Defensive Security Podcast Episode 274

https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/ https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/ https://www.darkreading.com/cybersecurity-operations/crowdstrike-outage-losses-estimated-staggering-54b  https://cdn.prod.website-files.com/64b69422439318309c9f1e44/66a24d5478783782964c1f6f_CrowdStrikes%20Impact%20on%20the%20Fortune%20500_%202024%20_Parametrix%20Analysis.pdf https://www.darkreading.com/vulnerabilities-threats/unexpected-lessons-learned-from-the-crowdstrike-event Summary: Episode 274: Malware on GitHub, North Korean Developer Scam & Secure Boot Failures In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss several notable security stories and issues. They start with a malware distribution service that leverages compromised GitHub accounts and WordPress sites. They then cover a security warning from KnowBe4 about hiring a supposed North Korean agent as a senior developer. They dive into the significance of two separate vulnerable firmware signing keys affecting over 500 hardware models. Lastly, they explore the massive financial impact of the recent CrowdStrike outage, with losses estimated at $5.4 billion. Throughout the episode, the hosts provide insights, potential solutions, and share personal experiences related to these cybersecurity challenges. 00:00 Introduction and Casual Banter 00:30 Funemployment and Retirement Reflections 01:54 Disclaimer and First Story Introduction 02:17 Malware Distribution via GitHub 04:24 WordPress Security Issues 8:09 North Korean Developer Incident 14:36 Lessons Learned and Recommendations 23:27 Secure Boot Vulnerabilities 29:19 Cloud Providers and Firmware Security 30:47 The Epidemic of Leaked Keys on GitHub 33:35 Challenges in Development and Security Practices 35:36 CrowdStrike Outage and Its Financial Impact 39:16 Legal and Technical Implications of the Outage 57:33 Concluding Thoughts and Future Plans   Transcript: Episode 274 274 === jerry: [00:00:00] Today is Wednesday, July 31st, 2024. And this is episode 274 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always is Mr. Andrew Kalat. Andrew: Good evening, Jerry. How are you? My good sir. jerry: So good. It hurts. How are you? Andrew: I’m doing good. it’s Wednesday, which is halfway through the week. So I can’t complain too much. jerry: It’s just another day to me though. Andrew: I, how are you enjoying your funemployment? jerry: It is awesome. funny story, when my dad retired, he told me something sad. He said, one of the things that you don’t realize is that the weekend starts losing its appeal, Andrew: Because every day is the weekend. jerry: because it’s just another day and, holidays are just another day.