Blog Inforeseau.com – GNU Linux, technologie et autres geekeries

Yes we can fix this mess, but do we want to ? That’s another story

Before going to the list of key #cybersecurity event we saw this week, I wanted to quickly speak about solutions. I present all these incidents and news, hoping that people who read, actually understand better the threat landscape and get better prepared.

Today, and for a while, there are technical solutions against all the incidents we see, many many options are available, allowing you to place the right security controls, at the right place, to properly mitigate risks, and mostly remove the impact of incidents.

Yes, you need to spend some money, and yes, you need just a little effort. But in the end, this is way better than being the next one in the news, feeding criminals and transnational criminal organizations with your data, your customers data, your employees data etc.

Yes, backup are absolutely needed, but no, they are not a proper strategy AGAINST ransomwares and breaches. They are just corrective controls, it means, they are in, too late. They are absolutely needed, but in case of data loss etc, can’t help against data theft.

If you know what you do, and you have a good security architecture, you know your inventory, data flows, assets, you’re good. If you don’t know all of this, then, get support from MSSP. I sure work for VARS Corporation, so, I know the tools we use, and I can honestly tell you, they work. We mitigate incidents. There are certainly others, providing similar service levels, so go, find your managed security partner, and get your stuff in order. We can obviously be the one.

We all offer, maturity audit, cyber security audit, gap analysis against a framework (NIST CSF, ISO, CMMC, you name it, mostly sharing the same goal and means anyways), but if you have to take action, for quick win, go for XDR, Email advanced security, dark web monitoring, as starting point. That good old 80 / 20 rule…. FACT, no BS, that the best bang for your bucks to begin with.

An absolute key point to me : Mix the providers, integrated solutions, but different tools, it’s almost digital suicide to rely on a single tool provider. A huge SPOF (single point of failure), you must apply the basics, which is overlapping security controls, and these, from different vendors. Because when vendor 1 backend is hacked (like solarwinds, or azure, or mostly all of them), you need to have a trigger from vendor 2 solution.

This week in 74 points, which I think is the worst (biggest) amount of news I did since I started this newsletter :

1 – NIST comes with some ransomware guidance, always good to have a baseline – NIST Issues Cybersecurity Framework for Ransomware Risk Management

---

2 – Not like if you haven’t been warned, real leak, or cover to allow what would normally be illegal data use – Clubhouse leaked data trove including phone numbers isn’t as bad as it sounds (don’t worry, nahhh)

---

3 – Astonishing that people still blindly trust tech and Internet ! Bitcoin.org hackers steal $17,000 in ‘double your cash’ scam

---

4 – Got to love the #clowd and big tech abuses – When the FBI seizes your messages from Big Tech, you may not know it for years

---

5 – OT / industrial cyber risk is tricky. Ask questions about probabilities like we did 10 years ago and you get answers that just don’t work well – Mark Fabro, President & Chief Security Scientist at Lofty Perch joins the podcast to look at the modern way to model risk

---

6 – New Android malware, a lot of them lately, don’t blindly trust applications – New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

---

7 – You can not trust technology – Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency

---

8 – DMARC, SPF, DKIM, all help to avoid domain impersonation – How Does DMARC Prevent Phishing?

---

9 – Everything is infected, do you have the proper tools to detect and respond to cyber threats ? A New Jupyter Malware Version is Being Distributed via MSI Installers

---

10 – Organizations don’t chose to go multi-cloud most of the time, they fail on multiple cloud and end up in nightmare situations – How to avoid the pitfalls of multi-cloud strategy deployment

---

11 – The cloud is addicted to leaks, so it postpone the suppression of unsafe protocols for a year – Microsoft will disable Basic Auth in Exchange Online in October 2022 ( I know I blame the cloud once again)

---

12 – Good to see an article about SIEM/SOC and the evolution of the SIEM toward modern environment – Next Generation SIEM/SOC: Formula 1 vs. Rally

---

13 – You are a target (yes, anyone, and you) – New malware steals Steam, Epic Games Store, and EA Origin accounts

---

14 – You are hacked, do you even see it ? Russian Turla APT Group Deploying New Backdoor on Targeted Systems

