Posts

UNSECURITY Episode 138 Show Notes

/in /by

Hope you had a wonderful Independence Day (July 4th)! We’ve gone through a lot together in this country, and I love this place we call home. Lots to do in making the USA better, but this will always be the case. This is the best country in the world, and I’m grateful!

In case you missed it, two big events last week; the Kaseya ransomware attack and Microsoft’s PrintNightmare.

Kaseya Ransomware

So, you might have heard. On Friday (going into July 4th weekend), computers around the world (not all of them, but maybe ~1,000,000 of them) started to lock up. The announcement came around midday that Kaseya’s VSA servers were being used to distribute ransomware, primarily to MSP customers. My first thought was “Oh shit! We might have another SolarWinds.” Thank God, this wasn’t the case.

Facts started to come in, and it became evident that this was an attack directed at VSA servers hosted by MSPs. Some MSPs (about 2,200 of them) installed their VSA servers so that they were accessible from the Internet. I’m not a VSA expert, but this high number implies this as standard practice. A zero day vulnerability (and exploit) was discovered by the REvil ransomware gang (or an affiliate) and was used to infect clients.

Kaseya already knew about the vulnerability thanks to the good work by Wietse Boonstra and his compatriots at NIVD. The vulnerability was reported to Kaseya and the two groups were working on a patch at the time of the ransomware attack. The end result was somewhere between 60-70 MSPs affected and somewhere between 1,200-1,500 companies infected. Kaseya did a good job responding, and so did many MSPs. Lessons learned are TBD after the dust settles.

Links referenced in today’s show are below.

Microsoft PrintNightmare

If it hadn’t been for Kaseya, this would have been top news. In terms of scope, this is much bigger, affecting many millions of servers (and companies). In terms of potential impact, this also exceeds the Kaseya attack. News broke on June 30th about an impressive and potentially very damaging vulnerability in the Microsoft Print Spooler service. On July 1st, Microsoft released additional information about the vulnerability and offered (un)helpful guidance.

There is an exploit in the wild for this vulnerability that allows complete control over a server (and Active Directory).

We’ll talk a little about this too. Links referenced in today’s show are also below.

 

OK. Show notes for episode 138…

SHOW NOTES – Episode 138 – Tuesday July 6th, 2021

Opening

[Evan] Welcome listeners! It’s good to have you join us. Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 138, and the date is July 6th, 2021. Joining me is my good friend, Mr. Brad Nigh. Good Morning Brad!

[Evan] Hope you had a wonderful 4th of July. Many people had the day off yesterday, but some people were fighting the fire caused by ransomware deployed through Kaseya’s VSA servers. This is where we’ll start.

Kaseya Ransomware Attack

Here’s a list of links/articles we’re explore in this episode:

All in all, this attack could have been MUCH worse than it was. Incident responders did a great job and communicated well. More to come in time…

Microsoft PrintNightmare

This one is a doozy. Here are the three links/articles we’ll reference in this episode:

Last week’s show was all about Microsoft security debacles, and now this. A patch is not available yet and many IT teams are scrambling right now. I’m become less and less of a Microsoft fan with each passing day.

That’s it for today’s show. Lots of work to do!

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 132 Show Notes

/in /by

Hey Listeners!

Spring is in full bloom (finally) in Minnesota, and life is good. The weather is great, and last week, our Governor (Tim Walz) lifted the mask mandate for people who are vaccinated and maintain some semblance of social distancing. It’s good to see people’s faces again, especially when they’re smiling. 🙂

We’re grateful for the guests who have joined our show the past four weeks! We’ve learned a ton from these conversations.

If you missed any of these shows, you can find them here:

NOTE: We’re looking for people from other walks of life to share their perspectives too, especially men and women of color. Let us know at unsecurity@protonmail.com if you have suggestions.

This week, we’re not planning to have a guest, so you’ll have to put up with Brad and I.

