InfoSec ICU

Gerry and Steve discuss Microsofts Red Team and how its mission to beat the bad guys to finding vulnerabilities in Windows OS. They give their thoughts on a recently released research paper on the seven properties of highly secure devices and what the impact for IoT devices in general could be. They wrap up discussing Azure Sphere, Microsofts approach to end-to-end IoT security. Show Notes Resources: Microsoft Red Team – https://www.wired.com/story/microsoft-windows-red-team/ 7 Properties of Highly Secure Devices – https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Azure Sphere – https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sphere-secure-and-power-the-intelligent-edge/ One Cool Things Blackhat Arsenal https://www.blackhat.com/us-18/arsenal/schedule/index.html Flush https://itunes.apple.com/us/app/flush-toilet-finder-map/id955254528?mt=8 Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

In a special edition of InfoSecICU, its tool time! Brandon and Gerry discuss their experiences and lessons learned with a bevy of security related software tools that you may utilize in your organization. NSM as a philosophy is covered, followed by SysMon. The guys round out discussing approaches and appropriateness of malware analysis tool sets. Show Notes Resources: Network Security Monitoring (NSM) http://nsmwiki.org/Main_Page SecurityOnion https://securityonion.net/ RocNSM http://rocknsm.io/ SysMon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon PEStudio https://www.winitor.com/ ApateDNS https://www.fireeye.com/services/freeware/apatedns.html IDA Pro https://www.hex-rays.com/products/ida/ WinDbg https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools VirusTotal https://www.virustotal.com/ Joe Sandbox https://www.joesecurity.org/ Strings https://en.wikipedia.org/wiki/Strings_(Unix) Wireshark https://www.wireshark.org/   One Cool Things Gerry: 80’s Retro Synthwave Collection The Midnight https://youtu.be/_pUL7u-mYqA FM-84 https://youtu.be/rSGnNMnvM6M Timecop1983  https://youtu.be/egAB2qtVWFQ Brandon: Caffe Shakerato http://saltandwind.com/recipes/102-caffe-shakerato-recipe  Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Brandon and Gerry discuss the recent NH-ISAC Summit in Sawgrass and a keynote talk regarding cyberwar and civilian collateral damages. They discuss, technically, the recently published research on VPNFilter and finish discussing some additional Amazon Alexa mishaps. Show Notes Resources: NH-ISAC Summit https://nhisac.org/summits/2018-spring-summit/ VPNFilter https://blog.talosintelligence.com/2018/05/VPNFilter.html   https://www.zdnet.com/article/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware/  Amazon Alexa Records Conversation and Messages It https://www.techspot.com/news/74820-amazon-explains-how-alexa-secretly-recorded-couple-conversation.html   https://www.elitedaily.com/p/why-is-my-amazon-alexa-laughing-at-me-the-creepy-glitch-is-being-fixed-8441976  https://www.techspot.com/news/74128-amazon-patent-could-alexa-listen-conversations-discover-more.html  One Cool Things Privacy.Com Jupiters planet Europa https://www.space.com/40575-jupiter-moon-europa-plume-galileo-spacecraft.html Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss recently published research of two attacks that can be use to compromise the Amazon Echo digital assistant device, and the implications for digital assistants in general going forward. Multi-factor authentication (MFA) is great, but not bulletproof. Steve and Gerry discuss attack vectors and what organizations should be thinking of when implementing and using MFA. Finally the guys wrap up discussing Microsoft’s recent announcement of supporting JavaScript within its spreadsheet application, Excel. Show Notes Resources: Amazon Echo Attacks Research https://www.bleepingcomputer.com/news/security/researchers-turn-amazon-echo-into-an-eavesdropping-device/ Cracking 2FA https://www.darkreading.com/endpoint/cracking-2fa-how-its-done-and-how-to-stay-safe/d/d-id/1331835 JavaScript for Excel https://www.wired.com/story/microsoft-excel-javascript/   One Cool Things Google Do No Evil no more https://gizmodo.com/google-removes-nearly-all-mentions-of-dont-be-evil-from-1826153393 Offline “Here we go” Google Maps https://www.here.com/en/products-services/here-wego-app   Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss the use cases and privacy implications of a new website that provides aggregated access to the Internet’s live streaming web cams. A major attack on email encryption and the argument security professionals are having about it is covered. They finish with thoughts on the recently released trove of published evidence from the recent Russian Facebook meddling. Show Notes Resources: Network live IP video cameras directory – http://www.insecam.org/ Decrypt Encrypted Email – https://efail.de/ Russian Facebook Ads Evidence – https://www.darkreading.com/vulnerabilities—threats/newly-released-russian-facebook-ads-show-scale-of-manipulation/d/d-id/1331779   One Cool Things USB Sniffing K9 https://www.scmagazine.com/usb-drive-sniffing-k-9-helps-capture-student-hacker/article/765275/ All the Developer Tools You Need to Build Child Privacy-Certified Products! https://www.dynepic.com/   Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss a serious, but often overlooked issue of children identity theft and fraud. They shed light on how organized crimes are making substantial financial investments to improve phishing attacks. They round out discussing privacy concerns with individuals DNA and how it can be used to solve cold cases. Show Notes Resources: Children identity theft: https://www.darkreading.com/vulnerabilities—threats/more-than-1m-children-victims-of-identity-fraud-in-2017/d/d-id/1331674 Phishing as an organized criminal enterprise: https://www.vadesecure.com/en/phishing-attack-targets-550-million/ DNA catches a killer: http://beta.nydailynews.com/news/national/dna-testing-golden-state-killer-case-raises-concerns-article-1.3958054     One Cool Things Truck stopping ray gun: https://www.defenseone.com/technology/2018/04/pentagon-making-ray-gun-stop-truck-attacks/147702/ Gmail self-destructing email: https://www.helpnetsecurity.com/2018/04/26/gmail-self-destructing-emails/   Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Its all about information sharing in this episode of Infosec ICU. Steve and Gerry interview Chris Bennett, sector chief for healthcare and public health for South Carolina’s InfraGard. They discuss the plethora of ISACs available to US based companies and what values you can realize. Finally they discuss the privacy and security concerns of the Cybersecurity Information Sharing Act of 2015. Show Notes Resources: South Carolina InfraGard https://southcarolinainfragard.org/ National ISACs https://www.nationalisacs.org/ Cybersecurity Information Sharing Act of 2015 https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/   One Cool Things Controlling Dreams: https://motherboard.vice.com/en_us/article/ywxjvg/steel-ball-control-dreams-dormio-mit-hypnagogia Bad Lip Reading https://www.youtube.com/user/BadLipReading Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss the 34 tech company Cybersecurity Accord announced at RSA 2018, the new plan the FDA has published with respect to medical device cybersecurity. Show Notes Resources: Cybersecurity Accord https://www.scmagazine.com/tech-giants-combine-to-protect-civilians-from-cyberattack/article/759201/  https://cybertechaccord.org/  FDA Medial Device Safety Plan https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHReports/UCM604690.pdf DeepFakes: https://www.buzzfeed.com/davidmack/obama-fake-news-jordan-peele-psa-video-buzzfeed  https://www.technologyreview.com/s/610784/this-algorithm-automatically-spots-face-swaps-in-videos/  One Cool Things SkyRim Mods “Thomas the Tank Engine” https://youtu.be/yNaTZV8qS1I My Tide Times (app) https://itunes.apple.com/us/app/my-tide-times-tables-chart/id777280890?mt=8 Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry discuss recent research that demonstrates data breaches are linked to higher patient mortality rates. IoTs in the enterprise and the impending future of them are discussed, introduced by a recent casino breach that started with a thermometer. Finally they socialize recent HHS guidance on acceptable privacy disclosure. Show Notes Resources: Do data breaches lead to higher mortality rates? http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_2.pdf IoT hacked a Casino: http://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4?r=UK&IR=T One Cool Things DSU takes 3rd at CCDC: http://www.nccdc.org/ CoC takes 2nd at PCDC: http://pcdc-sc.com/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry drill into the Verizon PHI Data Breach Report and discuss a few surprising findings. They offer their opinion on the recent attacks on Russian and Iranian Cisco devices and the value of Hacktivism. They close out with a scam that attacks a little known feature of all GMail email addresses. Show Notes Resources: Verizon PHI Data Breach Report: http://www.verizonenterprise.com/verizon-insights-lab/phi/2018/ Attacked Cisco Devices: https://www.securityweek.com/cisco-switches-iran-russia-hacked-apparent-pro-us-attack  https://motherboard.vice.com/en_us/article/a3yn38/election-hacking-vigilante-russia-iran-cisco  GMail dots do matter: https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html One Cool Things Sysmon https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Swift on Security Sysmon Config file. https://github.com/SwiftOnSecurity/sysmon-config PlayFest http://southofbroadway.com/season/ Piccolo Spoleto https://www.charlestoncvb.com/events/piccolo-spoleto-~8959/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Breach, breach, breach! Steve and Gerry talk the Good, the Bad, the Ugly of recent breaches, showcasing a comparison between organizations that handle breaches well and those that fail miserably. Cloudflare’s new DNS resolver and its privacy approach are discussed followed by the Ponemon report on the cost of a data breach. Show Notes Resources: Bundle of Breaches: * https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing * https://www.wsj.com/articles/saks-lord-taylor-hit-with-data-breach-1522598460 * https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html * https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ Cloudflare DNS Resolver: https://blog.cloudflare.com/announcing-1111/ Ponemon Cost of a Data Breach 2017: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf   One Cool Things Drunk apps: https://www.thrillist.com/tech/nation/apps-to-prevent-drunk-texting-and-late-night-mistakes The Vocabulary for Event Recording and Incident Sharing http://veriscommunity.net/index.html Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Steve and Gerry dive headfirst into a recent indictment against 9 Iranian nationals accused of hacking universities worldwide (a majority in the US) for research capital; showing the value of academic research, they discuss a recently published paper from China outlining a technique for tricking facial recognition biometric information. Finally Gerry shares his experiences from the DakotaCon security conference and how blue teams are gaining ground against attackers. Show Notes Resources: Iranian hackers attack universities worldwide: https://www.bleepingcomputer.com/news/security/us-charges-nine-iranians-with-hacking-over-300-universities/ Research tricking Facial Recognition systems: https://arxiv.org/pdf/1803.04683.pdf DakotaCon http://dakotacon.org DakotaCon talks http://dakotacon.org/#video One Cool Things Google Takeout: https://takeout.google.com/ GIAC Leadership: https://www.giac.org/certification/strategic-planning-policy-leadership-gstrt?msc=PR Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

