Archive for octobre 8th, 2021
From a broken TLS CA, to Facebook, to FIN12 hit and run
Yet another crazy week in cyber, which makes me wonder if there is any quiet week anymore, and, as a lot spoke about mental health as well, how long do you think a human can take all of this ?
Meanwhile, I’m still motivated to do good, and while ransomware gangs make millions every month, we try to get a couple of bucks from people so as we can help secure them (not asking for money, just tough to get organization to spend just enough to protect themselves).
But I’m telling you, this won’t last, ransomware projections are so huge, that we’ll come to a point where, sorry, we don’t take new customers. Scarcity, is where we’re heading, and I’m telling you, find your cyber security partner NOW, because we, skilled humans in this field, are in very limited supply. The illusion of the market may make you think you have choice, but there is a fun fact in the back end, A sells the skills of B, which sells the skills of C, which rely on A for any overflow…… do you see it coming ?
Meanwhile, Monica and myself are going to share some insights on our CISO experience, hopefully a series to start in November, and well scheduled (according to her, she likes when things are organized, and it’s good !), and pretty fun (according to me, and her actually, we agree on this)…. (wait, did I mean we don’t agree on everything ? )…. (seems I’m talking to myself now…. ok, let’s move on).
Edit : Monica said that I should say that the audience will have an AWESOME opportunity not only to ask ya questions for this episode but ALSO TO SHAPE OUR NEXT EPISODES and what challenges we address (that’s what she said :P )
This week as well, did record a 6 min LinkedIn podcast with Mani Keerthi which actually turned to be very relevant in a pretty short time ! Thanks Mani ! :)
And now, finally, this week in 56 points :
1 – Letsencrypt updated their CA (certificate authority) and it went bad for a lot of stuffs – Let’s Encrypt’s root certificate has expired and stuff is breaking all over the place
2 – Surprise, yet another massive leak – US retailer Neiman Marcus confirms Data breach – Just 4.6 Millions customers data
3 – You first need to have proper security posture, otherwise, nothing will help you – US unites 30 countries to disrupt global ransomware attacks
4 – I fixed the issue by dropping any phone call. Only accepting known persons over encrypted channels – FCC orders phone carriers to enforce unlawful robocall blocking
5 – Hacked down to hardware – Flaw in AMD Platform Security Processor Affects Millions of Computers
6 – Cryptoland never cease to amaze me – Crypto platform mistakenly gives $90M to users, asks for refund
7 – Just a reminder, building your security posture, assessing the potential impact and placing proper security controls to mitigate the risk is not optional, unless you absolutely don’t care – Sandhills online machinery markets shut down by ransomware attack
8 – That’s hacking ! The power of technical creativity ! Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems
9 – Clowd style leak ! Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
10 – Like it or not, patch management is critical – New Atom Silo ransomware targets vulnerable Confluence servers
11 – Good work Europol, some less criminals – Ransomware operators behind hundreds of attacks arrested in Ukraine (doesn’t calm down anyhow, but that’s already something ! )
12 – Learn why privacy and data protection is important (aside of Pandora papers ) – Transnational fraud ring stole millions from Army members, veterans
13 – Quite an interesting take on this one, after all we are in a continuously evolving environment, seeing rising threats, and regulation playing ketchup – Regulations & Ransomware: A Quick Overview
14 – Facebook offline day ! Great for humans mental health, on this linkedin post, I covered, including comment, the whole story, with other, pointing to the BGP error , but we all know the truth : The home router of Mark got powered off as his cat stepped on it, and poof ! Facebook Blames Outage on Faulty Router Configuration
15 – Just don’t SMS, anything you type on it, is being reviewed by thousands of people, indexed, reshared and all – Company That Routes Billions of Text Messages Quietly Says It Was Hacked
16 – Android patch time ! Android October patch fixes three critical bugs, 41 flaws in total
17 – You are hacked ! UEFI (aka BIOS) hacked since 2012 – New UEFI bootkit used to backdoor Windows devices since 2012
18 – Not even out for a day, already broke network support for widely used Intel network/wifi cards – Microsoft confirms Windows 11 issues with VirtualBox, Intel Killer
19 – Do you have accounts without MFA ? unacceptable – Large ransom demands and password-guessing attacks escalate
20 – Almost forgot ! I was on 123CMMC with the awesome Dana Mantilia ! We had a great episode on here :
21 – it’s apache web server patch time ! Apache fixes actively exploited zero-day vulnerability, patch now
