Archive for octobre 22nd, 2021

They lock the door for privacy… but they keep a copy of the key, and couple of backdoors

Alexandre Blanc CyberSecurity weekly cyber linkedin
Alexandre Blanc weekly Cyber

What a week ! 2 Conferences in a row (Canadian Chamber of Commerce and MSS Great lakes), and as many opportunities to share awareness and make more people, hopefully decision makers, wondering about security by design.

Speaking at conferences is requiring a lot of focus, because we represent our employer, so we must be perfect, and we need to understand the audience, in order to share a message that can be understood. Basically translating the state of technology, digital transformation, the threat landscape evolution, the threats, the risks and the impacts.

Basically explaining that you, plugging your connected toaster, allowed to take down a nuclear power plant safety network….. kind of huge shortcut, but also true (IoT, DDoS, IIoT etc).

Conferences are also a great place, even virtual, to meet other experts. I have many contacts made from these events, and when we are placed together on a stage, despite what our linkedin message look like, we see if we are aligned or not. Most of the time, we are.

This week on 54 points on my blog as usual :

1 – The tool is the product of a growing industry whose work is usually kept from the public and utilized by police – SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE – You are watched way more than you think, by a lot of actors, as your digital footprint grows exponentially with time. The absolute zero privacy of the cloud doesn’t help protecting ourselves either.


2 – Exactly the kind of BS that will make me boycott a brand like Canon – Canon sued for disabling scanner when printers run out of ink – But it’s good to see that consumers are tired of technology abuses, and actually go and sue big tech. Go people go, it’s time for tech to be the product again, not us !


3 – Don’t think China is behind, it’s way ahead – China’s Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes – This hacking challenge in China has proven they can hack any tech in a few hours, so much for our super secure stuff :P almost laughable…


4 – Even for criminals, connected=hacked – REvil ransomware shuts down again after Tor sites were hijacked – this is kind of ironical isn’t it ?


5 – You Know it’s coming, you know threat actors and APTs (advanced persistent threats) are on the rise, but you don’t adjust your posture accordingly – Sinclair TV stations crippled by weekend ransomware attack – The sad part is all these attacks can be prevented by security basics. Another sad part is that a majority of ransomware victims do pay the criminals and finance their growth and innovation, as time goes, they are ever stronger, we are ever weaker. Cyber Security is a journey, not a step.


6 – Security cameras, when connected, are also our worst weakness – Credit card PINs can be guessed even when covering the ATM pad


7 – WordPress plugin patch time ! Critical Vulnerabilities Discovered in Fastest Cache Plugin For WordPress – oh my penguin, I’m currently hosting this on wordpress….quick check on plugins and wordpress version, up to date, all good, ….. hot tamales !


8 – Private data centers are on the rise – 400GbE data center switch ports shipments to exceed 10 million this year – As we’ve seen the cloud failed at #cybersecurity, because they do not achieve CIA, Confidentiality, Integrity, Availability… they only manage to get the Availability part…. mostly. So it’s not surprising to see serious business considering data protection to run on private datacenter, private cloud, or make sure they encrypt any data BEFORE it reaches the extremely dangerous cloud.


9 – An isolated workspace for high-risk user activities which you can try for free – Hysolate Free for Isolating Endpoint Threats


10 – MFA is absolutely mandatory these days, because the whole world try to guess your password, or already have it thanks to the leaky cloud, you can’t not have it – How to Use MFA to Achieve Regulatory Compliance


11 – Don’t fall for these, the cloud is poisoned and delivers malwares – TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings


12 – Applying #cybersecurity best practice should be a continual effort to stand a chance against criminal groups – State-backed hackers breach telcos with custom malware


13 – The infected cloud try to clean up – Twitter Suspends Accounts Used to Snare Security Researchers


14 – Cyber battlefield, cloud + internet, a world of threats – Suspected Chinese hackers behind attacks on ten Israeli hospitals


15 – Powershell should be disabled for your users as a general rule, it’s the first execution of choice by threat actors (check MITRE ATT&CK matrix) – Microsoft asks admins to patch PowerShell to fix WDAC bypass


16 – Failry good points on here – How to Prevent Ransomware: 15 Ways to Prevent the Next Attack


17 – Don’t fall for the scam, typo squatting, domain squatting and URL shortener are extremely efficient cyber weapons – FBI warns of fake govt sites used to steal financial, personal data


18 – From gangbang to karma, isn’t that ironic ? New Karma ransomware group likely a Nemty rebrand


19 – Meanwhile in the threat landscape TA505 Gang Is Back With Newly Polished FlawedGrace RAT – TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.


