Archive for octobre, 2021

5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alex on TV, oh my oh my oh my !!! wooooohiiii ahhh

Yes, someone smart thought that it was a good idea to put the 5G management platform in the cloud, so we are making is super easy for foreign actors, already targeting the big cloud players, to fully disrupt the country communication capabilities, just by taking down one infrastructure.

It seems that common sense jumped from the boat a while ago, where the shiny goal of integral communication spying made them forget the first goal of communication infrastructure, ensuring resilience and coordination in case of incident.

When the cloud fall, you won’t be able to call for support, because phone networks will fall with it. My 2 cents.

Side note, don’t forget to follow VARS Corporation as well, I do share some intelligence on it, along with the team, …. yes half of the posts in French, but hey, don’t you enjoy my french accent ?!

Another note, I had my first TV News apparition this week, in Quebec, in French, and that was cool ! Alex on TV looks like this (oh boy, I was stressed ) :

Alex on TV News with TVA Nouvelles

Now, this week in 63 points, for you to remain aware as usual :

1 – James W from the FBI shared a great list for you to opt out from people tracking search engines ! Fast And The Furious: Opting Out Of People Search Engines, Privacy And Digital Exhaust

2 – There is a festival of infected NPM repos lately ! Malware Discovered in Popular NPM Package, ua-parser-js

3 – Skimmer injected on the site and more than 32k persons impacted- SCUF Gaming store hacked; Customer data exposed

4 – Do not take the data if you can’t protect it, like the cloud pretty much – Criminal Hacker sells the data for millions of Moscow drivers for $800

5 – When you go on youporn using private browsing, your ISP sees it all, and does resell all this info to whoever is willing to pay for it – FTC: ISPs collect and monetize far more user data than you’d think

6 – Hacked criminal hackers ! Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline , but, soon after, the group claimed it was only a small part of the « sub contractors »…

7 – Cyber conflict being more politic it seems. Their main goal was money, some in there were state sponsored spying, but now a call to action against the US. We’ll see, not sure there is any real coordination between challengers in crime. Groove ransomware calls on all extortion gangs to attack US interests

8 – CISCO patch time – Cisco SD-WAN Security Bug Allows Root Code Execution

9 – The power of the cloud, 24/7 spying. And yet people pay to place 24/7 spying devices, bugging their homes themselves. I found an Amazon folder with thousands of audio recordings from my home gadgets

10 – Interesting review of previous incident, most likely caused by nature, but, showing the potential impact of the same failure triggered by a cyber attack. When Cyber Mimics Nature – How Cyber Attacks Can Cause Global Environmental Catastrophes.

11 – Never pay ransom, don’t finance crime, and report to law enforcement, they might have a decryptor, so do it right – BlackMatter ransomware victims quietly helped using secret decryptor

12 – The cloud will be destroyed, I hope your DRP (disaster recovery plan), and risk register have considered this. SolarWinds hackers are going after cloud, managed and IT service providers.

13 – It’s discourse patch time ! CISA urges admins to patch critical Discourse code execution bug.

14 – How do you reduce your attack surface ? Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

15 – You are hacked, I’m hacked, question is, how much of you was on this device ? NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

16 – AI is also powering madness – Despite spending millions on bot mitigation, 64% of organizations lost revenue due to bot attacks

17 – The truth comes out, as often in the big tech world, deception is king, abuses and betrayals, in an unlimited rush toward money. Explainer: What are the Facebook Papers?

18 – The ICT and industrial security podcast interestingly start to speak about patching automation. Automating vulnerability handling – a promising new standard: CSAF | Episode 70

19 – You can’t play with your security posture ! It goes bad. CONTI now positionnned as client access service broker ! Encrypting, stealing, and selling access to your network !

20 – In your browser, the more add-on you install, the bigger your supply chain is, and the bigger your attack surface is. Mozilla blocks malicious add-ons installed by 455K Firefox users

21 – Don’t fall for the scam ! FOMO (fear of missing out) will get you hacked or trapped – Millions of Android users targeted in subscription fraud campaign

22 – Australia, what are you doing ?!! Australia drafts Online Privacy Bill to bolster data security – Sounds right, except they scoped applicability to almost nothing !