22 – It smells a lot like….clowd ! The Telegraph exposes 10 TB database with subscriber info
23 – Root cause is credentials guessing or Brut force, so don’t expose your management networks and have decent governance – Ransomware gang encrypts VMware ESXi servers with Python script
24 – Very positive outcome, some souls got saved from evil thanks to this failure – Facebook outage leads to massive user exodus to Telegram, Signal
25 – You should already know this but a reminder – 3 Ways the Government Can Track Your Phone
26 – Don’t forget, private browsing still allows your Internet Service Provider to see everything you do. Private browsing only protects you if someone looks at your browsing history. Firefox improves advertising tracker blocking in private browsing
27 – Take this as an example ! YOU must do it too on all your accounts – Google to turn on 2-factor authentication by default for 150 million users
28 – Good move, especially that investing less than the payment made to criminals is enough to build your whole security posture and strongly reduce the likelihood of such incident and totally squeeze the potential impact – Ransom Disclosure Act would give victims 48 hours to report payments
29 – Adam will never find a job in IT ever again – Fired IT admin revenge-hacks school by wiping data, changing passwords
30 – The Internet of threats (IoT) and the Industrial Internet of Threats (IIoT), must be sandboxed and protected behind layered defense and zero trust network access control – Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
31 – Fact is, you need MFA at the very least, and, you should think security architecture with additional controls, such as « geo fencing », and more, capabilities depending. ATO (account take over) attacks increased 307% between 2019 and 2021
32 – The cloud leaks again, I think there might be a medication for this, I mean it can’t hold anything, anything it eats just is spread around…. looks like the cloud is sick to me. The entirety of Twitch has reportedly been leaked, Source codes and user payouts among the data released in a 128GB torrent
33 – All these connected crap will get you killed ! STOP connecting everything, this is absolute non sense ! Medtronic urgently recalls insulin pump controllers over hacking concerns
34 – The cloud is a tool, powerful, sensitive and dangerous, that criminals masters ! Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms
35 – Backups are only a corrective measure, it means, it’s the ultimate resource you should nod need for recovery – CISO Point Of View ‘Mashup’: The Importance of Securing Storage & Backup
36 – You are hacked, you just don’t know it yet ! This malware is active since 2018 ! Criminal Hackers use stealthy ShellClient malware on aerospace, telco firms
37 – Good move, but, now that Pandora box is open, I’m afraid it’s too late – European Parliament calls for ban on AI-powered mass surveillance
38 – Challenging times ahead. We know compliance doesn’t equal security, but, self regulation has proven to be ineffective – New Regulations Are Coming — Get a Handle on Your App Portfolio
39 – There is no such thing as free lunch ! Firefox now shows ads as sponsored address bar suggestions
40 – Diversity is critical to ensure resilience. Monoculture is lethal everywhere – Netherlands orders Apple to offer more App Store payment methods
41 – No comment – Microsoft fixes bug blocking Azure Virtual Desktops security updates
42 – How do you like your Yamale ? Some like it hot, hot yamale ! Snake yamale ! Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects
43 – Full unauthenticated remote access, anybody can watch your b…eer – Unpatched Dahua cams vulnerable to unauthenticated remote access
44 – A good reading about pentest on your (not actually yours, but ok) AWS stack – Penetration Testing Your AWS Environment – A CTO’s Guide
45 – If you self host an onionshare instance, make sure you patch – Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform
46 – Good move, no longer have to guess editor’s website, find terms and conditions and discover how to unsubscribe – Apple now requires all apps to make it easy for users to delete their accounts
47 – I don’t take calls anymore except through encrypted channels – Fraudulent robocalls to cost consumers $40 billion in 2022
48 – Cut the BS and do it right or don’t do it ! U.S. govt to sue contractors who hide breach incidents
49 – A good reading about these ICS affected by vulnerabilities – Four Critical Vulnerabilities Discovered in Bosch Rexroth WEB Interfaces
50 – An apache patch patching the patched apache as it didn’t patch patchingly ! Apache emergency update fixes incomplete patch for exploited bug
51 – Automated detection and response is mandatory ! No time, the only time you have is the time to be encrypted ! FIN12 hits healthcare with quick and focused ransomware attacks
52 – How would your organization detect and respond to such incident ?
What is your RPO ? Recovery Point Objective define how much data you’ll lose between last valid and tested backup, and restore time.
