Cyber Security
5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber
Yes, someone smart thought that it was a good idea to put the 5G management platform in the cloud, so we are making is super easy for foreign actors, already targeting the big cloud players, to fully disrupt the country communication capabilities, just by taking down one infrastructure.
It seems that common sense jumped from the boat a while ago, where the shiny goal of integral communication spying made them forget the first goal of communication infrastructure, ensuring resilience and coordination in case of incident.
When the cloud fall, you won’t be able to call for support, because phone networks will fall with it. My 2 cents.
Side note, don’t forget to follow VARS Corporation as well, I do share some intelligence on it, along with the team, …. yes half of the posts in French, but hey, don’t you enjoy my french accent ?!
Another note, I had my first TV News apparition this week, in Quebec, in French, and that was cool ! Alex on TV looks like this (oh boy, I was stressed ) :
Now, this week in 63 points, for you to remain aware as usual :
1 – James W from the FBI shared a great list for you to opt out from people tracking search engines ! Fast And The Furious: Opting Out Of People Search Engines, Privacy And Digital Exhaust
2 – There is a festival of infected NPM repos lately ! Malware Discovered in Popular NPM Package, ua-parser-js
3 – Skimmer injected on the site and more than 32k persons impacted- SCUF Gaming store hacked; Customer data exposed
4 – Do not take the data if you can’t protect it, like the cloud pretty much – Criminal Hacker sells the data for millions of Moscow drivers for $800
5 – When you go on youporn using private browsing, your ISP sees it all, and does resell all this info to whoever is willing to pay for it – FTC: ISPs collect and monetize far more user data than you’d think
6 – Hacked criminal hackers ! Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline , but, soon after, the group claimed it was only a small part of the « sub contractors »…
7 – Cyber conflict being more politic it seems. Their main goal was money, some in there were state sponsored spying, but now a call to action against the US. We’ll see, not sure there is any real coordination between challengers in crime. Groove ransomware calls on all extortion gangs to attack US interests
8 – CISCO patch time – Cisco SD-WAN Security Bug Allows Root Code Execution
9 – The power of the cloud, 24/7 spying. And yet people pay to place 24/7 spying devices, bugging their homes themselves. I found an Amazon folder with thousands of audio recordings from my home gadgets
10 – Interesting review of previous incident, most likely caused by nature, but, showing the potential impact of the same failure triggered by a cyber attack. When Cyber Mimics Nature – How Cyber Attacks Can Cause Global Environmental Catastrophes.
11 – Never pay ransom, don’t finance crime, and report to law enforcement, they might have a decryptor, so do it right – BlackMatter ransomware victims quietly helped using secret decryptor
12 – The cloud will be destroyed, I hope your DRP (disaster recovery plan), and risk register have considered this. SolarWinds hackers are going after cloud, managed and IT service providers.
13 – It’s discourse patch time ! CISA urges admins to patch critical Discourse code execution bug.
14 – How do you reduce your attack surface ? Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
15 – You are hacked, I’m hacked, question is, how much of you was on this device ? NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia
16 – AI is also powering madness – Despite spending millions on bot mitigation, 64% of organizations lost revenue due to bot attacks
17 – The truth comes out, as often in the big tech world, deception is king, abuses and betrayals, in an unlimited rush toward money. Explainer: What are the Facebook Papers?
18 – The ICT and industrial security podcast interestingly start to speak about patching automation. Automating vulnerability handling – a promising new standard: CSAF | Episode 70
19 – You can’t play with your security posture ! It goes bad. CONTI now positionnned as client access service broker ! Encrypting, stealing, and selling access to your network !
20 – In your browser, the more add-on you install, the bigger your supply chain is, and the bigger your attack surface is. Mozilla blocks malicious add-ons installed by 455K Firefox users
21 – Don’t fall for the scam ! FOMO (fear of missing out) will get you hacked or trapped – Millions of Android users targeted in subscription fraud campaign
22 – Australia, what are you doing ?!! Australia drafts Online Privacy Bill to bolster data security – Sounds right, except they scoped applicability to almost nothing !
23 – We should assume anyway nowadays that the network is no longer the perimeter, at least the wireless network, and security must be embedded in endpoint from an enterprise standpoint – Wardrivers Can Still Easily Crack 70% of WiFi Passwords
24 – No attacker said ever « this is out of scope » – Gas Stations in Iran Downed by Cyberattack
25 – EMOTET reborn as Squirrelwaffle – Spammers use Squirrelwaffle malware to drop Cobalt Strike – I remember by then using Squirrelmail webmail, it was so quite, but here, despite a terrific breakfast stealer name, squirrelwaffle doesn’t taste very good !