---

15 – I’m sure your MSSP provider reminded you how critical it is to have XDR protection on your domain controllers as well – Microsoft Warns of ‘FoggyWeb’ Malware Targeting AD FS Servers

---

16 – Connected cars will get you killed remotely – Yes, Car Hacking Is a Reality. Here’s How Can You Protect Your Fleet

---

17 – Crimecoins – Ethereum dev admits to helping North Korea evade crypto sanctions

---

18 – This was an absolutely unexpected stat ! Women, Minorities Are Hacked More Than Others

---

19 – It’s Qnap patch time ! QNAP fixes critical bugs in QVR video surveillance solution

---

20 – Why the cloud is exploding your costs and killing your business, and how you should carefully take load out of the dangerous cloud – Cloud Computing Like a Day in a Chocolate Factory for IT Managers

---

21 – Malware analysis, Blacktech in Japan is active at least ince 2018 – Malware Gh0stTimes used by attack group BlackTech

---

22 – Jealous of the cloud rip off performance, Veeam decided to follow the ransomware gang by taking a lot more money from the dumb customers – Socket to me: Veeam instance license confusion

---

23 – Privacy focused video conferencing solution – What started as a small video conferencing service for friends and family, my friend Mitchell Cohen, continued to grow and build a great product

---

24 – Good job, some less scammers in the place ! Ukraine takes down call centers behind cryptocurrency investor scams

---

25 – This is very cool ! Some good stuff for exchange servers – New Microsoft Exchange service mitigates high-risk bugs automatically (hoping they don’t break everything to push you to cloud…)

---

26 – Don’t fall for the scam ! Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

---

27 – Nice tool, for both offensive and defensive work ! TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript

---

28 – Tuesday, auth0 had 2 regions down, US-1 and EU, which did lead some customers and users not able to login

---

29 – An interesting document from CISA and NSA about picking the proper VPN for your remote needs – Selecting and Hardening Remote Access VPN Solutions

---

30 – What could possibly go wrong – Master Lock Introduces New Bluetooth ProSeries Padlocks – Wireless is weak !

---

31 – When threat actors sells surveillance kits to law enforcement and apply full obfuscation – SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

---

32 – Cloud glitched Wednesday ! Twitter web client outage forced users to log out, blocks logins

---

33 – Cloudy days this week, auth0, twitter, O365, did sound a lot of coincidence to me – Microsoft 365 MFA outage locks users out of their accounts

---

34 – Was Atlassian patch time – Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

---

35 – October is the Cyber Security month, and this sponsored article bring some hints and tools to fulfill what you can do during this time ! Essential Toolkit for National Cyber Security Awareness Month

---

36 – One may wonder why would Facebook care about app privacy ? Obvious, data is Facebook value, while there is no issue for them to take data, there is no way they’ll let anyone mine theirs – Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

---

37 – Lesson is : when attackers gets in, you lost, it’s too late – Trucking giant Forward Air reports ransomware data breach

---

38 – Great reading, understand that as soon as you outsource, you are hacked – Cyberspace, Cybergames, and Cyberspies

---

39 – You understand that internet is a battlefield, the team behind solarwinds hack is still out there, actively hacking – New Tomiris backdoor likely developed by SolarWinds hackers

---

40 – It’s not new, been on incident response and they wiped the NAS and other backups, but they automated now, especially destroying VEEAM backups – Conti Ransomware Expands Ability to Blow Up Backups

---

41 – Lovely, the cloud ruined your life. So much for « play protect » BS, and others « just use the official store it’s safe » – New Android malware steals millions after infecting 10M phones

---

42 – Reminder : cloud=leak – Apple iCloud Private Relay Service Glitch Exposes Users’ Real IP Addresses

---

43 – Fun thing to see all this big tech with AI, ML, security center and all, and yet, threat actors do business as usual – Threat Actors smarter than you and big tech Weaponize Telegram Bots to Compromise PayPal Accounts

---

44 – Some accurate advice here rather than in the article :
1 – duct tape against the leaks
2 – hope it will only happen to others
3 – no duck given, it’s not our data anyways
3 Security Initiatives AWS’s New CEO Should Prioritize

---

45 – Big move here, more and more, big player buy their #cybersecurity company as it seems the market is growing – Akamai acquires Guardicore to expand its zero trust security portfolio

