InfoSec ICU

Gerry and Brandon discuss Gerry’s Blackhat and DEFCON experience and feature a few key talks from the conference. As always they end with One Cool Thing. Show Notes Resources: BlackHat 2019 https://www.blackhat.com/us-19/ DEFCON 27 https://www.defcon.org/html/defcon-27/dc-27-index.html Deepfakes https://i.blackhat.com/USA-19/Thursday/us-19-Price-Playing-Offense-And-Defense-With-Deepfakes.pdf Cyber Insurance https://www.blackhat.com/us-19/micro-summits.html#cyber-insurance One Cool Thing Jocko Wilink Discipline equals Freedom  https://www.amazon.com/Discipline-Equals-Freedom-Field-Manual/dp/1250156947 MentiMeter https://www.mentimeter.com/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Brandon Stephens (@bstephens418)

Gerry and Brandon discuss the recent Capital One breach and how the alleged attacker was easily captured. The cover the release of 11 0-day vulnerabilities for a highly used but little discussed OS. They finish the discussion with securing healthcare patient portals. As always they end with One Cool Thing. Show Notes Resources: Capital One Breach https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html Armis Urgent 11 https://armis.com/urgent11/ Securing Patient Portals https://www.workplaceprivacyreport.com/2019/07/articles/hipaa/is-your-patient-portal-secure-study-shows-healthcare-organizations-traditional-cybersecurity-measures-are-insufficient-against-todays-attacks/ One Cool Thing SmartFlower https://smartflower.com/ The Great Hack https://www.netflix.com/title/80117542 Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Brandon Stephens (@bstephens418)

Gerry and Brandon dig into a classic debate in the information security world: Encryption Backdoors. Atty General William Barr recently implored an audience of cybersecurity professionals to champion backdoors in technology implemented encryption. They discuss the utility and implementation of the state of Louisana’s ‘state of emergency’ declaration; is the National Guard a cyber fire department? Finally the discuss their thoughts on whether education can solve the human factor in cybersecurity. As always they end with One Cool Thing. Show Notes Resources: US attorney general says encryption creates security risk https://apnews.com/7423e1ef65a144e6a47e4da63683b3c1 Louisiana governor declares state emergency after local ransomware outbreak https://www.zdnet.com/article/louisiana-governor-declares-state-emergency-after-local-ransomware-outbreak/ Can education solve cybersecurity’s “people” problem? https://www.scmagazine.com/home/opinion/executive-insight/lessons-learned-can-education-solve-cybersecuritys-people-problem/ Equifax Settlement https://krebsonsecurity.com/2019/07/what-you-should-know-about-the-equifax-data-breach-settlement/ CISO Burnout https://www.darkreading.com/careers-and-people/ciso-pressures-why-the-role-stinks-and-how-to-fix-it/a/d-id/1335292 One Cool Thing TabNine https://tabnine.com/ OpenCTI https://www.opencti.io/en/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Brandon Stephens (@bstephens418)

Gerry and Brandon discuss the impending Equifax $700M settlement and what it means in a macrocosm manner. They follow up analyzing the quantified trend of CISOs on average lasting 18-24 months per job posting. They finish by interviewing Dr. Mike Ham around BGP security. As always they end with One Cool Thing. Show Notes Resources: Equifax Settlement https://krebsonsecurity.com/2019/07/what-you-should-know-about-the-equifax-data-breach-settlement/ CISO Burnout https://www.darkreading.com/careers-and-people/ciso-pressures-why-the-role-stinks-and-how-to-fix-it/a/d-id/1335292 One Cool Thing Dr. Josh Stroschein Cyber Educational Site https://0xevilc0de.com/  Learning Powershell Gamified  https://www.underthewire.tech/index.htm  Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Brandon Stephens (@bstephens418)