26 – Threat actors are really focusing on cloud providers and IT service providers – Lazarus Attackers Turn to the IT Supply Chain
27 – Patch management of your WordPress site and plugins is critical – Brutal WordPress plugin bug allows subscribers to wipe sites
28 – One less, already something. Other marketplaces will certainly see a surge in traffic – DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation
29 – US federal investigators today raided the Fla. offices of PAX Technology, a Chinese provider of point-of-sale devices – Front shop takedown. Know your enemies.
30 – Turn off connectivity if you don’t need it ! Protect your device from both security and privacy standpoint – Tracking Mobile Devices by Analyzing Bluetooth Transmissions
31 – Always verify and then trust, each time – Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
32 – Will your security controls be effective against such attacks ? FBI: Ranzy Locker ransomware hit at least 30 US companies this year
33 – Never properly understood, the cloud shared responsibility model is still an issue leading to major cloud abuses and privacy issues – Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
34 – Aside of following me on linkedin : « Top 13 Can’t-Miss Cybersecurity Awareness Tips«
35 – Security posture must be adjusted to your threats. You must have MFA everywhere, and using authenticator apps will be good for you. Twitter employees required to use security keys after 2020 hack.
36 – it’s apple patch time again ! (if you haven’t already) – Apple Patches Critical iOS Bugs; One Under Attack
37 – Babuk decryption key available – Babuk ransomware decryptor released to recover files for free
38 – Supply chain risk management at country level is tricky. Especially when most of your products are made in China – US bans China Telecom Americas over national security risks
39 – it’s an NPM supply chain infection festival lately ! Malicious NPM libraries install ransomware, password stealer
40 – Highly regulated, the specifics of this verticals raise interesting challenges – SECURITY INTELLIGENCE REPORT – CISO Point of View : Analysis of Storage & Backup Security in the Financial Services & Banking Sector
41 – Another decryptor available ! Free decryptor released for Atom Silo and LockFile ransomware
42 – it’s adobe patch time once again – Adobe’s Surprise Security Bulletin Dominated by Critical Patches
43 – The so called « grief » ransomware group published some sample content of claimed to be internal NRA files – Russian Ransomware Gang Claims to Have Hacked the NRA
44 – Well put about how to handle ransomware situation – You’ve Just Been Ransomed … Now What?
45 – The cloud is infected and this new threat comes with official apps ! New AbstractEmu malware roots Android devices, evades detection – Comes from the so protected playprotect supposedly cloud protected stuff.
46 – The cloud is infected and it poisons Internet, or vice versa, anyhow, you can’t trust anything you see online without due diligence first – Ransomware gangs use SEO poisoning to infect visitors
47 – A free pass to COVID ? sounds exciting no ? EU investigating leak of private key used to forge Covid passes
48 – but, but, but, butt cloud leaked again ! PII feist ! Sensitive data of 400,000 German students exposed by API flaw
49 – Undetected so far, in memory malware, talking with C2C and loading needed remote modules – New Wslink Malware Loader Runs as a Server and Executes Modules in Memory
50 – Algorithms are not the only problem of social media, people are a big one too – Facebook Removed The News Feed Algorithm In An Experiment. Then It Gave Up (now weirdly called Meta)
51 – spyware patch time – Emergency Google Chrome update fixes zero-days used in attacks
52 – Nothing new, everything connected is a target – All Sectors Are Now Prey as Cyber Threats Expand Targeting
53 – A first step toward security by design – Top Hardware Weaknesses List Debuts
54 – Privileges escalation, means that this can only be exploited after the initial access phase – All Windows versions impacted by new LPE zero-day vulnerability
55 – Very interesting, Amazon seems to reach a limit and benefits are collapsing. Unexpected – Amazon delivers big earnings miss, Jassy warns Q4 will bring ‘several billion dollars of additional costs’
56 – connected=hacked – Critical Polygon Blockchain Vulnerability Could Allow Withdrawing Huge Amounts
57 – The less apps you install, the smaller the attack surface, the safer you are – Android spyware spreading as antivirus software in Japan
58 – Yet another WordPress plugin vulnerability – WordPress plugin bug impacts 1M sites, allows malicious redirects
59 – Microsoft decided to eliminate all challengers on any field by taking 100% control over any features requiring third party – Microsoft: Windows web content filtering now generally available
60 – Cloud dependency is awful – Google Chromebooks failing to enroll due to network issue
61 – Moving toward cloud systems – Hive ransomware now encrypts Linux and FreeBSD systems
62 – Use the details of this article as threat intelligence and understand how crime operates – Police arrest hackers behind over 1,800 ransomware attacks
63 – Season scams are always around – What’s the Phishing Scam Equivalent of Your Favorite Halloween Costume?
