Two Guys and an Opinion

This week's episode is (nearly) all about those pesky passwords that won't  go away and how one industry giant told Richard how he can't wait for them to 'Die'!We explore the concept of the 'password-less' future, how Coinbase got hacked by some rascals bypassing MFA and why you should listen to Michael McIntyre on the subject too.  See below!Show Links:Michael McIntyre - You should probably change your password!

Back by zero demand, as if they never went away, REvil's back and up to their old tricks.  Was it as simple as a nice summer break or something more sinister?Also - is it time we rewrite the rules of business continuity and incidence recovery processes?  Should be be placing more focus on the ability to deflect, rather the ability to recover, from a cyber incident?Listen to find out!

In this week's roundup of our industry's SNAFU's, we delve into the 'Worst Vulnerability Ever Found' in a cloud provider, the largest fine ever dealt out by the Irish Data Protection Commission, and LockBit strikes again!Notes:The WhatsApp story.The ChaosDB story.The Lockbit story.

SEASON 2! We're back and we're bold!  And bald....Vlad and Richard pick from where they left off at the end of Season 1.  But now with added edginess!  Unlike the rest of the world, the bad guys don't seem to have taken a summer break; the most noteworthy event being the Accenture hack by a LockBit affiliate last week.Also, Vlad relives his time at Black Hat Las Vegas...  well, he didn't actually get to Las Vegas, but his interviewer, Dany Appelgate, Co-Founder of rThreat was there!!We also attempt to wring out the soggy middle in an effort to help meet the latest craze of net-zero IT budgets...  That'll all make sense when you listen!

In this final episode of the season, we cover two of the most notable cyber incidents in recent weeks; PrintNightmare and the Kaseya breach.  As a result, we lament the problem of the  'soggy middle' taking the 'tickbox' approach to cybersecurity.  Also Vlad and Richard go through several 'triggered' moments trying once again to get security leaders and marketeers to drop the cheese,  engage the business, and get the cybersecurity agenda on the board table before you become the next headline!  We even go as far as telling you how to do it!

VENDOR SPOTLIGHT:KnowBe4In another of our sub-series where we focus on a particular vendor in our portfolio, we welcome Javvad Malik, a Security Awareness Advocate from KnowBe4.It's a given that the majority of successful cybersecurity breaches start with a social engineering attack; the majority of them being a Phishing email.  So, how do we help people avoid being caught out?  Training, testing, training, testing, training, repeat....But: not all users are alike and not all user-awareness training schemes are alike and so a carefully designed and deployed program is the only way to really make a difference.Javvad does a great job of trying to use more analogies than Richard in the pursuit of bringing the KnowBe4 capabilities to life, but it's safe to say: this is the podcast for you if you ever needed help to justify a program of awareness training in your organisation!

This week we talk about the concept of 'SOC Burnout' and the need for companies to recognise the condition and support the analysts.  Tenuously related to SOC burnout, we examine (destroy!), the 'Artificial Intelligence' myth that Cybersecurity vendors peddle on a daily basis.It's machine-learning, people!  Open invitation:  Any Cybersecurity vendor that would like to come on the show and explain how their product is 'intelligent' - we would love to have you on!Notes:The article concerning 'SOC burnout':  https://www.helpnetsecurity.com/2021/06/23/soc-burnout-is-real/

This week's episode is dominated by the snafu at Fastly that brought the Internet to its knees.  And following the news this week that the FBI was able to 'recover' a significant portion of the ransom paid to the DarkSide gang after the incident at Colonial Pipeline, we ask the rather fundamental question, 'is anything safe anymore?!'Vlad dons his foil hat and ends up down several rabbit holes whilst contemplating the answer!

In this second episode of our sub-series of 'VENDOR SPOTLIGHT's, we introduce Agari - a leading vendor delivering enterprise email security by leveraging unique AI technology to protect your organisation and your inbox.We're joined by Chris Spencer - one of Agari's Email Security Practitioners to discuss the product suite and it's capabilities.  We demystify DMARC and the holy grail of 'p=reject'.  And we couldn't go through an entire episode without talking about ransomware! Agari Brand Protection (ABP) and Agari Phishing Defence (APD) offer an unrivalled antidote to the scourge plaguing organisations globally.

In this episode we cover the cybersecurity news from the past two weeks which is again dominated by more ransomware attacks wreaking havoc across the private and public sector alike...However, in a break from the norm Vlad and I go toe-to-toe over a thorny issue that divided the camp at The RANt Group office.We'd love to hear your opinion: hello@TheRANtGroup.com.  The most considered argument will get you a mention in the next episode.

