Risky Biz Soap Box: Chris Kennedy on the latest MITRE ATT&CK developments

AttackIQ's very own Chris Kennedy joins the show...

These Soap Box podcasts are wholly sponsored. That means everyone you hear on one of these editions of the show, paid to be here. But that’s ok, because we have interesting sponsors!

Today’s sponsor is AttackIQ. They make an attack and breach simulation platform. They started sponsoring risky biz when they were a little baby startup, but these days, as you’ll hear, attack sim is actually emerging as a budget line item, particularly for larger companies.

They use the platform to test their existing controls, figure out where they have gaps or bad products, then kick on to planning from there… then retest, evaluate, plan, implement, etc etc etc.

For a lot of organisations, something like this is going to be really helpful. Another super helpful thing is that AttackIQ is all in on MITRE ATT&CK.

AttackIQ is, in fact, one of the first vendors I know of that jumped on the MITRE ATT&CK bandwagon. They got in early, and this podcast is mostly going to be focussed on ATT&CK. Chris Kennedy is AttackIQ’s CISO and VP of customer success! He did one of these soap boxes last year and it was really popular with the CISOs who tune in to risky biz.

He joined me for this discussion about MITTRE ATT&CK; where it’s at, where it’s going, how people are using it and how AttackIQ is using it to make its products more useful.

Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more

PLUS: Dave Cottingham of Airlock Digital talks whitelisting, Windows host hardening...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ransomware shutters US natural gas plants
  • Huawei hit with huge indictment
  • Voatz mobile voting app shredded by MIT, dust-up ensues
  • The latest from the Vault7 trial
  • Reality Winner seeking clemency
  • Ring to force all users on to 2FA
  • Israeli court rules Facebook must reinstate NSO staff profiles
  • USG drops more North Korean samples
  • OpenSSH gets Fido/U2F support

This week’s sponsor interview is with Dave Cottingham from Airlock Digital.

They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to.

Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Biz Soap Box: Cmd's Jake King talks Linux security

Jake joins Risky Biz for a great interview...

Soap Box podcasts are fully sponsored which means everyone you hear on these editions of the show paid to be here. If you’re looking for the regular, weekly Risky Business podcast, just scroll one back in your podcast feed.

But you know what? I wouldn’t recommend it, because this edition of Soap Box is top notch. In it we’re joined by Jake King, a co-founder of Cmd Security.

Cmd makes Linux security software, and I love their approach mostly because, well, it’s simple. It has two main functions – visibility and control – but both of these functions focus on execution. The visibility piece is “which user executed what?” and the control piece is “only let user X execute Y”. The idea here is you can apply an additional layer of control over user actions, but obviously the visibility aspect to this is pretty useful at driving decisions around what sort of limits to put on various accounts.

Jake has fronted this edition of the show with an exclusive offer to Risky Business listeners, which is free use of their software. Obviously you won’t get access to absolutely all its features, but certainly enough of them to be very, very useful. They’re getting to the point where they can do this – throw out most of the functionality and just sell the icing on the cake to companies who want it. You can register for early access to the free trial at cmd.com/risky.

Risky Business #572 -- Equifax indictments land, some big Huawei news

PLUS: All about your favourite encryption hardware vendor, the CIA!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Chinese operators indicted over Equifax breach, more indictments coming
  • Alleged backdoor in Huawei lawful intercept features
  • Data on 6.4m Israelis exposed by political party app
  • Iowa caucus app was a pile of crap, 4chan clogged up caucus night phones
  • Corp.com is up for sale. That’s a lotta hashes.
  • Much, much more.

This week’s show is brought to you by Corelight.

Corelight’s Richard Bejtlich joins the show this week in the sponsor slot to talk about what the company is doing to try to build the open source community behind Zeek, the tool its products are based on.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?

PLUS: Minor app glitch leads to major headlines...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Iowa app falls over, social and mainstream media chaos ensues
  • Twitter acknowledges state-backed API abuse
  • CDA 230 under review. Uh oh.
  • Toll Group ransomware
  • ICS-compatible ransomware spotted in wild
  • UN got owned pretty hard
  • Is Joshua Schulte The Shadow Brokers? A theory
  • Much, much more.