With Gerry in South Dakota presenting his proposal for his dissertation, guest-host Brandon Stephens steps up to the plate to discuss how Sun Tzu’s The Art of War is helpful in preparing for a cyber attack. He and Steve also discuss why Identity and Access Management is so important, as well as the challenges in getting it right. And, of course, they can’t help but weigh in on the recent mess with Facebook and Cambridge Analytica: How could we have seen this coming and is this a big enough reason for people to take a hard look at their social media usage. Show Notes Resources: The Art of War – https://suntzusaid.com/ Cambridge Analytica and Facebook controversy – https://www.theguardian.com/news/2018/mar/17/data-war-whistleblower-christopher-wylie-faceook-nix-bannon-trump One Cool Things The Open Policy Project – https://www.t2pa.com/project-open-it-policy-project/oitpp-directory/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

We all think it, but now we know it. The guys discuss statistical evidence that supports employees are a weak link in healthcare cybersecurity defenses. Also attackers have discovered that they can unleash unprecedented Distributed Denial of Service (DDoS) attacks using open memcached servers. The guys cover both these topics and dive into how the FBI has been using the Geek Squad to identify illegal content and report them. Is this a warrantless search and in violation of the 4th Amendment? Show Notes Resources: Losing Cybersecurity Culture War: https://newsroom.accenture.com/news/one-in-five-health-employees-willing-to-sell-confidential-data-to-unauthorized-parties-accenture-survey-finds.htm DDoS Memcache: https://www.wired.com/story/github-ddos-memcached/ https://www.corero.com/company/newsroom/press-releases/corero-network-security-discovers-memcached-ddos-attack-kill-switch-and-also-reveals-memcached-exploit-can-be-used-to-steal-or-corrupt-data/ Deputizing Geek Squad: https://www.eff.org/deeplinks/2018/03/geek-squads-relationship-fbi-cozier-we-thought One Cool Things Oculus Rift Fail: https://www.polygon.com/2018/3/7/17091938/oculus-runtime-error-outage-rift-vr-facebook Zero Trust Network: http://shop.oreilly.com/product/0636920052265.do Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)

Last year HHS executed their HIPAA Phase 2 audits across covered entities and business associates, but why have things been quiet at HHS? The guys provide insights regarding the findings and suggest ideas on why HHS’s focus may have changed. The guys look at the bigger picture of the effects breaches have had on public trust, and a 21st century method of money laundering is covered. Show Notes Resources: OCR Says Desk Audits Rates Many HIPAA Efforts to be Inadequate or Worse https://cynergistek.com/ocr-desk-audits-preliminary-results/ Amazon Books Fraud https://krebsonsecurity.com/2018/02/money-laundering-via-author-impersonation-on-amazon/ One Cool Things CIMON: https://motherboard.vice.com/en_us/article/bj53q3/astronauts-will-welcome-a-free-floating-robot-head-to-the-iss-this-summer Hipku: https://gabrielmartin.net/projects/hipku/ Contact Email infosecicu@musc.edu Twitter: * Gerry Auger (@Gerald_Auger) * Steven Cardinal (@sgcardinal)