In a break from the norm, this week we're focussing purely on a single vendor that recently joined our portfolio: rThreat.  We're delighted to be joined by Dany Applegate, their Co-Founder and Head of Marketing.rThreat specialises in Breach and Attack Emulation (BAE - see episode 12), allowing companies to safely detonate REAL known and unknown malware into your endpoints and networks.  The capability couldn't be a more perfect fit for our continuing mission to enable companies to achieve a Permanent State of Readiness.How else are you going to be able to validate your investment in your cybersecurity defences without testing them with REAL-world malware?!www.rThreat.com 

In this episode we discuss one heck of an 'own-goal' that leads to a rather embarrassing situation for an unlucky student.  And could we actually see the beginning of the end for Ransomware?  We cover the newly formed Ransomware Task Force and how effective we think their approach may be.Episode Notes:The NCSC early warning service: https://www.earlywarning.service.ncsc.gov.uk/The NCSC mitigating malware paper: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

In this episode we discuss this week's New Kids on the Block-chain; QLocker and their rather well-executed and profitable Ransomware debut.Also covered is the no. 1 attack vector for these increasingly well-organised gangs and what your organisation should be doing to thwart their efforts.As always - get in touch to understand how you can reach a Permanent State of Readiness! hello@therantgroup.com

Breaking news this week:  A Pulse Secure VPN zero-day vulnerability found with NO FIX!We unpack what that means for the thousands of customers out there and what measures could be put in place to be in a Permanent State of Readiness should you get breached by a vulnerability such at this.And of course we couldn't let the Facebook incident go without an honorable mention along with their take on how to handle the PR of  such a huge leak...Get in touch for an inside scoop on how you can protect your organisation from zero-day threats.  hello@therantgroup.com

Now you may be forgiven for thinking that this episode is a montage of  3 or 4 of our previous podcasts...  but alas, no...We do however visit some old friends like SolarWinds,  Travelex  and HAFNIUM as  they all become topical again following the US/UK sanctions imposed on Russia this week.Of course Russia, 'does not conduct offensive operations in the cyber domain', but we unpick what is being reported anyway, and again arrive at two indubitable facts of cyber-readiness.....

BAE.  No, not the aerospace company, your kid's bestie or the Danish for 'poop', but in fact an exciting and emerging capability in the war on cybercrime.Breach and Attack Emulation.  This is the real deal. It may sound crazy, but we're saying we're going to deploy REAL malware into your network (safely of course!), to see what happens.  What better way to validate your cyber-defence budget than emulating a real attack!?We'd love to hear from you if you think this is a good idea or would like to see it in action!  Get in touch.Hello@therantgroup.com

In a shocking turn of events, Richard gets triggered regarding the seemingly inexorable rise and rise of Ransomware attacks on organisations big and small.  Vlad stays uncharacteristically calm!We discuss the facts and figures of cyber breaches during 2020 and also attempt to fix the whole sorry problem with a few off-piste thought experiments...

In this episode we're joined by James Linton, AKA Sinon_reborn, AKA the Email Prankster.  James shot to fame in 2017 following a series of audacious and outrageous email scams that targeted international banking institutions, high-profile politicians and even the Trump administration!We quiz James on his motivations, methods and how his email scamming spree led to him landing a dream job at Agari's Cyber Intelligence Division (ACID).James now uses his social engineering powers and acquired knowledge to help organisations master email security awareness.Links:Agari's Cyber Intelligence Division (ACID) James Linton

Yes, yes... you DO need another acronym!  Or more specifically, an initialism!  In this episode we introduce the concept of P.S.R.  A 'Permanent State of Readiness'.Achieving PSR from an information and / or cybersecurity point of view should be seen as the holy grail of your cyber combat status.  It won't be easy getting there and every day you need to ensure your PSR is maintained, but nonetheless, once achieved, you stand the greatest chance of minimising the negative impact of a cybersecurity incident.Also, we leak details of a very cool guest joining us on the next episode, be sure to listen to find out who!

BREAKING NEWS!This week's brief podcast is recorded live from the front line of a potentially breached customer.  Following on from last week's announced 'HAFNIUM' attacks on vulnerable Microsoft Exchange on-premise servers, we perform in-depth analysis on a potentially breached system. Also - Vlad gets triggered... again...

