So, Dwayne, I just got back from Dubai.

Oh wow, Yeah, that's awesome.

I was offered forty camels for my wife.

I usually smoke Marlboros, but hey, it deal's a deal, you know.

I don't even I don't know what say.

Hey, welcome back at Security this week.

I'm Carl Franklin.

That's Dwayne Laflatt.

Patrick Hines is in an undisclosed location right now and can't make it to a microphone, but he'll be back next week.

So episode two O four.

How you doing, Dwayne?

I'm awesome?

How are you?

Carl?

Wait a minute, is that awesome in the Dwayne way?

Or is that?

Oh?

It is?

Is that it is?

It's been it's been a lot of hacking this week.

So it's been it's been awesome on top of awesome.

Okay, that's good.

All right, Well we have a few stories here.

The first one we're going to get into is a Jaguar Land Rover hack.

Right, so it stalled smart factories, outsourced cyber security, and supply chain woes.

Yeah, so this this one, this one's interesting.

So according to a few articles here, they're actually uh, they were shut down because of a cyber event ransomware attack on the land Rover Jaguar facility.

Everybody in that area, this is in the UK has been asked to kind of stay home and not come into the facility for I think it was up to three weeks and they were losing sixty seven million dollars a week wow because of the shutdown.

Geez.

What's interesting about it is taking like digging into I always love like, hey, how did it happen?

Right?

How did somebody get in?

Was this somebody clicked on something?

They shouldn't have somebody plug something then they shouldn't have whatever.

The Government of the UK and has been getting involved in checking out and helping Aguar land Rover, which if I remember correctly is owned by top To Motors out of India.

Okay, out of double checked that, but I'm pretty sure.

So they've been trying to help out and at this point they're being very tight lipped about how the ransomware was deployed.

But it looks like a prior breach from a while ago, actually from earlier in twenty twenty five from a group called Hellcat actually had an infos steeler that was stealing credentials and they're speculating the Internet is now speculating that these are actually old credentials that were used to gain access and they weren't they weren't rotated.

So we're gonna we're get more details later though.

This info Steeler, is it software or hardware?

Usually software, so it's and it can be downloaded in a bunch of different things.

It could be you haven't updated your system and your browsing website and you know, you get your browser gets infected.

It could be you install the piece of software.

It could be you downloaded a Steam game.

Well, so showing yeah, exactly.

So there's a lot of different ways that these infostealers work, and then they just lay dormant and wait for you to you know, let's say I install Actually this is a legitimate thing.

We see a fair bit.

Let's say we have kids and those kids use our computer to download Steam games and whatever, and when they do, when I if an infostealer gets onto the box, then at that point when I log into work right where I'm opening out my email or whatever, just checking it on the weekend, those credentials are stolen and then I'm kind of in trouble.

So, yeah, so does the does it like phone home, does it report those credentials back to someplace.

Yeah, they do, so typically what will happen is it will not only report back phone it phones home and and there are different channels the phone home.

We've seen some really interesting things in the past for what we call command and control communications.

We've seen where it just makes a web request, right, make a web request out to an SSL you know site, so it's all encrypted.

That's important because if I'm running inspection at the firewall layer, right, which most people aren't at home.

I am, but most people aren't at home where you're inspecting all of the Internet traffic that goes out of your house.

So they'll run it over to an SSL connected back end so you can't read that it's encrypted, and they'll send command and control.

That's pretty straightforward, just like communicating web sockets to a remote web server, right, not a big deal.

However, we have seen the same style of command and control over DNS.

Right.

So let's say you make a request to resolve you know, some long server name dot hacker dot com.

Yeah, right, and that's some long server name is actually base sixty four encrypted data.

So when it goes to hacker dot COM's DNS server.

They take every host name and they decrypt it and they go, okay, now I can see who you are, right, So that's another way to expeltrate data or expeltrait use it dns's command and control.

There are some that actually open up Gmail accounts, so you'll have, you know, somebody on the remote side will send an email to a Gmail account.

That Gmail account all of the ransomware we'll be opening.

That Gmail account will read that email and it'll be a command for them to run, and then they'll post something back in the drafts on that Gmail account so that it's not sending emails back and forth.

Yes, there's all sorts of really weird ways to communicate back and forth, and you'll get those usual names of passwords.

So I think a subtangent of this story is how do we as parents contain our kids PCs, laptops, whatever, so that they're safe, but not just safe for them, but you know, safe from us, Like how can like you said, I would never let my kid just open a tab in my browser and you know, here go play this online game.

Not that I haven't, but I would never knowing what I know now I would never do that, so but at the same time, I want those kids to have PCs on the Internet so that they can do their stuff.