---

46 – You are hacked, you just don’t know it yet – New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

---

47 – Due diligence is the process where you assess that the scoped area is actually matching your requirements, and allows to validate a possible integration or state of things – New CyCognito Report Reveals Subsidiaries are Global Enterprise Achilles Heel; Increasing Attack Surface and Exposure Drawing in Attackers

---

48 – Implementation flaws and API, the usual recipe for disaster – Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

---

49 – Dangerous to be a #cybersecurity CEO with « suspicions of high treason » because of sharing threat intelligence – Russia arrests cybersecurity firm CEO after raiding offices

---

50 – Microsoft will raise the price of O365 by 25% next year, because now they hold you by the … data, so you just shut up and pay.

---

51 – Somehow there are losers in the cloud world domination game – How IBM lost the cloud

---

52 – Interesting statistics about ransomware threat actors. Who they are and their market share – The Top Ransomware Threats Aren’t Who You Think

---

53 – We know wireless is weak, and in this case, same as the cloud, we got huge implementation failure – Thousands of University Wi-Fi Networks Expose Log-In Credentials

---

54 – Just a reminder, stealing from :
– Steam
– Epic Games Store
– EA Origin
Stealing :
– Cookies
– Passwords
– Bank cards

BloodyStealer Malware Steals Cookies, Passwords, Bank Cards From Gamers Browser

---

55 – Nice self assessment tool – ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage

---

56 – This, AND, knowing the cloud leaked all biometric data it ever collected, this is clearly not a good option – How much trust should we place in the security of biometric data?

---

57 – Smartphone for payments is an absolute joke – Apple Pay with VISA lets hackers force payments on locked iPhones

---

58 – Wireless is weak – Apple AirTag Zero-Day Weaponizes Trackers – Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS

---

59 – An interesting take about identity consolidation in the cloud – The Need For Identity Consolidation In The Cloud – In an obvious initial approach, goal is to consolidate and bring relevant views of different events across platforms. An evolution of the SSO (single sign on).
On my side, it triggers a question of who decide what proves we are who we are. It’s totally fine for an organization to consider as many non invasive solution to achieve this goal.
It’s a whole other question when it comes to defining our identity in society.

---

60 – The cloud is as blind as its customers !!! New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

---

61 – If you don’t care about privacy and use chrome, then it’s patch time for you – Google Emergency Update Fixes Two Chrome Zero Days

---

62 – How has this even been deployed without proper shielding ?! – Military’s RFID Tracking of Guns May Endanger Troops

---

63 – Reaching the ransomware infection is NOT an option. You must have proper defenses in place – RansomEXX ransomware Linux encryptor may damage victims’ files

---

64 – it’s #QNAP patch time again ! QNAP fixes bug that let attackers run malicious commands remotely

---

65 – Big or small doesn’t matter, threat actors will go for every targets ! JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data

---

66 – Do not fall for the scam ! You’d get hacked – Fake Amnesty International Pegasus scanner used to infect Windows

---

67 – Rootkit is back on stage lately – GhostEmperor hackers use new Windows 10 rootkit in attacks

---

68 – Digital transformation killed data governance, we totally lost control – Content sprawl is increasing the risk of data breaches and leaks

---

69 – When the cloud industry starts to feel the heat, they try to throw some rocks at gov, without cleaning anything in front of their door – Trusted Cloud Principles (lol, we are in the zero trust era due to you cloud, lol again)

---

70 – The cloud, continuous implementation failure ! Because the cloud is failure by design ! Criminal Hackers rob thousands of Coinbase customers using MFA flaw

---

71 – Technology is under attack, I don’t think people stand a chance sadly – Flubot Android malware now spreads via fake security updates

---

72 – Can you keep up ? New APT ChamelGang Targets Russian Energy, Aviation Orgs

---

73 – Don’t blindly pull apk android software from the cloud and internet cesspool – Hydra malware targets customers of Germany’s second largest bank

---

74 – At least someone looking at this ! Let’s hope the solution won’t be « let’s throw this is the clowd » ! The FCC proposes rules to fight SIM swap and port-out fraud

---

What a CRAZY week in the news !

Have a great week end all, as usual, zero BS cyber security.