23 – We should assume anyway nowadays that the network is no longer the perimeter, at least the wireless network, and security must be embedded in endpoint from an enterprise standpoint – Wardrivers Can Still Easily Crack 70% of WiFi Passwords

24 – No attacker said ever « this is out of scope » – Gas Stations in Iran Downed by Cyberattack

25 – EMOTET reborn as Squirrelwaffle – Spammers use Squirrelwaffle malware to drop Cobalt Strike – I remember by then using Squirrelmail webmail, it was so quite, but here, despite a terrific breakfast stealer name, squirrelwaffle doesn’t taste very good !

26 – Threat actors are really focusing on cloud providers and IT service providers – Lazarus Attackers Turn to the IT Supply Chain

27 – Patch management of your WordPress site and plugins is critical – Brutal WordPress plugin bug allows subscribers to wipe sites

28 – One less, already something. Other marketplaces will certainly see a surge in traffic – DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation

29 – US federal investigators today raided the Fla. offices of PAX Technology, a Chinese provider of point-of-sale devices – Front shop takedown. Know your enemies.

30 – Turn off connectivity if you don’t need it ! Protect your device from both security and privacy standpoint – Tracking Mobile Devices by Analyzing Bluetooth Transmissions

31 – Always verify and then trust, each time – Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

32 – Will your security controls be effective against such attacks ? FBI: Ranzy Locker ransomware hit at least 30 US companies this year

33 – Never properly understood, the cloud shared responsibility model is still an issue leading to major cloud abuses and privacy issues – Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

34 – Aside of following me on linkedin : « Top 13 Can’t-Miss Cybersecurity Awareness Tips« 

35 – Security posture must be adjusted to your threats. You must have MFA everywhere, and using authenticator apps will be good for you. Twitter employees required to use security keys after 2020 hack.

36 – it’s apple patch time again ! (if you haven’t already) – Apple Patches Critical iOS Bugs; One Under Attack

37 – Babuk decryption key available – Babuk ransomware decryptor released to recover files for free

38 – Supply chain risk management at country level is tricky. Especially when most of your products are made in China – US bans China Telecom Americas over national security risks

39 – it’s an NPM supply chain infection festival lately ! Malicious NPM libraries install ransomware, password stealer

40 – Highly regulated, the specifics of this verticals raise interesting challenges – SECURITY INTELLIGENCE REPORT – CISO Point of View : Analysis of Storage & Backup Security in the Financial Services & Banking Sector

41 – Another decryptor available ! Free decryptor released for Atom Silo and LockFile ransomware

42 – it’s adobe patch time once again – Adobe’s Surprise Security Bulletin Dominated by Critical Patches

43 – The so called « grief » ransomware group published some sample content of claimed to be internal NRA files – Russian Ransomware Gang Claims to Have Hacked the NRA

44 – Well put about how to handle ransomware situation – You’ve Just Been Ransomed … Now What?

45 – The cloud is infected and this new threat comes with official apps ! New AbstractEmu malware roots Android devices, evades detection – Comes from the so protected playprotect supposedly cloud protected stuff.

46 – The cloud is infected and it poisons Internet, or vice versa, anyhow, you can’t trust anything you see online without due diligence first – Ransomware gangs use SEO poisoning to infect visitors

47 – A free pass to COVID ? sounds exciting no ? EU investigating leak of private key used to forge Covid passes

48 – but, but, but, butt cloud leaked again ! PII feist ! Sensitive data of 400,000 German students exposed by API flaw

49 – Undetected so far, in memory malware, talking with C2C and loading needed remote modules – New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

50 – Algorithms are not the only problem of social media, people are a big one too – Facebook Removed The News Feed Algorithm In An Experiment. Then It Gave Up (now weirdly called Meta)

51 – spyware patch time – Emergency Google Chrome update fixes zero-days used in attacks

52 – Nothing new, everything connected is a target – All Sectors Are Now Prey as Cyber Threats Expand Targeting

53 – A first step toward security by design – Top Hardware Weaknesses List Debuts

54 – Privileges escalation, means that this can only be exploited after the initial access phase – All Windows versions impacted by new LPE zero-day vulnerability

55 – Very interesting, Amazon seems to reach a limit and benefits are collapsing. Unexpected – Amazon delivers big earnings miss, Jassy warns Q4 will bring ‘several billion dollars of additional costs’

56 – connected=hacked – Critical Polygon Blockchain Vulnerability Could Allow Withdrawing Huge Amounts

57 – The less apps you install, the smaller the attack surface, the safer you are – Android spyware spreading as antivirus software in Japan

58 – Yet another WordPress plugin vulnerability – WordPress plugin bug impacts 1M sites, allows malicious redirects

59 – Microsoft decided to eliminate all challengers on any field by taking 100% control over any features requiring third party – Microsoft: Windows web content filtering now generally available

60 – Cloud dependency is awful – Google Chromebooks failing to enroll due to network issue

61 – Moving toward cloud systems – Hive ransomware now encrypts Linux and FreeBSD systems

62 – Use the details of this article as threat intelligence and understand how crime operates – Police arrest hackers behind over 1,800 ransomware attacks

63 – Season scams are always around – What’s the Phishing Scam Equivalent of Your Favorite Halloween Costume?

