Podcast Summary: "Discordgate" – Talkin' About [Infosec] News, Powered by Black Hills Information Security

Release Date: November 27, 2024

In the "Discordgate" episode of Black Hills Information Security's weekly infosec podcast, the hosts delve into a variety of pressing cybersecurity topics, ranging from major antitrust battles to innovative hacking techniques. Despite initial technical difficulties with their Discord chat integration, the hosts provide an engaging and comprehensive exploration of the latest in information security.

1. Google Faces Antitrust Scrutiny

The episode kicks off with a deep dive into the Department of Justice's (DOJ) preliminary ruling against Google, signaling potential forced divestitures of Google Chrome and alterations to its search engine default settings.

• Corey [09:39]: "Google antitrust, the DOJ... they're potentially forcing them to sell Google Chrome and then also forcing them to prompt users to choose their search engine instead of having it default to Google."

The hosts discuss the implications of such a breakup, questioning the feasibility of finding a buyer for Chrome and the broader impact on the cybersecurity landscape.

• Wade [13:09]: "Who would be able to buy Chrome? And the only person that sadly comes to mind is Musk right off the bat."

They speculate on potential buyers, including giant tech corporations like Microsoft, and ponder whether such a move would genuinely dismantle Google's monopoly or simply shift it.

2. Nearest Neighbor Attack: A Complex MFA Bypass

A significant portion of the discussion centers on the "nearest neighbor attack," a sophisticated technique where attackers infiltrate neighboring networks to gain access to targeted organizations.

• Corey [19:31]: "It's the world's most complicated MFA bypass because it's basically... hacked computers that were near enough."

Wade elaborates on the attack's methodology, highlighting the challenges in detecting such breaches and the importance of robust network monitoring.

• Wade [21:14]: "They hacked into the neighbors of their target organization... connected to the wifi of the target using stolen credentials."

The hosts explore defensive strategies, emphasizing the need for enhanced wireless authentication measures and proactive threat detection.

3. Palo Alto Networks' Zero-Day Vulnerabilities

The podcast addresses recent zero-day vulnerabilities affecting Palo Alto Networks' firewall products, underscoring the perpetual arms race between security providers and attackers.

• Corey [24:25]: "They're basically highly advising people to patch because that's the world we live in, where you just beg people to patch and hope they do it."

The conversation highlights the criticality of timely patch management and the persistent challenges organizations face in safeguarding their infrastructure.

4. Cleanup Challenges in Penetration Testing

Emphasizing the importance of post-penetration testing protocols, Corey discusses a report where red teamers failed to adequately remove their web shells, leaving organizations vulnerable.

• Corey [27:08]: "The organization should be reading the pen test report and saying hey, they deployed this web shell... we need to delete it."

Wade, speaking from a blue teamer's perspective, laments the difficulties in detecting and remediating such artifacts, advocating for clear communication between penetration testers and organizations.

5. Seizure of Cybercrime Marketplace Popeye Tools

The hosts report on the DOJ's recent takedown of Popeye Tools, a burgeoning cybercrime marketplace, and the subsequent legal actions against its administrators.

• Corey [43:38]: "They've confiscated $283,000 worth of crypto. This was, I guess, a marketplace for cybercrime, basically breach forums."

They discuss the site's operations, revenue generation, and the broader implications for cybercriminal communities.

6. Sentencing of Razzalkhan for Bitfinex Hack

A notable case covered is that of Razalkhan, who was sentenced for orchestrating a significant breach of Bitfinex, resulting in substantial financial losses.

• Corey [46:31]: "They stole... 71 million at the time is now worth almost 11 billion. That's the freaking crazy part. But only 18 months."

The discussion touches on sentencing disparities and the effectiveness of legal repercussions in deterring cybercrimes.

7. T-Mobile's Data Breach and PR Maneuvering

T-Mobile's recent data breach is analyzed, with Corey offering a speculative look at the company's public relations strategies to downplay the incident.

• Corey [39:21]: "I guess the CEO of T Mobile called up the CEO of Bloomberg and said... here's how I'm reading between the lines. They got hacked again."

The conversation underscores the persistent threat of data breaches and the delicate balance companies must maintain in communicating security incidents.

8. D-Link Router Vulnerability Alert

D-Link's warning about critical vulnerabilities in their end-of-life VPN routers is highlighted, emphasizing the risks of using unsupported hardware.

• Corey [40:19]: "D-Link is now warning customers to replace your end-of-life VPN routers. There's a critical RCE vulnerability that is discovered and is not going to be fixed."

The hosts advise listeners to update or replace affected devices to mitigate potential exploits.

9. Microsoft Defender vs. Malwarebytes: Public Perception

The episode examines the ongoing debate between the efficacy of Microsoft Defender and third-party antivirus solutions like Malwarebytes, reflecting on consumer misconceptions.

• Corey [50:56]: "The perception is old. So like my mom like, should I install Norton? And I'm like, no, I won't ever be able to get it off."

The discussion advocates for leveraging built-in security tools while maintaining awareness of their limitations and the importance of user vigilance.

10. Security Best Practices: Protecting Your Sign-Ups

In a practical segment, the hosts share strategies for enhancing online security through the use of disposable email addresses and unique identifiers for each registration.

• Corey [58:09]: "If you are going to sign up for Andrew Tate's online university, use a fake name and a fake email."

They recommend tools such as Simple Login, Apple’s Hide My Email, and Proton’s services to safeguard personal information and reduce the risk of data breaches.

11. Upcoming Events and Final Remarks

Wrapping up, Wade plugs the upcoming Secure Code Summit, encouraging listeners to participate in training sessions to bolster their cybersecurity skills.

• Wade [64:26]: "The Secure Code Summit that is going on... it's on December 4th."

The hosts express optimism for future episodes, promising continued coverage of vital infosec news and insights.

Notable Quotes

• Corey [09:39]: "Google antitrust... forcing them to sell Google Chrome."
• Wade [13:09]: "Who would be able to buy Chrome? Musk right off the bat."
• Corey [19:31]: "World's most complicated MFA bypass."
• Corey [27:08]: "Organizations should be reading the pen test report and deleting web shells."
• Corey [43:38]: "Popeye Tools... marketplace for cybercrime."
• Corey [46:31]: "71 million now worth almost 11 billion... only 18 months."
• Corey [40:19]: "Critical RCE vulnerability in D-Link routers."
• Corey [50:56]: "The perception of Defender is old."
• Corey [58:09]: "Use a fake name and a fake email for sign-ups."

Conclusion

Despite initial technical glitches with their Discord integration, the Black Hills Information Security team delivers a robust and informative session encapsulating key developments in the infosec arena. From high-stakes antitrust battles to innovative cyber-attacks and evolving security measures, "Discordgate" offers listeners a comprehensive overview of the current cybersecurity landscape, enriched with expert analysis and actionable insights.