Gerry and Steve discuss Zoom and Apples response and actions from the Zoom fallout of silent local webservers on endpoints. The guys discuss the Ponemon report on third party risk management in the healthcare industry. Finally they discuss the academic conference Gerry is currently attending in Charleston and feature a talk on Adversarial Attack Sampling of Phishing Websites. As always they end with One Cool Thing. Show Notes Resources: Zoom Vulnerability / Apple Response https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 Ponemon Report  https://www.healthcareitnews.com/news/hospitals-are-paying-not-vetting-their-vendors https://9to5mac.com/2019/07/10/zoom-apple-macos-update/ Data and Applications Security and Privacy XXXIII 33rd Annual IFIP WG 11.3 Conference, DBSec 2019 https://dbsec2019.cse.sc.edu/ One Cool Thing Instagram Hack https://threatpost.com/researcher-bypasses-instagram-2fa/146466/ Steve’s BitterSweet  Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Gerry and Steve discuss a looming $240 Million dollar GDPR non-compliance fine for British Airways for an incident you may not think is GDPR coverable. They follow by talking about how malicious actors are abusing weaknesses in Outlook to establish persistence on corporate systems. Finally they discuss the proliferation of DNS over HTTP to make the Internet a more secure place, and how bad guys are weaponizing it. As always they end with One Cool Thing. Show Notes Resources: British Airways GDPR Potential Fine https://www.theverge.com/2019/7/8/20685830/british-airways-data-breach-fine-information-commissioners-office-gdpr Malware using Outlook https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/ DNS over HTTPS for malicious intent https://www.techspot.com/news/80791-meet-godlua-first-known-malware-leverages-dns-over.html One Cool Thing Cicerone https://www.cicerone.org/ TrackThis.link https://trackthis.link/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Gerry and Steve discuss the penalty exacted on a Florida man who was responsible for opening a malicious email leading to a ransomware attack. They discuss UChicago’s and Google being sued for (maybe) improperly handling patient data. They wrap up discussing legislation going through Senate to help reduce financial penalties associated with HIPAA incidents depending on the organization’s cyber security posture. As always they end with One Cool Thing. Show Notes Resources: Florida Man Fired for Falling for Phish https://www.zdnet.com/article/florida-city-fires-it-employee-after-paying-ransom-demand-last-week/ UChicago and Google sued https://healthitsecurity.com/news/google-uchicago-medicine-sued-for-sharing-identifiable-patient-data Senate provision to reduce healthcare costs and HIPAA fines https://healthitsecurity.com/news/senate-help-proposes-incentivizing-healthcare-cybersecurity-adoption One Cool Thing DEEPFAKES A CRIME! https://law.lis.virginia.gov/vacode/18.2-386.2 40th anniversary of the Sony Walkman https://www.sony.net/united/walkman40th/  Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Brandon and Steve take to the studio discussing the ransomware payout in Rivieria Beach. The guys interview Apple Security Researcher and regular security con speaker Patrick Wardle to discuss his research and thoughts on Apple Security. As always they end with One Cool Thing. Show Notes Resources: Objective-See https://objective-see.com/ Riviera Beach Ransomware https://securityaffairs.co/wordpress/87381/breaking-news/riviera-beach-city-ransomware.html CHS BSides Security Conference https://www.bsidescharleston.org/ One Cool Thing Target Curbside Pickup https://www.target.com/c/drive-up/-/N-9d42z Steve Cardinal on NBC National News https://www.nbcnews.com/nightly-news/video/hospitals-inundated-with-robocalls-becoming-a-life-threatening-problem-62266437524 Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