BTW, I always link to LinkedIn article shares, because I usually add a lot of complementary links in comments allowing to get better coverage.

That would be about it ! Have a good weekend all !


They lock the door for privacy… but they keep a copy of the key, and couple of backdoors

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alexandre Blanc weekly Cyber

What a week ! 2 Conferences in a row (Canadian Chamber of Commerce and MSS Great lakes), and as many opportunities to share awareness and make more people, hopefully decision makers, wondering about security by design.

Speaking at conferences is requiring a lot of focus, because we represent our employer, so we must be perfect, and we need to understand the audience, in order to share a message that can be understood. Basically translating the state of technology, digital transformation, the threat landscape evolution, the threats, the risks and the impacts.

Basically explaining that you, plugging your connected toaster, allowed to take down a nuclear power plant safety network….. kind of huge shortcut, but also true (IoT, DDoS, IIoT etc).

Conferences are also a great place, even virtual, to meet other experts. I have many contacts made from these events, and when we are placed together on a stage, despite what our linkedin message look like, we see if we are aligned or not. Most of the time, we are.

This week on 54 points on my blog as usual :

1 – The tool is the product of a growing industry whose work is usually kept from the public and utilized by police – SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE – You are watched way more than you think, by a lot of actors, as your digital footprint grows exponentially with time. The absolute zero privacy of the cloud doesn’t help protecting ourselves either.

2 – Exactly the kind of BS that will make me boycott a brand like Canon – Canon sued for disabling scanner when printers run out of ink – But it’s good to see that consumers are tired of technology abuses, and actually go and sue big tech. Go people go, it’s time for tech to be the product again, not us !

3 – Don’t think China is behind, it’s way ahead – China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes – This hacking challenge in China has proven they can hack any tech in a few hours, so much for our super secure stuff :P almost laughable…

4 – Even for criminals, connected=hacked – REvil ransomware shuts down again after Tor sites were hijacked – this is kind of ironical isn’t it ?

5 – You Know it’s coming, you know threat actors and APTs (advanced persistent threats) are on the rise, but you don’t adjust your posture accordingly – Sinclair TV stations crippled by weekend ransomware attack – The sad part is all these attacks can be prevented by security basics. Another sad part is that a majority of ransomware victims do pay the criminals and finance their growth and innovation, as time goes, they are ever stronger, we are ever weaker. Cyber Security is a journey, not a step.

6 – Security cameras, when connected, are also our worst weakness – Credit card PINs can be guessed even when covering the ATM pad

7 – WordPress plugin patch time ! Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress – oh my penguin, I’m currently hosting this on wordpress….quick check on plugins and wordpress version, up to date, all good, ….. hot tamales !

8 – Private data centers are on the rise – 400GbE data center switch ports shipments to exceed 10 million this year – As we’ve seen the cloud failed at #cybersecurity, because they do not achieve CIA, Confidentiality, Integrity, Availability… they only manage to get the Availability part…. mostly. So it’s not surprising to see serious business considering data protection to run on private datacenter, private cloud, or make sure they encrypt any data BEFORE it reaches the extremely dangerous cloud.

9 – An isolated workspace for high-risk user activities which you can try for free – Hysolate Free for Isolating Endpoint Threats

10 – MFA is absolutely mandatory these days, because the whole world try to guess your password, or already have it thanks to the leaky cloud, you can’t not have it – How to Use MFA to Achieve Regulatory Compliance

11 – Don’t fall for these, the cloud is poisoned and delivers malwares – TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

12 – Applying #cybersecurity best practice should be a continual effort to stand a chance against criminal groups – State-backed hackers breach telcos with custom malware

13 – The infected cloud try to clean up – Twitter Suspends Accounts Used to Snare Security Researchers

14 – Cyber battlefield, cloud + internet, a world of threats – Suspected Chinese hackers behind attacks on ten Israeli hospitals

