Welcome to The Threat Show powered by Fletch! This week we're joined by Dave Neuman. Dave works alongside Chris as a Senior Analyst at TAGCyber, in addition to being an Adjunct Professor at The University of Texas at San Antonio and being a Member Of The Board Of Advisors at Sightgain, an breach/attack simulation company.
We’ll talk to Dave about why it's so important to pass knowledge down to the incoming generation of cybersecurity experts, his advice for smaller cybersecurity teams, and more. We also discuss five threats you should know about.
Threat Landscape (02:06)
Darien Kindlund and Chris Wilder break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Proof-of-Concept released for critical Microsoft Word RCE bug (04:34)
A weaponized RTF file delivered in an email attachment can compromise victims who simply open the file. This threat is low complexity but can have a big impact as it can allow remote attackers to execute code.
Fortinet warns of new critical unauthenticated RCE vulnerability (06:38)
Fortinet is on their fourth wave of new vulnerabilities discovered within their platform in the past two months. If you use Fortinet gear for network perimeter protections, an attacker can load executables on those devices without any authentication needed. Thankfully this threat was discovered internally, but where there’s one vulnerability, there’s likely more.
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE (11:00)
New sets of vulnerabilities discovered within Jenkins servers don’t require the server to be directly exposed to the internet. Attackers can publish a malicious plugin to the Jenkins infrastructure, so when you update your Jenkins plugin repositories, the Jenkins server will be compromised and talk out to the attackers infrastructure.
New HiatusRAT router malware covertly spies on victims (16:09)
Small home office routers and VPN concentrators, primarily end-of-life DrayTek Vigor models, had laced custom malware that would allow attackers to dump and extract any unencrypted traffic on the wire. This was discovered at around 3,000 organizations.
New Malware Variant Used by Chinese Hackers has “Radio Silence” Mode to Evade Detection (20:09)
The Chinese-based APT known as Sharp Panda is targeting southeast Asian organizations with malware that comes in the form of a weaponized word document or RTF file. Once a victim is compromised, the malware waits before beaconing out to the internet, which the hacking group calls “radio silence mode”. Compromised systems won’t act compromised all the time.
Interview with Dave Neuman (23:09)
Dave Neuman talks about his 28 years of experiences in the US Air Force, why it’s so important to pass knowledge down to the incoming generation of cybersecurity experts, his advice for smaller cybersecurity teams, and more.