BTW, I always link to LinkedIn article shares, because I usually add a lot of complementary links in comments allowing to get better coverage.
That would be about it ! Have a good weekend all !
From a broken TLS CA, to Facebook, to FIN12 hit and run
Yet another crazy week in cyber, which makes me wonder if there is any quiet week anymore, and, as a lot spoke about mental health as well, how long do you think a human can take all of this ?
Meanwhile, I’m still motivated to do good, and while ransomware gangs make millions every month, we try to get a couple of bucks from people so as we can help secure them (not asking for money, just tough to get organization to spend just enough to protect themselves).
But I’m telling you, this won’t last, ransomware projections are so huge, that we’ll come to a point where, sorry, we don’t take new customers. Scarcity, is where we’re heading, and I’m telling you, find your cyber security partner NOW, because we, skilled humans in this field, are in very limited supply. The illusion of the market may make you think you have choice, but there is a fun fact in the back end, A sells the skills of B, which sells the skills of C, which rely on A for any overflow…… do you see it coming ?
Meanwhile, Monica and myself are going to share some insights on our CISO experience, hopefully a series to start in November, and well scheduled (according to her, she likes when things are organized, and it’s good !), and pretty fun (according to me, and her actually, we agree on this)…. (wait, did I mean we don’t agree on everything ? )…. (seems I’m talking to myself now…. ok, let’s move on).
Edit : Monica said that I should say that the audience will have an AWESOME opportunity not only to ask ya questions for this episode but ALSO TO SHAPE OUR NEXT EPISODES and what challenges we address (that’s what she said :P )
This week as well, did record a 6 min LinkedIn podcast with Mani Keerthi which actually turned to be very relevant in a pretty short time ! Thanks Mani ! :)
And now, finally, this week in 56 points :
1 – Letsencrypt updated their CA (certificate authority) and it went bad for a lot of stuffs – Let’s Encrypt’s root certificate has expired and stuff is breaking all over the place
2 – Surprise, yet another massive leak – US retailer Neiman Marcus confirms Data breach – Just 4.6 Millions customers data
3 – You first need to have proper security posture, otherwise, nothing will help you – US unites 30 countries to disrupt global ransomware attacks
4 – I fixed the issue by dropping any phone call. Only accepting known persons over encrypted channels – FCC orders phone carriers to enforce unlawful robocall blocking
5 – Hacked down to hardware – Flaw in AMD Platform Security Processor Affects Millions of Computers
6 – Cryptoland never cease to amaze me – Crypto platform mistakenly gives $90M to users, asks for refund
7 – Just a reminder, building your security posture, assessing the potential impact and placing proper security controls to mitigate the risk is not optional, unless you absolutely don’t care – Sandhills online machinery markets shut down by ransomware attack
8 – That’s hacking ! The power of technical creativity ! Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems
9 – Clowd style leak ! Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
10 – Like it or not, patch management is critical – New Atom Silo ransomware targets vulnerable Confluence servers
11 – Good work Europol, some less criminals – Ransomware operators behind hundreds of attacks arrested in Ukraine (doesn’t calm down anyhow, but that’s already something ! )
12 – Learn why privacy and data protection is important (aside of Pandora papers ) – Transnational fraud ring stole millions from Army members, veterans
13 – Quite an interesting take on this one, after all we are in a continuously evolving environment, seeing rising threats, and regulation playing ketchup – Regulations & Ransomware: A Quick Overview
14 – Facebook offline day ! Great for humans mental health, on this linkedin post, I covered, including comment, the whole story, with other, pointing to the BGP error , but we all know the truth : The home router of Mark got powered off as his cat stepped on it, and poof ! Facebook Blames Outage on Faulty Router Configuration
15 – Just don’t SMS, anything you type on it, is being reviewed by thousands of people, indexed, reshared and all – Company That Routes Billions of Text Messages Quietly Says It Was Hacked
16 – Android patch time ! Android October patch fixes three critical bugs, 41 flaws in total
17 – You are hacked ! UEFI (aka BIOS) hacked since 2012 – New UEFI bootkit used to backdoor Windows devices since 2012
18 – Not even out for a day, already broke network support for widely used Intel network/wifi cards – Microsoft confirms Windows 11 issues with VirtualBox, Intel Killer
19 – Do you have accounts without MFA ? unacceptable – Large ransom demands and password-guessing attacks escalate
20 – Almost forgot ! I was on 123CMMC with the awesome Dana Mantilia ! We had a great episode on here :