With the fallout of the Solarwinds breach continuing to grab the headlines, we discuss the concept of 'supply-chain compromise' and why it's such a favoured attack vector.Also covered is the highly sophisticated zero-day exploit chaining attack perpetrated by a Chinese state-sponsored group called HAFNIUM against on-premise MS Exchange servers.Oh, and Richard craves a beer-garden.....Show notes:As mentioned in this episode, the critical MS Exchange CVEs are:CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gives an attacker the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.CVE-2021-26858 is a post-authentication arbitrary file write vulnerability in Exchange. If an attacker could authenticate with the Exchange server, they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin's credentials.CVE-2021-27065 is a post-authentication arbitrary file write vulnerability in Exchange. An attacker who can authenticate with the Exchange server can use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin's credentials.Also included in the out-of-band update were three additional remote code execution vulnerabilities in Microsoft Exchange. These additional vulnerabilities are not known to be part of the HAFNIUM-attributed threat campaign but should be remediated with the same urgency nonetheless:CVE-2021-26412 (CVSS:3.0 9.1 / 8.2)CVE-2021-26854 (CVSS:3.0 6.6 / 5.8)CVE-2021-27078 (CVSS:3.0 9.1 / 8.2)

An action packed week in the world of cyber incidents leads us to explore what a DDOS attack is and what happens when you're not prepared!  Vlad gets uncomfortable with 5000 firemen and in the end it was Agatha all Along!Notes:Agatha All Along!

This week we feature our first guest speaker, Michael Stout.  Michael is an internationally focused information security consultant, lecturer, and mentor. With a background in ethical hacking and senior management, he specialises in helping companies and directors understand, define, and implement their cybersecurity strategy. He has taught and consulted at the NATO Joint Warfare Centre, the Dutch Police Academy, the police force of the Republic of Ireland along with 'other' government organisations, businesses and high-profile private individuals.So who better to shoot the breeze with about cyber warfare!?  Michael regales us with life and death stories from the digital frontline, what must -have reads have landed on his desk this week and Vlad reminisces over spy games!Links:This Is How They Tell Me The World Ends.The Cuckoo's EggThe Grand Seal, aka The Thing

This week's episode provides an antidote to last week's main story; well we get about half way anyway!  We're imparting our hard won experience and war stories concerning vulnerability management  programs and how to hopefully get it right first time!  Again, Richard rambled and we ran out of time, but part two of this story shall complete the picture.We also reveal some VERY exciting news about next week's episode, so be sure to stay listening until the end..  Or just skip to good bit, whatever...!

In this episode we study in detail, (apologies, Richard rambled!), the shocking story of the demise of Travelex due in no small part to a highly successful ransomware attack. We cover just how avoidable these incidents are by dealing with those pesky vulnerabilities!  And the drinking word this week sounds like you're already half-cut when you say it....Show Notes:Apple - iOS and iPadOS 14.4. - iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and the 7th generation iPod touch. Apple also issued security updates for one of the vulnerabilities across a range of its other offerings, including Apple Watch (watchOS 7.3) and Apple TVs (tvOS 14.4).CVE-2021-1782.  Attackers could use the application to gain additional privileges in the device's operating system, which would allow them to wreak all kinds of havoc.CVE-2021-1871 and CVE-2021-1870, reside in the WebKit component, Apple's open-source web browser engine used by the Safari browser, could be exploited by a remote attacker and allow them to execute arbitrary code.  Flaws could be exploited by “by persuading a victim to visit a specially crafted Web site.”SolarWinds - Three new vulnerabilities in SolarWinds products. The vulnerabilities, which have been already been patched, included a remote code execution flaw in Orion that required only network access. That flaw allows hackers to use an improperly installed Microsoft Messaging Queue to send commands for a server to execute.Linux sudo privilege escalation heap overflow vulnerability  - CVE-2021-3156  - A successful exploitation allows any unprivileged user to escalate its privileges to root on the vulnerable host. Since it's a privilege escalation vulnerability, it requires access to a local user on the vulnerable host in order to actually exploit it.The vulnerability affects all the following sudo versions:All legacy versions from 1.8.2 to 1.8.31p2All stable versions from 1.9.0 to 1.9.5p1

Just when you thought you'd heard enough about GDPR - it's back!  And there's now two of them! Who knew?  Also in this episode we introduce you to a new drinking game and a shocking development in the war against ransomware.

It's our first podcast!  Woot!  This episode's ramblings cover our opinions on the last day of Trump, company culture regarding cybersecurity, the Solarwinds incident, ransomware, risk, phishing and other matters!