15 – Powershell should be disabled for your users as a general rule, it’s the first execution of choice by threat actors (check MITRE ATT&CK matrix) – Microsoft asks admins to patch PowerShell to fix WDAC bypass

16 – Failry good points on here – How to Prevent Ransomware: 15 Ways to Prevent the Next Attack

17 – Don’t fall for the scam, typo squatting, domain squatting and URL shortener are extremely efficient cyber weapons – FBI warns of fake govt sites used to steal financial, personal data

18 – From gangbang to karma, isn’t that ironic ? New Karma ransomware group likely a Nemty rebrand

19 – Meanwhile in the threat landscape TA505 Gang Is Back With Newly Polished FlawedGrace RAT – TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.

20 – No bla bla, fact, crime is growing like the dark star in the fifth element, each time some pays, it expands ! 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored

21 – When was the last time you had a conversation with a CISO ? Ransomware attack disrupts production at Ferrara Candy, maker of Brach’s Candy Corn

22 – Do it right, if you fail learn, because if you don’t learn, attackers will learn – Acer hacked twice in a week by the same threat actor

23 – TPM mandatory they said – Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability

24 – What ? the cloud hacked ? BS, the cloud is as strong as the Titanic ! Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

25 – Supply chain and third party risk management is a challenging task – Damages Escalate Rapidly in Multi-Party Data Breaches

26 – Do not pay ransoms, do not finance crime ! Just stop doing that ! BlackByte ransomware decryptor released to recover files for free

27 – While most SMBs have not yet an idea of what is CASB, meanwhile, threat actors build their market relax in plain sight – Zerodium wants zero-day exploits for Windows VPN clients

28 – Cloud based VPN leak as cloud ! VPN Exposes Data for 1M Users, Leading to Researcher Questioning

29 – Internet is a battlefield, and cyber incidents grow everywhere – DDoS attacks against Russian firms have almost tripled in 2021

30 – if gummies take your cookies, your sessions are out – New Gummy Browsers attack lets hackers spoof tracking profiles

31 – Do learn from this ! You can’t trust what tech shows or tell you – Deepfake Audio Scores $35M in Corporate Heist

32 – As usual « Its activity starts with the execution of a PowerShell command that downloads a malicious payload from the specified URL, pointing to an available C2 server » Restrict the use of powershell only to users who need it (yes, you can do it with a GPO) – New PurpleFox botnet variant uses WebSockets for C2 communication

33 – Still in public cloud ? lol – Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

34 – How to make different worlds in organizations, working together efficiently and keeping low risk – A practical framework for solving the infosec – infrastructure battle over enterprise storage security

35 – If you don’t protect your internet browsing tools and sessions, they’ll be stolen – Youtubers accounts hijacked with cookie stealing malware

36 – The cloud is putting transnational criminal on steroid supporting their activities without being able to identify criminals from legit users – Russian Cyber-Criminals Switch to Cloud (the current site you are reading is NOT in the cloud, and yet you can still read it…. ohhhhhhh)

37 – Maybe it’s a good time to switch to 7zip – Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer – Vulnerable because it’s a non free open source software, the issue is because of the end of trial notification

38 – nteresting evolution from the leading XDR solution in the market – Product Overview: Cynet SaaS Security Posture Management (SSPM)

39 – Still blindly pulling anything from internet and the cloud into your code and playing Russian roulette with your deliverables ? Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

40 – what authority has the US on Israel, the most advanced cyber place on this matter ? one can wonder – U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

41 – Smartphone are not allowing privacy – Smartphone counterespionage for travelers

42 – Transnational criminal organizations now go through frontshop to hire ethical hackers for their « pentest » teams, while the engagements are fake and goal is get initial access to deploy ransomware – Hacking gang creates fake firm to hire pentesters for ransomware attacks

43 – More focus on security for android (but not on privacy :p ) – Google Buckles Down on Android Enterprise Security

44 – Youtube and the cloud used for cyber attacks, Modus operandi is that threat actor produce a video explaining how to fix a commonly researched issue, and advise to download a tool for the purpose, which tool is actually a virus – Massive campaign uses YouTube to push password-stealing malware

45 – Threat actors move faster than regulations – Evil Corp demands $40 million in new Macaw ransomware attacks – Changing name and accounts quickly to avoid bans, yet still efficiently active

46 – Potential massive supply chain attacks ahead ? Gigabyte Allegedly Hit by AvosLocker Ransomware