Next week (episode 133) we’re hoping to have Gabriel Friedlander from Wizer on the show!

Let’s get to the episode 132 show notes, shall we?

SHOW NOTES – Episode 132 – Tuesday May 18th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 132, and the date is May 18th, 2021. Joining me is my good friend, highly-skilled information security expert, and all around great guy, Brad Nigh.

Good morning Brad!

There are so many things happening in our world, it’s hard to keep track. One interesting event from the last week (other than the Colonial Pipeline attack) was the announcement of President Biden’s Executive Order (EO) 14028 titled “Improving the Nation’s Cybersecurity”. In today’s episode, Brad and I are going to break this down.

Improving the Nation’s Cybersecurity

  • The EO was announced by the Administration on 5/12/21.
  • There’s a lot of information to unpack here, including:
  • Section 1. Policy, containing:
    • Policy statement.
    • Scope.
  • Section 2. Removing Barriers to Sharing Threat Information, containing:
    • Review existing reporting requirements and procedures.
    • Recommend updates to the Federal Acquisition Regulation (FAR).
    • Update the FAR.
    • Enforce IT/OT provider compliance.
    • Centralize reporting.
    • Provide budget for this section.
  • Section 3. Modernizing Federal Government Cybersecurity
    • Adopt security best practices.
    • Advance toward Zero Trust Architecture.
    • Accelerate movement to secure cloud services.
    • Adopt multi-factor authentication.
    • Encrypt data at rest and in transit.
    • Centralize and streamline access to cybersecurity data.
    • Invest in both technology and personnel to match the modernization goals.
  • Section 4. Enhancing Software Supply Chain Security
    • Develop standards, tools, and best practices for secure software development.
    • Enforce secure software development practices.
    • Define and enforce a “Software Bill of Materials (SBOM)”.
    • Define “critical software” and its protection requirements.
    • Consumer labeling programs for IoT and software.
  • Section 5. Establishing a Cyber Safety Review Board
    • Requirements for a new “Cyber Safety Review Board”.
    • All requirements are for the Secretary of Homeland Security and the (yet to be established) Cyber Safety Review Board (“board”).
  • Section 6. Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents; the playbook:
    • Will Incorporate all appropriate NIST standards.
    • Be used by all Federal Civilian Executive Branch (FCEB) Agencies.
    • Will articulate progress and completion through all phases of an incident response.
    • Will allow flexibility so it may be used in support of various response activities.
    • Establishes a requirement that the Director of CISA reviews and validates FCEB Agencies’ incident response and remediation results upon an agency’s completion of its incident response.
    • Defines key terms and use such terms consistently with any statutory definitions.
  • Section 7. Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
    • The adoption of a Federal Government-wide Endpoint Detection and Response (EDR) initiative.
    • CISA threat hunting on FCEB networks and systems without agency authorization.
    • Information sharing between the Department of Defense and the Department of Homeland Security
  • Section 8. Improving the Federal Government’s Investigative and Remediation Capabilities
    • Types of logs to be maintained.
    • Time periods to retain the logs and other relevant data.
    • Time periods for agencies to enable recommended logging and security requirements.
    • How to protect logs (logs shall be protected by cryptographic methods to ensure integrity once collected and periodically verified against the hashes throughout their retention)
    • Data shall be retained in a manner consistent with all applicable privacy laws and regulations.
    • Ensure that, upon request, agencies provide logs to the Secretary of Homeland Security through the Director of CISA and to the FBI, consistent with applicable law.
    • Permit agencies to share log information, as needed and appropriate, with other Federal agencies for cyber risks or incidents.
  • Section 9. National Security Systems
  • Section 10. Definitions
  • Section 11. General Provisions

This will be a great conversation as Brad and I share our summary, thoughts and opinions on all this!

News

Just time for one news story this week. This one is from Brian Krebs, “Try This One Weird Trick Russian Hackers Hate“.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

Episode 107 Show Notes – Happy Thanksgiving

/in /by

Hey there, it’s time for episode 107 of the UNSECURITY Podcast!

Just when you think you can’t get any busier…

You get busier.

Maybe if I learned to say “no” a little more often. My dilemma is 1) mostly brought on by myself and 2) is a blessing. It’s better to be busy than to have nothing to do, especially when you’re helping people. I’m grateful.

Short introduction today. Too much going on to elaborate much (for now).

On to the show notes…

This is Evan, I’ll lead the discussion today, and these are my notes…

SHOW NOTES – Episode 107

Date: Tuesday November 24th, 2020

Episode 107 Topics

  • Opening
  • Catching Up
    • What’s new?
    • “Information Security @ Home”
  • Happy Thanksgiving
    • What are your grateful for?
    • What’s different this year?
    • What’s the same?
    • Holiday shopping tips for EVERYONE
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Thank you for tuning in to this episode the UNSECURITY Podcast. This is episode 107, the date is November 24th 2020, and I’m your host, Evan Francen. Sadly, Brad won’t be joining me today. He’s out of commission fighting a bout of labyrinthitis. The prognosis is good, so we expect him to be back soon!

So, this means you’re all stuck with me. I’ll do my best to provide some value for your ears and brain.

Quick Catchup

[Evan] The catchup time is a little different without Brad, so I’ll just give you a quick recap of what I’ve been up to.

Topics:

  • 4th quarter is notoriously busy, like VERY busy, for us. Everyone is running at 100% capacity right now, which is good, but also stressful.
  • Security Sh*t Show – this is live on YouTube every week; Thursday nights at 10pm CST.
    • Last week Chris Roberts and I did the Paqui One Chip Challenge online with a couple fans.
    • We also unveiled a new sticker (see below). If you’d like one, just subscribe to the Sh*t Show YouTube channel and let us know.

  • Information security hobbies – I’ve been working on a Raspberry Pi home network security device, including Kismet, pfsense, and Pi-hole. More to come on this next week.
  • Maybe another thing or two.

Transition

Happy Thanksgiving!

[Evan] Originally, Brad and I were going to continue our discussion about information security at home, then I realized that this is Thanksgiving week! Instead of talking about our original topic, I’m going to talk about protecting yourself (and your family) from holiday shopping scams. For many Americans, Friday marks the beginning of the holiday shopping season, and it’s important for all of us to be careful! Lots of things have changed this year, it is 2020, but some things haven’t. The scammers are still scamming, and a most of the scams are the same this year as they’ve been in years past.

Some interesting stats/information:

  • 61% of Americans have already started holiday shopping (before Thanksgiving)
  • 22% of Americans start their holiday shopping on (or after) Thanksgiving
  • 15% of Americans start their holiday shopping in December
  • 2% of Americans start their holiday shopping in January (hopefully for next year)
  • Last year:
    • $730 billion was spent on holiday shopping
    • $135.5 billion was spent holiday shopping online
    • $71.3 billion was spent holiday shopping using a mobile device
  • Online holiday shopping (in terms of dollars spent) is expected to increase by 35.8%

More online shopping coupled with the fact that most of us are more distracted (than ever), means attackers could have a heyday.

Opportunity + Distraction = Success (for scammers)

Tips to protect yourself and your loved ones (we will make this into a checklist soon):

Most important – situational awareness. It’s the umbrella for all other protection activities/behaviors.

