value are constantly changing, the ability to fall back on the fundamentals of logic and computing has become a rare commodity. I like to work with those who have a similar appetite for challenging norms and thinking creatively. This methodology has manifested itself by creating a dialogue between executive non-technical leaders and the boots-on-the-ground engineers that keep enterprises safe from cyber threats. Currently, I’m focused on transforming the approach to cybersecurity within healthcare. By disrupting the “cult of security,” we can increase the quality of patient care, protect the privacy of the data those individuals entrust us with, and innovate for a more effective future.

My daughter is my biggest fan; I enjoy long walks with heavy backpacks; and that inner voice inside my head sounds just like David Goggins.

-Richard Kaufmann, Chief Information Security Officer, Amedisys

Show Notes

From the discussion with Richard:

• Amedisys: Richard’s home healthcare employer
• S02E06: Our first time around with Richard
• S02E10: The mentioned episode with Oliver Day

From the Rapid Rundown:

• The Record on the PyPI bug
• The original research from RyotaK
• Jen’s Python joke

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/28/security-nation-philipp-amann/

In this episode of Security Nation, we’re joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by providing technical means to unlock encrypted drives, covering dozens of ransomware kits from Alpha to Ziggy, as well as working with a bunch of countries’ national police forces around the world. Oh, and here’s a spoiler: NMR estimates they’re responsible for saving almost 1 billion dollars in ransom demands over its 5-years-and-counting run. Amazing! NMR also:

• Features 121 decryption tools addressing 151 ransomware families
• Has been downloaded approximately 6 million times
• Saved victim orgs approximately $900 million in unpaid ransoms
• Read more on NMR in Jen’s recent blog!

Tod and Jen then lament the COVID-19 situation in Las Vegas (stay safe and healthy out there, everyone!) and chat about the latest NTLM attack technique, dubbed PetitPotam. And new on the blog this week: show notes! Just head to the bottom of the page for all the references you could ever want.  

Philipp Amann

Philipp Amann is the Head of Strategy at the European Cybercrime Centre (EC3). EC3 Strategy is responsible for assessing and acting on relevant trends and threats related to cybercrime and cybersecurity. Other key areas of responsibility include managing EC3’s industry advisory groups, prevention and awareness, and capacity building.

Philipp has worked in various fields; these include the financial sector, global disarmament, international investigations, and on issues related to safety and security in cyberspace, all topics about which he cares deeply.

Show Notes

• Philipp Amann Head of Strategy at European Cybercrime Center
• No More Ransom, an incredibly useful self-serve library of ransomware crackers
• Need some specific guidance on what to do if you suffer a ransomware attack? Check out NMR’s publication!
• Also mentioned in the show was Europol’s annual Internet Organised Crime Threat Assessment report, which is a great read.
• Interested in partnering with NMR? Send in a request here!
• The Rapid Rundown is mostly about the PetitPotam proof of concept NTLM attack, as discovered by @topotam77
• Microsoft’s helpful mitigation KB for the sameSANS Diary writeup of this novel NTLM attack that demonstrates the risks

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/21/security-nation-brian-honan/

In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland’s first CERT, the continuing scourge of ransomware, and cyber warranties. They also go beyond all of the recent salacious breach headlines, discussing the need to highlight successes and positive happenings in cybersecurity.

And stick around for our Rapid Rundown, where Tod and Jen talk about the under-the-radar WifiDemon vulnerability affecting iPhones and iPads.

Brian Honan

Brian Honan is CEO of the cybersecurity and data protection firm BH Consulting, and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies.

Brian is the author of several books, and regularly contributes to various publications. For his contributions to the cybersecurity industry, Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.