Is the key to sever the nerve between the Internet and the local network, so something on their computer can't reach out and touch someone.

Yeah, that's I mean, that's a great point.

And I get asked this a lot.

Here's what I've done, right, because I have actually I have kids who have who have interned at the Cybersecurity Company and no ways a round system.

So wow that I may have a little bit more of a security set up than most.

But normally what I would do is you have different wireless networks at your house, right, and we've always talked about isolating IoT.

Right, have your your TVs and your printers and your whatever on a different network because you never have control really over that firmware.

Right, A lot of the access points have the ability to do not only two, but three or four wireless networks.

Now they do.

Yeah, yeah, so I will have one that's a straight up IoT network.

I have one that is the quote unquote family network, and it's the kids the Kids network, and then I have one for all of our critical devices and for me, I also have a work network, so our critical devices are like my wife's laptop computer and that's sort of stuff where she does finance, and I don't need people on that same net printers absolutely.

Yeah.

But then also what I'll do is I'll allow them a little bit of leeway on their computer.

Right, so like maybe they have administrative privileges so they can install things because if they crush their computer, hey, it's not hurting anything on my network.

And b well they're going to learn how to rebuild it.

Right.

So ye are those are some of the things all some of the things I'll do.

Hey, look at you.

Here's here's a USB kego rebuild your computer.

Ye, so get to learn go ask chat GPTO right.

Yeah, okay.

So next, Fortra warns of max severity flaw in go anywhere m FTS license servelet.

Yeah.

So this one's interesting.

You know what's funny is Carl and I were talking about this one before the show, and I was like, I think we've done this one.

We've done this one.

This is this is forda net.

It's a de serialization bug.

We've done this one.

It's like, Dwayne, you got to read it a little closer.

It's not Forda net.

It's for TRA and I was like, oh, for track, So I started looking at it and sure enough, it's still a de serialization bug.

So very similar to the Forda nets we were ones we were talking about before where they actually have assigned object dot get objects string that they're de serializing, but it's this is this is go Anywhere, Go Anywhere's Fortra licenseed device.

So if you are running Fortra Go Anywhere and it is prior to version seven dot eight dot four or seven dot six dot three, you want to make sure that you can go and patch, that there is a patch for it.

The CVE on this is CVE twenty twenty five, one hundred and thirty five.

That's one zero zero three five, okay, And an attacker with a validly forged license response signature would be able to de serialize an attacker controlled object leading to remote code execution.

So all that means is if they can get a valid license from there, they can then sign if you will, their own objects and have those objects get de serialized into a remote code executions.

That's a little bit danger, so be careful, Go.

Patch, Be careful, Go patch couldn't have said it better myself.

Go patch.

Okay, airport's latest government must say if Russia behind European airport cyber attack chaos, Libdems demand And you can tell because they said Libdems that we're talking about the UK.

We don't have that word over here, we don't.

We're just we just say damn liberals.

Yeah.

This website is kind of strange because it's like a series of blog posts and they go, you know, in descending orders so or yeah, descending orders.

So you've really got to start at the bottom and work your way up if you want to read this particular one.

But we're this is in sky dot com.

But we're going to find another link that's a little less uh info spastic.

Yeah, actually there's a there's a good BBC one we'll post.

But okay, so what's interesting here is there were several airports affected where they had issues getting the people who were flying their bags.

Baggage drop right system as well as checking systems were down right all across the board because of this cyber attack.

Yeah, but what's weird is usually like you to attack Southwest dot com right and Southwest would have issues and that kind of sucks for Southwest, but everybody else was okay.

And in this case, there there was a lot of issues across support like the entire airport, and it wasn't a single airport right, Oh yeah, there were all sorts of airports across the UK that had this issue.

I know.

British Airways did a great job in I read an article where they actually didn't experience well, they experienced the issue but didn't have any issues with their flights because they switched over to a backup system which was more of a manual system for getting people baggage and checking them in.

So good for them for having a backup system and being able to deploy it.

But what happened is the airports all use a system called MEUSE and that MUSE system was compromised at Collins Aerospace.

Once it was compromised there, it caused issues kind of in that for every airline using it in that area.

What that MEUS system does is it allows different airlines airline companies to work together on baggage claims and check ins and that sort of stuff.

I haven't I personally haven't used the mu's system, but it is you know, you think to yourself.

Like, there's plenty of times I've had an American Airlines flight cancel and I'm standing at the gate and I go up to the American Airlines agent and I'm like, what do I do?

And they start typing away and they go, oh, there's a continental flight in an hour going out to the same place.