21 – it’s apache web server patch time ! Apache fixes actively exploited zero-day vulnerability, patch now
22 – It smells a lot like….clowd ! The Telegraph exposes 10 TB database with subscriber info
23 – Root cause is credentials guessing or Brut force, so don’t expose your management networks and have decent governance – Ransomware gang encrypts VMware ESXi servers with Python script
24 – Very positive outcome, some souls got saved from evil thanks to this failure – Facebook outage leads to massive user exodus to Telegram, Signal
25 – You should already know this but a reminder – 3 Ways the Government Can Track Your Phone
26 – Don’t forget, private browsing still allows your Internet Service Provider to see everything you do. Private browsing only protects you if someone looks at your browsing history. Firefox improves advertising tracker blocking in private browsing
27 – Take this as an example ! YOU must do it too on all your accounts – Google to turn on 2-factor authentication by default for 150 million users
28 – Good move, especially that investing less than the payment made to criminals is enough to build your whole security posture and strongly reduce the likelihood of such incident and totally squeeze the potential impact – Ransom Disclosure Act would give victims 48 hours to report payments
29 – Adam will never find a job in IT ever again – Fired IT admin revenge-hacks school by wiping data, changing passwords
30 – The Internet of threats (IoT) and the Industrial Internet of Threats (IIoT), must be sandboxed and protected behind layered defense and zero trust network access control – Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers
31 – Fact is, you need MFA at the very least, and, you should think security architecture with additional controls, such as « geo fencing », and more, capabilities depending. ATO (account take over) attacks increased 307% between 2019 and 2021
32 – The cloud leaks again, I think there might be a medication for this, I mean it can’t hold anything, anything it eats just is spread around…. looks like the cloud is sick to me. The entirety of Twitch has reportedly been leaked, Source codes and user payouts among the data released in a 128GB torrent
33 – All these connected crap will get you killed ! STOP connecting everything, this is absolute non sense ! Medtronic urgently recalls insulin pump controllers over hacking concerns
34 – The cloud is a tool, powerful, sensitive and dangerous, that criminals masters ! Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms
35 – Backups are only a corrective measure, it means, it’s the ultimate resource you should nod need for recovery – CISO Point Of View ‘Mashup’: The Importance of Securing Storage & Backup
36 – You are hacked, you just don’t know it yet ! This malware is active since 2018 ! Criminal Hackers use stealthy ShellClient malware on aerospace, telco firms
37 – Good move, but, now that Pandora box is open, I’m afraid it’s too late – European Parliament calls for ban on AI-powered mass surveillance
38 – Challenging times ahead. We know compliance doesn’t equal security, but, self regulation has proven to be ineffective – New Regulations Are Coming — Get a Handle on Your App Portfolio
39 – There is no such thing as free lunch ! Firefox now shows ads as sponsored address bar suggestions
40 – Diversity is critical to ensure resilience. Monoculture is lethal everywhere – Netherlands orders Apple to offer more App Store payment methods
41 – No comment – Microsoft fixes bug blocking Azure Virtual Desktops security updates
42 – How do you like your Yamale ? Some like it hot, hot yamale ! Snake yamale ! Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects
43 – Full unauthenticated remote access, anybody can watch your b…eer – Unpatched Dahua cams vulnerable to unauthenticated remote access
44 – A good reading about pentest on your (not actually yours, but ok) AWS stack – Penetration Testing Your AWS Environment – A CTO’s Guide
45 – If you self host an onionshare instance, make sure you patch – Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform
46 – Good move, no longer have to guess editor’s website, find terms and conditions and discover how to unsubscribe – Apple now requires all apps to make it easy for users to delete their accounts
47 – I don’t take calls anymore except through encrypted channels – Fraudulent robocalls to cost consumers $40 billion in 2022
48 – Cut the BS and do it right or don’t do it ! U.S. govt to sue contractors who hide breach incidents
49 – A good reading about these ICS affected by vulnerabilities – Four Critical Vulnerabilities Discovered in Bosch Rexroth WEB Interfaces
50 – An apache patch patching the patched apache as it didn’t patch patchingly ! Apache emergency update fixes incomplete patch for exploited bug
51 – Automated detection and response is mandatory ! No time, the only time you have is the time to be encrypted ! FIN12 hits healthcare with quick and focused ransomware attacks
52 – How would your organization detect and respond to such incident ?