47 – An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents – RAT malware spreading in Korea through webhards and torrents

48 – Oupsie, know bunch of military tools that will suffer from this, coming Oct 24th – GPS Daemon (GPSD) Rollover Bug

49 – Prevention, detection and immediate response over cyber threat is critical.
In regards to data protection, governance and privacy, letting a successful ransomware attack succeed is NOT AN OPTION ! Italian celebs’ data exposed in ransomware attack on SIAE

50 – NO CONFIDENTIALITY IN THE CLOUD – October 2021, Microsoft teams only start to consider end to end encryption and offer optional confidentiality, for a small subset of users, not enabled by default, ONLY on one to one calls – Microsoft Teams adds end-to-end encryption for one-to-one calls – Cybersecurity core is CIA (Confidentiality, Integrity, Availability), the cloud NEVER achieve confidentiality, so the cloud can’t be secured, cyber security can’t happen in the cloud.

51 – Certificates are blindly signed by the cloud allowing threat actors to hijack any network traffic they want – Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

52 – The cloud is putting corporate infrastructure at risk – Threat Actors Abuse Discord to Push Malware

53 – Powershell is the mainly used tool for successful malware attacks and lateral movements – Lyceum Hackers Stealing Credentials Windows By Deploy Keylogger Using PowerShell Scripts & .NET RAT

54 – For threat modeling, to understand adversaries, and learn about compensation measures, MITRE ATT&CK is a gold mine of knowledge – Released: MITRE ATT&CK v10

And that would be it, yes there are huge cloud issues, and no easy fix. Cloud stores so much of our PII and we can’t have it protected, so this is very very bad. Alternatives are not simple, and we know that convenience always wins, so, sharing this, my hope, is that people get more aware, don’t blindly trust the cloud and expect privacy. Meanwhile, we need to look as more privacy focused solution than the public cloud, as it’s not suitable for anything else than public data. Build your security posture, don’t be the next ransomware victim, because cloud or not cloud, you’ll be targeted.

Have a good weekend all !


vendredi, octobre 22nd, 2021 Technologie Aucun commentaire

Worst is yet to come, but they all warned you

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alexandre Blanc Cyber Security

CISA, FBI, Cyber Security specialists, they all warned you, I warned you, and I continue to do so.

Transnational criminal organizations, criminal hackers, are only getting better, and more organized. They have always been, but they are getting better and evolve faster.

This also means that YOU, and YOUR ORGANIZATIONS, must take this in consideration, and must adjust your posture according to this. Your risk register must be updated, and the likelihood of cyber events, at least should be raised or reviewed, especially on the ransomware side.

Doing so should put some level above the threshold you established, and some items that where falling under the « risk acceptance » option, will fall under the unacceptable, requiring compensation measures.

So you will update your security plan accordingly, while you adjust your risk posture.

A reminder on the risk management strategies :

  • Risk Avoidance – Change organization practices to avoid the risk
  • Risk Transference – Take an insurance, move the risk to a third party, BUT, keep in mind, there is no way you transfer 100% of the risk, which means, you need mitigation !
  • Risk Mitigation – Take action design to reduce the likelihood or impact of a risk
  • Risk Acceptance – After analysis, determining if cost makes the compensation irrelevant, then acceptance is the option
  • Risk Deterrence – Dissuade a threat to happen, which can only be applied to risks that can be affected by controlled factors

So you’ll place security controls, which are procedures and mechanisms that an organization puts in place to manage security risks.

You’ll follow the defence in depth approach, multiple controls for one objective, overlapping security controls.

These security controls fall under 3 categories :

  • Preventive, the goal being for the incident not to happen (you have a raid, so as when a disk dies, you don’t lose the data)
  • Detective, goal is to identify a failing preventive security control, or an incident
  • Corrective, restoring backups, because preventive controls failed, detective was missed, and you lost the data.

For each category above, you have many controls available (remember, people, process and technology somehow) :

  • Technical controls (technology based, like a firewall)
  • Operational controls (processes carried by humans)
  • Management controls ( conducting risk assessments, security planning, change management etc).

When your risk register is complete, you have the assessment done (exposure factor, single loss expectancy, you got your Annual Loss Expectancy by multiply SLE x ARO as in anual risk occurence), and you get a quantitative and qualitative assessment.

Your goals are defined via RTO (recovery time objective), RPO (recovery point objective), MTD (maximum tolerable downtime), and you know your MTTR (mean time to repair).