Go there, right, And they're not searching the internet, right.

They have an internal system that all those airlines share details and data and can move customers back and forth and that sort of stuff.

So my assumption is that's what this mus system is is it allows all of these airlines to work together for baggage shop and work together for check ins, and they had to unfortunately, they're switch over to doing it manually.

If anybody's ever remembered.

The manual at ten paper, right, that's true.

They hold the bag up and go whose bag is this?

You throw it at them?

Really had a number, there's four nine seven four.

Ah, that's not my bag.

Oh, so Needless is saying, you know, I really hope nobody lost a bag during that time, because chances are you're never gonna find it.

But yeah, I was at my chiropractor the other day and he said, yeah, you hear about this, and I said, yeah, I hear all about it, and he says, you know the horrible thing.

I'm flying to Heathrow tomorrow and I'm like, no, you're not.

I guess again.

You mean you're spending a lot of time at the airport, right, Yeah?

Yeah, all right.

So now we have the Sky News and we also have one from Metro dot co dot UK.

So between those two you should be able to get the skinny.

Oh yeah, and I think we'll probably hear more about it.

My guess is we'll hear more about the attack vector and that sort of stuff.

I haven't seen a lot of that announced yet, but if we hear it, we'll let you know.

All right, this is a good place to take a break.

We'll be right back after these very important messages or not or not, And we're back.

It's where we never left.

It's security this week, and I'm Carl.

It's Dwayne Patrick is on furlough somewhere in an undisclosed location and was not able to make it to the microphones.

So let's continue on here.

Cisco warns of iOS zero day vulnerability exploited in attacks.

Our old friend Cisco I still what happened.

I still love how Apple hasn't told Cisco they have to change the word iOS, like, I'm sorry, you can't use that, that's ours, even though Cisco was using the term iOS way before Apple was Yeah, yeah, iOS for Cisco was like the nineties, and Apple didn't show up until like two thousand and seven with iOS something along those lines.

So, however, it's a capital I.

Yeah, so fright, it's a capital I and then in a capital OS.

So this particular iOS is a Cisco operating system.

This one, This one's interesting.

It is an attacker can exploit of this particular vulnerability by sending a specially crafted S and MP packet.

So S and MP is one of those if you remember the days of Archie and Veronica and Gopher and exactly right.

SNMP was this simple simple network management protocol SNMP.

Yeah.

What it allowed you to do is you could make a call to a port one sixty one that was open on a device and it could be a TV.

While at the time it wouldn't have been a TV.

It would have been a switch or something along those lines, or a normal computer could be running SNMP and you could make you could see the configuration.

You could say, hey, well how are you configured.

So let's say we're in a massive network and we have thousands of devices.

I could run SNMP scanner and be like, just tell me all the configuregurations of all of our switches.

Yeah, and it would pull all the configus out read only.

And then if I have the right community string and with S and MP three the right password, I could actually write to the configuration and say, oh, change your network mask or change whatever you want.

Sounds very powerful.

It is.

It's actually a really neat protocol.

It's very lightweight.

But then there's there's a lot of really kind of cool things you can do with S and MP.

They you have used to be able to create these S and MP what are called SNMP traps, and you could say, oh, well, if I don't know if CPU usage is over a ninety five percent on this device, shoot off an SNMP packet and we'll have a gatherer just looking for these traps.

So now you have this sort of network monitoring layer.

So S ANDMP has been around a really long time and it does all sorts of great things.

But what's interesting about it is a they've upgraded the security on it a little bit.

There are now passwords with writing to the configurations.

Most of the devices don't put anything in the configurations that's sensitive.

So like if I pull my printer, I've an HP printer.

If I pull that printer over port one sixty one, I can see what type of ink it has and all that other stuff, but I'm not going to get like the Wi Fi password right pulling that information out.

It's almost like finger.

Remember finger another protocol that was mostly for Coca Cola machines.

Finger It always felt weird though, when you're like, hey, how do you know I was on the network?

I fingered you?

Right?

Okay, that's odd but weird.

Yeah, finger Finger was such a word.

It started as a protocol in college, and I can't remember what college it was, but there were soda machines located on specific floors of specific dorm.

You weren't joking about the soda machine, Oh.

Really, this is story.

And so they wrote a protocol.

They installed the little finger server in the coke machine, and they wrote a little protocol so that they could query it and see how many grape sodas, how many root beers, how many you know, tabs, because that was probably a popular soda back then, tabs, you know.

So from their dorm room, they could actually just see what the inventory was in all these soda machines, so they didn't have to run across the campus and up three flights of stairs to find out they're out of root beer.