What is your RPO ? Recovery Point Objective define how much data you’ll lose between last valid and tested backup, and restore time.
What is your RTO ? Recovery Time Objective defines how long it will take for you to recover – Engineering giant Weir Group hit by ransomware attack
53 – Attribution is always a tricky game. Proxy, fork anyone ? But for sure, it’s easier to have visibility when you collect telemetry (backdoor) from most of the computers in the world ;) Microsoft: Russian state hackers behind 53% of attacks on US govt agencies
54 – hard coded credentials + cloud is a recipe for disaster :) leak accelerator :) BrewDog exposed data for over 200,000 shareholders and customers
55 – Rootkit active for 18 months, just spotted now – Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems
56 – All your eggs in the same basket ! Monoculture and Market Share: The State of Communications
and Collaboration Software in the US Government
And that’s about it for this week, good enough I guess !
Have a good weekend all ! See you on here hopefully next week !
Alexandre Blanc Cyber Security
Yes we can fix this mess, but do we want to ? That’s another story
Before going to the list of key #cybersecurity event we saw this week, I wanted to quickly speak about solutions. I present all these incidents and news, hoping that people who read, actually understand better the threat landscape and get better prepared.
Today, and for a while, there are technical solutions against all the incidents we see, many many options are available, allowing you to place the right security controls, at the right place, to properly mitigate risks, and mostly remove the impact of incidents.
Yes, you need to spend some money, and yes, you need just a little effort. But in the end, this is way better than being the next one in the news, feeding criminals and transnational criminal organizations with your data, your customers data, your employees data etc.
Yes, backup are absolutely needed, but no, they are not a proper strategy AGAINST ransomwares and breaches. They are just corrective controls, it means, they are in, too late. They are absolutely needed, but in case of data loss etc, can’t help against data theft.
If you know what you do, and you have a good security architecture, you know your inventory, data flows, assets, you’re good. If you don’t know all of this, then, get support from MSSP. I sure work for VARS Corporation, so, I know the tools we use, and I can honestly tell you, they work. We mitigate incidents. There are certainly others, providing similar service levels, so go, find your managed security partner, and get your stuff in order. We can obviously be the one.
We all offer, maturity audit, cyber security audit, gap analysis against a framework (NIST CSF, ISO, CMMC, you name it, mostly sharing the same goal and means anyways), but if you have to take action, for quick win, go for XDR, Email advanced security, dark web monitoring, as starting point. That good old 80 / 20 rule…. FACT, no BS, that the best bang for your bucks to begin with.
An absolute key point to me : Mix the providers, integrated solutions, but different tools, it’s almost digital suicide to rely on a single tool provider. A huge SPOF (single point of failure), you must apply the basics, which is overlapping security controls, and these, from different vendors. Because when vendor 1 backend is hacked (like solarwinds, or azure, or mostly all of them), you need to have a trigger from vendor 2 solution.
This week in 74 points, which I think is the worst (biggest) amount of news I did since I started this newsletter :
1 – NIST comes with some ransomware guidance, always good to have a baseline – NIST Issues Cybersecurity Framework for Ransomware Risk Management
2 – Not like if you haven’t been warned, real leak, or cover to allow what would normally be illegal data use – Clubhouse leaked data trove including phone numbers isn’t as bad as it sounds (don’t worry, nahhh)
3 – Astonishing that people still blindly trust tech and Internet ! Bitcoin.org hackers steal $17,000 in ‘double your cash’ scam
4 – Got to love the #clowd and big tech abuses – When the FBI seizes your messages from Big Tech, you may not know it for years
5 – OT / industrial cyber risk is tricky. Ask questions about probabilities like we did 10 years ago and you get answers that just don’t work well – Mark Fabro, President & Chief Security Scientist at Lofty Perch joins the podcast to look at the modern way to model risk
6 – New Android malware, a lot of them lately, don’t blindly trust applications – New Android Malware Steals Financial Data from 378 Banking and Wallet Apps
7 – You can not trust technology – Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency
8 – DMARC, SPF, DKIM, all help to avoid domain impersonation – How Does DMARC Prevent Phishing?