20 – No bla bla, fact, crime is growing like the dark star in the fifth element, each time some pays, it expands ! 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored


21 – When was the last time you had a conversation with a CISO ? Ransomware attack disrupts production at Ferrara Candy, maker of Brach’s Candy Corn


22 – Do it right, if you fail learn, because if you don’t learn, attackers will learn – Acer hacked twice in a week by the same threat actor


23 – TPM mandatory they said – Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability


24 – What ? the cloud hacked ? BS, the cloud is as strong as the Titanic ! Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services


25 – Supply chain and third party risk management is a challenging task – Damages Escalate Rapidly in Multi-Party Data Breaches


26 – Do not pay ransoms, do not finance crime ! Just stop doing that ! BlackByte ransomware decryptor released to recover files for free


27 – While most SMBs have not yet an idea of what is CASB, meanwhile, threat actors build their market relax in plain sight – Zerodium wants zero-day exploits for Windows VPN clients


28 – Cloud based VPN leak as cloud ! VPN Exposes Data for 1M Users, Leading to Researcher Questioning


29 – Internet is a battlefield, and cyber incidents grow everywhere – DDoS attacks against Russian firms have almost tripled in 2021


30 – if gummies take your cookies, your sessions are out – New Gummy Browsers attack lets hackers spoof tracking profiles


31 – Do learn from this ! You can’t trust what tech shows or tell you – Deepfake Audio Scores $35M in Corporate Heist


32 – As usual « Its activity starts with the execution of a PowerShell command that downloads a malicious payload from the specified URL, pointing to an available C2 server » Restrict the use of powershell only to users who need it (yes, you can do it with a GPO) – New PurpleFox botnet variant uses WebSockets for C2 communication


33 – Still in public cloud ? lol – Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique


34 – How to make different worlds in organizations, working together efficiently and keeping low risk – A practical framework for solving the infosec – infrastructure battle over enterprise storage security


35 – If you don’t protect your internet browsing tools and sessions, they’ll be stolen – Youtubers accounts hijacked with cookie stealing malware


36 – The cloud is putting transnational criminal on steroid supporting their activities without being able to identify criminals from legit users – Russian Cyber-Criminals Switch to Cloud (the current site you are reading is NOT in the cloud, and yet you can still read it…. ohhhhhhh)


37 – Maybe it’s a good time to switch to 7zip – Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer – Vulnerable because it’s a non free open source software, the issue is because of the end of trial notification


38 – nteresting evolution from the leading XDR solution in the market – Product Overview: Cynet SaaS Security Posture Management (SSPM)


39 – Still blindly pulling anything from internet and the cloud into your code and playing Russian roulette with your deliverables ? Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices


40 – what authority has the US on Israel, the most advanced cyber place on this matter ? one can wonder – U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes


41 – Smartphone are not allowing privacy – Smartphone counterespionage for travelers


42 – Transnational criminal organizations now go through frontshop to hire ethical hackers for their « pentest » teams, while the engagements are fake and goal is get initial access to deploy ransomware – Hacking gang creates fake firm to hire pentesters for ransomware attacks


43 – More focus on security for android (but not on privacy :p ) – Google Buckles Down on Android Enterprise Security


44 – Youtube and the cloud used for cyber attacks, Modus operandi is that threat actor produce a video explaining how to fix a commonly researched issue, and advise to download a tool for the purpose, which tool is actually a virus – Massive campaign uses YouTube to push password-stealing malware


45 – Threat actors move faster than regulations – Evil Corp demands $40 million in new Macaw ransomware attacks – Changing name and accounts quickly to avoid bans, yet still efficiently active


46 – Potential massive supply chain attacks ahead ? Gigabyte Allegedly Hit by AvosLocker Ransomware


47 – An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents – RAT malware spreading in Korea through webhards and torrents


48 – Oupsie, know bunch of military tools that will suffer from this, coming Oct 24th – GPS Daemon (GPSD) Rollover Bug


49 – Prevention, detection and immediate response over cyber threat is critical.
In regards to data protection, governance and privacy, letting a successful ransomware attack succeed is NOT AN OPTION ! Italian celebs’ data exposed in ransomware attack on SIAE


50 – NO CONFIDENTIALITY IN THE CLOUD – October 2021, Microsoft teams only start to consider end to end encryption and offer optional confidentiality, for a small subset of users, not enabled by default, ONLY on one to one calls – Microsoft Teams adds end-to-end encryption for one-to-one calls – Cybersecurity core is CIA (Confidentiality, Integrity, Availability), the cloud NEVER achieve confidentiality, so the cloud can’t be secured, cyber security can’t happen in the cloud.


51 – Certificates are blindly signed by the cloud allowing threat actors to hijack any network traffic they want – Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild


52 – The cloud is putting corporate infrastructure at risk – Threat Actors Abuse Discord to Push Malware


53 – Powershell is the mainly used tool for successful malware attacks and lateral movements – Lyceum Hackers Stealing Credentials Windows By Deploy Keylogger Using PowerShell Scripts & .NET RAT


54 – For threat modeling, to understand adversaries, and learn about compensation measures, MITRE ATT&CK is a gold mine of knowledge – Released: MITRE ATT&CK v10


And that would be it, yes there are huge cloud issues, and no easy fix. Cloud stores so much of our PII and we can’t have it protected, so this is very very bad. Alternatives are not simple, and we know that convenience always wins, so, sharing this, my hope, is that people get more aware, don’t blindly trust the cloud and expect privacy. Meanwhile, we need to look as more privacy focused solution than the public cloud, as it’s not suitable for anything else than public data. Build your security posture, don’t be the next ransomware victim, because cloud or not cloud, you’ll be targeted.