If you don’t know what adversary risks (aside of all the other existing risks) your organization face, have look to MITRE ATT&CK and check if anything is applicable to you, and therefore, if you have matching controls in place.

This week in the cyber news, helping you to have a real view of the threat landscape and what happens to others, so as you can actually review your posture, and adjust the above listed risk approach accordingly.

This week in 60 bullets :

1 – You are a target, you may just not be watching your logs – North American Orgs Hit With an Average of 497 Cyberattacks per Week

2 – Do you have the proper security posture for today’s threat landscape ? Cox Media Group confirms ransomware attack that took down broadcasts

3 – Phishing is still dominant, very cheap, with good success rates – Intuit warns QuickBooks customers of ongoing phishing attacks

4 – There is something brewing in the #cybersecurity market. A change to come within 6 months to 1 year ( I make the prediction :) ) – Do you have an MSSP partner already ? Who are you going to call during the next incident ? (Nope, Ghostbusters are busy)

5 – Security can be an illusion ! Reverse engineering and decrypting CyberArk vault credential files

6 – it’s iOS patch time again ! Yes, the iPhone, iPad, iPod, iSuck and all their invasive stuff – Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks (that was 3 days ago, hopefully you updated already)

7 – it’s #libreoffice and #openoffice path time ! LibreOffice, OpenOffice bug allows hackers to spoof signed docs

8 – Technology is the art of deception, and bugs left on purpose are often state sponsored, which can lead to frustration of researchers – Researcher Disclosed Telegram Vulnerability, Refused Bounty For Staying quiet

9 – The cloud more and more targeted and hacked – Huawei Cloud targeted by updated cryptomining malware

10 – spying, hacking, stealing IP, research and trade secrets is a reality. Don’t think you are not a target – Nuclear engineer’s espionage plans unraveled by undercover FBI agent

11 – Cyber battlefield, you are all connected to it – Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo

12 – Don’t wait for an incident ! Your defenses must detect and respond against these quickly – Pacific City Bank discloses ransomware attack claimed by AvosLocker

13 – Transnational crime scoreboard : REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021

14 – The threat landscape on ransomware is shifting, while we saw some focusing on encryption and giving up on stealing files, some groups now only focus on this approach – SnapMC hackers skip file encryption and just steal your files

15 – The cloud is an expensive scalable mess – Microsoft revokes insecure SSH keys for Azure DevOps customers

16 – The cloud attacked more and more, a growing target facing growing amount of challenges to keep up – Microsoft: Azure customer hit by record DDoS attack in August

17 – The cloud is infected, so much for « play protect » ! Photo editor Android app STILL sitting on Google Play store is malware

18 – Protecting your private keys is even more critical when you use wildcard certificates – NSA warns of wildcard certificate risks, provides mitigations

19 – Ransomware threat actors are coming after the cloud, and cloud workload holding your data are at risk – AWS ransomware attacks: Not a question of if, but when (90% of the S3 buckets at risk ! )

20 – Happy to see in my sponsored feed some more consideration on the cyber threat landscape handling, especially the ransomware side of things – Hysolate CTO and Co-Founder Tal Zamir presents at the recent IT Pro – Information Week Conference ‘Defending Against Ransomware

21 – A quick take at what happened to Facebook, short and straight to the point – The Facebook outage and network configuration

22 – Don’t worry, it’s just exploited since January – Microsoft Fixes Zero-Day Flaw in Win32 Driver

23 – Interesting approach from dutch police speaking to criminals – Dutch police send warning letters to DDoS booter customers

24 – The cloud is such and easy shiny target, corrupt one, corrupt them all – Office 365 Spy Campaign Targets US Military Defense

25 – Supply chain poisoning by cloning (or forking), easy, cheap and efficient ! PyPI removes ‘mitmproxy2’ over code execution concerns

26 – Connected = hacked – FreakOut botnet now attacks vulnerable video DVR devices

27 – Would you be able to detect and respond to such attack ? AND, do you have enough cash to hold 1 or 2 weeks for when your bank falls offline ?! Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha

28 – Some good, and some bad – Australia to tackle ransomware data breaches by deleting stolen files

29 – pros and cons as usual – EU legislation introduced to ban anonymous domain registration

30 – Internet is a battlefield, a bias machine, and the cloud is a steroid for disinformation and leaks – A Close Look at Russia’s Ghostwriter Campaign

