Welcome! These are the show notes for episode 110 of the UNSECURITY Podcast.

We’re putting the Information Security @ Home series on hold again this week. In case you didn’t know, it seems we have a big problem on our hands. Over the course of this last week (or so), we’ve witnessed events in our industry that we’ve not seen before, in terms of magnitude and impact. It all started (publicly) with FireEye’s announcement of an intrusion and exfiltration of data. FireEye is one of the largest and most respected firms in our industry, so this was big news!

Unfortunately, this was only the tip of the iceberg.

Over the weekend, we learned of two more really significant breaches; one at the U.S. Treasury Department and the other at the U.S. Commerce Department. On Monday (12/14), all hell sort of broke loose when we learned that these breaches are all related, and the source is SolarWinds. Attackers compromised SolarWinds defenses and inserted malware into their premier product, the Orion platform. Orion is a network management system (NMS) used by thousands of organizations to manage and monitor their IT infrastructure. SolarWinds has become a single source of possible intrusions into ~18,000 other organizations. These intrusions into the other organizations aren’t run of the mill either, these are intrusions using “trusted” software (often) configured with elevated/privileged access. This and will continue to get worse before it gets better.

Seems 2020 isn’t done 2020ing yet. The end of 2020 countdown at the time of this writing:

Other things? Yes, or course!

There are always many, many things going on around here (SecurityStudio and FRSecure). One very newsworthy event included the announcement from the State of North Dakota. North Dakota has made our S2Me (personal information security risk assessment) available for all state residents and will use it to help their citizens be more secure at home! One down, and 49 left to go!

Alright, on to it. Brad’s leading the discussion this week, and these are his notes. GOOD NEWS, we’ve invited our good friend Oscar Minks to join us as we delve in to the whole SolarWinds debacle.

---

SHOW NOTES – Episode 110

Date: Tuesday December 15th, 2020

Episode 109 Topics

• Opening
• Catching Up
  • SecurityStudio news out of North Dakota – NDIT makes online security assessment available for ND citizens
  • FRSecure, and a VERY successful year
  • FRSecure SolarWinds Compromise Update and Recommendations
  • Other stuff…
• All Hell Broke Loose
  • SolarWinds breach (only the beginning)
  • The timeline
  • What happened?
  • What are the ramifications of all this?
  • What do you need to do?
  • What do we need to do?
• News
• Wrapping Up – Shout outs

Opening

[Brad] Hey there! Thank you for tuning in to this episode the UNSECURITY Podcast. This is episode 110, the date is December 15th, 2020, and I’m your host, Brad Nigh. Joining me as usual is my good friend and co-worker, Evan Francen. Good morning Evan.

[Evan] Cue Evan.

[Brad] Also joining us this morning is another good friend and co-worker, Oscar Minks. Good morning Oscar.

[Oscar] Cue Oscar.

Quick Catchup

[Brad] As if 4th quarter wasn’t crazy enough we had the SolarWinds news break this week.  Before we dig into that let’s catch up and see how we are all doing with just over 2 weeks left in the year. What’s new?

• Evan’s stuff. What’s he been up to, what’s he working on, and what’s a day in the life of Evan look like these days?
• Ditto for Oscar.
• My things. Here’s what’s new in my life.
• Other stuff:
  • SecurityStudio news out of North Dakota – NDIT makes online security assessment available for ND citizens
  • FRSecure, and a VERY successful year
  • FRSecure SolarWinds Compromise Update and Recommendations
  • Other stuff…

Transition

Information Security @ Home

All Hell Broke Loose

[Brad] Well, we planned to do more security at home stuff, but as I said a couple weeks ago, 2020 won’t stop 2020’ing.

Topics

• SolarWinds breach (only the beginning)
• The timeline (FireEye announcement)
• FireEye, U.S. Government, (possibly) 425 of the Fortune 500, and (probably) 18,000 organizations.
• What happened?
• What are the ramifications of all this?
• What do you need to do?
• What do we need to do?

Discussion between Brad, Evan, and Oscar

[Brad] 2020 is not going quietly into the night, is it? Alright, moving on for now.

News

[Brad] Amazingly SolarWinds wasn’t the only news in the last week. We probably won’t have time to get to all of these but they are good reads and good to stay on top of.

• IoT Security Bill into Law – https://www.darkreading.com/endpoint/trump-signs-iot-security-bill-into-law/d/d-id/1339636
• ICS Medical Advisory (ICSMA-20-343-01) GE Healthcare Imaging and Ultrasound Products – https://us-cert.cisa.gov/ics/advisories/icsma-20-343-01
• Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams – https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html
• Amnesia-33 vulnerabilities affect 158 vendors, millions of devices – https://www.scmagazine.com/home/security-news/mobile-security/amnesia-33-vulnerabilities-affect-158-vendors-millions-of-devices/

Wrapping Up – Shout outs

[Brad] That’s it for episode 110. Thank you Evan and Oscar! Who you got a shoutout for today?

[Evan & Oscar] We’ll see.

[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m@BradNigh and Evan can be found @evanfrancen.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!