9 – Everything is infected, do you have the proper tools to detect and respond to cyber threats ? A New Jupyter Malware Version is Being Distributed via MSI Installers
10 – Organizations don’t chose to go multi-cloud most of the time, they fail on multiple cloud and end up in nightmare situations – How to avoid the pitfalls of multi-cloud strategy deployment
11 – The cloud is addicted to leaks, so it postpone the suppression of unsafe protocols for a year – Microsoft will disable Basic Auth in Exchange Online in October 2022 ( I know I blame the cloud once again)
12 – Good to see an article about SIEM/SOC and the evolution of the SIEM toward modern environment – Next Generation SIEM/SOC: Formula 1 vs. Rally
13 – You are a target (yes, anyone, and you) – New malware steals Steam, Epic Games Store, and EA Origin accounts
14 – You are hacked, do you even see it ? Russian Turla APT Group Deploying New Backdoor on Targeted Systems
15 – I’m sure your MSSP provider reminded you how critical it is to have XDR protection on your domain controllers as well – Microsoft Warns of ‘FoggyWeb’ Malware Targeting AD FS Servers
16 – Connected cars will get you killed remotely – Yes, Car Hacking Is a Reality. Here’s How Can You Protect Your Fleet
17 – Crimecoins – Ethereum dev admits to helping North Korea evade crypto sanctions
18 – This was an absolutely unexpected stat ! Women, Minorities Are Hacked More Than Others
19 – It’s Qnap patch time ! QNAP fixes critical bugs in QVR video surveillance solution
20 – Why the cloud is exploding your costs and killing your business, and how you should carefully take load out of the dangerous cloud – Cloud Computing Like a Day in a Chocolate Factory for IT Managers
21 – Malware analysis, Blacktech in Japan is active at least ince 2018 – Malware Gh0stTimes used by attack group BlackTech
22 – Jealous of the cloud rip off performance, Veeam decided to follow the ransomware gang by taking a lot more money from the dumb customers – Socket to me: Veeam instance license confusion
23 – Privacy focused video conferencing solution – What started as a small video conferencing service for friends and family, my friend Mitchell Cohen, continued to grow and build a great product
24 – Good job, some less scammers in the place ! Ukraine takes down call centers behind cryptocurrency investor scams
25 – This is very cool ! Some good stuff for exchange servers – New Microsoft Exchange service mitigates high-risk bugs automatically (hoping they don’t break everything to push you to cloud…)
26 – Don’t fall for the scam ! Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
27 – Nice tool, for both offensive and defensive work ! TruffleHog – Now a Browser Extension That Detects Secret Keys In JavaScript
28 – Tuesday, auth0 had 2 regions down, US-1 and EU, which did lead some customers and users not able to login
29 – An interesting document from CISA and NSA about picking the proper VPN for your remote needs – Selecting and Hardening Remote Access VPN Solutions
30 – What could possibly go wrong – Master Lock Introduces New Bluetooth ProSeries Padlocks – Wireless is weak !
31 – When threat actors sells surveillance kits to law enforcement and apply full obfuscation – SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
32 – Cloud glitched Wednesday ! Twitter web client outage forced users to log out, blocks logins
33 – Cloudy days this week, auth0, twitter, O365, did sound a lot of coincidence to me – Microsoft 365 MFA outage locks users out of their accounts
34 – Was Atlassian patch time – Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
35 – October is the Cyber Security month, and this sponsored article bring some hints and tools to fulfill what you can do during this time ! Essential Toolkit for National Cyber Security Awareness Month
36 – One may wonder why would Facebook care about app privacy ? Obvious, data is Facebook value, while there is no issue for them to take data, there is no way they’ll let anyone mine theirs – Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps
37 – Lesson is : when attackers gets in, you lost, it’s too late – Trucking giant Forward Air reports ransomware data breach
38 – Great reading, understand that as soon as you outsource, you are hacked – Cyberspace, Cybergames, and Cyberspies
39 – You understand that internet is a battlefield, the team behind solarwinds hack is still out there, actively hacking – New Tomiris backdoor likely developed by SolarWinds hackers
40 – It’s not new, been on incident response and they wiped the NAS and other backups, but they automated now, especially destroying VEEAM backups – Conti Ransomware Expands Ability to Blow Up Backups
41 – Lovely, the cloud ruined your life. So much for « play protect » BS, and others « just use the official store it’s safe » – New Android malware steals millions after infecting 10M phones
42 – Reminder : cloud=leak – Apple iCloud Private Relay Service Glitch Exposes Users’ Real IP Addresses
43 – Fun thing to see all this big tech with AI, ML, security center and all, and yet, threat actors do business as usual – Threat Actors smarter than you and big tech Weaponize Telegram Bots to Compromise PayPal Accounts
44 – Some accurate advice here rather than in the article :
1 – duct tape against the leaks
2 – hope it will only happen to others
3 – no duck given, it’s not our data anyways
3 Security Initiatives AWS’s New CEO Should Prioritize
45 – Big move here, more and more, big player buy their #cybersecurity company as it seems the market is growing – Akamai acquires Guardicore to expand its zero trust security portfolio
46 – You are hacked, you just don’t know it yet – New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit
47 – Due diligence is the process where you assess that the scoped area is actually matching your requirements, and allows to validate a possible integration or state of things – New CyCognito Report Reveals Subsidiaries are Global Enterprise Achilles Heel; Increasing Attack Surface and Exposure Drawing in Attackers
48 – Implementation flaws and API, the usual recipe for disaster – Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data
49 – Dangerous to be a #cybersecurity CEO with « suspicions of high treason » because of sharing threat intelligence – Russia arrests cybersecurity firm CEO after raiding offices
50 – Microsoft will raise the price of O365 by 25% next year, because now they hold you by the … data, so you just shut up and pay.
51 – Somehow there are losers in the cloud world domination game – How IBM lost the cloud
52 – Interesting statistics about ransomware threat actors. Who they are and their market share – The Top Ransomware Threats Aren’t Who You Think
53 – We know wireless is weak, and in this case, same as the cloud, we got huge implementation failure – Thousands of University Wi-Fi Networks Expose Log-In Credentials
54 – Just a reminder, stealing from :
– Steam
– Epic Games Store
– EA Origin
Stealing :
– Cookies
– Passwords
– Bank cards
BloodyStealer Malware Steals Cookies, Passwords, Bank Cards From Gamers Browser
55 – Nice self assessment tool – ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage
56 – This, AND, knowing the cloud leaked all biometric data it ever collected, this is clearly not a good option – How much trust should we place in the security of biometric data?
57 – Smartphone for payments is an absolute joke – Apple Pay with VISA lets hackers force payments on locked iPhones
58 – Wireless is weak – Apple AirTag Zero-Day Weaponizes Trackers – Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS
59 – An interesting take about identity consolidation in the cloud – The Need For Identity Consolidation In The Cloud – In an obvious initial approach, goal is to consolidate and bring relevant views of different events across platforms. An evolution of the SSO (single sign on).
On my side, it triggers a question of who decide what proves we are who we are. It’s totally fine for an organization to consider as many non invasive solution to achieve this goal.
It’s a whole other question when it comes to defining our identity in society.
60 – The cloud is as blind as its customers !!! New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
61 – If you don’t care about privacy and use chrome, then it’s patch time for you – Google Emergency Update Fixes Two Chrome Zero Days
62 – How has this even been deployed without proper shielding ?! – Military’s RFID Tracking of Guns May Endanger Troops
63 – Reaching the ransomware infection is NOT an option. You must have proper defenses in place – RansomEXX ransomware Linux encryptor may damage victims’ files
64 – it’s #QNAP patch time again ! QNAP fixes bug that let attackers run malicious commands remotely
65 – Big or small doesn’t matter, threat actors will go for every targets ! JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data
66 – Do not fall for the scam ! You’d get hacked – Fake Amnesty International Pegasus scanner used to infect Windows
67 – Rootkit is back on stage lately – GhostEmperor hackers use new Windows 10 rootkit in attacks
68 – Digital transformation killed data governance, we totally lost control – Content sprawl is increasing the risk of data breaches and leaks
69 – When the cloud industry starts to feel the heat, they try to throw some rocks at gov, without cleaning anything in front of their door – Trusted Cloud Principles (lol, we are in the zero trust era due to you cloud, lol again)
70 – The cloud, continuous implementation failure ! Because the cloud is failure by design ! Criminal Hackers rob thousands of Coinbase customers using MFA flaw
71 – Technology is under attack, I don’t think people stand a chance sadly – Flubot Android malware now spreads via fake security updates
72 – Can you keep up ? New APT ChamelGang Targets Russian Energy, Aviation Orgs
73 – Don’t blindly pull apk android software from the cloud and internet cesspool – Hydra malware targets customers of Germany’s second largest bank
74 – At least someone looking at this ! Let’s hope the solution won’t be « let’s throw this is the clowd » ! The FCC proposes rules to fight SIM swap and port-out fraud
What a CRAZY week in the news !