31 – Your wallet has (had) a hole and it leaks your assets – Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets

32 – Want it or not, the cloud leaks – Verizon digital carrier Visible customer accounts were hacked

33 – The cloud is now widely recognized as a threat, and we see more and more solutions coming on the market for organizations that need to place data in the cloud, but don’t want their data stolen, abused, mined etc. – New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted

34 – When technology and politics collide – Russia and China left out of global anti-ransomware meetings

35 – jealous of Facebook maybe, all the big players must have their AS config fail, it’s like a prerequisite to join the table – OVH hosting provider goes down during planned maintenance

36 – A 2 minutes video that allows you to get the ICS challenges of today, well done – « ROUNDS #1 – STRONG GUARD » about industrial control systems

37 – When the marketplace competes with its sellers, the deck is stacked – the company ran a systematic campaign of creating knockoffs and manipulating search results to boost its own product lines in India, one of the company’s largest growth markets

38 – Be aware that this is a reality in many places, assumed guilty and jailed. Given how technology is all fake and lies, you can only guess how easy it is for anyone to be sent in jail on fake proof – Belarus: Joining banned Telegram channels will land you in prison

39 – What did you do to avoid this ? Are you sure you have the proper people, processes and technologies in place and it is well implemented ? Acer confirms breach of after-sales service systems in India

40 – As predicted, the growth of ransomware is started, and that’s only the beginning. No fear mongering, FACTS ! New Yanluowang ransomware used in targeted enterprise attacks

41 – The clowd as well. pile of lies – Washington Attorney General says Facebook knowingly lied in lawsuit testimony

42 – Big tech and clowd style – Apple silently fixes zero-day Flaw without Crediting the finder

43 – ou can’t even know what’s in your IoT, and you blindly trust the cloud ? Organizations losing business due to connected product security concerns

44 – Interesting stats, based on what people gave to google via virus total (BTW, never upload confidential documents on this platform ! Nor in online translation tools, they are all using the data and selling it on the free accounts) – VirusTotal Shares Data on Ransomware Activity

45 – So tempting to play big brother when you have access to all the data in the world – Microsoft will put government and police contracts through independent human rights review

46 – Are you sure you are not providing computing resources to transnational criminal organization (or the cloud :p ) – MyKings botnet still active and making massive amounts of money

47 – WordPress plugin patch time : Brizy Page Builder – Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

48 – MFA anyone ? hopefully you also use a password manager and a unique password for each and every services – Thingiverse Data Leaked — Check Your Passwords

49 – Big tech abuses cleanup time, happy to see some action – FTC fires warning shot at 700 leading companies about fake reviews

50 – At some point common sense should come back and we should stop connecting everything and anything, building dangerous data lakes etc – University of Sunderland announces outage following cyberattack

51 – SIP can also lead to massive take over – Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

52 – A malware on top of a spyware ! Malicious Chrome ad blocker injects ads behind the scenes

53 – Layered security and overlapping security controls are needed – 13 Vulnerabilities Discovered in a Widely Used Industrial Router

54 – Interesting but, can this be done ? Governments worldwide to crack down on ransomware payment channels

55 – Getting on the path to massive casualties – US government discloses more ransomware attacks on water plants

56 – Good old email, if you don’t have independent advanced email filtering, you should talk to your MSSP, in most case it’s affordable and deployed in less than a day – Russian cybercrime gang targets finance firms with stealthy macros

57 – Don’t worry, it’s only data after all – Twitch downplays this month’s hack, says it had minimal impact

58 – As part of your incident response plan, you should have a communication plan, and ideally bring transparency – Accenture confirms data breach after August ransomware attack

59 – Cyber crime supply chain is constantly enhancing. Is your posture adjusting too ? Attackers Behind Trickbot Expanding Malware Distribution Channels

60 – Where do you stand with your patch management ? Server Patching Best Practices. Stop Patching, Start JetPatching

And that’s all for this week ! Wishing you a good weekend ! That was pretty intense, despite a shorter week here in Canada :D …. what, he’s Canadian ? but he’s got such a French accent… .oh boy, yes, something like that ! :D Find me on linkedin here.


vendredi, octobre 15th, 2021 Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
octobre 2021

Suivez moi sur twitter - follow me on twitter
Follow on LinkedIn
[FSF Associate Member]
Free Software, Free Society
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
TRUCS ET ASTUCES GNU/LINUX : - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne