Category Archives: Podcast

Smashing Security podcast #179: Deepfake Jay-Z, and beer apps spilling your data

Apps that belch out sensitive military information, what could the world learn from South Korea’s digital response to the Coronavirus pandemic, and who has been deepfaking Bill Clinton, Jay-Z, and Donald Trump… and why?

All this and much much more is discussed in the latest episode by computer security veterans Graham Cluley and Carole Theriault, joined this week by Brian Klaas of the “Power Corrupts” podcast.

Podcast Episode 7: The Perimeter Really Is Gone – CIS Controls and COVID-19 with Tony Sager

Tony Sager, Senior Vice President and Chief Evangelist at CIS (Center for Internet Security) joins us to discuss the best approaches to the changing security landscape in the wake of COVID-19. Tony is a lifelong defender, with more than 44 years of experience. He spent most of his career at the NSA and now leads […]… Read More

The post Podcast Episode 7: The Perimeter Really Is Gone – CIS Controls and COVID-19 with Tony Sager appeared first on The State of Security.

Smashing Security #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

“The security industry doesn’t have to be this way”. Talking people powered security with Masha Sedova

Masha Sedova, cofounder of Elevate Security

This week’s episode of the Security Stories podcast was one of my favorites to record, for a few reasons.

Our interview is with a remarkable lady called Masha Sedova, who co-founded Elevate Security. Elevate uses data and analytics to invoke cultural and behavioural change in a company’s approach towards cybersecurity.  I met Masha at RSA when she had just been announced as finalist for the 2020 Innovation Sandbox award, which tells you something about how unique and interesting her solution is.

Before Elevate, Masha was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. And it’s there where she had the idea for Elevate.

I have always loved that within the security industry, you really can make a difference. Masha saw something that could change, and had the courage to go out and set something up herself, rather than wait for someone else to do it. “The industry doesn’t have to be this way” is the mantle she had when she decided to go for it.

There’s many reasons why this was one of my favorite interviews.  For anyone tempted to listen, I would say – come for the unique insights into human behavior and why we make the security choices that we do sometimes.  And then stay for the discussion on setting up a business, as a woman, in the security industry.

During the interview, Masha recalls a specific and very personal example of gender discriminatory behavior she came up against whilst she was trying to raise investment three years ago.  This led to Masha creating a hiring policy in her organization which focusses on hiring more women, and embracing diversity as a rule.

It really struck a chord with me. Because this type of gender discrimination isn’t uncommon for women in the technology sector (dare I say most sectors). I myself can still recall, very vividly, when it’s happened to me. I know it’s happened to friends of mine.  It does stay with you, and it has lasting impact.

So I wanted to share this important message to say that it doesn’t have to be this way, and Masha is an example of the kind of leadership that’s required to ensure it doesn’t have to happen to anyone else. Thanks also to Masha’s co-founder Robert Fly, who had her back in that investor meeting.

I have a few friends with daughters who are growing up, and I hope that soon, the world is open to whatever they want to do with their lives and careers.

Also in this episode, Ben talks about the resurgence of digital extortion scams, what they tend to include, and what to do about them.

And finally we have our ‘On this Day’ feature. For this, we go back into the cybersecurity archives and pick out significant events that happened around this time, however many years ago.  We’ve gone back to the 70s to talk about the first ever network attack, and we visited the 90s in the last episode to talk about the launch of Snort onto opensource, but for this episode we’re only going to go back 3 years, because, well we couldn’t not.

Because on May 12th 2017, something called WannaCry began to wreak havoc within computer systems across the world.  We revisit the timeline of the attack, how it all unfolded, and the significance that WannaCry still has today.

You can listen to Security Stories on Apple Podcasts, Spotify, Google Podcasts, or wherever you normally get your podcasts from! You can also listen right here and now:

The post “The security industry doesn’t have to be this way”. Talking people powered security with Masha Sedova appeared first on Cisco Blogs.

Smashing Security #177: Elon Musk, Roblox, and Love Bug author found

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down in Manila the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

Podcast Episode 6: Taking Over IoT Devices with MQTT

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best practices. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: […]… Read More

The post Podcast Episode 6: Taking Over IoT Devices with MQTT appeared first on The State of Security.

Cyber Security Roundup for April 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2020.

The UK went into lockdown in March due to the coronavirus pandemic, these are unprecedented and uncertain times. Unfortunately, cybercriminals are taking full advantage of this situation, both UK citizens and 
businesses have been hit with a wave of COVID-19 themed phishing emails, and scam social media and text messages (smishing). Which prompted warnings by the UK National Cyber Security Centre and UK Banks, and a crackdown by the UK Government.
Convincing COVID-19 Scam Text Message (Smishing)

I have not had the opportunity to analyse a copy of the above scam text message (smishing), but it looks like the weblink displayed is not as it appears. My guess is the link is not part of the gov.uk domain, but the attacker has used an international domain name homograph attack, namely using foreign font characters to disguise the true address of a malicious website that is linked.

I was privileged to be on The Telegraph Coronavirus Podcast on 31st March, where I was asked about the security of video messaging apps, a transcript of what I advised is here. Further coronavirus cybersecurity advice was posted on my blog, on working from home securely and to provide awareness of coronavirus themed message scams.  It was also great to see the UK payment card contactless limit increased from £30 to £45 to help prevent coronavirus spread.

March threat intelligence reports shone a light to the scale of the cybercriminal shift towards exploiting COVID-19 crisis for financial gains. Check Point Global Threat Index reported a spike in the registration of coronavirus themed domains names, stating more than 50% of these new domains are likely to be malicious in nature. Proofpoint reports for more 80% of the threat landscape is using coronavirus themes in some way.  There has been a series of hacking attempts directly against the World Health Organisation (WHO), from DNS hijacking to spread a malicious COVID-19 app to a rather weird plot to spread malware through a dodgy anit-virus solution

Away from the deluge of coronavirus cybersecurity news and threats, Virgin Media were found to have left a database open, which held thousands of customer records exposed, and T-Mobile's email vendor was hacked, resulting in the breach of their customers and employees personal data.  

International hotel chain Marriot reported 5.2 million guest details were stolen after an unnamed app used by guests was hacked. According to Marriots online breach notification, stolen data included guest name, address, email address, phone number, loyalty account number and point balances, employer, gender, birthdays (day and month only), airline loyalty program information, and hotel preferences. It was only on 30th November 2018 Marriott disclosed a breach of 383 million guestsTony Pepper, CEO at Egress said “Marriott International admitted that it has suffered another data breach, affecting up to 5.2 million people. This follows the well-documented data breach highlighted in November 2018 where the records of approximately 339 million guests were exposed in a catastrophic cybersecurity incident. Having already received an intention to fine from the ICO to the tune of £99m for that, Marriott will be more than aware of its responsibility to ensure that the information it shares and stores is appropriately protected. Not only does this news raise further concerns for Marriott, but it also serves as a reminder to all organisations that they must constantly be working to enhance their data security systems and protocols to avoid similar breaches. It will be interesting to see if further action is taken by the ICO”

Five billion records were found to be exposed by UK security company Elasticsearch.  Researchers also found an Amazon Web Services open MongoDB database of eight million European Union citizen retail sales records was left exposed, which included personal and financial information.  And Let’s Encrypt revoked over 3 million TLS certificates due to a bug which certification rechecking

March was another busy month for security updates, patch Tuesday saw Microsoft release fixes for 116 vulnerabilities and there was an out-of-band Microsoft fix for 'EternallDarkness' bug on 10th March, but a zero-day exploited vulnerability in Windows remained unpatched by the Seattle based software giants.  Adobe released a raft of security patches, as did Apple (over 30 patches), Google, Cisco, DrayTek, VMware, and Drupal.

Stay safe, safe home and watch for the scams.

BLOG
NEWS
    VULNERABILITIES AND SECURITY UPDATES
      AWARENESS, EDUCATION AND THREAT INTELLIGENCE

      How Safe are Video Messaging Apps such as Zoom?

      I was privileged to be part of The Telegraph Coronavirus Podcast today, where I was asked about the security of video messaging apps.



      'How safe are video messaging apps such as Zoom, and what should users bear in mind when using them?'

      My reply...
      Video messaging apps are an essential communication tool for at home and within businesses, especially during the COVID-19 lockdown period. They are generally safe to use but there are a few security risks which users should be aware of.

      Our increased use of video messaging apps has not gone unnoticed by cybercriminals, who are seeking to exploit the increase of use by sending phishing emails, social media scam messages and even scam text messages, with fake invitations to video messaging app meetings.

      Typically, these scam messages will entice you into either opening a malicious attachment or click a web link which directs to a malicious website. The ultimate aim of these cyberattacks is to deliver malicious software, such as ransomware which locks your PC and demands a ransom payment to unlock, scam a payment, or steal your personal information which can be resold to other cybercriminals on the dark web.

      So, never open an attachment or click on any links within any unexpected or suspicious emails, social media messages and text messages.

      The next piece of advice is to ensure your video messaging app is always kept up-to-date. Luckily most modern smartphones and computer operating systems will automatically update your apps, but it is always worth double-checking and not to suppress any app updates from occurring, as often the app updates are fixing security flaws.

      And finally, on home computers and laptops, when not using video messaging apps, either cover your webcam with a piece of tape or face your webcam towards a wall or ceiling, just in case your computer is covertly compromised and a malicious actor gains access to your computer's webcam.


      Additional
      One tip I didn't have time to say on the podcast, is always ensure your video chats are set to private, using a strong password to prevent ZoomBombingRecent reportshave shown a series of “Zoombombing” incidents lately, where unwanted guests have joined in on open calls. 

      Bharat Mistry, Principal Security Strategist at Trend Micro on Zoom advises “Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.

      It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs). With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature.

      Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far.

      Risk mitigation:
      The good news is that there are several things you can do to mitigate the security risks associated with Zoom. The most basic are: 
      • Ensure Zoom is always on the latest software version
      • Build awareness of Zoom phishing scams into user training programmes. Users should only download the Zoom client from a trusted site and check for anything suspicious in the meeting URL when joining a meeting
      • Ensure all home workers have anti-malware including phishing detection installed from a reputable vendor
      Organisational preparedness:
      Next, it’s important to revisit those administrative settings in the app, to reduce the opportunities for hackers and Zoombombers. Fortunately, automatically generated passwords are now switched on by default, and the use of personal meeting IDs are switched off, meaning Zoom will create a random, one-off ID for each meeting. These setting should be kept as is. But organisations can do more, including:
      • Ensure you also generate a meeting ID automatically for recurring meetings
      • Set screen-sharing to “host only” to prevent uninvited guests from sharing disruptive content
      • Don’t share any meeting IDs online
      • Disable “file transfers” to mitigate risk of malware
      • Make sure that only authenticated users can join meetings
      • Lock the meeting once it’s started to prevent anyone new joining
      • Use waiting room feature, so the host can only allow attendees from a pre-assigned register
      • Play a sound when someone enters or leaves the room
      • Allow host to put attendees on hold, temporarily removing them from a meeting if necessary”