Patchless patching, IPv6-enabled RCE, room searches at DEF CON, and Moon GPS – ESW #372
This week, we discuss a marketing campaign that caught Darwin's eye at the Black Hat expo: patchless patching. Then, Darwin recounts his experiences at the Innovators and Investors Summit.
We discuss the potential impact of a critical Windows vulnerability that supposedly allows RCE via IPv6 packets!
Microsoft continues to stumble, deepening trust issues with its customers. The issues, as always, seem to stem from Microsoft prioritizing time-to-market over quality or safety.
Trend Micro looks for a buyer, while Dell and Cisco announce layoffs, hot on the tail of news that Intel will be letting over 15000 employees go.
We also discuss the legality and privacy implications of mandatory room searches at DEF CON, and MOON GPS.
Adrian Sanabria
- ACQUISITIONS: Fortinet Strengthens Its Top-Tier Unified SASE Solution with Acquisition of Enterprise Data Security Company Next DLP
- ACQUISITIONS: OPSWAT Acquires InQuest, Strengthening Federal Go-to-Market Strategy, Network Detection, and Threat Intelligence Capabilities – OPSWAT
- ACQUISITIONS: EQT to acquire a majority stake in Acronis, Acronis continues to expand its platform for MSPs
- ACQUISITION RUMORS: Trend Micro explores sale, sources say
This would be momentous. Trend Micro is one of the last remaining big OG security vendors started in the 1980s, along with F-Secure (now WithSecure). The Japanese market seems to be hurting them pretty bad right now though (they used to be on the NASDAQ, but are now public in Tokyo)
- ACQUISITION RUMORS: CrowdStrike eyes Action1 for $1B amid fallout from Falcon update mishap
- NEW FEATURES: “Patchless Patching” for Zero Days: Qualys Advances Vulnerability Management
Darwin has some thoughts on this one, I think.
Adrian's question: how is this different from virtual patching, which was a thing 20+ years ago! Also, I've been using 0Patch for years (inserts virtual patches into running processes). Other approaches (like Cyvera, acquired by PANW in 2014) block known exploit attempts rather than creating virtual patches that need to be exploit/vuln-specific.
- ESSAYS: BlackHat Innovators & Investors Quick Hits
- ESSAYS: Let’s get real: there is no such thing as “gatekeeping” in cybersecurity
A very controversial-sounding title that ends up not being all that controversial once he qualifies the statement with "with regards to entry-level folks trying to find their first job in cybersecurity."
- ESSAYS: Software’s Iron Triangle: Cheap, Fast and Good – Pick Two
From Chris Hughes
At Black Hat, Jen Easterly dropped a few instantly iconic quotes.
“We don’t have a cybersecurity problem. We have a software quality problem.”
I mean, of course this is an oversimplification of cybersecurity's problems, but I think it's even worse than that. I think this applies to a subset of IT and most third party vendors, but even if you have no in-house dev team, you still have some pretty serious cybersecurity concerns. I think our software quality problem is just a small part of our system-level design and engineering problem.
She also said,
“We have a multi-billion dollar cybersecurity industry because for decades, technology vendors have been allowed to create defective, insecure, flawed software.”
Which I think is fair.
- STANDARDS: NIST Releases First 3 Finalized Post-Quantum Encryption Standards
We interviewed Vadim Lyubashevsky, one of the authors of these quantum safe algorithms, back in episode 315, check it out here!
- VULNERABILITIES: Windows TCP/IP Remote Code Execution Vulnerability
A critical vulnerability that is RCE and exploitable via IPv6. The only options seem to be to disable IPv6 or patch! This one could get VERY spicy in the near future if exploits emerge.
- VULNERABILITIES: Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
- DUMPSTER FIRES: Here are the Hacker Tools a DEF CON Hotel is Hunting For
- DUMPSTER FIRES: Azure outages should spark new urgency for a multi-cloud approach
- LAYOFFS: Cisco to lay off thousands more in second job cut this year, sources say
Also heard that Dell is laying off over 10,000 employees, yikes!!!
- STUNT HACKING: Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes
Just because it's stunt hacking doesn't mean it's not fun!
- HOT TAKES: Pramod Gosavi on LinkedIn: Gartner cancels SOAR, calling it obsolete…
- SQUIRREL: What Time Is It on the Moon?
Devo Launches New Capabilities & Revolutionizing Cyber Resilience – Rakesh Nair, Rekha Shenoy – ESW #372
Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.
Segment Resources: https://www.devo.com/defend-everything/
This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.
As security monitoring has gotten more mature over the years, remediating security vulnerabilities is still stuck in the dark ages requiring mountains of CVE reports and thousands of manual tasks to be done by network engineers at the wee hours of the nights and weekends. Cyber resilience requires a more continuous approach to remediation, one that does not depend on manual work but also one that can be trusted not to cause outages.
This segment is sponsored by BackBox. Visit https://securityweekly.com/backboxbh to learn more about them!
Rakesh Nair is the Senior Vice President of Engineering and Product at Devo, where he oversees the company’s research and development efforts. With over 25 years of experience in cybersecurity, Rakesh brings a wealth of expertise to his role. He was the co-founder and CEO of Kognos, an autonomous cyber threat hunting platform that Devo acquired in 2022.
With over 25 years in B2B tech, Rekha has led product and go-to-market strategies at top companies like Belden, Tripwire, and BMC Software. She is excited to lead the strong team at BackBox and recognizes network automation’s transformative power. Her expertise has consistently driven innovation and growth and will position the company for continued success in this evolving space.
Operational Resilience in Healthcare & Zscaler Uncovers Record-Breaking Ransom – Marty Momdjian, Brett Stone-Gross – ESW #372
Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand.
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!
The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group.
Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!
As General Manager for Ready1 and EVP of Services, Marty Momdjian brings more than 15 years’ strategic and tactical leadership in cyber resilience and incident response (IR) to Semperis. His expertise in identity security, particularly in applied controls and ease of use, was forged while leading IR and recovery teams during some of the most well-known cyber breaches in the healthcare industry.
At Semperis, Marty’s focus is on breach preparedness and mitigating the impact to clinical and business operations during cyber events.
Dr. Brett Stone-Gross is the Senior Director of Threat Intelligence at Zscaler. He holds a Ph.D. in computer science from the University of California, Santa Barbara and has over 20 years of experience in malware analysis and reverse engineering. Brett has authored more than a dozen publications and presented his work at top cybersecurity conferences. He specializes in advanced technical research focused on sophisticated cyber threats.