What is your RTO ? Recovery Time Objective defines how long it will take for you to recover – Engineering giant Weir Group hit by ransomware attack
53 – Attribution is always a tricky game. Proxy, fork anyone ? But for sure, it’s easier to have visibility when you collect telemetry (backdoor) from most of the computers in the world ;) Microsoft: Russian state hackers behind 53% of attacks on US govt agencies
54 – hard coded credentials + cloud is a recipe for disaster :) leak accelerator :) BrewDog exposed data for over 200,000 shareholders and customers
55 – Rootkit active for 18 months, just spotted now – Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
56 – All your eggs in the same basket ! Monoculture and Market Share: The State of Communications
and Collaboration Software in the US Government
And that’s about it for this week, good enough I guess !
Have a good weekend all ! See you on here hopefully next week !
Alexandre Blanc Cyber Security
Links
Recherche
Derniers articles
Tresronours Twitter
Keywords cloud topic
Membre de la FSF
Liens qui vont bien
Mots clés vrac – keyword cloud
License du contenu – CC By NC SA
Archives
- Resumed posting and expanding on X
- Linkedin Access to your account has been restricted – Final debrief and resilience plan
- I’m thankful for the support I get in rough time
- Cyber security news of the day – 2024 May 31
- Alexandre Blanc Cyber Kicked out from Linkedin
- You’ll most likely find me on LinkedIn
- The Russian roulette landing page !
- RTSP, Debian, VLC, not playing, IP Camera
- 5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber
- They lock the door for privacy… but they keep a copy of the key, and couple of backdoors
- Worst is yet to come, but they all warned you
- Migrating an old WordPress and handling character set, UTF8, latin1, latin1_swedish_ci
- From a broken TLS CA, to Facebook, to FIN12 hit and run
- Yes we can fix this mess, but do we want to ? That’s another story
- Criminals are still dominating the game, why are we doing so wrong, and what can we learn in this tech ocean ?
- Riding cloud can be tricky, don’t fall from it, in the weekly cyber !
- The threat landscape is very dynamic – Cyber news this week
- Cybersecurity is not obvious even for this newsletter !
- Install Slack desktop app on Kali rolling fixing libappindicator3-1 missing dependency
- How to delete all resources in azure to avoid charges after trial on your forced credit card registration
- Proxmox – ZFS – Dead drive on active VM, recover from replicated disk
- Restrict access to proxmox web admin interface
- Migrate your ESXI VMs to proxmox ZFS
- Install your VPN server with pi-hole on OVH VPS in 30 min
- Using raspberry pi 3 as wifi bridge and repeater and firewall
- Raspberry 3 – create a wifi repeater with USB wifi dongle
- raspberry 3 – routeur pare feu point d’acces wifi avec filtrage pub et tracking – router firewall access point with ads and tracking filtering
- Dell XPS 13 touchpad – corriger la sensibilité
- Utiliser Zazeen set top box depuis une connexion videotron
- Fermeture de mon compte facebook – la dernière goutte
- Choisir un kernel par defaut au demarrage de Centos 7.2 – configuration grub2
- Openvpn access server 2.0.25 et android
- Régler la luminosité du laptop par ligne de commande
- chromium outlook web app version complete sous linux
- Nexus 7 2012 – android 5 lollipop solution au probleme de lenteur
- HDD led sur Xubuntu – xfce
- xubuntu 14.04 verrouiller ecran de veille et desactiver mise en veille a la fermeture de l’ecran
- Authentification avec Radmin en utilisant Wine sur Gentoo
- Patcher bash sur une distribution plus supportee comme fedora 11
- Zimbra desktop sous xubuntu 14.04 64bit – fix
- xubuntu 12.10 probleme de son avec VLC – pulse audio – alsa – toshiba L855D – solution
- Evolution sous xubuntu 12.10 – bug affichage a la configuration – solution temporaire
- Booster son acces internet en changeant de DNS pour opendns
- Serveur DLNA sous ubuntu – minidlna
- sshfs sous windows – dokan sshfs
- xubuntu 11.10 Installer le plugin java pour firefox
- Installer Google Earth sur Xubuntu 11.10
- Installer nagios sur Fedora 11 depuis les sources
- Configurer varnish-cache avec des virtualhosts, apache, fedora, redhat, centos
- Installer Varnish depuis les sources sur Fedora 11