The guys are focused on Washington DC this week. The guys discuss legislation that is working its way through the process on establishing a DHS cyber incident response team and the lifted ban on developing a unique patient identifier to promote patient data interoperability (and privacy concerns around that). The wrap up discussing a recent report from the Healthcare Industry Cybersecurity Workforce on Recruiting and Retaining Skilled Cybersecurity Talent As always they end with One Cool Thing. Show Notes Resources: DHS Cyber Incident Response https://www.scmagazine.com/home/security-news/government-and-defense/tktktktktk-u-s-house-passes-bill-that-w/ Unique Patient Identifiers https://www.careersinfosecurity.com/house-approves-lifting-hhs-ban-on-unique-patient-ids-a-12630 Healthcare Cyber Workforce Guide https://healthsectorcouncil.org/Workforce-Guide/ One Cool Thing Cybersecurity industry taxonomy https://cdn.discordapp.com/attachments/397055174260031488/400383361442512906/1337list_hires.png Attack Surface Analyzer https://www.helpnetsecurity.com/2019/05/20/attack-surface-analyzer/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve provides insights from last weeks NCHICA conference he attended. The guys sped time discussing the pros and cons of personal VPNs and what you should consider when selected one. They wrap up discussing the Have I Been Pwned breach database going from home grown to corporate. As always they end with One Cool Thing. Show Notes Resources: PC Mag review of personal VPNs https://www.pcmag.com/roundup/296955/the-best-vpn-services TroyHunt HIBP https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/ One Cool Thing Bruins Game 7 https://www.boston.com/sports/boston-bruins/2019/06/11/stanley-cup-final-game-seven Reimagined Obi-Wan v. Darth Vader light saber fight scene https://www.fastcompany.com/90347039/this-fan-made-nerd-approved-edit-of-an-iconic-star-wars-scene-took-2-5-years-to-make Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Brandon and Gerry discuss the recent announcement of the premiere Ransomware player in the market retiring, appropriate sanctions organizations should use when addressing victims of phishing, and the US Government vulnerability equities program (VEP). As always they end with One Cool Thing. Show Notes Resources: GandCrab Crew Retiring https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/ Terminating Users for Falling for Phishes https://krebsonsecurity.com/2019/05/should-failing-phish-tests-be-a-fireable-offense/ Vulnerabilities Equities Program https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF One Cool Thing ThreatHunting Project https://www.threathunting.net/ Innocent Org https://www.innocentlivesfoundation.org/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry aren’t feeling blue, but happy to share information security with blue-shaded glasses. They follow up on last week’s story of am ransomware event in Baltimore and how the NSA tool EternalBlue has been identified as part of the spreading mechanism. The interview show friend, Brandon Stephens, on his guidance on Blue Teaming as a career choice and where folks can start. The wrap up discussing security research SandBoxEscaper and her release of multiple Windows 10 0-days recently. As always they end with One Cool Thing. Show Notes Resources:   EternalBlue and the NSA on Baltimore Ransomware https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html Blue Teaming for New Folks https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756 https://twitter.com/BHinfoSecurity https://twitter.com/taosecurity SandboxEscaper Releasing 0-days https://www.computing.co.uk/ctg/news/3076215/windows-10-zero-day-security-flaw-task-scheduler-sandboxescaper One Cool Thing Tasty App https://itunes.apple.com/us/app/tasty/id1217456898?mt=8 Kids Cyber Education https://www.kickstarter.com/projects/curtbraz/m-is-for-malware Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss the major Windows vulnerability in the news “BlueKeep” and what you need to know about responding to it. They discuss the city of Baltimores current ransomware debacle and finish with firms that promise to aid you in decrypting your ransomware files but in reality are just brokering with the attackers. As always they end with One Cool Thing. Show Notes Resources: BlueKeep https://blog.qualys.com/laws-of-vulnerabilities/2019/05/15/windows-rdp-remote-code-execution-vulnerability-bluekeep-how-to-detect-and-patch Baltimore Ransomware Issues https://arstechnica.com/information-technology/2019/05/baltimore-ransomware-nightmare-could-last-weeks-more-with-big-consequences/ https://www.npr.org/2019/05/21/725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline Ransomware Recovery vendors were really just paying the ransom and taking the credit. Are they funding terrorism? https://arstechnica.com/information-technology/2019/05/these-firms-promise-high-tech-ransomware-solutions-but-typically-just-pay-hackers/ One Cool Thing MythGard https://www.mythgardgame.com/ Smartphone Ear Checker https://www.npr.org/sections/health-shots/2019/05/15/723595540/a-smartphone-app-and-a-paper-funnel-could-help-parents-diagnose-kids-ear-infecti Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss an interesting angle on the capitalization of user data by online gambling sites targeting individuals that take medication with side effects of increase impulsive behaviors. They laud the annual Verizon data breach incident report and highlight their favorite findings. They wrap up the main segment discussing the recent State of South Carolina privacy conference that Steve participated as a panelist. As always they end with One Cool Thing. Show Notes Resources: Just because an advertiser doesn’t have direct access to your private information doesn’t mean they can’t abuse it. https://www.michaeljfox.org/foundation/news-detail.php?new-study-examines-impulse-control-disorders-and-parkinson-drugs Verizon releases their latest Data Breach Investigations Report. https://enterprise.verizon.com/resources/reports/dbir/ Privacy in Action Discussion Series https://admin.sc.gov/technology/enterprise-privacy One Cool Thing OSINT Framework https://osintframework.com/ Fairchild Tropical Botanical Gardens https://www.fairchildgarden.org/  Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss a recent $3M OCR settlement with Touchstone Medical Imaging (TMI) and how foundational security controls are commonly missed. Gerry finally shares his Ph.D. research with the show and digs into the main issues facing small healthcare practices. Finally, the guys discuss Supply Chain risk using the recent MirrorThief card skimming attacks to illustrate. As always they end with One Cool Thing. Show Notes Resources: TMI OCR Settlement https://www.hhs.gov/sites/default/files/tennessee-diagnostic-medical-imaging-services-ra-cap.pdf   Flashlight in a Dark Room Theory – Dr Gerald Auger research dissertation https://scholar.dsu.edu/theses/329/   Mirrorthief Credit Card Skimming Attack https://www.scmagazine.com/home/security-news/mirrorthief-card-skimming-attack-steals-card-data-from-online-college-stores/   One Cool Thing Google adding privacy tools to Chrome https://www.wsj.com/articles/googles-new-privacy-tools-to-make-cookies-crumble-competitors-stumble-11557151913   15th Academic Medical Center Security and Privacy Conference, June 3-4, 2019 https://nchica.org/conferences/amc2019/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)