As I generally do on a regular basis, I was scrolling through my LinkedIn and Twitter feeds to see what was happening in the world or cybersecurity and business and came across a post about the BlueKeep vulnerability and patch on LinkedIn from Scott Scheferman that contained a heading which read: “Thoughts on BlueKeep that media isn't telling you:”
As a journalist, I found this statement intriguing. Thus, I began working on connecting with Scott to get him on a podcast to discuss this further. After a few attempts to bring together a few folks, I was able to pull in Rick McElroy and @JaGoTu to join Scott Scheferman and me for this chat. Needless to say, they did not disappoint.
During our nearly-one-hour chat, we cover tons of stuff, including:
How can security teams detect BlueKeep … can they?
How to protect against BlueKeep … Is patching enough? Is it the only way? Are you using a protection method that won’t actually protect you?
Should we be prepared for a worm-enabled outbreak similar to WannaCry?
What’s the role of machine learning and artificial intelligence in this situation?
Why are we still using RDP and forcing ourselves to deal with this crap?
What role do ISAOs, ISACs, and other threat intelligence communities play in protecting against these types of threats?
How do smaller, less mature, less funded businesses prepare for the moment when the “stuff” hits the fan?
Have you reviewed your cyber insurance policy (and clauses/riders) lately?
There’s a lot to absorb here. I would encourage you to take the time to learn from this conversation and then apply what you’ve learned to your infosec program. And, if you value the community, take a moment to share this with a few of your peers to help them out.
Have a listen.
Here’s the post from Scott Scheferman that kicked things into gear: https://www.linkedin.com/feed/update/urn:li:activity:6542457284432396288
Here’s a blog from RiskSense that describes BlueKeep and some research @JaGoTu and @zerosum0x0 performed: https://risksense.com/finding-and-patching-the-microsoft-bluekeep-vulnerability-cve-2019-0708/
Tweet from @zerosum0x0 about the Metasploit work with @JaGoTu.
The At The Edge podcast series is made possible by the generosity of our sponsors.
If you’d like to learn more about supporting our conversations here at the Intersection of IT Security and Society, we invite you to explore our column sponsorships.