Have a good weekend all !

Loading

vendredi, octobre 22nd, 2021 Technologie Aucun commentaire
Not f'd — you won't find me on Facebook
octobre 2021
L M M J V S D
 123
45678910
11121314151617
18192021222324
25262728293031
 

 
Suivez moi sur twitter - follow me on twitter
 
Follow on LinkedIn
[FSF Associate Member]
 
Free Software, Free Society
VIRTUALISATION :
Compacter une image virtualbox VDI
Bon petit tutoriel esxi
Marche d'appliances vmware
Installer ESXi sur un disque IDE
Installer ESXi 3.5 sur un disque USB
Installer proxmox avec DRBD et migration / réplication à chaud
Installer OSSEC avec VMware
Information sur le VDI
SECURITE - FIREWALL :
Ouvrir des ports dynamiquement iptables - knockd
Autre tres bon tuto knockd
Docs Arp poisoning - Anglais
Metasploit test de pénétration
Zone H - sites piratés en temps réel
Blog invisible things
Tips protection sécurité wordpress
Pfsense - distribution firewall opensource - adsl internet failover
Iproute 2 mini how to - linux advanced routing
ClearOS - la passerelle sécuritaire lan - wan
HAUTE DISPONIBILITE :
CDN - Accélération de la distribution de données
drbd iscsi ocfs2 dm multipath tutoriel
Load balancing LVS
Load balancing opensource list
HA-Proxy :
HAproxy - http load balancer
Simple tutoriel HAproxy
HAproxy - debian tutoriel
Centos - Ip failover
Configuratoin DM-Multipath Redhat
VMware Doubletake - continuité
Quelques liens sur la réplication MySQL : Manuel MySQL, chapitre sur la réplication
Manuel MySQL, Tutoriel clair sur la mise en place
Autre tuto sur la mise en place de la réplication MySQL
Références pour optimisation du serveur MySQL
Utilisation de EXPLAIN mysql pour optimiser vos bases
optimiser vos bases - requetes et index
STOCKAGE RESEAU :
Un outil de clonage disque en reseau
Internet NAS 250Go 250 accès VPN
Server ISCSI avec Ubuntu tuto
ISCSI centos redhat tutoriel
Gérer et étendre un LVM
Créer sa piratebox ! trop cool
Deaddrops, les clés USB dans les murs, aussi cool !
OPTIMISATION WORDPRESS :
Télécharger Xenu
Comment utiliser Xenu
optimisation hébergement wordpress
Super howto wordpress (En)
Test de charge serveur web - Load impact
VPN - ROUTEUR - LAN:
Zeroshell - le mini-routeur wifi tout en un
Retroshare, votre réseau d'échange crypté!
Openvpn sur centos redhat
Intégrer Linux dans active directory
Routage inter-vlan avec Linux
Routage avec OSPF
Network Weathermap
TENDANCES - WEB:
Boutons twitter
Analyser les tendances des recherches Google
Protocole sitemap - robots.txt
Creer des animations CSS3
Code php pour interagir avec twitter
E reputation
Jquery
TRUCS ET ASTUCES GNU/LINUX :
Tuxmachines.org - Actus et tips linux
Configurer GRUB2 et grub2 ici
Panoet - en anglais - tips & tricks
Readylines tips and trick pertinents
Squid Clamav - proxy antivirus
Apprendre Unix en 10 minutes
13 tips sur les expressions régulières
IE Sous linux IES
LDAP 2.4 Quickstart guide
Tutoriel LDAP
Installation annuaire LDAP
Serveur Mail Postfix - Dovecot - LDAP - MDS
Créer un linux personnalisé en ligne - custom linux
Super site sur linux - en
Capistrano - déploiement automatisé
MONITORING :
Nagios tutoriel et doc
Nagios plugin NRPE tuto
Nagios plugin NRPE autre tuto
Nagios plugin NRPE officiel
Zabbix - fonctionnalités
Zabbix - installation
Guide MRTGsys - grapher la charge locale
MRTGsys - ajouter des graphs
MRTGsys - interpréter les données
Shinken - Monitoring
Thruk Monitoring webinterface
Shinken - Tutoriel
Shinken - Référence chez Nicolargo
AUTRES LIENS :
RemixJobs IT jobs
USB Multiboot
Reset mot de passe windows
Java python et autres tips, intéressant !
Forum inforeseau
Open Clipart
Excellent comic en ligne
Inforeseau.fr