So, you know what I said, I've always told people the most interesting innovations come from lazy developers.

Yes, absolutely, I'm like, you know what, I I don't feel like walking two flights of stairs.

I know I will have a robotic arm climb the stairs for me and check and come back.

And then those projects are abandoned once the developers get married.

True story, True story, you spent.

So much time on the stupid program.

Just get your butt off the chin the machine.

Yeah, you know, I'm the first joke, And that joke may be giving the impression that you know, somehow I resent my wife for anything, and I don't.

She is the best, the best human, that's the best.

Yes, and she puts up with Carl, which means she has amazing.

Patients patients of a saint's right anyway.

So anyway, so in this particular issue, uh, there's a way to craft the S and MP packet that if you're a normal user, you can cause like a low low priv user on the wrong community string type thing, you can cause a denial of service.

If you have access to the high priv community strings, then you can at that point actually execute commands.

So this is definitely go patch it.

It's important.

Most of this isn't going to be available over the internet anyways, so people would have to be on the local network, so I kind of downgrade it a little bit, but there is a patch, Go patch.

If visibility was built into the protocol.

Has this been an exposed security flaw for a long long time.

Well, that's a good question.

I don't think so.

They obviously haven't come out with like totally what the breakdown is.

But from what I'm seeing here, one of the flaws that was fixed was actually a JSON cross site scripting style flaw, right, so that's fairly new.

And the other flaw was a buffer overrun but more in a lot of their newer controller sort of features.

So I don't think this has actually been around too too long, but I don't know yet, don't quite.

Yeah, Well, go patch anyway, go patch go.

Okay, now you you said something about Steam.

Steam is the place where people download games, and this one particular game, Block Blasters, was infected and it downloads malware disguised as a patch.

So not it's like the coupdi gras and that hey, you should patch for security reasons exactly, and then the patch drinks the malware.

Yeah, that's no good.

This one's this is our This might be our fourth.

This is either our third or our fourth story about Discord.

Not sorry, not Discord.

Actually the story came from Discord, so I'll be handing out some more lock picks here shortly, because a couple of our stories came from Discord users.

But this story.

We've seen this about three times now where we see a Steam game, and a lot of times the Steam game is free, which is an unusual on Steam, right because they have micro purchases and all sorts of other things.

So it's a free Steam game where you can download it and play it and that sort of stuff, and you're asolutely right.

What's interesting about Steam is you don't actually typically get the choice to decide whether you patch or not.

The game auto patches the next time you play it, which sounds awesome right from from a security this week standpoint, like, that's what we want.

We want auto patching.

We don't want you running what was it, Call of Duty?

The last time we saw.

There was a yeah I think so.

Yeah, there was a way to buffer overflow the lobby and take over somebody's computer.

We don't want you playing that game.

Once a patch comes out, we want that patch out there.

But the problem with this one is there was an infos stealer, right, a trojan infostealer that was going out and grabbing information about crypto wallets you may have, right, and honestly, I'll tell you right now, if you have a crypto wallet and information on it, a password should be locked down, a password manager, yeah, right, and the wallet should be offline if you can put it on multi.

Use lockers or whatever.

Yeah, exactly.

The folder, yeah yeah, just keep them completely secure.

There's no need to just have them kind of sitting around.

Yeah, because this, this will happen, But we're going to see more of these attacks because as crypto is getting higher and higher and higher, Right, attackers, you're now starting to focus more on stealing the crypto than either mining it or getting it through ransomware.

Wow right, so.

Wow, So was the maker the pass the same individual or group that made the game or was it?

Like if and if that's so, then are we you know, is the game maker liable for that?

Like what happened?

You know what I would think would happen, was you know, there was a GitHub repo or something where somebody found a problem and said here, I've uploaded a patch and that was the thing that had the malware in it.

Well, so it's interesting.

It's not really clear yet and Steam will have to So I actually am a Steam creator.

I actually have stuff I've written and I have on Steam and have thousands of subscribers and all that stuff.

Wow cool.

So when I go to post my and actually, interestingly enough, it's in a game where you can write ce sharp in the game, like real c sharp wow in the game, and the game runs it in a sandbox.

And I have been doing my darness to find my way to break through that sandbox.

There's actually a couple of ways to do it.

But anyways, which I'm not doing in my as all my subscriptions go down, I'm not.

Doing it would be even more awesome.

Twain, Yeah, just jump out of the sandbugs.

So I do know when posting content though to the workshop, I do all of my files do get scammed?

Now, does that mean that the automated they're also usually available within a couple of minutes?