  1. Ship to a secure location – avoid shipping to places where merchandise could sit unattended and insecure for long periods.
  2. If you decide to use a mobile app for shopping, use official retailer apps only.
  3. Don’t save payment card (debit or credit) information in any shopping accounts
  4. Using Apple Pay or Google Pay for payments wherever it’s available.
  5. If you’re unfamiliar with a retailer, do your research before buying. Make sure the site and retailer are legitimate.
  6. Don’t rush to purchase at the lowest price. Slow down and think about security risks first.
  7. Never make purchases on public Wi-Fi – Never.
  8. Use a VPN when shopping (or doing anything sensitive) online.
  9. Always use strong passwords and a password manager.
  10. Check security and/or privacy policies, especially for retailers you’re unfamiliar with.
  11. A legitimate retailers will NEVER ask for your Social Security number, so don’t give it out.
  12. Make purchases with credit cards over debit cards.
  13. Make purchases with prepaid debit cards over credit cards or regular debit cards.
  14. Review all your accounts and bank statements regularly. You should be doing this all year.

Please be careful this holiday season. DO NOT let scammers steal ANY of your joy or hope!

Transition

[Evan] Alright. That’s that. On to some news…

News

[Evan] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:

Wrapping Up – Shout outs

[Evan] That’s it for episode 107. Gonna give my shout outs…

[Evan] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 77 Show Notes – Lots Going On

/in /by

Keeping the show notes short again this week. We’ve been swamped here at FRSecure and SecurityStudio, so not a lot of time to recap what we’ve been up to.

Let’s just get to it, episode 77 show notes below…

SHOW NOTES – Episode 77

Date: Tuesday, April 28th, 2020

Episode 77 Topics

  • Opening
  • Catching Up (as per usual)
  • Remote Working and COVID-19 Stuff
  • Quick Zoom Update
  • Other Things
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 77 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is April 28th, and joining me this morning as usual is Evan Francen. Good morning.

[Evan] Evan says his “blah, blah, blah”.

[Brad] We have a jam packed show this week for sure, but before we jump in, let’s catch up quick. Lots going on.

[Evan] Yep. LOTS going on! Good things, but a helluva lot of good things!

Catching Up

Quick discussion about some of the cool things we’re doing.

[Brad] Good! Let’s shift gears now quick and talk about security remote workers. We’ve briefly touched on it over the last few weeks but as this appears to be becoming the “new norm”, I would like to spend some time dedicated to the topic.

[Evan] Yeah man! Sounds good.

Remote Working and COVID-19 Stuff

Discussion about many news articles, topics, announcements and such…

[Brad] First up, a news article titled “Malware Risks Triple on WFH Networks: Experts Offer Advice”

[Brad] Obviously this is bitsight so we know the limitations however I think in this use-case the data is valuable. We’ve got some other good resources and guidance to share, including:

[Evan] Yeah, these are all great resources that are worth looking at. I think our listeners will appreciate them all. Quick announcement, S2Me version two is releasing this week! It’s a limited release, but it’s a VERY good one! We’ll get into S2Me and how it works with S2Team to offer a unique (and what we think is a better) approach to securing the remote workforce.

[Brad] Cool. Should be a good show next week then!

Quick Zoom Update

[Brad] Zoom has been all over the news since the COVID-19 outbreak, and the stories have been all over the place. Thought we’d mention some of the latest developments. As a quick aside, we’ve touched on Zoom the last few weeks and it’s interesting that some of the other options have flown under the radar despite attacks that seem to be more severe.

And Zoom has released quite a few new security features, there’s this good write-up on Tech Republic titled “Zoom 5.0 Includes Security and Privacy Improvementshttps://www.techrepublic.com/article/zoom-5-0-is-coming-with-improved-security-features-heres-whats-new/

Other Things

[Brad] Like we said, there’s always a lot going on around here at FRSecure and SecurityStudio. Quick list of things:

  • FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
  • Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
  • SecurityStudio Partner Community (Join here).
  • The Daily inSANITY Check-in (Join here).

[Brad] Good conversation. Thank you Evan. Let’s do some news quick.

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye:

Wrapping Up – Shout outs

[Brad] That’s it. Episode 77 is a wrap. Thank you listeners! We hope you’ve enjoyed the show. Any quick shout outs for you Evan?

[Evan] Yes, I have two…

[Brad] Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!