Have a great week end all, as usual, zero BS cyber security.
Links
Calendrier
L | M | M | J | V | S | D |
---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 | 31 |
Recherche
Derniers articles
Tresronours Twitter
Keywords cloud topic
Membre de la FSF
Liens qui vont bien
Mots clés vrac – keyword cloud
License du contenu – CC By NC SA
Archives
- Resumed posting and expanding on X
- Linkedin Access to your account has been restricted – Final debrief and resilience plan
- I’m thankful for the support I get in rough time
- Cyber security news of the day – 2024 May 31
- Alexandre Blanc Cyber Kicked out from Linkedin
- You’ll most likely find me on LinkedIn
- The Russian roulette landing page !
- RTSP, Debian, VLC, not playing, IP Camera
- 5G network hosted in the cloud, no internet, no phone ! So smart ! And I ended on TV, This week in cyber
- They lock the door for privacy… but they keep a copy of the key, and couple of backdoors
- Worst is yet to come, but they all warned you
- Migrating an old WordPress and handling character set, UTF8, latin1, latin1_swedish_ci
- From a broken TLS CA, to Facebook, to FIN12 hit and run
- Yes we can fix this mess, but do we want to ? That’s another story
- Criminals are still dominating the game, why are we doing so wrong, and what can we learn in this tech ocean ?
- Riding cloud can be tricky, don’t fall from it, in the weekly cyber !
- The threat landscape is very dynamic – Cyber news this week
- Cybersecurity is not obvious even for this newsletter !
- Install Slack desktop app on Kali rolling fixing libappindicator3-1 missing dependency
- How to delete all resources in azure to avoid charges after trial on your forced credit card registration
- Proxmox – ZFS – Dead drive on active VM, recover from replicated disk
- Restrict access to proxmox web admin interface
- Migrate your ESXI VMs to proxmox ZFS
- Install your VPN server with pi-hole on OVH VPS in 30 min
- Using raspberry pi 3 as wifi bridge and repeater and firewall
- Raspberry 3 – create a wifi repeater with USB wifi dongle
- raspberry 3 – routeur pare feu point d’acces wifi avec filtrage pub et tracking – router firewall access point with ads and tracking filtering
- Dell XPS 13 touchpad – corriger la sensibilité
- Utiliser Zazeen set top box depuis une connexion videotron
- Fermeture de mon compte facebook – la dernière goutte
- Choisir un kernel par defaut au demarrage de Centos 7.2 – configuration grub2
- Openvpn access server 2.0.25 et android
- Régler la luminosité du laptop par ligne de commande
- chromium outlook web app version complete sous linux
- Nexus 7 2012 – android 5 lollipop solution au probleme de lenteur
- HDD led sur Xubuntu – xfce
- xubuntu 14.04 verrouiller ecran de veille et desactiver mise en veille a la fermeture de l’ecran
- Authentification avec Radmin en utilisant Wine sur Gentoo
- Patcher bash sur une distribution plus supportee comme fedora 11
- Zimbra desktop sous xubuntu 14.04 64bit – fix
- xubuntu 12.10 probleme de son avec VLC – pulse audio – alsa – toshiba L855D – solution
- Evolution sous xubuntu 12.10 – bug affichage a la configuration – solution temporaire
- Booster son acces internet en changeant de DNS pour opendns
- Serveur DLNA sous ubuntu – minidlna
- sshfs sous windows – dokan sshfs
- xubuntu 11.10 Installer le plugin java pour firefox
- Installer Google Earth sur Xubuntu 11.10
- Installer nagios sur Fedora 11 depuis les sources
- Configurer varnish-cache avec des virtualhosts, apache, fedora, redhat, centos
- Installer Varnish depuis les sources sur Fedora 11