This week’s show is brought to you by Okta.

Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws

A sponsored podcast from Signal Sciences...

In this edition of the Soap Box podcast we’re joined by Zane Lackey, a co-founder of Signal Sciences.

Signal Sciences makes, in essence, a “next generation” Web Application Firewall, or WAF. Signal Sciences is a pretty well-established startup these days with a zillion customers, so he has some real insight into what’s happening out there in webapp land.

In this conversation he has some really interesting things to say: First, there’s a rush to Azure happening right now. It has become the platform of choice for all sorts of organisations.

He also has some really interesting things to say about how to protect web applications from logic flaws. Some simple ideas that should really help lock things down.

Enjoy!

Risky Business #570 -- FTI report lands like a lead balloon

PLUS: CitizenLab drops the good stuff, Mitsubishi owned through its AV and more...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The FTI report on the Bezos incident is a massive let down
  • UK lets Huawei into 5G build
  • SeaTurtle campaign pinned on Turkey
  • Mitsubishi owned through its AV solution
  • Ransomware crews owning unpatched Citrix boxes
  • Much, much more.

This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Feature podcast: Alexa O'Brien on Wikileaks, intelligence and influence

The Wikileaks milieu is a strange place to find oneself...

This podcast is brought to you by the William and Flora Hewlett Foundation. The Foundation funds a lot of interesting people and work in the cybersecurity space and they’re supporting this special podcast series examining topics of interest to cyber policy makers.

In this podcast we’re going to hear from Alexa O’Brien. She’s currently studying a Masters in Applied Intelligence at Georgetown University. She’s also working on an ethical framework for the applied intelligence discipline – collection, analysis and the like – for media practitioners.

Alexa is also a journalist. Her most recent major work is a July 2019 analysis of the US media’s coverage of civilian harm in the war against ISIS, I’ve linked through to that in the show notes below.

Before she worked as an established journalist, Alexa covered Chelsea Manning’s trial at Fort Meade on her blog. Her transcript of the proceedings were a tremendous help to the wider media, and it was this work that briefly pulled her into the Wikileaks “scene”.

It wasn’t a good fit.

Alexa joined me for this freewheeling discussion about intelligence, ethics, moral authority and signs that not everything is as it seems in the Wikileaks universe.

Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges

PLUS some more normal news....

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • MBS fingered in Bezos dick pic breach
  • Glenn Greenwald facing cybercrime charges over Vaza Jato Telegram leaks
  • Citrix finally patches 90s-style ADC bugs
  • IE 0day doing the rounds, no patch available
  • PoCs for 0601 drop
  • Much, much more…

This week’s show is sponsored by VMRay, a sandbox-based malware analyser. You throw a sample into it and it spits out all sorts of useful information. Rather than having one of its own staff in this week’s sponsor slot, VMRay has put forward one of its customers instead. Expel is a managed security provider, and it is making heavy use of VMRay to do malware analysis. Tyler Fornes is a Senior Detection and Response Analyst at Expel and he joined me to talk about how they’re using VMRay to actually make life easier.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #568 -- Let's Decrypt

NSA drops mad crypto bugs, GRU pokes Burisma...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • NSA drops a sweet Microsoft crypto bug
  • Burisma targeted by GRU. 2016 all over again?
  • Citrix users having a bad time
  • Intrusion Truth targets APT40
  • No more BYOD for US soldiers in Middle East
  • Much, much more

We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!

Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

*Credit for this week’s headline goes to @appsecbloke.

Risky Business #567 -- ToTok, Iran and big-game ransomware galore

We're back for season 14 of Risky Business!

In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:

  • Will Iran cyber all the cybers?
  • ToTok chat app alleged to be UAE spy tool
  • China makes moves on own OS
  • Big game ransomware hits crisis levels
  • WSJ carries water for NSO Group
  • Much, much more

This week’s show is brought to you Bugcrowd. We’ll be hearing from Bugcrowd’s Casey Ellis in this week’s sponsor interview. He’ll be talking about the US federal government’s decision to force all departments into accepting bug reports – he thinks this is a move that will have a big impact on the wider security ecosystem.

Links to everything are below!

Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade

PLUS: Haroon Meer looks to 2020...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • China to ditch foreign hardware, software, from government use
  • Huawei sues FCC
  • More background on Project Raven
  • Senate hearings into encryption
  • Reddit fingers alleged RU disinfo campaign
  • “Evil Corp” hackers have lots of money, terrible taste
  • Ransomware attacks galore
  • Much, much more

This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Biz Soap Box: Some Zero Trust facts of life

Sounds easy. Isn't...

Our guest in this edition is Will Peteroy. He’s currently the CTO of security at Gigamon after his company, ICEBRG, was acquired by Gigamon last year. Will has a long and interesting background in security.

As you’ll hear, he worked on the security team at Microsoft once upon a time. He even co-wrote Microsoft’s gigantic paper on mitigating “pass the hash” attacks some years ago. He also did some time with the “Department of Defense” some time ago. He’s a knowledgable fella.

And he’s been spending considerable time lately focussing on the issue of Zero Trust Networks.

Zero Trust is one of those things that’s super simple in theory, but absolutely, awfully complicated when you actually try to do it. So Will joined me for this chat about Zero Trust networks, how to define them, how to transition to them, what some of the steps are and thinking is. It’s a great conversation for any CSOs who are working through some of the issues that pop up when they’re transitioning to ZT architectures.

Risky Business #565 -- Crypto bro takes Jong turn

PLUS: CISA's vuln reporting policy takes shape...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
  • DHS/CISA government vulnerability disclosure program takes shape, looks good
  • Adobe discloses Magento Marketplace data breach
  • Fully patched Android devices targeted
  • IM-RAT takedown
  • Much, much more

This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #564 -- PRC suffers leak, alleged defection

Chinese Snowden, Manning a matter of time...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • RIPE has officially run out of v4 addresses
  • NSO workers sue Facebook to get their accounts back
  • Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
  • Bugs, hacks, ransomware disasters and more.

This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.

As you’ll hear, Sally thinks empathy is the key to designing usable technology.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Biz Soap Box: Trend Micro VP of Cloud Research Mark Nunnikhoven

It's a new world out there in Internet land...

This is a Soap Box edition of the show. Soap Box isn’t our regular weekly news program. If you’re looking for that one, scroll one show back in your podcast feed.

Soap Box is a wholly sponsored series of podcasts we do here at Risky Business where vendors give us money to appear. And while these are sponsored episodes they’ve actually become almost as popular as the weekly show. They started off about half as popular, and then I guess people gradually realised they don’t actually suck, so here we are.

Trend’s head of cloud research, Mark Nunnikhoven, is our guest in this edition and we have a pretty wide ranging conversation. A big part of this conversation is us talking about the differences between locking down a corporate network vs locking down a modern application production stack… and there’s a very funny part of this interview where Mark points out that AV scanning for Docker images actually makes sense. Seriously.

Risky Business #563 -- Phineas Phisher returns

Purported activist goes "full Robin Hood," will pay bounties for righteous hacks...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
  • Microsoft cautiously backs DoH
  • Huawei granted another 90-day stay of execution in US market
  • Iranian APT crew targeting ICS supply chain
  • Alexei Burkov extradition complete, appears in US court
  • Some very funny stuff is happening to GPS in the Shanghai area
  • Louisiana government ransomwared, emerges relatively unscathed
  • Official Monero binaries trojaned. Lol.
  • Much, much more!

This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #562 -- Two former Twitter staff charged over Saudi spying

PLUS: USG border device searches now require reasonable suspicion...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!

This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards

Contemporary production environment complexity is killing us...

The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.

This edition of the Soap Box is brought to you by Capsule8.

It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.

Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.

We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.

So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!

Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets

Whoops! NSO Group malware showing up on the phones of, err, important people...

On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:

  • NSO Group malware turning up in some unexpected places
  • Bluekeep mass exploitation finally begins
  • Owning smart home devices with friggin’ lasers
  • Two plead guilty to hacks on Lynda.com, Uber
  • Imperva CEO departs following breach
  • TLS Delegated Credentials sound like A VERY GOOD IDEA
  • Cybercommand heads to Montenegro
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.

Links to everything are below.