Does that mean the automated what they call static analysis.

Is that static analysis actually smart enough to pick up some pretty crafty malware?

I don't know that it is right.

You always have to do static and dynamic analysis, and in this case, I think the static analysis probably misses this.

So okay, so don't play block blasters.

No, no, maybe avoided for a little while.

All right, So here's our top story.

The US Secret Service dismantled an imminent telecommunications threat in the New York tri state area that's New New Jersey and Connecticut.

And this, if they hadn't have caught it could have been absolutely horrible or awesome in Dwayne's.

Mind, Yeah, or awesome or awesome, depending.

On how you look at it.

Right, what happened here, this one is super interesting.

So the Secret Service, I don't know if they got tipped off or how they got tipped off the right now it is an active investigation.

Actually, we'll have the link to Secret Service dot gov to the article specifically for this and the agent in charge of the New York Field office is like, there's a video of him kind of giving a rundown of all the details.

But in this particular case, there were more than three hundred what they call co located SIM servers, and there's a picture of these.

They kind of look like wireless routers, but what the SIM server has the ability to look like a cellular tower, right, So there's all sorts of ways to actually take over the telecommunications area in that area.

I don't know, we've talked about I believe stingrays maybe okay.

Refresh our memory though.

Those are things that emulate sell sell points.

Yeah, yeah, exactly.

They're things that emulate cell towers.

They used to be about the size of a buick.

You would put them in the trunk or you know, the back seat, and it was pretty big and you had a pretty short area, maybe a couple miles, but you could look you would look like a cell tower and everybody'd route through you.

Now there's protections in your phone that A don't want you to connect to that cell tower, and if you do, are going to try and encrypt the data that's going through that tower and do frequency homping and all this other good stuff.

But the tower, the quote unquote tower, the fake tower, the stingray is going to force your phone to downgrade its protections.

Oh hey, I'm the cell phone tower.

I don't support the latest and greatest.

Can you just downgrade?

Most phones will do that, right, So that's generally bad and the user doesn't then know unless they're really kind of paying attention to the screen.

And it's the older protocols that are the vulnerable protocols.

Right, yeah, exactly.

There are some weird five five G side channel attacks.

Wait, yeah, I can talk about that.

Well, Patrick's not here I can talk about that, so wait, there's the never mind.

I won't go into any of those.

But needless to say, there are some attacks on later networks.

It's they're not as prevalent.

So in this particular one A, not only could they spin up and look like cell towers, but they also had one hundred thousand SIM cards active, so they could legitimately look like one hundred thousand users at any point in time doing something.

And according to the Secret Service, like I said, they're kind of holding a lot of this type to the vest.

Not only were they in a particular in New York, but they were very close to where the UN meetings are happening, and there was a lot of communications with foreign nationals actually live and happening on those those listening devices.

So we'll, I'm sure hear more about this.

Absolutely go to the Secret Service article we have the Secret Service dot gov.

There's some really cool pictures.

Uh, if you want to see what what does a SIM farm look like?

Yeah, you'll see they they kind of look like massive wireless access points.

Uh, it's like a candy store.

Yeah, right, literally looks like sheets of candy.

Do you remember those those buttons on paper.

It kind of reminds me of that, like those like little candy buttons on paper.

Yeah, but needless say, yeah, there's a lot of tech in that that one room.

I think the guy who is running is probably sterile though.

It is probably because there's it's just so much MS stuff happening there.

Right, But the racks of those that is such an awesome picture, Just racks and racks and racks of these these co located SIM towers.

Yet, right, they do so good on the Secret Service and and honestly, whichever divisions of you know, secret societies outed this because this is pretty awesome.

Is a good find.

A lot of this can be harder to detect, especially if it's turned on and then turned off relatively quickly.

To identify them, we the United States government, we do have some listening stations around major cities that can triangulate bad EMF to a particular location, so we can see these things.

It's not like, oh my god, we got to mobilize six guys and have them have you know, antennas pointed in different areas and like cross it off on the map.

We don't do it anymore.

In the black helicopters we're telling down the building yeah not needed, yeah, or we just they're like there's always listening stations where like hey, that signal came from over there.

But it's still it's not as easy to detect these things as you'd think.

So yeah, yeah, all right, it's all I got, Carl, that's it.

All right, Well, that's that's all I got too.

I guess that means we're we're out of time, and that's it for security this week this week, and join us next week for security this week.

Next week, which will be our last week before the week that we're in Orlando that week live live ye, so looking forward to that.

And then we want to see you.

We want to see you at Universal Yes, all right, take care, thanks you next time.

Bye bye bye m.